From nobody Mon Sep 11 14:18:36 2023
X-Original-To: current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rkpjk1qzRz4tMD5
	for <current@mlmmj.nyi.freebsd.org>; Mon, 11 Sep 2023 14:18:50 +0000 (UTC)
	(envelope-from wlosh@bsdimp.com)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Rkpjk012Jz4fln
	for <current@freebsd.org>; Mon, 11 Sep 2023 14:18:49 +0000 (UTC)
	(envelope-from wlosh@bsdimp.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-986d8332f50so600509966b.0
        for <current@freebsd.org>; Mon, 11 Sep 2023 07:18:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bsdimp-com.20230601.gappssmtp.com; s=20230601; t=1694441928; x=1695046728; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=xxo9FTic7ZvdGaZ1CIT6MKozwa7I7RUPf1fgyQ7m5GU=;
        b=kCF45Ef5xFhw83FPWWDH8JeyTy7um4qQGphs4P9yK+k1GbTLS4o+4sEoy5qIqcDifx
         BcTB1ALHNrM5FSymZAu8aNBoeN+33pDYS7HvzTMbKPlFfgTxbD2fuHO8Rhi1UZylRRPw
         jXOkGGC/xeDVypQC3srhQFx2D2lGfHhIG1BGuXRjoB9qAMZgjjVxceApUEDvSXRW0AqW
         rj/C71T3gLSgCvJrk+J7b5X9qQKqPRfjLtyxLXXzC/917fC9kk/F49KCb8yYCSBpfAwB
         ahXHMlKJ5s46FK+dbwI3VvO/8h4RV388TNtzo3PCK1gZu45uXvd6OhhSaNpfa1f/AiQ1
         Oqtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694441928; x=1695046728;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=xxo9FTic7ZvdGaZ1CIT6MKozwa7I7RUPf1fgyQ7m5GU=;
        b=JsxHKh4GZ+O8h5QYVt2kBr7HI45Os3lYwRJaUDfA+GoLoiZSFibUcIJw3h/iYf4UJF
         rfjzP8VLjQr7qquhRjjnhcAScAbJBxWYAKE4krPyKP4LXbOWUMncc0NxqTWar3/DlP1p
         ZiHTadYnDcdvFx1cmbmZf2uCtJuc1bOUwsl5P1UfEyMyT524QZb90qDHUxEWMI51Nlnu
         vugZTbu5TNUH7/31cX05v37L2Y4YLUmh/6rHkho1BEvgPeMssZ5HAompva3+G8YFuqXw
         tL1/A7iZNr/GosMYzbAMoeR57IT3QPE49jUvH1QuAferi7xNq3+31J3gBgBUfWKO+Byc
         rT9Q==
X-Gm-Message-State: AOJu0Yz4N9SrJqdVQf0IN6tdFIp3VZ9DCeAnmlj4JCgYrY4LDuxJU4La
	W0OxcBlB3Zh9bh58wxtEZ1R477S/emnSGxYpqNLRsw==
X-Google-Smtp-Source: AGHT+IGrsGs+eXF9XXEMjUV7/MJAu8oMjO5kB1YapIjAHPzAF7nRYLKEu2l40LQf/tkfm8+IvnV+jm/X1gew2D43bew=
X-Received: by 2002:a17:907:78d1:b0:9a1:f96c:4bb2 with SMTP id
 kv17-20020a17090778d100b009a1f96c4bb2mr8802938ejc.50.1694441927987; Mon, 11
 Sep 2023 07:18:47 -0700 (PDT)
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@freebsd.org
MIME-Version: 1.0
References: <514n7872-pp9r-np6p-q6q3-044q4q90709o@yvfgf.mnoonqbm.arg>
In-Reply-To: <514n7872-pp9r-np6p-q6q3-044q4q90709o@yvfgf.mnoonqbm.arg>
From: Warner Losh <imp@bsdimp.com>
Date: Mon, 11 Sep 2023 08:18:36 -0600
Message-ID: <CANCZdfq+eRG47ymirdca=nTJvg-xPfPTR_LWTuWxFQeWTiEp4Q@mail.gmail.com>
Subject: Re: kernel trap 12 .. cam_periph_release_locked_buses() panics under panic?
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc: FreeBSD Current <current@freebsd.org>
Content-Type: multipart/alternative; boundary="00000000000035eaae06051601e8"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]
X-Rspamd-Queue-Id: 4Rkpjk012Jz4fln

--00000000000035eaae06051601e8
Content-Type: text/plain; charset="UTF-8"

That's a crazy traceback. We get a fatal trap and then call into the wifi
stack? That makes no sense in the absence of some crazy data corruption or
a weird traceback issue.

On Mon, Sep 11, 2023, 7:47 AM Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net>
wrote:

> Hi,
>
> had a kernel hitting an alll-to-known wifi issue and panic (I was actually
> happy I could reproduce) and then the screen kept scrolling for a while
> panicing all over again and ddb was unusable (not so happy).
>
> I assume the problem is cam_periph_release_locked_buses()?
>

Unlikely given the rest of the traceback....

Can you get a core so we can look at it more deeply?

Warner


> /bz
>
> ...
> --- trap 0x80bc1f07, rip = 0xffffffff80381e83, rsp = 0x3d7bb6db69f8, rbp =
> 0xfffffe00907fa4a0 ---
> cam_periph_release_locked_buses() at
> cam_periph_release_locked_buses+0x43/frame 0xfffffe00907fa4a0
> kernel trap 12 with interrupts disabled
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 2; apic id = 02
> fault virtual address   = 0xfffffe00907fa4a8
> fault code              = supervisor read data, page not present
> instruction pointer     = 0x20:0xffffffff8101f660
> stack pointer           = 0x0:0xfffffe00907f8f90
> frame pointer           = 0x0:0xfffffe00907f9020
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                          = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = resume, IOPL = 0
> current process         = 0 (iwlwifi0 net80211 t)
> rdi: fffffe00907f8f90 rsi: 0000000000000008 rdx: fffffe00907fa4a8
> rcx: fffffe00907f9030  r8: 0000000000000000  r9: 0000000000000000
> rax: 0000000000000000 rbx: fffffe00907f90f0 rbp: fffffe00907f9020
> r10: 0000000000000000 r11: 0000000000000000 r12: fffffe00907fa4a8
> r13: 0000000000000008 r14: 0000000000000000 r15: fffffe00907f9030
> trap number             = 12
> panic: page fault
> cpuid = 2
> time = 1694439681
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> 0xfffffe00907f8c60
> vpanic() at vpanic+0x132/frame 0xfffffe00907f8d90
> panic() at panic+0x43/frame 0xfffffe00907f8df0
> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f8e50
> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f8ec0
> calltrap() at calltrap+0x8/frame 0xfffffe00907f8ec0
> --- trap 0xc, rip = 0xffffffff8101f660, rsp = 0xfffffe00907f8f90, rbp =
> 0xfffffe00907f9020 ---
> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9020
> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9060
> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f90e0
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> 0xfffffe00907f9160
> vpanic() at vpanic+0x132/frame 0xfffffe00907f9290
> panic() at panic+0x43/frame 0xfffffe00907f92f0
> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9350
> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f93c0
> calltrap() at calltrap+0x8/frame 0xfffffe00907f93c0
> --- trap 0xc, rip = 0xffffffff8101f660, rsp = 0xfffffe00907f9490, rbp =
> 0xfffffe00907f9520 ---
> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9520
> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9560
> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f95e0
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> 0xfffffe00907f9660
> vpanic() at vpanic+0x132/frame 0xfffffe00907f9790
> panic() at panic+0x43/frame 0xfffffe00907f97f0
> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9850
> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f98c0
> calltrap() at calltrap+0x8/frame 0xfffffe00907f98c0
> --- trap 0xc, rip = 0xffffffff8101f660, rsp = 0xfffffe00907f9990, rbp =
> 0xfffffe00907f9a20 ---
> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9a20
> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9a60
> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f9ae0
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> 0xfffffe00907f9b60
> vpanic() at vpanic+0x132/frame 0xfffffe00907f9c90
> panic() at panic+0x43/frame 0xfffffe00907f9cf0
> lkpi_sta_auth_to_scan() at lkpi_sta_auth_to_scan+0x388/frame
> 0xfffffe00907f9d70
> lkpi_iv_newstate() at lkpi_iv_newstate+0x2eb/frame 0xfffffe00907f9df0
> ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1e7/frame
> 0xfffffe00907f9e40
> taskqueue_run_locked() at taskqueue_run_locked+0xab/frame
> 0xfffffe00907f9ec0
> taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame
> 0xfffffe00907f9ef0
> fork_exit() at fork_exit+0x82/frame 0xfffffe00907f9f30
> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00907f9f30
> --- trap 0x80bc1f07, rip = 0xffffffff80381e83, rsp = 0x3d7bb6db69f8, rbp =
> 0xfffffe00907fa4a0 ---
> cam_periph_release_locked_buses() at
> cam_periph_release_locked_buses+0x43/frame 0xfffffe00907fa4a0
> kernel trap 12 with interrupts disabled
> ...
>
> --
> Bjoern A. Zeeb                                                     r15:7
>
>

--00000000000035eaae06051601e8
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div>That&#39;s a crazy traceback. We get a fatal trap an=
d then call into the wifi stack? That makes no sense in the absence of some=
 crazy data corruption or a weird traceback issue.=C2=A0<br><br><div class=
=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Sep 11, 2023=
, 7:47 AM Bjoern A. Zeeb &lt;<a href=3D"mailto:bzeeb-lists@lists.zabbadoz.n=
et">bzeeb-lists@lists.zabbadoz.net</a>&gt; wrote:<br></div><blockquote clas=
s=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pad=
ding-left:1ex">Hi,<br>
<br>
had a kernel hitting an alll-to-known wifi issue and panic (I was actually<=
br>
happy I could reproduce) and then the screen kept scrolling for a while<br>
panicing all over again and ddb was unusable (not so happy).<br>
<br>
I assume the problem is cam_periph_release_locked_buses()?<br></blockquote>=
</div></div><div dir=3D"auto"><br></div><div dir=3D"auto">Unlikely given th=
e rest of the traceback....</div><div dir=3D"auto"><br></div><div dir=3D"au=
to">Can you get a core so we can look at it more deeply?</div><div dir=3D"a=
uto"><br></div><div dir=3D"auto">Warner=C2=A0</div><div dir=3D"auto"><br></=
div><div dir=3D"auto"><div class=3D"gmail_quote"><blockquote class=3D"gmail=
_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:=
1ex">
<br>
/bz<br>
<br>
...<br>
--- trap 0x80bc1f07, rip =3D 0xffffffff80381e83, rsp =3D 0x3d7bb6db69f8, rb=
p =3D 0xfffffe00907fa4a0 ---<br>
cam_periph_release_locked_buses() at cam_periph_release_locked_buses+0x43/f=
rame 0xfffffe00907fa4a0<br>
kernel trap 12 with interrupts disabled<br>
<br>
<br>
Fatal trap 12: page fault while in kernel mode<br>
cpuid =3D 2; apic id =3D 02<br>
fault virtual address=C2=A0 =C2=A0=3D 0xfffffe00907fa4a8<br>
fault code=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D supervisor r=
ead data, page not present<br>
instruction pointer=C2=A0 =C2=A0 =C2=A0=3D 0x20:0xffffffff8101f660<br>
stack pointer=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=3D 0x0:0xfffffe00907=
f8f90<br>
frame pointer=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=3D 0x0:0xfffffe00907=
f9020<br>
code segment=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D base 0x0, limit 0=
xfffff, type 0x1b<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0=3D DPL 0, pres 1, long 1, def32 0, gran 1<br>
processor eflags=C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D resume, IOPL =3D 0<br>
current process=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=3D 0 (iwlwifi0 net80211 t=
)<br>
rdi: fffffe00907f8f90 rsi: 0000000000000008 rdx: fffffe00907fa4a8<br>
rcx: fffffe00907f9030=C2=A0 r8: 0000000000000000=C2=A0 r9: 0000000000000000=
<br>
rax: 0000000000000000 rbx: fffffe00907f90f0 rbp: fffffe00907f9020<br>
r10: 0000000000000000 r11: 0000000000000000 r12: fffffe00907fa4a8<br>
r13: 0000000000000008 r14: 0000000000000000 r15: fffffe00907f9030<br>
trap number=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=3D 12<br>
panic: page fault<br>
cpuid =3D 2<br>
time =3D 1694439681<br>
KDB: stack backtrace:<br>
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00907f8=
c60<br>
vpanic() at vpanic+0x132/frame 0xfffffe00907f8d90<br>
panic() at panic+0x43/frame 0xfffffe00907f8df0<br>
trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f8e50<br>
trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f8ec0<br>
calltrap() at calltrap+0x8/frame 0xfffffe00907f8ec0<br>
--- trap 0xc, rip =3D 0xffffffff8101f660, rsp =3D 0xfffffe00907f8f90, rbp =
=3D 0xfffffe00907f9020 ---<br>
db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9020<br>
db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9060<br>
db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f90e0<br>
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00907f9=
160<br>
vpanic() at vpanic+0x132/frame 0xfffffe00907f9290<br>
panic() at panic+0x43/frame 0xfffffe00907f92f0<br>
trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9350<br>
trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f93c0<br>
calltrap() at calltrap+0x8/frame 0xfffffe00907f93c0<br>
--- trap 0xc, rip =3D 0xffffffff8101f660, rsp =3D 0xfffffe00907f9490, rbp =
=3D 0xfffffe00907f9520 ---<br>
db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9520<br>
db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9560<br>
db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f95e0<br>
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00907f9=
660<br>
vpanic() at vpanic+0x132/frame 0xfffffe00907f9790<br>
panic() at panic+0x43/frame 0xfffffe00907f97f0<br>
trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9850<br>
trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f98c0<br>
calltrap() at calltrap+0x8/frame 0xfffffe00907f98c0<br>
--- trap 0xc, rip =3D 0xffffffff8101f660, rsp =3D 0xfffffe00907f9990, rbp =
=3D 0xfffffe00907f9a20 ---<br>
db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9a20<br>
db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9a60<br>
db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f9ae0<br>
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00907f9=
b60<br>
vpanic() at vpanic+0x132/frame 0xfffffe00907f9c90<br>
panic() at panic+0x43/frame 0xfffffe00907f9cf0<br>
lkpi_sta_auth_to_scan() at lkpi_sta_auth_to_scan+0x388/frame 0xfffffe00907f=
9d70<br>
lkpi_iv_newstate() at lkpi_iv_newstate+0x2eb/frame 0xfffffe00907f9df0<br>
ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1e7/frame 0xfffffe00907f=
9e40<br>
taskqueue_run_locked() at taskqueue_run_locked+0xab/frame 0xfffffe00907f9ec=
0<br>
taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame 0xfffffe00907f9=
ef0<br>
fork_exit() at fork_exit+0x82/frame 0xfffffe00907f9f30<br>
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00907f9f30<br>
--- trap 0x80bc1f07, rip =3D 0xffffffff80381e83, rsp =3D 0x3d7bb6db69f8, rb=
p =3D 0xfffffe00907fa4a0 ---<br>
cam_periph_release_locked_buses() at cam_periph_release_locked_buses+0x43/f=
rame 0xfffffe00907fa4a0<br>
kernel trap 12 with interrupts disabled<br>
...<br>
<br>
--<br>
Bjoern A. Zeeb=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r15:7<br>
<br>
</blockquote></div></div></div>

--00000000000035eaae06051601e8--