From nobody Wed Dec 01 11:39:17 2021 X-Original-To: freebsd-arm@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A80A618BD2D8 for ; Wed, 1 Dec 2021 11:39:49 +0000 (UTC) (envelope-from andrew@fubar.geek.nz) Received: from fry.fubar.geek.nz (fry.fubar.geek.nz [139.59.165.16]) by mx1.freebsd.org (Postfix) with ESMTP id 4J3xvn3nDcz3Br5 for ; Wed, 1 Dec 2021 11:39:49 +0000 (UTC) (envelope-from andrew@fubar.geek.nz) Received: from [192.168.42.21] (cpc91232-cmbg18-2-0-cust554.5-4.cable.virginm.net [82.2.126.43]) by fry.fubar.geek.nz (Postfix) with ESMTPSA id E662D4E663; Wed, 1 Dec 2021 11:39:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fubar.geek.nz; s=mail; t=1638358759; bh=aThAiU0T7+uXNKqmJvh51lEsNQRbPqMHqy0CwDcHzDM=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=s0YqVTAWGizuXtDj/P/FFcvAjjETe2isQkRYixqKjdYdLMxSN88LtfAZ/7KWaEsr6 mAKFlVpkzt6QQMQKAZqfojX/JhPVNcslK37jdLQe5dwWuuvDXmqCf+jNcDhM+GTDBe HaloZGf5Oh8bxKm+XDl2Mhc+V/GgSdYLsdytd0LeIZ8jpXjOOvNiBP3jbKPA06wF8/ OwVw3g4hqJca+Mf8CuHciRIX2svpOnHmYnlNbhrISUh5xEnZ7XLbjYfmbXKSLuuUrU WUi8JMKXAzGCvgyoSelGSeIfeYjp+qLXjQl5TBUNoso1wgfmAcWOxhqNentLPOM5Te 31F3k0xRy/7csTpXpSxtYCN+j5hNxw54onRLcvhSsHKlER8g/LPp2VM249NOfTg0g8 Grk1lgYVRO4cYAWkkJ5gotwKugYlQkO7pmKoPgdmomnoPY72C5Y7vF4WL43h2huBqh EwhOwhH5IGqPwtYz7birPbDIX8ZMJLtXnS9drbN6L+m+3bivttW9zvf57HEBMUeAEW bwf0HFJhJtCp+QP+TlEJH+OtVtIVu1hjgz73Jcdh22nTCunzMQpBYpYxkBmHPxvtZ5 deuyRVXOUQijabGuYcFnn6iDPzjg2r3JVrSnDfZxRpsvrFA1c+M9Wzz38MhZXQpz+b 7U8GjNvhTWPJitfYzb6owbt8= Content-Type: text/plain; charset=utf-8 List-Id: Porting FreeBSD to ARM processors List-Archive: https://lists.freebsd.org/archives/freebsd-arm List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arm@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\)) Subject: Re: 14-CURRENT Kernel Panic due to USB hub? From: Andrew Turner In-Reply-To: Date: Wed, 1 Dec 2021 11:39:17 +0000 Cc: freebsd-arm@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <2b555ef9-12fe-6214-79a0-cebce1933771@selasky.org> <5bfb1865-8033-0da6-27e4-3c25fb067cee@morante.net> <6F2AD5E1-5AB1-4D08-97F4-84E2905D592B@fubar.geek.nz> <45534c79-311b-d1df-c412-5bd782678cfb@selasky.org> <78ed0a6e-2ef0-46a4-f494-8eeef326d15e@selasky.org> <3E44BF3B-9181-480E-8D40-09B66203ADB6@fubar.geek.nz> To: Hans Petter Selasky X-Mailer: Apple Mail (2.3445.104.21) X-Rspamd-Queue-Id: 4J3xvn3nDcz3Br5 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N > On 30 Nov 2021, at 21:37, Hans Petter Selasky wrote: >=20 > On 11/30/21 18:21, Andrew Turner wrote: >>> On 30 Nov 2021, at 14:34, Hans Petter Selasky = wrote: >>>=20 >>> On 11/30/21 15:16, Andrew Turner wrote: >>>>> On 30 Nov 2021, at 12:35, Hans Petter Selasky = wrote: >>>>>=20 >>>>> On 11/30/21 13:22, Andrew Turner wrote: >>>>>> I bisected the detached messages back to 601ee53858f6 [1]. If I = revert this change I no longer see this on the console. >>>>>> I am also unable to reproduce the panic with this change = reverted. As the panic can be difficult to reproduce I am unsure if = reverting this change is enough to fix it, or if it=E2=80=99s just = making it less likely to be triggered. >>>>>> Andrew >>>>>> [1] https://cgit.freebsd.org/src/commit/?id=3D601ee53858f6 >>>>>=20 >>>>> Hi, >>>>>=20 >>>>> Could you verify that you are not running out of kernel stack? >>>> I can still trigger it after doubling the kernel stack size. >>>>>=20 >>>>> May this be due to some code in the .text segment which is not = properly aligned? >>>> I would expect to have seen the issue on other HW. The issue looks = more like it=E2=80=99s memory corruption. >>>>>=20 >>>>> If you compile and load USB as modules, does the panic go away? >>>> I am unable to trigger it after removing xhci from the kernel, and = did get a panic after loading the xhci module. >>>> The xhci controller is one that originated in Broadcom. Linux has a = quirk for it to work around an erratum where attaching a USB 1 device = followed by a USB 2 device the linker the latter will come up as USB 1. = They reset the phy when anything less than USB 3 on a disconnect event. >>>=20 >>> And there is no BIOS / UEFI code still running on that XHCI = controller? >> I would expect the UEFI code to not be accessing the XHCI controller = after exiting the loader. >> Andrew >=20 > Hi, >=20 > Could you try to kldload xhci instead of building it into the kernel = config? Maybe you get a different kind of panic that way. I have. I=E2=80=99m hitting the KASSERT at [1]. Looking at the memory = around td->td_pcb->pcb_fpflags makes me think the memory has been = trashed as there are bits set that could never be so in the flags = fields, and kernel pointer values that point to user memory. Andrew [1] = https://cgit.freebsd.org/src/tree/sys/arm64/arm64/trap.c?id=3D6e9309bd3b04= 501b69593900a14e01114c7f2404#n627