Date: Mon, 11 Sep 2023 08:18:36 -0600 From: Warner Losh <imp@bsdimp.com> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: FreeBSD Current <current@freebsd.org> Subject: Re: kernel trap 12 .. cam_periph_release_locked_buses() panics under panic? Message-ID: <CANCZdfq%2BeRG47ymirdca=nTJvg-xPfPTR_LWTuWxFQeWTiEp4Q@mail.gmail.com> In-Reply-To: <514n7872-pp9r-np6p-q6q3-044q4q90709o@yvfgf.mnoonqbm.arg> References: <514n7872-pp9r-np6p-q6q3-044q4q90709o@yvfgf.mnoonqbm.arg>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000035eaae06051601e8 Content-Type: text/plain; charset="UTF-8" That's a crazy traceback. We get a fatal trap and then call into the wifi stack? That makes no sense in the absence of some crazy data corruption or a weird traceback issue. On Mon, Sep 11, 2023, 7:47 AM Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> wrote: > Hi, > > had a kernel hitting an alll-to-known wifi issue and panic (I was actually > happy I could reproduce) and then the screen kept scrolling for a while > panicing all over again and ddb was unusable (not so happy). > > I assume the problem is cam_periph_release_locked_buses()? > Unlikely given the rest of the traceback.... Can you get a core so we can look at it more deeply? Warner > /bz > > ... > --- trap 0x80bc1f07, rip = 0xffffffff80381e83, rsp = 0x3d7bb6db69f8, rbp = > 0xfffffe00907fa4a0 --- > cam_periph_release_locked_buses() at > cam_periph_release_locked_buses+0x43/frame 0xfffffe00907fa4a0 > kernel trap 12 with interrupts disabled > > > Fatal trap 12: page fault while in kernel mode > cpuid = 2; apic id = 02 > fault virtual address = 0xfffffe00907fa4a8 > fault code = supervisor read data, page not present > instruction pointer = 0x20:0xffffffff8101f660 > stack pointer = 0x0:0xfffffe00907f8f90 > frame pointer = 0x0:0xfffffe00907f9020 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = resume, IOPL = 0 > current process = 0 (iwlwifi0 net80211 t) > rdi: fffffe00907f8f90 rsi: 0000000000000008 rdx: fffffe00907fa4a8 > rcx: fffffe00907f9030 r8: 0000000000000000 r9: 0000000000000000 > rax: 0000000000000000 rbx: fffffe00907f90f0 rbp: fffffe00907f9020 > r10: 0000000000000000 r11: 0000000000000000 r12: fffffe00907fa4a8 > r13: 0000000000000008 r14: 0000000000000000 r15: fffffe00907f9030 > trap number = 12 > panic: page fault > cpuid = 2 > time = 1694439681 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > 0xfffffe00907f8c60 > vpanic() at vpanic+0x132/frame 0xfffffe00907f8d90 > panic() at panic+0x43/frame 0xfffffe00907f8df0 > trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f8e50 > trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f8ec0 > calltrap() at calltrap+0x8/frame 0xfffffe00907f8ec0 > --- trap 0xc, rip = 0xffffffff8101f660, rsp = 0xfffffe00907f8f90, rbp = > 0xfffffe00907f9020 --- > db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9020 > db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9060 > db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f90e0 > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > 0xfffffe00907f9160 > vpanic() at vpanic+0x132/frame 0xfffffe00907f9290 > panic() at panic+0x43/frame 0xfffffe00907f92f0 > trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9350 > trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f93c0 > calltrap() at calltrap+0x8/frame 0xfffffe00907f93c0 > --- trap 0xc, rip = 0xffffffff8101f660, rsp = 0xfffffe00907f9490, rbp = > 0xfffffe00907f9520 --- > db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9520 > db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9560 > db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f95e0 > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > 0xfffffe00907f9660 > vpanic() at vpanic+0x132/frame 0xfffffe00907f9790 > panic() at panic+0x43/frame 0xfffffe00907f97f0 > trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9850 > trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f98c0 > calltrap() at calltrap+0x8/frame 0xfffffe00907f98c0 > --- trap 0xc, rip = 0xffffffff8101f660, rsp = 0xfffffe00907f9990, rbp = > 0xfffffe00907f9a20 --- > db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9a20 > db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9a60 > db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f9ae0 > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > 0xfffffe00907f9b60 > vpanic() at vpanic+0x132/frame 0xfffffe00907f9c90 > panic() at panic+0x43/frame 0xfffffe00907f9cf0 > lkpi_sta_auth_to_scan() at lkpi_sta_auth_to_scan+0x388/frame > 0xfffffe00907f9d70 > lkpi_iv_newstate() at lkpi_iv_newstate+0x2eb/frame 0xfffffe00907f9df0 > ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1e7/frame > 0xfffffe00907f9e40 > taskqueue_run_locked() at taskqueue_run_locked+0xab/frame > 0xfffffe00907f9ec0 > taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame > 0xfffffe00907f9ef0 > fork_exit() at fork_exit+0x82/frame 0xfffffe00907f9f30 > fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00907f9f30 > --- trap 0x80bc1f07, rip = 0xffffffff80381e83, rsp = 0x3d7bb6db69f8, rbp = > 0xfffffe00907fa4a0 --- > cam_periph_release_locked_buses() at > cam_periph_release_locked_buses+0x43/frame 0xfffffe00907fa4a0 > kernel trap 12 with interrupts disabled > ... > > -- > Bjoern A. Zeeb r15:7 > > --00000000000035eaae06051601e8 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"auto"><div>That's a crazy traceback. We get a fatal trap an= d then call into the wifi stack? That makes no sense in the absence of some= crazy data corruption or a weird traceback issue.=C2=A0<br><br><div class= =3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Sep 11, 2023= , 7:47 AM Bjoern A. Zeeb <<a href=3D"mailto:bzeeb-lists@lists.zabbadoz.n= et">bzeeb-lists@lists.zabbadoz.net</a>> wrote:<br></div><blockquote clas= s=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pad= ding-left:1ex">Hi,<br> <br> had a kernel hitting an alll-to-known wifi issue and panic (I was actually<= br> happy I could reproduce) and then the screen kept scrolling for a while<br> panicing all over again and ddb was unusable (not so happy).<br> <br> I assume the problem is cam_periph_release_locked_buses()?<br></blockquote>= </div></div><div dir=3D"auto"><br></div><div dir=3D"auto">Unlikely given th= e rest of the traceback....</div><div dir=3D"auto"><br></div><div dir=3D"au= to">Can you get a core so we can look at it more deeply?</div><div dir=3D"a= uto"><br></div><div dir=3D"auto">Warner=C2=A0</div><div dir=3D"auto"><br></= div><div dir=3D"auto"><div class=3D"gmail_quote"><blockquote class=3D"gmail= _quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:= 1ex"> <br> /bz<br> <br> ...<br> --- trap 0x80bc1f07, rip =3D 0xffffffff80381e83, rsp =3D 0x3d7bb6db69f8, rb= p =3D 0xfffffe00907fa4a0 ---<br> cam_periph_release_locked_buses() at cam_periph_release_locked_buses+0x43/f= rame 0xfffffe00907fa4a0<br> kernel trap 12 with interrupts disabled<br> <br> <br> Fatal trap 12: page fault while in kernel mode<br> cpuid =3D 2; apic id =3D 02<br> fault virtual address=C2=A0 =C2=A0=3D 0xfffffe00907fa4a8<br> fault code=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D supervisor r= ead data, page not present<br> instruction pointer=C2=A0 =C2=A0 =C2=A0=3D 0x20:0xffffffff8101f660<br> stack pointer=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=3D 0x0:0xfffffe00907= f8f90<br> frame pointer=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=3D 0x0:0xfffffe00907= f9020<br> code segment=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D base 0x0, limit 0= xfffff, type 0x1b<br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0=3D DPL 0, pres 1, long 1, def32 0, gran 1<br> processor eflags=C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D resume, IOPL =3D 0<br> current process=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=3D 0 (iwlwifi0 net80211 t= )<br> rdi: fffffe00907f8f90 rsi: 0000000000000008 rdx: fffffe00907fa4a8<br> rcx: fffffe00907f9030=C2=A0 r8: 0000000000000000=C2=A0 r9: 0000000000000000= <br> rax: 0000000000000000 rbx: fffffe00907f90f0 rbp: fffffe00907f9020<br> r10: 0000000000000000 r11: 0000000000000000 r12: fffffe00907fa4a8<br> r13: 0000000000000008 r14: 0000000000000000 r15: fffffe00907f9030<br> trap number=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=3D 12<br> panic: page fault<br> cpuid =3D 2<br> time =3D 1694439681<br> KDB: stack backtrace:<br> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00907f8= c60<br> vpanic() at vpanic+0x132/frame 0xfffffe00907f8d90<br> panic() at panic+0x43/frame 0xfffffe00907f8df0<br> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f8e50<br> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f8ec0<br> calltrap() at calltrap+0x8/frame 0xfffffe00907f8ec0<br> --- trap 0xc, rip =3D 0xffffffff8101f660, rsp =3D 0xfffffe00907f8f90, rbp = =3D 0xfffffe00907f9020 ---<br> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9020<br> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9060<br> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f90e0<br> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00907f9= 160<br> vpanic() at vpanic+0x132/frame 0xfffffe00907f9290<br> panic() at panic+0x43/frame 0xfffffe00907f92f0<br> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9350<br> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f93c0<br> calltrap() at calltrap+0x8/frame 0xfffffe00907f93c0<br> --- trap 0xc, rip =3D 0xffffffff8101f660, rsp =3D 0xfffffe00907f9490, rbp = =3D 0xfffffe00907f9520 ---<br> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9520<br> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9560<br> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f95e0<br> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00907f9= 660<br> vpanic() at vpanic+0x132/frame 0xfffffe00907f9790<br> panic() at panic+0x43/frame 0xfffffe00907f97f0<br> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9850<br> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f98c0<br> calltrap() at calltrap+0x8/frame 0xfffffe00907f98c0<br> --- trap 0xc, rip =3D 0xffffffff8101f660, rsp =3D 0xfffffe00907f9990, rbp = =3D 0xfffffe00907f9a20 ---<br> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9a20<br> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9a60<br> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f9ae0<br> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00907f9= b60<br> vpanic() at vpanic+0x132/frame 0xfffffe00907f9c90<br> panic() at panic+0x43/frame 0xfffffe00907f9cf0<br> lkpi_sta_auth_to_scan() at lkpi_sta_auth_to_scan+0x388/frame 0xfffffe00907f= 9d70<br> lkpi_iv_newstate() at lkpi_iv_newstate+0x2eb/frame 0xfffffe00907f9df0<br> ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1e7/frame 0xfffffe00907f= 9e40<br> taskqueue_run_locked() at taskqueue_run_locked+0xab/frame 0xfffffe00907f9ec= 0<br> taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame 0xfffffe00907f9= ef0<br> fork_exit() at fork_exit+0x82/frame 0xfffffe00907f9f30<br> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00907f9f30<br> --- trap 0x80bc1f07, rip =3D 0xffffffff80381e83, rsp =3D 0x3d7bb6db69f8, rb= p =3D 0xfffffe00907fa4a0 ---<br> cam_periph_release_locked_buses() at cam_periph_release_locked_buses+0x43/f= rame 0xfffffe00907fa4a0<br> kernel trap 12 with interrupts disabled<br> ...<br> <br> --<br> Bjoern A. Zeeb=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r15:7<br> <br> </blockquote></div></div></div> --00000000000035eaae06051601e8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfq%2BeRG47ymirdca=nTJvg-xPfPTR_LWTuWxFQeWTiEp4Q>