From owner-freebsd-current@freebsd.org Mon Jun 27 17:20:53 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E2EFCB81969 for ; Mon, 27 Jun 2016 17:20:53 +0000 (UTC) (envelope-from mva@FreeBSD.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id CFFE02ACE for ; Mon, 27 Jun 2016 17:20:53 +0000 (UTC) (envelope-from mva@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id CF4BFB81968; Mon, 27 Jun 2016 17:20:53 +0000 (UTC) Delivered-To: current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CEEC4B81967 for ; Mon, 27 Jun 2016 17:20:53 +0000 (UTC) (envelope-from mva@FreeBSD.org) Received: from smtprelay05.ispgateway.de (smtprelay05.ispgateway.de [80.67.31.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 87A7E2AC5 for ; Mon, 27 Jun 2016 17:20:50 +0000 (UTC) (envelope-from mva@FreeBSD.org) Received: from [78.51.33.158] (helo=localhost) by smtprelay05.ispgateway.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84) (envelope-from ) id 1bHa6l-0005oq-St; Mon, 27 Jun 2016 19:14:04 +0200 Date: Mon, 27 Jun 2016 19:14:03 +0200 From: Marcus von Appen To: current@FreeBSD.org, freebsd-wifi@FreeBSD.org Subject: Restarting rtwn(0)-based interface causes reproducible kernel panics Message-ID: <20160627171403.GC28353@athena.sysfault.org> Reply-To: Marcus von Appen Mail-Followup-To: current@FreeBSD.org, freebsd-wifi@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="iFRdW5/EC4oqxDHL" Content-Disposition: inline User-Agent: Mutt/1.6.1 (2016-04-27) X-Df-Sender: MTEyNTc0Mg== X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2016 17:20:54 -0000 --iFRdW5/EC4oqxDHL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, restarting the network interface for my rtwn(0)-based RTL8188CE card causes a reproducible kernel panic: # service netif restart [...] panic: Memory modified after free 0xfffff80005c22800(2048) val=8018 @ 0xfffff80005c22800 [...] Unread portion of the kernel message buffer: panic: Memory modified after free 0xfffff80005c22800(2048) val=8018 @ 0xfffff80005c22800 cpuid = 0 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe045362b670 vpanic() at vpanic+0x186/frame 0xfffffe045362b6f0 panic() at panic+0x43/frame 0xfffffe045362b750 trash_ctor() at trash_ctor+0x4b/frame 0xfffffe045362b760 mb_ctor_pack() at mb_ctor_pack+0x3c/frame 0xfffffe045362b7a0 uma_zalloc_arg() at uma_zalloc_arg+0x504/frame 0xfffffe045362b800 ieee80211_getmgtframe() at ieee80211_getmgtframe+0x120/frame 0xfffffe045362b840 ieee80211_send_probereq() at ieee80211_send_probereq+0x104/frame 0xfffffe045362b8e0 ieee80211_swscan_probe_curchan() at ieee80211_swscan_probe_curchan+0x5a/frame 0xfffffe045362b920 scan_curchan() at scan_curchan+0x68/frame 0xfffffe045362b960 scan_curchan_task() at scan_curchan_task+0x247/frame 0xfffffe045362b9e0 taskqueue_run_locked() at taskqueue_run_locked+0x13c/frame 0xfffffe045362ba40 taskqueue_thread_loop() at taskqueue_thread_loop+0x88/frame 0xfffffe045362ba70 fork_exit() at fork_exit+0x84/frame 0xfffffe045362bab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe045362bab0 [...] and (probably) a variant: # service netif restart [...] panic: Memory modified after free 0xfffff80005c07800(2048) val=19 @ 0xfffff80005c07800 [...] Unread portion of the kernel message buffer: panic: Memory modified after free 0xfffff80005c07800(2048) val=19 @ 0xfffff80005c07800 cpuid = 3 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0455213540 vpanic() at vpanic+0x186/frame 0xfffffe04552135c0 panic() at panic+0x43/frame 0xfffffe0455213620 trash_ctor() at trash_ctor+0x4b/frame 0xfffffe0455213630 mb_ctor_pack() at mb_ctor_pack+0x3c/frame 0xfffffe0455213670 uma_zalloc_arg() at uma_zalloc_arg+0x504/frame 0xfffffe04552136d0 m_getm2() at m_getm2+0x12d/frame 0xfffffe0455213740 m_uiotombuf() at m_uiotombuf+0x62/frame 0xfffffe0455213790 sosend_generic() at sosend_generic+0x356/frame 0xfffffe0455213850 kern_sendit() at kern_sendit+0x244/frame 0xfffffe0455213900 sendit() at sendit+0x1af/frame 0xfffffe0455213950 sys_sendto() at sys_sendto+0x4d/frame 0xfffffe04552139a0 amd64_syscall() at amd64_syscall+0x2db/frame 0xfffffe0455213ab0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe0455213ab0 [...] Let me know how to help on getting this fixed. Cheers Marcus --iFRdW5/EC4oqxDHL Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEABECAAYFAldxXtsACgkQi68/ErJnpkdcagCg14EJCk4Pe0igJmnMQvFYonK3 vbMAnRmykqE/xueRrF9WcE66FPPvStYJ =uAlo -----END PGP SIGNATURE----- --iFRdW5/EC4oqxDHL--