Re: kernel trap 12 .. cam_periph_release_locked_buses() panics under panic?

Reply: Warner Losh : "Re: kernel trap 12 .. cam_periph_release_locked_buses() panics under panic?"
In reply to: Warner Losh : "Re: kernel trap 12 .. cam_periph_release_locked_buses() panics under panic?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Bjoern A. Zeeb <bzeeb-lists_at_lists.zabbadoz.net>
Date: Mon, 11 Sep 2023 14:26:23 UTC
On Mon, 11 Sep 2023, Warner Losh wrote:

> That's a crazy traceback. We get a fatal trap and then call into the wifi
> stack? That makes no sense in the absence of some crazy data corruption or
> a weird traceback issue.

No, we panic in wifi and then iterated again and again.
The first one is the lkpi_sta_auth_to_scan() panic.


> On Mon, Sep 11, 2023, 7:47 AM Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net>
> wrote:
>
>> Hi,
>>
>> had a kernel hitting an alll-to-known wifi issue and panic (I was actually
>> happy I could reproduce) and then the screen kept scrolling for a while
>> panicing all over again and ddb was unusable (not so happy).
>>
>> I assume the problem is cam_periph_release_locked_buses()?
>>
>
> Unlikely given the rest of the traceback....
>
> Can you get a core so we can look at it more deeply?

No, after <n> iterations. ddb gave up and stopped and power cycle was
the only thing I could still do.



>> /bz
>>
>> ...
>> --- trap 0x80bc1f07, rip = 0xffffffff80381e83, rsp = 0x3d7bb6db69f8, rbp =
>> 0xfffffe00907fa4a0 ---
>> cam_periph_release_locked_buses() at
>> cam_periph_release_locked_buses+0x43/frame 0xfffffe00907fa4a0
>> kernel trap 12 with interrupts disabled
>>
>>
>> Fatal trap 12: page fault while in kernel mode
>> cpuid = 2; apic id = 02
>> fault virtual address   = 0xfffffe00907fa4a8
>> fault code              = supervisor read data, page not present
>> instruction pointer     = 0x20:0xffffffff8101f660
>> stack pointer           = 0x0:0xfffffe00907f8f90
>> frame pointer           = 0x0:0xfffffe00907f9020
>> code segment            = base 0x0, limit 0xfffff, type 0x1b
>>                          = DPL 0, pres 1, long 1, def32 0, gran 1
>> processor eflags        = resume, IOPL = 0
>> current process         = 0 (iwlwifi0 net80211 t)
>> rdi: fffffe00907f8f90 rsi: 0000000000000008 rdx: fffffe00907fa4a8
>> rcx: fffffe00907f9030  r8: 0000000000000000  r9: 0000000000000000
>> rax: 0000000000000000 rbx: fffffe00907f90f0 rbp: fffffe00907f9020
>> r10: 0000000000000000 r11: 0000000000000000 r12: fffffe00907fa4a8
>> r13: 0000000000000008 r14: 0000000000000000 r15: fffffe00907f9030
>> trap number             = 12
>> panic: page fault
>> cpuid = 2
>> time = 1694439681
>> KDB: stack backtrace:
>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>> 0xfffffe00907f8c60
>> vpanic() at vpanic+0x132/frame 0xfffffe00907f8d90
>> panic() at panic+0x43/frame 0xfffffe00907f8df0
>> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f8e50
>> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f8ec0
>> calltrap() at calltrap+0x8/frame 0xfffffe00907f8ec0
>> --- trap 0xc, rip = 0xffffffff8101f660, rsp = 0xfffffe00907f8f90, rbp =
>> 0xfffffe00907f9020 ---
>> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9020
>> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9060
>> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f90e0
>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>> 0xfffffe00907f9160
>> vpanic() at vpanic+0x132/frame 0xfffffe00907f9290
>> panic() at panic+0x43/frame 0xfffffe00907f92f0
>> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9350
>> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f93c0
>> calltrap() at calltrap+0x8/frame 0xfffffe00907f93c0
>> --- trap 0xc, rip = 0xffffffff8101f660, rsp = 0xfffffe00907f9490, rbp =
>> 0xfffffe00907f9520 ---
>> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9520
>> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9560
>> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f95e0
>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>> 0xfffffe00907f9660
>> vpanic() at vpanic+0x132/frame 0xfffffe00907f9790
>> panic() at panic+0x43/frame 0xfffffe00907f97f0
>> trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00907f9850
>> trap_pfault() at trap_pfault+0xae/frame 0xfffffe00907f98c0
>> calltrap() at calltrap+0x8/frame 0xfffffe00907f98c0
>> --- trap 0xc, rip = 0xffffffff8101f660, rsp = 0xfffffe00907f9990, rbp =
>> 0xfffffe00907f9a20 ---
>> db_read_bytes() at db_read_bytes+0xa0/frame 0xfffffe00907f9a20
>> db_get_value() at db_get_value+0x31/frame 0xfffffe00907f9a60
>> db_backtrace() at db_backtrace+0x1d9/frame 0xfffffe00907f9ae0
>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>> 0xfffffe00907f9b60
>> vpanic() at vpanic+0x132/frame 0xfffffe00907f9c90
>> panic() at panic+0x43/frame 0xfffffe00907f9cf0
>> lkpi_sta_auth_to_scan() at lkpi_sta_auth_to_scan+0x388/frame
>> 0xfffffe00907f9d70
>> lkpi_iv_newstate() at lkpi_iv_newstate+0x2eb/frame 0xfffffe00907f9df0
>> ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1e7/frame
>> 0xfffffe00907f9e40
>> taskqueue_run_locked() at taskqueue_run_locked+0xab/frame
>> 0xfffffe00907f9ec0
>> taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame
>> 0xfffffe00907f9ef0
>> fork_exit() at fork_exit+0x82/frame 0xfffffe00907f9f30
>> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00907f9f30
>> --- trap 0x80bc1f07, rip = 0xffffffff80381e83, rsp = 0x3d7bb6db69f8, rbp =
>> 0xfffffe00907fa4a0 ---
>> cam_periph_release_locked_buses() at
>> cam_periph_release_locked_buses+0x43/frame 0xfffffe00907fa4a0
>> kernel trap 12 with interrupts disabled
>> ...
>>
>> --
>> Bjoern A. Zeeb                                                     r15:7
>>
>>
>

-- 
Bjoern A. Zeeb                                                     r15:7