From nobody Mon Sep 11 14:44:40 2023 X-Original-To: current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RkqHp1tmdz4sQDZ for ; Mon, 11 Sep 2023 14:44:54 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RkqHn6r4Yz3MbH for ; Mon, 11 Sep 2023 14:44:53 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-ed1-x535.google.com with SMTP id 4fb4d7f45d1cf-52a23227567so5833059a12.0 for ; Mon, 11 Sep 2023 07:44:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20230601.gappssmtp.com; s=20230601; t=1694443492; x=1695048292; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=pTEHhSoBSUZdKMO02nFUl8uy8Fv6l906BvKwhZ8L8rw=; b=Kektw/Qhfs8BS8LEH7gXcH7LyC2/aqWxRTN7wr62lIcfJa513K2spqZ1syRkoBEg7c 2nIKuJbnwgZ0WTyfC5nX5qzgYHoeMsD1gHR7bE07U7lXBgnCbVSX3Rhs6wwo8Mcy1bjV WXOtPYzfnCPjJ4qwcmKH/iZGZhBRjcWlHa4kcD757RolYCNhEeec0Smla2TDq1GgExlN yt2bGpBCH6OBi1tYluToCq6MirOACrlRdSXbxHynB8XxJeMkWfzmRnQQ0FzJkU2DypeS lSWV+ZbrE/ZhEU8KyOl5QoYNM1lLBAIglWhp3oBYMj22xRwur0HTcBvKOyMsYw0mLhEq Qm/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694443492; x=1695048292; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pTEHhSoBSUZdKMO02nFUl8uy8Fv6l906BvKwhZ8L8rw=; b=dGAPZ9XRV7W6ynKbheAanRFYFYmEYCag+KyeHxCPmrZFXX1TX+9t+8RQKuMnMxwnja SqWhso19nAGvJ8E8L503ztxebpZHU0XEj9cXvYF22keZYPApJf538dqCodYI32UxO66a QcPEOg1Z6bpkVy6/NKMOTDxTKpk4VOWGneivAJeUg3l7WHSGAj782yVH/6LMG6Ua3yx1 bZT2gfbGYN26xt2C2rRkN6gilVVyAjtnyuLWJQORU/L4yR8v577E7pkHeOdGNCTuSGIk OBZ+MQhkVjAOBwkHJhhKTssg58d9FfrZ3jSmABSvHh1DfgYPJrvGmDZWPUxMYncVBCAY h39A== X-Gm-Message-State: AOJu0YzvuVeVDiRx5apLleMEVzhnSjKAfD9KsCTaSL9QB7Pr2ywUXWoE uT3TPlRR1+diP1QUkrxikr70y6iWq5+UZxAqc4y2+jlFOBAzfGWi X-Google-Smtp-Source: AGHT+IHmZaLZBDiRsIL5hrBTm9jZdNemsgNfUfnVjSZQq5VRq2guPT9n5Kcijgpv1J0hQyoU1sQh8tqBI5x8LIwQIAg= X-Received: by 2002:a17:907:a0c6:b0:993:d75b:63ea with SMTP id hw6-20020a170907a0c600b00993d75b63eamr8022027ejc.16.1694443491834; Mon, 11 Sep 2023 07:44:51 -0700 (PDT) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 References: <514n7872-pp9r-np6p-q6q3-044q4q90709o@yvfgf.mnoonqbm.arg> In-Reply-To: From: Warner Losh Date: Mon, 11 Sep 2023 08:44:40 -0600 Message-ID: Subject: Re: kernel trap 12 .. cam_periph_release_locked_buses() panics under panic? To: "Bjoern A. Zeeb" Cc: FreeBSD Current Content-Type: multipart/alternative; boundary="0000000000006c56d70605165e89" X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US] X-Rspamd-Queue-Id: 4RkqHn6r4Yz3MbH --0000000000006c56d70605165e89 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Sep 11, 2023 at 8:26=E2=80=AFAM Bjoern A. Zeeb < bzeeb-lists@lists.zabbadoz.net> wrote: > On Mon, 11 Sep 2023, Warner Losh wrote: > > > That's a crazy traceback. We get a fatal trap and then call into the wi= fi > > stack? That makes no sense in the absence of some crazy data corruption > or > > a weird traceback issue. > > No, we panic in wifi and then iterated again and again. > The first one is the lkpi_sta_auth_to_scan() panic. > Ah. OK. I don't think there's anything in cam_periph_release_locked_buses that could cause this... but if you get a dump I can help look at it. Warner > > On Mon, Sep 11, 2023, 7:47 AM Bjoern A. Zeeb < > bzeeb-lists@lists.zabbadoz.net> > > wrote: > > > >> Hi, > >> > >> had a kernel hitting an alll-to-known wifi issue and panic (I was > actually > >> happy I could reproduce) and then the screen kept scrolling for a whil= e > >> panicing all over again and ddb was unusable (not so happy). > >> > >> I assume the problem is cam_periph_release_locked_buses()? > >> > > > > Unlikely given the rest of the traceback.... > > > > Can you get a core so we can look at it more deeply? > > No, after iterations. ddb gave up and stopped and power cycle was > the only thing I could still do. > > > > >> /bz > >> > >> ... > >> --- trap 0x80bc1f07, rip =3D 0xffffffff80381e83, rsp =3D 0x3d7bb6db69f= 8, > rbp =3D > >> 0xfffffe00907fa4a0 --- > >> cam_periph_release_locked_buses() at > >> cam_periph_release_locked_buses+0x43/frame 0xfffffe00907fa4a0 > >> kernel trap 12 with interrupts disabled > >> > >> > >> Fatal trap 12: page fault while in kernel mode > >> cpuid =3D 2; apic id =3D 02 > >> fault virtual address =3D 0xfffffe00907fa4a8 > >> fault code =3D supervisor read data, page not present > >> instruction pointer =3D 0x20:0xffffffff8101f660 > >> stack pointer =3D 0x0:0xfffffe00907f8f90 > >> frame pointer =3D 0x0:0xfffffe00907f9020 > >> code segment =3D base 0x0, limit 0xfffff, type 0x1b > >> =3D DPL 0, pres 1, long 1, def32 0, gran 1 > >> processor eflags =3D resume, IOPL =3D 0 > >> current process =3D 0 (iwlwifi0 net80211 t) > >> rdi: fffffe00907f8f90 rsi: 0000000000000008 rdx: fffffe00907fa4a8 > >> rcx: fffffe00907f9030 r8: 0000000000000000 r9: 0000000000000000 > >> rax: 0000000000000000 rbx: fffffe00907f90f0 rbp: fffffe00907f9020 > >> r10: 0000000000000000 r11: 0000000000000000 r12: fffffe00907fa4a8 > >> r13: 0000000000000008 r14: 0000000000000000 r15: fffffe00907f9030 > >> trap number =3D 12 > >> panic: page fault > >> cpuid =3D 2 > >> time =3D 1694439681 > >> KDB: stack backtrace: > >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > >> 0xfffffe00907f8c60 > >> vpanic() at vpanic+0x132/frame 0xfffffe00907f8d90 > >> panic() at panic+0x43/frame 0xfffffe00907f8df0 > >> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f8e50 > >> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f8ec0 > >> calltrap() at calltrap+0x8/frame 0xfffffe00907f8ec0 > >> --- trap 0xc, rip =3D 0xffffffff8101f660, rsp =3D 0xfffffe00907f8f90, = rbp =3D > >> 0xfffffe00907f9020 --- > >> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9020 > >> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9060 > >> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f90e0 > >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > >> 0xfffffe00907f9160 > >> vpanic() at vpanic+0x132/frame 0xfffffe00907f9290 > >> panic() at panic+0x43/frame 0xfffffe00907f92f0 > >> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9350 > >> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f93c0 > >> calltrap() at calltrap+0x8/frame 0xfffffe00907f93c0 > >> --- trap 0xc, rip =3D 0xffffffff8101f660, rsp =3D 0xfffffe00907f9490, = rbp =3D > >> 0xfffffe00907f9520 --- > >> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9520 > >> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9560 > >> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f95e0 > >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > >> 0xfffffe00907f9660 > >> vpanic() at vpanic+0x132/frame 0xfffffe00907f9790 > >> panic() at panic+0x43/frame 0xfffffe00907f97f0 > >> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9850 > >> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f98c0 > >> calltrap() at calltrap+0x8/frame 0xfffffe00907f98c0 > >> --- trap 0xc, rip =3D 0xffffffff8101f660, rsp =3D 0xfffffe00907f9990, = rbp =3D > >> 0xfffffe00907f9a20 --- > >> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9a20 > >> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9a60 > >> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f9ae0 > >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > >> 0xfffffe00907f9b60 > >> vpanic() at vpanic+0x132/frame 0xfffffe00907f9c90 > >> panic() at panic+0x43/frame 0xfffffe00907f9cf0 > >> lkpi_sta_auth_to_scan() at lkpi_sta_auth_to_scan+0x388/frame > >> 0xfffffe00907f9d70 > >> lkpi_iv_newstate() at lkpi_iv_newstate+0x2eb/frame 0xfffffe00907f9df0 > >> ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1e7/frame > >> 0xfffffe00907f9e40 > >> taskqueue_run_locked() at taskqueue_run_locked+0xab/frame > >> 0xfffffe00907f9ec0 > >> taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame > >> 0xfffffe00907f9ef0 > >> fork_exit() at fork_exit+0x82/frame 0xfffffe00907f9f30 > >> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00907f9f30 > >> --- trap 0x80bc1f07, rip =3D 0xffffffff80381e83, rsp =3D 0x3d7bb6db69f= 8, > rbp =3D > >> 0xfffffe00907fa4a0 --- > >> cam_periph_release_locked_buses() at > >> cam_periph_release_locked_buses+0x43/frame 0xfffffe00907fa4a0 > >> kernel trap 12 with interrupts disabled > >> ... > >> > >> -- > >> Bjoern A. Zeeb r15= :7 > >> > >> > > > > -- > Bjoern A. Zeeb r15:7 > --0000000000006c56d70605165e89 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Mon, Sep 11, 2023 at 8:26=E2=80=AF= AM Bjoern A. Zeeb <bze= eb-lists@lists.zabbadoz.net> wrote:
On Mon, 11 Sep 2023, Warner Losh wrote:

> That's a crazy traceback. We get a fatal trap and then call into t= he wifi
> stack? That makes no sense in the absence of some crazy data corruptio= n or
> a weird traceback issue.

No, we panic in wifi and then iterated again and again.
The first one is the lkpi_sta_auth_to_scan() panic.
Ah. OK. I don't think there's anything in cam_periph_r= elease_locked_buses
that could cause this... but if you get a dum= p I can help look at it.

Warner
=C2=A0
> On Mon, Sep 11, 2023, 7:47 AM Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.n= et>
> wrote:
>
>> Hi,
>>
>> had a kernel hitting an alll-to-known wifi issue and panic (I was = actually
>> happy I could reproduce) and then the screen kept scrolling for a = while
>> panicing all over again and ddb was unusable (not so happy).
>>
>> I assume the problem is cam_periph_release_locked_buses()?
>>
>
> Unlikely given the rest of the traceback....
>
> Can you get a core so we can look at it more deeply?

No, after <n> iterations. ddb gave up and stopped and power cycle was=
the only thing I could still do.



>> /bz
>>
>> ...
>> --- trap 0x80bc1f07, rip =3D 0xffffffff80381e83, rsp =3D 0x3d7bb6d= b69f8, rbp =3D
>> 0xfffffe00907fa4a0 ---
>> cam_periph_release_locked_buses() at
>> cam_periph_release_locked_buses+0x43/frame 0xfffffe00907fa4a0
>> kernel trap 12 with interrupts disabled
>>
>>
>> Fatal trap 12: page fault while in kernel mode
>> cpuid =3D 2; apic id =3D 02
>> fault virtual address=C2=A0 =C2=A0=3D 0xfffffe00907fa4a8
>> fault code=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D sup= ervisor read data, page not present
>> instruction pointer=C2=A0 =C2=A0 =C2=A0=3D 0x20:0xffffffff8101f660=
>> stack pointer=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=3D 0x0:0xff= fffe00907f8f90
>> frame pointer=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=3D 0x0:0xff= fffe00907f9020
>> code segment=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D base 0x0= , limit 0xfffff, type 0x1b
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =3D DPL 0, pres 1, long 1, def32 0, gran 1
>> processor eflags=C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D resume, IOPL =3D 0=
>> current process=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=3D 0 (iwlwifi0 n= et80211 t)
>> rdi: fffffe00907f8f90 rsi: 0000000000000008 rdx: fffffe00907fa4a8<= br> >> rcx: fffffe00907f9030=C2=A0 r8: 0000000000000000=C2=A0 r9: 0000000= 000000000
>> rax: 0000000000000000 rbx: fffffe00907f90f0 rbp: fffffe00907f9020<= br> >> r10: 0000000000000000 r11: 0000000000000000 r12: fffffe00907fa4a8<= br> >> r13: 0000000000000008 r14: 0000000000000000 r15: fffffe00907f9030<= br> >> trap number=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=3D 12<= br> >> panic: page fault
>> cpuid =3D 2
>> time =3D 1694439681
>> KDB: stack backtrace:
>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>> 0xfffffe00907f8c60
>> vpanic() at vpanic+0x132/frame 0xfffffe00907f8d90
>> panic() at panic+0x43/frame 0xfffffe00907f8df0
>> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f8e50
>> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f8ec0
>> calltrap() at calltrap+0x8/frame 0xfffffe00907f8ec0
>> --- trap 0xc, rip =3D 0xffffffff8101f660, rsp =3D 0xfffffe00907f8f= 90, rbp =3D
>> 0xfffffe00907f9020 ---
>> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9020
>> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9060
>> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f90e0
>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>> 0xfffffe00907f9160
>> vpanic() at vpanic+0x132/frame 0xfffffe00907f9290
>> panic() at panic+0x43/frame 0xfffffe00907f92f0
>> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9350
>> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f93c0
>> calltrap() at calltrap+0x8/frame 0xfffffe00907f93c0
>> --- trap 0xc, rip =3D 0xffffffff8101f660, rsp =3D 0xfffffe00907f94= 90, rbp =3D
>> 0xfffffe00907f9520 ---
>> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9520
>> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9560
>> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f95e0
>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>> 0xfffffe00907f9660
>> vpanic() at vpanic+0x132/frame 0xfffffe00907f9790
>> panic() at panic+0x43/frame 0xfffffe00907f97f0
>> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9850
>> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f98c0
>> calltrap() at calltrap+0x8/frame 0xfffffe00907f98c0
>> --- trap 0xc, rip =3D 0xffffffff8101f660, rsp =3D 0xfffffe00907f99= 90, rbp =3D
>> 0xfffffe00907f9a20 ---
>> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9a20
>> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9a60
>> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f9ae0
>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>> 0xfffffe00907f9b60
>> vpanic() at vpanic+0x132/frame 0xfffffe00907f9c90
>> panic() at panic+0x43/frame 0xfffffe00907f9cf0
>> lkpi_sta_auth_to_scan() at lkpi_sta_auth_to_scan+0x388/frame
>> 0xfffffe00907f9d70
>> lkpi_iv_newstate() at lkpi_iv_newstate+0x2eb/frame 0xfffffe00907f9= df0
>> ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1e7/frame
>> 0xfffffe00907f9e40
>> taskqueue_run_locked() at taskqueue_run_locked+0xab/frame
>> 0xfffffe00907f9ec0
>> taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame
>> 0xfffffe00907f9ef0
>> fork_exit() at fork_exit+0x82/frame 0xfffffe00907f9f30
>> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00907f9f30<= br> >> --- trap 0x80bc1f07, rip =3D 0xffffffff80381e83, rsp =3D 0x3d7bb6d= b69f8, rbp =3D
>> 0xfffffe00907fa4a0 ---
>> cam_periph_release_locked_buses() at
>> cam_periph_release_locked_buses+0x43/frame 0xfffffe00907fa4a0
>> kernel trap 12 with interrupts disabled
>> ...
>>
>> --
>> Bjoern A. Zeeb=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r15:7
>>
>>
>

--
Bjoern A. Zeeb=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r15:7
--0000000000006c56d70605165e89--