From owner-freebsd-current@freebsd.org Mon Jun 27 17:24:30 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 73A3BB81B3E for ; Mon, 27 Jun 2016 17:24:30 +0000 (UTC) (envelope-from otacilio.neto@bsd.com.br) Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2DB1E2F7F for ; Mon, 27 Jun 2016 17:24:30 +0000 (UTC) (envelope-from otacilio.neto@bsd.com.br) Received: by mail-qk0-x234.google.com with SMTP id a125so17255740qkc.2 for ; Mon, 27 Jun 2016 10:24:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsd.com.br; s=capeta; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=ae1WOV30NACje5J1u9zKT4mkxWpyLz/MLe3s+kdIx+I=; b=CRJnL2topojUY8jkYU8n/X8TUqEq1Q4Up1/xMUnoWJmRBX20aMEpCl9sQB/6zGTMYT KV60UgoQ5U6xP9KtKFRD5InHvjOulVeh2VUqTAlGODMYGRgq+E/GHFE+ljgUSmMG3K4z uwrWdTZayxCpvAAS4TGSHwHjf2XVh+UDbwXZk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=ae1WOV30NACje5J1u9zKT4mkxWpyLz/MLe3s+kdIx+I=; b=RyZ4f7fJanBKjiU7B0na+WpVdTltNyawX45mcmedzEOSPNsGDVHXZDZuFsOMMs59bQ ogAzaHkG0JrLktZGGsnYVBU8OSSCbog9vO8wdsVKMqifc4ab3j9oRWIqF7FsQE+c7xqp QcjfT2aMl/m+pyUssQu8YMBHaOlExYeXLVs9zUNwPNfQkkCbshME+q8wOsyqmE5FeW9A 5Nn5DSrDtv9HQ8LLIMeSDdIKqcSXXnaHcRSeaSVzmcETnCM8/SPVtPSffpmHPlDiY+O1 FQyepJk3y0PH7APfrjeSr69FY+iQ8fsKDAeqo/CNHMASPlrDsOxYbP8/SKMiYuXyNPy3 LG3A== X-Gm-Message-State: ALyK8tLwRzZXOJeMD6eG0H6XOfLRAnLuuOPOvWqgSetXNyZOS+lfJyHpFlz5F5qDIsGgxQ== X-Received: by 10.129.76.18 with SMTP id z18mr12120947ywa.170.1467048269358; Mon, 27 Jun 2016 10:24:29 -0700 (PDT) Received: from [10.8.0.124] ([177.20.130.8]) by smtp.googlemail.com with ESMTPSA id r11sm5754170ywg.46.2016.06.27.10.24.28 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Jun 2016 10:24:28 -0700 (PDT) Subject: Re: Restarting rtwn(0)-based interface causes reproducible kernel panics To: freebsd-current@freebsd.org References: <20160627171403.GC28353@athena.sysfault.org> From: =?UTF-8?B?T3RhY8OtbGlv?= Message-ID: Date: Mon, 27 Jun 2016 14:24:21 -0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <20160627171403.GC28353@athena.sysfault.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2016 17:24:30 -0000 Em 27/06/2016 14:14, Marcus von Appen escreveu: > Hi, > > restarting the network interface for my rtwn(0)-based RTL8188CE card > causes a reproducible kernel panic: > > # service netif restart > [...] > panic: Memory modified after free 0xfffff80005c22800(2048) val=8018 @ 0xfffff80005c22800 > [...] > > Unread portion of the kernel message buffer: > panic: Memory modified after free 0xfffff80005c22800(2048) val=8018 @ 0xfffff80005c22800 > > cpuid = 0 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe045362b670 > vpanic() at vpanic+0x186/frame 0xfffffe045362b6f0 > panic() at panic+0x43/frame 0xfffffe045362b750 > trash_ctor() at trash_ctor+0x4b/frame 0xfffffe045362b760 > mb_ctor_pack() at mb_ctor_pack+0x3c/frame 0xfffffe045362b7a0 > uma_zalloc_arg() at uma_zalloc_arg+0x504/frame 0xfffffe045362b800 > ieee80211_getmgtframe() at ieee80211_getmgtframe+0x120/frame 0xfffffe045362b840 > ieee80211_send_probereq() at ieee80211_send_probereq+0x104/frame 0xfffffe045362b8e0 > ieee80211_swscan_probe_curchan() at ieee80211_swscan_probe_curchan+0x5a/frame 0xfffffe045362b920 > scan_curchan() at scan_curchan+0x68/frame 0xfffffe045362b960 > scan_curchan_task() at scan_curchan_task+0x247/frame 0xfffffe045362b9e0 > taskqueue_run_locked() at taskqueue_run_locked+0x13c/frame 0xfffffe045362ba40 > taskqueue_thread_loop() at taskqueue_thread_loop+0x88/frame 0xfffffe045362ba70 > fork_exit() at fork_exit+0x84/frame 0xfffffe045362bab0 > fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe045362bab0 > [...] > > and (probably) a variant: > > # service netif restart > [...] > panic: Memory modified after free 0xfffff80005c07800(2048) val=19 @ 0xfffff80005c07800 > [...] > Unread portion of the kernel message buffer: > panic: Memory modified after free 0xfffff80005c07800(2048) val=19 @ 0xfffff80005c07800 > > cpuid = 3 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0455213540 > vpanic() at vpanic+0x186/frame 0xfffffe04552135c0 > panic() at panic+0x43/frame 0xfffffe0455213620 > trash_ctor() at trash_ctor+0x4b/frame 0xfffffe0455213630 > mb_ctor_pack() at mb_ctor_pack+0x3c/frame 0xfffffe0455213670 > uma_zalloc_arg() at uma_zalloc_arg+0x504/frame 0xfffffe04552136d0 > m_getm2() at m_getm2+0x12d/frame 0xfffffe0455213740 > m_uiotombuf() at m_uiotombuf+0x62/frame 0xfffffe0455213790 > sosend_generic() at sosend_generic+0x356/frame 0xfffffe0455213850 > kern_sendit() at kern_sendit+0x244/frame 0xfffffe0455213900 > sendit() at sendit+0x1af/frame 0xfffffe0455213950 > sys_sendto() at sys_sendto+0x4d/frame 0xfffffe04552139a0 > amd64_syscall() at amd64_syscall+0x2db/frame 0xfffffe0455213ab0 > Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe0455213ab0 > [...] > > Let me know how to help on getting this fixed. > > Cheers > Marcus What is the revision that you are using? I have faced a similar problem on APLHA4, but now, on ALPHA5 it is working fine. []'s -Otacilio