Kernel panic during unxip on 12.4 Beta
grgar opened this issue · comments
I'm trying to unxip Xcode_13.3.1.xip. It's my first time using unxip, but three times in a row I've had a panic 10–30 seconds into the process.
I'm on 12.4 Beta (21F5048e), maybe it's a bug with that given it's attributed to AirPlayXPCHelper. I'm not really familiar with panic logs as much as crash logs, I don't know where to start looking into this.
I have plenty of disk space, I'm unxip-ing from my ~/Downloads, I have a core dump I can send you somehow if that's useful.
Kernel-2022-04-14-114904.panic
panic(cpu 4 caller 0xffffff801c5d2943): Kernel trap at 0xffffff801c8b53ce, type 14=page fault, registers:
CR0: 0x000000008001003b, CR2: 0x0000000000000028, CR3: 0x000000046507802b, CR4: 0x00000000003626e0
RAX: 0x0000000000000000, RBX: 0xffffff870b7c9aa0, RCX: 0x0000000000000000, RDX: 0x00000000fbfee027
RSP: 0xffffffe5bc4b3d70, RBP: 0xffffffe5bc4b3dc0, RSI: 0xffffff8bd60cad10, RDI: 0x0000000000000000
R8: 0x0000000000000000, R9: 0x0000000000003d46, R10: 0x0000000000000002, R11: 0xffffff90a426e000
R12: 0xffffff801cda2395, R13: 0xffffff9a3a21cf01, R14: 0xffffff870b7c9e68, R15: 0xffffff7f7fffffff
RFL: 0x0000000000010282, RIP: 0xffffff801c8b53ce, CS: 0x0000000000000008, SS: 0x0000000000000000
Fault CR2: 0x0000000000000028, Error code: 0x0000000000000002, Fault CPU: 0x4, PL: 0, VF: 0
Panicked task 0xffffff956ea65090: 5 threads: pid 164: AirPlayXPCHelper
Backtrace (CPU 4), panicked thread: 0xffffff90a426e000, Frame : Return Address
0xffffffe5bc4b3720 : 0xffffff801c483efd
0xffffffe5bc4b3770 : 0xffffff801c5e3186
0xffffffe5bc4b37b0 : 0xffffff801c5d255d
0xffffffe5bc4b3800 : 0xffffff801c423a60
0xffffffe5bc4b3820 : 0xffffff801c4842cd
0xffffffe5bc4b3940 : 0xffffff801c483a86
0xffffffe5bc4b39a0 : 0xffffff801cd1580d
0xffffffe5bc4b3a90 : 0xffffff801c5d2943
0xffffffe5bc4b3c10 : 0xffffff801c5d2632
0xffffffe5bc4b3c60 : 0xffffff801c423a60
0xffffffe5bc4b3c80 : 0xffffff801c8b53ce
0xffffffe5bc4b3dc0 : 0xffffff801cab870a
0xffffffe5bc4b3e10 : 0xffffff801cab92eb
0xffffffe5bc4b3e30 : 0xffffff801ca21f13
0xffffffe5bc4b3ea0 : 0xffffff801ca229b5
0xffffffe5bc4b3f40 : 0xffffff801cb8a72b
0xffffffe5bc4b3fa0 : 0xffffff801c424226
Process name corresponding to current thread (0xffffff90a426e000): AirPlayXPCHelper
Mac OS version:
21F5048e
Kernel version:
Darwin Kernel Version 21.5.0: Mon Mar 28 19:53:00 PDT 2022; root:xnu-8020.120.43.111.1~1/RELEASE_X86_64
Kernel UUID: ACC5F23C-A2E0-3E73-86C9-38119B418C2F
KernelCache slide: 0x000000001c200000
KernelCache base: 0xffffff801c400000
Kernel slide: 0x000000001c210000
Kernel text base: 0xffffff801c410000
__HIB text base: 0xffffff801c300000
System model name: MacBookPro14,3 (Mac-551B86E5744E2388)
System shutdown begun: NO
Panic diags file available: YES (0x0)
Hibernation exit count: 0
System uptime in nanoseconds: 806517166554
Last Sleep: absolute base_tsc base_nano
Uptime : 0x000000bbc82b5505
Sleep : 0x0000000000000000 0x0000000000000000 0x0000000000000000
Wake : 0x0000000000000000 0x00000009d63b8f14 0x0000000000000000
Compressor Info: 0% of compressed pages limit (OK) and 0% of segments limit (OK) with 0 swapfiles and OK swap space
Zone info:
Zone map: 0xffffff80a10d8000 - 0xffffffa0a10d8000
. PGZ : 0xffffff80a10d8000 - 0xffffff80a30d9000
. VM : 0xffffff80a30d9000 - 0xffffff856f8d8000
. RO : 0xffffff856f8d8000 - 0xffffff87090d8000
. GEN0 : 0xffffff87090d8000 - 0xffffff8bd58d8000
. GEN1 : 0xffffff8bd58d8000 - 0xffffff90a20d8000
. GEN2 : 0xffffff90a20d8000 - 0xffffff956e8d8000
. GEN3 : 0xffffff956e8d8000 - 0xffffff9a3b0d8000
. DATA : 0xffffff9a3b0d8000 - 0xffffffa0a10d8000
Metadata: 0xffffffe586172000 - 0xffffffe5a6172000
Bitmaps : 0xffffffe5a6172000 - 0xffffffe5ac172000
last started kext at 51006612420: >driverkit.serial 6.0.0 (addr 0xffffff7fb56b5000, size 28672)
loaded kexts:
com.intel.driver.EnergyDriver 3.5.5
>AudioAUUC 1.70
>X86PlatformShim 1.0.0
>AGPM 128
>!APlatformEnabler 2.7.0d0
@filesystems.autofs 3.0
>!AHIDALSService 1
@kext.AMDFramebuffer 4.0.8
>!AUpstreamUserClient 3.6.9
@kext.AMDRadeonX4000 4.0.8
@kext.AMDRadeonServiceManager 4.0.8
@UVCService 1
>!A!IPCHPMC 2.0.1
@kext.AMD9500!C 4.0.8
>!AHDAHardwareConfigDriver 340.2
>!AGraphicsDevicePolicy 6.5.7
>!AHDA 340.2
>!A!IKBLGraphics 18.0.7
@AGDCPluginDisplayMetrics 6.5.7
>SMCMotionSensor 3.0.4d1
>pmtelemetry 1
|IOUserEthernet 1.0.1
>usb.!UUserHCI 1
>!AHV 1
>!ADiskImages2 126.100.13
>eficheck 1
>!AGFXHDA 140.3
>AGDCBacklightControl 6.5.7
>!AMuxControl 6.5.7
>!AEmbeddedOSSupportHost 1
>!AFIVRDriver 4.1.0
>!ABacklight 180.7
>ACPI_SMC_PlatformPlugin 1.0.0
>!A!IKBLGraphicsFramebuffer 18.0.7
>!AThunderboltIP 4.0.3
>!AMCCSControl 1.16
>!A!ISlowAdaptiveClocking 4.0.0
>!ATopCaseHIDEventDriver 5450.2
>!AFileSystemDriver 3.0.1
@filesystems.tmpfs 1
@filesystems.lifs 1
@filesystems.hfs.kext 583.100.10
@BootCache 40
@!AFSCompression.!AFSCompressionTypeZlib 1.0.0
@!AFSCompression.!AFSCompressionTypeDataless 1.0.0d1
@filesystems.apfs 1934.120.3
>AirPort.BrcmNIC 1400.1.1
@private.KextAudit 1.0
>!ASmartBatteryManager 161.0.0
>!AACPIButtons 6.1
>!ARTC 2.0.1
>!ASMBIOS 2.1
>!AACPIEC 6.1
>!AAPIC 1.7
@!ASystemPolicy 2.0.0
@nke.applicationfirewall 402
|IOKitRegistryCompatibility 1
|EndpointSecurity 1
@Dont_Steal_Mac_OS_X 7.0.0
@kec.!AEncryptedArchive 1
>driverkit.serial 6.0.0
@kext.triggers 1.0
@kext.AMDRadeonX4100HWLibs 1.0
@kext.AMDRadeonX4000HWServices 4.0.8
>usb.IOUSBHostHIDDevice 1.2
>!ASMBusPCI 1.0.14d1
@kext.AMDSupport 4.0.8
>DspFuncLib 340.2
@kext.OSvKernDSPLib 529
|IO!BSerialManager 9.0.0
|IO!BPacketLogger 9.0.0
|IO!BHost!CUSBTransport 9.0.0
|IO!BHost!CUARTTransport 9.0.0
|IO!BHost!CTransport 9.0.0
>IO!BHost!CPCIeTransport 9.0.0
|IOAVB!F 1040.6
@plugin.IOgPTPPlugin 1040.3
|IOEthernetAVB!C 1.1.0
|CSR!BHost!CUSBTransport 9.0.0
|Broadcom!BHost!CUSBTransport 9.0.0
|Broadcom!B20703USBTransport 9.0.0
>!AIPAppender 1.0
>!A!ILpssUARTv1 3.0.60
>!A!ILpssUARTCommon 3.0.60
>!AOnboardSerial 1.0
|IOSerial!F 11
>!AHDA!C 340.2
|IOHDA!F 340.2
|IOAudio!F 340.2
@vecLib.kext 1.2.0
>!AGraphicsControl 6.5.7
>!ABacklightExpert 1.1.0
|IONDRVSupport 597
>IOPlatformPluginLegacy 1.0.0
>X86PlatformPlugin 1.0.0
>IOPlatformPlugin!F 6.0.0d8
|IOAccelerator!F2 462.8
>!AThunderboltEDMSink 5.0.3
>!AThunderboltDPOutAdapter 8.5.1
>!ASMBus!C 1.0.18d1
@!AGPUWrangler 6.5.7
@!AGraphicsDeviceControl 6.5.7
|IOGraphics!F 597
|IOSlowAdaptiveClocking!F 1.0.0
>usb.cdc.ecm 5.0.0
>usb.cdc.ncm 5.0.0
>usb.!UiBridge 1.0
>usb.cdc 5.0.0
>usb.networking 5.0.0
>usb.!UHostCompositeDevice 1.2
>!AActuatorDriver 5450.3
>!AHIDKeyboard 228.2
>!AMultitouchDriver 5450.3
>!AInputDeviceSupport 5450.2
>!AHS!BDriver 5450.2
>IO!BHIDDriver 9.0.0
>!AHSSPIHIDDriver 63
>!AThunderboltDPInAdapter 8.5.1
>!AThunderboltDPAdapter!F 8.5.1
>!AThunderboltPCIDownAdapter 4.1.1
>!ABSDKextStarter 3
|IOSurface 302.14
@filesystems.hfs.encodings.kext 1
>!AXsanScheme 3
>!AThunderboltNHI 7.2.81
|IONVMe!F 2.1.0
>!AHSSPISupport 63
|IO80211!FLegacy 1200.12.2b1
|IOSkywalk!F 1.0
>mDNSOffloadUserClient 1.0.1b8
>corecapture 1.0.4
>!A!ILpssSpi!C 3.0.60
>!AHPM 3.4.4
|IOThunderbolt!F 9.3.3
>!A!ILpssI2C!C 3.0.60
>!A!ILpssDmac 3.0.60
>!A!ILpssI2C 3.0.60
>!A!ILpssGspi 3.0.60
>usb.!UXHCIPCI 1.2
>usb.!UXHCI 1.2
>usb.!UHostPacketFilter 1.0
|IOUSB!F 900.4.2
>!AEFINVRAM 2.1
>!AEFIRuntime 2.1
|IOSMBus!F 1.1
|IOHID!F 2.0.0
|IOTimeSync!F 1040.3
|IONetworking!F 3.4
>DiskImages 493.0.0
|IO!B!F 9.0.0
|IOReport!F 47
$quarantine 4
$sandbox 300.0
@kext.!AMatch 1.0.0d1
|CoreAnalytics!F 1
>!ASSE 1.0
>!AKeyStore 2
>!UTDM 533.120.2
|IOUSBMass!SDriver 210.120.3
|IOSCSIBlockCommandsDevice 456.100.7
|IO!S!F 2.1
|IOSCSIArchitectureModel!F 456.100.7
>!AMobileFileIntegrity 1.0.5
$!AImage4 4.2.0
@kext.CoreTrust 1
>!AFDEKeyStore 28.30
>!AEffaceable!S 1.0
>!ACredentialManager 1.0
>KernelRelayHost 1
|IOUSBHost!F 1.2
>!UHostMergeProperties 1.2
>usb.!UCommon 1.0
>!ABusPower!C 1.0
>!ASEPManager 1.0.1
>IOSlaveProcessor 1
>!AACPIPlatform 6.1
>!ASMC 3.1.9
|IOPCI!F 2.9
|IOACPI!F 1.4
>watchdog 1
@kec.pthread 1
@kec.Libm 1
@kec.corecrypto 12.0
I happen to have that KDK on my machine, so we can symbolicate your panic:
$ otool -l /Library/Developer/KDKs/KDK_12.4_21F5048e.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/DWARF/kernel | grep -A 3 LC_SEGMENT_64 | grep -A 1 __TEXT
segname __TEXT
vmaddr 0xffffff8000200000
$ lldb /Library/Developer/KDKs/KDK_12.4_21F5048e.kdk/System/Library/KernelS/kernel.dSYM/Contents/Resources/DWARF/kernel
(lldb) target create "/Library/Developer/KDKs/KDK_12.4_21F5048e.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/DWARF/kernel"
warning: 'kernel' contains a debug script. To run this script in this debug session:
command script import "/System/Volumes/Data/Library/Developer/KDKs/KDK_12.4_21F5048e.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/Python/kernel.py"
To run all discovered debug scripts in this session:
settings set target.load-script-from-symbol-file true
Current executable set to '/Library/Developer/KDKs/KDK_12.4_21F5048e.kdk/System/Library/KernelS/kernel.dSYM/Contents/Resources/DWARF/kernel' (x86_64).
(lldb) image lookup -a `0xffffff801c483efd - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff8000273efd] (kernel.__TEXT.__text + 401149)
Summary: kernel`handle_debugger_trap + 1053 [inlined] debugger_collect_diagnostics + 590 at debug.c:1206:30
kernel`handle_debugger_trap + 463 at debug.c:1422:3
(lldb) image lookup -a `0xffffff801c5e3186 - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff80003d3186] (kernel.__TEXT.__text + 1839494)
Summary: kernel`kdp_i386_trap + 278 [inlined] enable_preemption_internal at cpu_data.h:691:11
kernel`kdp_i386_trap + 278 at kdp_machdep.c:444:2
(lldb) image lookup -a `0xffffff801c5d255d - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff80003c255d] (kernel.__TEXT.__text + 1770845)
Summary: kernel`kernel_trap + 1309 at trap.c:780:7
(lldb) image lookup -a `0xffffff801c423a60 - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff8000213a60] (kernel.__TEXT.__text + 6752)
Summary: kernel`trap_from_kernel + 38
(lldb) image lookup -a `0xffffff801c4842cd - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff80002742cd] (kernel.__TEXT.__text + 402125)
Summary: kernel`DebuggerTrapWithState + 173 [inlined] get_current_percpu_base at cpu_data.h:447:21
kernel`DebuggerTrapWithState + 173 [inlined] current_percpu_base at mp.c:1982:9
kernel`DebuggerTrapWithState + 173 [inlined] current_debugger_state at debug.c:182:9
kernel`DebuggerTrapWithState + 173 at debug.c:666:8
(lldb) image lookup -a `0xffffff801c483a86 - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff8000273a86] (kernel.__TEXT.__text + 400006)
Summary: kernel`panic_trap_to_debugger + 694 at debug.c:1059:2
(lldb) image lookup -a `0xffffff801cd1580d - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff8000b0580d] (kernel.__TEXT.__text + 9385997)
Summary: kernel`panic + 132
(lldb) image lookup -a `0xffffff801c5d2943 - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff80003c2943] (kernel.__TEXT.__text + 1771843)
Summary: kernel`panic_trap + 499 at trap.c:838:13
(lldb) image lookup -a `0xffffff801c5d2632 - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff80003c2632] (kernel.__TEXT.__text + 1771058)
Summary: kernel`kernel_trap + 1522
(lldb) image lookup -a `0xffffff801c423a60 - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff8000213a60] (kernel.__TEXT.__text + 6752)
Summary: kernel`trap_from_kernel + 38
(lldb) image lookup -a `0xffffff801c8b53ce - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff80006a53ce] (kernel.__TEXT.__text + 4797390)
Summary: kernel`cfil_sock_close_wait + 1038 at content_filter.c:5293:26
(lldb) image lookup -a `0xffffff801cab870a - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff80008a870a] (kernel.__TEXT.__text + 6907658)
Summary: kernel`soclose_locked + 218 at uipc_socket.c:1288:3
(lldb) image lookup -a `0xffffff801cab92eb - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff80008a92eb] (kernel.__TEXT.__text + 6910699)
Summary: kernel`soclose + 171 at uipc_socket.c:1494:11
(lldb) image lookup -a `0xffffff801ca21f13 - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff8000811f13] (kernel.__TEXT.__text + 6291219)
Summary: kernel`fg_drop + 339 [inlined] fg_free at kern_descrip.c:187:2
kernel`fg_drop + 339 at kern_descrip.c:273:3
(lldb) image lookup -a `0xffffff801ca229b5 - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff80008129b5] (kernel.__TEXT.__text + 6293941)
Summary: kernel`fp_close_and_unlock + 1365 at kern_descrip.c:1712:2
(lldb) image lookup -a `0xffffff801cb8a72b - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff800097a72b] (kernel.__TEXT.__text + 7767851)
Summary: kernel`unix_syscall64 + 507 at systemcalls.c:394:10
(lldb) image lookup -a `0xffffff801c424226 - 0xffffff801c410000 + 0xffffff8000200000`
Address: kernel[0xffffff8000214226] (kernel.__TEXT.__text + 8742)
Summary: kernel`hndl_unix_scall64 + 22This line is the one that panicked:
Summary: kernel`cfil_sock_close_wait + 1038 at content_filter.c:5293:26
This appears to be the corresponding code: https://github.com/apple-oss-distributions/xnu/blob/e6231be02a03711ca404e5121a151b24afbff733/bsd/net/content_filter.c#L5490
It looks like so->so_cfil is NULL at this point, causing the panic. Do you have any VPN or content filtering software installed? If so, try turning that off and trying again.
This is definitely a bug in the kernel, not one in unxip or even probably AirPlayXPCHelper. As such, I would strongly recommend filing a feedback with your steps to reproduce, including your coredump(s) and a list of your content filtering software, and probably a link to this bug as well. I'm definitely curious about what's going on here, and if I can mitigate it on my side while Apple fixes it, so you're free to send the coredumps over to me as well if you're comfortable doing so. But the best I can do for your kernel is perhaps find some more details about why the crash occurred, rather than being able to fix the underlying issue.
Thank you for teaching me how to symbolicate panics!
I have Little Snitch installed — disabling it with systemextensionsctl has ‘solved’ the problem! Their release notes for the nightly builds mention
Little Snitch 5.4 nightly (6250)
This version attempts to work around a bug in macOS 12.4 beta 1 which can cause a kernel panic when browsing the web with certain non-WebKit browsers like Firefox or Chrome. It’s triggered when a network packet is denied in a situation where the connection was already closed.
Our workaround helps to prevent most but not all of these panics. For a comprehensive solution the underlying bug in macOS must be fixed by Apple. We are confident that this issue will be resolved in one of the next macOS 12.4 betas.
I only had Safari open and I'm running this 5.4 (6250) but it seems like it's the same issue, and sounds like Apple are aware of it.
Thanks so much for your help and glad to hear it wasn't unxip, even if it did somehow make it reproducible.
Cool, I'm going to close this for now. Feel free to provide updates or ask to have it reopened if appropriate :)