On Sat, 10 May 2025, Warner Losh wrote:
Yes. usb is hanky in its newbus integration and always has been.
How did you get this to happen? I know that it can happen in some weird
error scenarios (that I've not been able to reproduce), but just removing the
device is orderly enough...
But it looks like jhb's cleanup may have opened the issue back up, since
usb_detatch_device shouldn't find anything still attached. I'm guessing that
there are devices that are children of this node that are attached and also
somehow devices of the interface?
So interesting crash, but without a lot more data about the usb configuration
and what device is being detached, I can't help you.
Was a blind dump reboot on a ddb> prompt I didn't see.
As said I moved the XHCI between bhyve passthru and the base system or
the other direction. Seems xhci -> ppt.
Unread portion of the kernel message buffer:
ugen0.2: <Generic EMV Smartcard Reader> at usbus0 (disconnected)
ugen0.3: <vendor 0x8087 product 0x0032> at usbus0 (disconnected)
ugen0.4: <Chicony Electronics Co.,Ltd. Integrated Camera> at usbus0
(disconnected)
ugen0.5: <vendor 0x06cb product 0x009a> at usbus0 (disconnected)
ugen0.6: <Generic USB3.0-CRW> at usbus0 (disconnected)
umass0: at uhub1, port 15, addr 5 (disconnected)
da0 at umass-sim0 bus 0 scbus1 target 0 lun 0
da0: <Generic- SD/MMC 1.00> s/n 20120501030900000 detached
pass1 at umass-sim0 bus 0 scbus1 target 0 lun 0
pass1: <Generic- SD/MMC 1.00> s/n 20120501030900000 detached
(pass1:umass-sim0:0:0:0): Periph destroyed
(da0:umass-sim0:0:0:0): Periph destroyed
umass0: detached
uhub1: detached
ugen0.1: <Intel XHCI root HUB> at usbus0 (disconnected)
If I manually check the bt (the source tree has changed):
#14 devclass_get_name (dc=0x7373616c63627573) at sys/kern/subr_bus.c:976
#15 device_get_name (dev=0xfffff8000158e700) at sys/kern/subr_bus.c:1908
#16 device_printf (dev=dev@entry=0xfffff8000158e700, fmt=0xffffffff81231211 "at %s,
port %d, addr %d (disconnected)\n") at sys/kern/subr_bus.c:1998
(kgdb) p (*(devclass_t) 0x7373616c63627573)
Cannot access memory at address 0x7373616c63627573
(kgdb) p (*(device_t) 0xfffff8000158e700)
$3 = {ops = 0x6567753d6e656775, link = {tqe_next = 0x65646320312e306e, tqe_prev =
0x2e306e6567753d76}, devlink = {tqe_next = 0x726f646e65762031, tqe_prev =
0x203030303078303d}, parent = 0x3d746375646f7270, children = {tqh_first =
0x6420303030307830, tqh_last = 0x3d7373616c637665}, driver = 0x7665642039307830, devclass =
0x7373616c63627573, unit = 813183037, nameunit = 0x2022223d6d756e72 <error: Cannot
access memory at address 0x2022223d6d756e72>, desc = 0x3d657361656c6572 <error:
Cannot access memory at address 0x3d657361656c6572>, busy = 825260080, state =
1830826032, devflags = 1030055023, flags = 1953722216, order = 1953392928, ivars =
0x646e6520303d6563, softc = 0x313d73746e696f70, props = { lh_first = 0x73616c63746e6920},
sysctl_ctx = {tqh_first = 0x6920393078303d73, tqh_last = 0x616c63627573746e}, sysctl_tree =
0x20303078303d7373}
#17 0xffffffff8094ac63 in usb_detach_device_sub (udev=0xfffff800018b7000,
ppdev=0xfffff80001595588, ppnpinfo=0xfffff800015955b8, flag=<optimized out>)
(kgdb) p *(struct usb_device *)0xfffff800018b7000
$6 =
..
0x0 <repeats 126 times>}, ugen_symlink = 0x0, ctrl_dev = 0xfffff8000189af40, pd_list =
{slh_first = 0xfffff80001581180}, ugen_name = "ugen0.1", '\000' <repeats 12 times>,
plugtime = 2146883647, state = USB_STATE_DETACHED, speed = USB_SPEED_SUPER, refcount = 1, power = 0, langid = 1, autoQuirk = {0, 0, 0, 0, 0, 0, 0, 0}, address = 1 '\001',
..
0}, bufsize = 0, bufsize_max = 0, hc_max_frame_size = 0,
hc_max_packet_size = 0, hc_max_packet_count = 0 '\000', speed =
USB_SPEED_VARIABLE, dma_tag_max = 0 '\000',
err = USB_ERR_NORMAL_COMPLETION}}}, data = "Intel XHCI root HUB, class 9/0, rev
3.00/1.00, addr 1", '\000' <repeats 201 times>}}
(kgdb) p/x *(device_t *)0xfffff80001595588
$7 = 0x0
(kgdb) p *(char *)0xfffff800015955b8
$8 = 0 '\000'
#20 0xffffffff8094d24c in usb_free_device (udev=udev@entry=0xfffff800018b7000, flag=<optimized out>)
(kgdb) p/x *(struct usb_device *)0xfffff800018b7000
$1 = ..
(kgdb) p/x *$1->parent_dev
$2 = {ops = 0xfffff800016e4000, link = {tqe_next = 0x0, tqe_prev =
0xfffff80001b63b30}, devlink = {tqe_next = 0xfffff80001b64200, tqe_prev =
0xfffff80001b64c18}, parent = 0xfffff80001b63b00, children = {tqh_first = 0x0,
tqh_last = 0xfffff80001b64a30}, driver = 0xffffffff818952b8, devclass =
0xfffff8000170d680, unit = 0x0, nameunit = 0xfffff80001b87f30, desc = 0x0, busy
= 0x0, state = 0x1e, devflags = 0x0, flags = 0x407, order = 0x0, ivars =
0xfffffe01051e0428, softc = 0x0, props = {lh_first = 0x0}, sysctl_ctx =
{tqh_first = 0xfffff800018ac3a0, tqh_last = 0xfffff800018ac4c8}, sysctl_tree =
0xfffff80001b7f900}
(kgdb) p (char *)$2->nameunit
$6 = 0xfffff80001b87f30 "usbus0"
(kgdb) p *(char *)$2->devclass
$7 = 0 '\000'
(kgdb) p/x *(device_t)$2->parent
$8 = {ops = 0xfffff800016e3000, link = {tqe_next = 0xfffff80001b63a00, tqe_prev
= 0xfffff80001b63c08}, devlink = {tqe_next = 0xfffff80001b63a00, tqe_prev =
0xfffff80001b63c18}, parent = 0xfffff80001b62100, children = {tqh_first =
0xfffff80001b64a00, tqh_last = 0xfffff80001b64a08}, driver =
0xffffffff81894d08, devclass = 0xfffff8000170d700, unit = 0x0, nameunit =
0xfffff80001b49140, desc = 0xffffffff81246094, busy = 0x0, state = 0x1e,
devflags = 0x0, flags = 0x405, order = 0x0, ivars = 0xfffff80001b6f780, softc =
0xfffffe010505c000, props = {lh_first = 0x0}, sysctl_ctx = {tqh_first =
0xfffff800030a1880, tqh_last = 0xfffff800018ac668}, sysctl_tree =
0xfffff80001b50080}
(kgdb) p (char *)$8->nameunit
$10 = 0xfffff80001b49140 "xhci0"
Warner
On Sat, May 10, 2025 at 1:36 PM Bjoern A. Zeeb
<bzeeb-li...@lists.zabbadoz.net> wrote:
Hi,
hit this twice when switching an XHCI from ppt0 back to xhci (or vice
versa ?) on a previous kernel (sorry I hit 4 other panics and I don't
have more details anymore). That kernel may have been 3-4 weeks old,
so may be fixed by now?
Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer = 0x20:0xffffffff80b8d519
stack pointer = 0x28:0xfffffe01047d4c80
frame pointer = 0x28:0xfffffe01047d4dc0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 15 (usbus0)
rdi: fffffe01047d4c88 rsi: ffffffff80ba9460 rdx: fffffe01047d4d18
rcx: 0000000000200000 r8: 0000000000000001 r9: 8080808080808080
rax: 7373616c63627573 rbx: ffffffff81231211 rbp: fffffe01047d4dc0
r10: fffff8000159d110 r11: ffffcfd1ced1cfd0 r12: fffff80001595580
r13: 0000000000000000 r14: fffff8000158e700 r15: fffffe01047d4c88
trap number = 9
panic: general protection fault
cpuid = 0
time = 1746609904
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe01047d4a00
vpanic() at vpanic+0x136/frame 0xfffffe01047d4b30
panic() at panic+0x43/frame 0xfffffe01047d4b90
trap_fatal() at trap_fatal+0x68/frame 0xfffffe01047d4bb0
calltrap() at calltrap+0x8/frame 0xfffffe01047d4bb0
--- trap 0x9, rip = 0xffffffff80b8d519, rsp = 0xfffffe01047d4c80, rbp =
0xfffffe01047d4dc0 ---
device_printf() at device_printf+0x89/frame 0xfffffe01047d4dc0
usb_detach_device() at usb_detach_device+0xd3/frame 0xfffffe01047d4e00
usb_unconfigure() at usb_unconfigure+0x83/frame 0xfffffe01047d4e40
usb_free_device() at usb_free_device+0x15c/frame 0xfffffe01047d4e80
usb_bus_detach() at usb_bus_detach+0x6e/frame 0xfffffe01047d4eb0
usb_process() at usb_process+0xc5/frame 0xfffffe01047d4ef0
fork_exit() at fork_exit+0x7b/frame 0xfffffe01047d4f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe01047d4f30
--- trap 0x3a8d224b, rip = 0x91722c9d5743a0fe, rsp = 0xc95674b90f67f8da, rbp =
0x84eb42daceb9d67e ---
KDB: enter: panic
--
Bjoern A. Zeeb r15:7
--
Bjoern A. Zeeb r15:7
