Re: kernel trap 12 .. cam_periph_release_locked_buses() panics under panic?
- In reply to: Bjoern A. Zeeb: "Re: kernel trap 12 .. cam_periph_release_locked_buses() panics under panic?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 11 Sep 2023 14:44:40 UTC
On Mon, Sep 11, 2023 at 8:26 AM Bjoern A. Zeeb < bzeeb-lists@lists.zabbadoz.net> wrote: > On Mon, 11 Sep 2023, Warner Losh wrote: > > > That's a crazy traceback. We get a fatal trap and then call into the wifi > > stack? That makes no sense in the absence of some crazy data corruption > or > > a weird traceback issue. > > No, we panic in wifi and then iterated again and again. > The first one is the lkpi_sta_auth_to_scan() panic. > Ah. OK. I don't think there's anything in cam_periph_release_locked_buses that could cause this... but if you get a dump I can help look at it. Warner > > On Mon, Sep 11, 2023, 7:47 AM Bjoern A. Zeeb < > bzeeb-lists@lists.zabbadoz.net> > > wrote: > > > >> Hi, > >> > >> had a kernel hitting an alll-to-known wifi issue and panic (I was > actually > >> happy I could reproduce) and then the screen kept scrolling for a while > >> panicing all over again and ddb was unusable (not so happy). > >> > >> I assume the problem is cam_periph_release_locked_buses()? > >> > > > > Unlikely given the rest of the traceback.... > > > > Can you get a core so we can look at it more deeply? > > No, after <n> iterations. ddb gave up and stopped and power cycle was > the only thing I could still do. > > > > >> /bz > >> > >> ... > >> --- trap 0x80bc1f07, rip = 0xffffffff80381e83, rsp = 0x3d7bb6db69f8, > rbp = > >> 0xfffffe00907fa4a0 --- > >> cam_periph_release_locked_buses() at > >> cam_periph_release_locked_buses+0x43/frame 0xfffffe00907fa4a0 > >> kernel trap 12 with interrupts disabled > >> > >> > >> Fatal trap 12: page fault while in kernel mode > >> cpuid = 2; apic id = 02 > >> fault virtual address = 0xfffffe00907fa4a8 > >> fault code = supervisor read data, page not present > >> instruction pointer = 0x20:0xffffffff8101f660 > >> stack pointer = 0x0:0xfffffe00907f8f90 > >> frame pointer = 0x0:0xfffffe00907f9020 > >> code segment = base 0x0, limit 0xfffff, type 0x1b > >> = DPL 0, pres 1, long 1, def32 0, gran 1 > >> processor eflags = resume, IOPL = 0 > >> current process = 0 (iwlwifi0 net80211 t) > >> rdi: fffffe00907f8f90 rsi: 0000000000000008 rdx: fffffe00907fa4a8 > >> rcx: fffffe00907f9030 r8: 0000000000000000 r9: 0000000000000000 > >> rax: 0000000000000000 rbx: fffffe00907f90f0 rbp: fffffe00907f9020 > >> r10: 0000000000000000 r11: 0000000000000000 r12: fffffe00907fa4a8 > >> r13: 0000000000000008 r14: 0000000000000000 r15: fffffe00907f9030 > >> trap number = 12 > >> panic: page fault > >> cpuid = 2 > >> time = 1694439681 > >> KDB: stack backtrace: > >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > >> 0xfffffe00907f8c60 > >> vpanic() at vpanic+0x132/frame 0xfffffe00907f8d90 > >> panic() at panic+0x43/frame 0xfffffe00907f8df0 > >> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f8e50 > >> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f8ec0 > >> calltrap() at calltrap+0x8/frame 0xfffffe00907f8ec0 > >> --- trap 0xc, rip = 0xffffffff8101f660, rsp = 0xfffffe00907f8f90, rbp = > >> 0xfffffe00907f9020 --- > >> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9020 > >> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9060 > >> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f90e0 > >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > >> 0xfffffe00907f9160 > >> vpanic() at vpanic+0x132/frame 0xfffffe00907f9290 > >> panic() at panic+0x43/frame 0xfffffe00907f92f0 > >> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9350 > >> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f93c0 > >> calltrap() at calltrap+0x8/frame 0xfffffe00907f93c0 > >> --- trap 0xc, rip = 0xffffffff8101f660, rsp = 0xfffffe00907f9490, rbp = > >> 0xfffffe00907f9520 --- > >> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9520 > >> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9560 > >> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f95e0 > >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > >> 0xfffffe00907f9660 > >> vpanic() at vpanic+0x132/frame 0xfffffe00907f9790 > >> panic() at panic+0x43/frame 0xfffffe00907f97f0 > >> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9850 > >> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f98c0 > >> calltrap() at calltrap+0x8/frame 0xfffffe00907f98c0 > >> --- trap 0xc, rip = 0xffffffff8101f660, rsp = 0xfffffe00907f9990, rbp = > >> 0xfffffe00907f9a20 --- > >> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9a20 > >> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9a60 > >> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f9ae0 > >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > >> 0xfffffe00907f9b60 > >> vpanic() at vpanic+0x132/frame 0xfffffe00907f9c90 > >> panic() at panic+0x43/frame 0xfffffe00907f9cf0 > >> lkpi_sta_auth_to_scan() at lkpi_sta_auth_to_scan+0x388/frame > >> 0xfffffe00907f9d70 > >> lkpi_iv_newstate() at lkpi_iv_newstate+0x2eb/frame 0xfffffe00907f9df0 > >> ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1e7/frame > >> 0xfffffe00907f9e40 > >> taskqueue_run_locked() at taskqueue_run_locked+0xab/frame > >> 0xfffffe00907f9ec0 > >> taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame > >> 0xfffffe00907f9ef0 > >> fork_exit() at fork_exit+0x82/frame 0xfffffe00907f9f30 > >> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00907f9f30 > >> --- trap 0x80bc1f07, rip = 0xffffffff80381e83, rsp = 0x3d7bb6db69f8, > rbp = > >> 0xfffffe00907fa4a0 --- > >> cam_periph_release_locked_buses() at > >> cam_periph_release_locked_buses+0x43/frame 0xfffffe00907fa4a0 > >> kernel trap 12 with interrupts disabled > >> ... > >> > >> -- > >> Bjoern A. Zeeb r15:7 > >> > >> > > > > -- > Bjoern A. Zeeb r15:7 >