From owner-freebsd-hackers@freebsd.org Wed Dec 30 17:06:49 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 42A6C4C8C77 for ; Wed, 30 Dec 2020 17:06:49 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D5d483kpjz3tnT for ; Wed, 30 Dec 2020 17:06:48 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-qt1-x834.google.com with SMTP id g24so11285045qtq.12 for ; Wed, 30 Dec 2020 09:06:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=o9TUslfEN26IIArPPIrerW3rOMj2LrJPdkNqiNtTP/w=; b=q2lwYJk+ZKPmrl30JtK1MAvz+GbvoYkjfQN41JQjovnaSeJaV/xpgXiXgC+IRv/HIU Sbe39OPrCJ5+bHezo2MeyLGu/cRkKE+b1ZUwfaaS7qArh/orNL5qorStlZpBHh9e+thl Ypiird/Zg+ubQdLUpO1Uxff8yWnkMXtCTJCq39UgE5IGCnjGw1lNq3gpNi7Ahj73Wp6L j1c/OHo2osXeEg0gDSQ7pv1KGxicUReihtbEs0zipVWqVtli8PR4JSzDkKV24yE/F3Ag fIsjbFh65ct/nc15tCLbNLc2HmIzB8bwHp3mHZayTXqagjYr1qFC7IROtBMGmjOhfa29 Uv/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to; bh=o9TUslfEN26IIArPPIrerW3rOMj2LrJPdkNqiNtTP/w=; b=N+JtMKbvtTJBqk7ZEd8EGcR0M5F3yswAVWwTMkL52ii7BWFh1W+9J1m+1jwiE9S6db 2GQk1rzJ4Dvv9rU2lDlAvjDpfja/Hk6qsYgboK/WArYPkLNOtXOLyDRPUcEj+BHnOUGV 6jbtphrFqA1p0QaqNUrGurunV8lKy6WbxLiVgQyqlAV9eiZntH20hgbPP6Sgnbzmap3/ dWVg7Bh7zX386DyWwvoC6p3o8lYb1IbrDe3ByjTtwGOXagcdKTUouKiEUqr+sLFuc2VW 7w2k8k828y2sP33CYl4pho6nlcQa2C3GovrKDpKnOP+iM0nH7j2zrM4p7eANfYb9j4Bi YHPg== X-Gm-Message-State: AOAM533Akeu/9DrCbdkGTGE4lLAk8GEIN5LcnNA7RSEF7pJfs5hKXDCH LwGnCnGbNjHpldt0oto81/cnFyNMx63FMw== X-Google-Smtp-Source: ABdhPJxh/PUdN6WdxdOnIIf2xLj18cdmBug5jkjv2T3ai7PGhP4rWOfqL5UaSSUKX8iQ0BBKwABZBQ== X-Received: by 2002:ac8:6703:: with SMTP id e3mr53534924qtp.344.1609348007519; Wed, 30 Dec 2020 09:06:47 -0800 (PST) Received: from raichu ([142.126.164.150]) by smtp.gmail.com with ESMTPSA id n4sm28652336qtl.22.2020.12.30.09.06.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Dec 2020 09:06:46 -0800 (PST) Sender: Mark Johnston Date: Wed, 30 Dec 2020 12:06:44 -0500 From: Mark Johnston To: Neel Chauhan Cc: freebsd-hackers@freebsd.org Subject: Re: Debugging a WIP PCI/ACPI patch: Bad tailq NEXT(0xffffffff81cde660->tqh_last) != NULL Message-ID: References: <44528336fa9168966d121bf771e1e229@neelc.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44528336fa9168966d121bf771e1e229@neelc.org> X-Rspamd-Queue-Id: 4D5d483kpjz3tnT X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=q2lwYJk+; dmarc=none; spf=pass (mx1.freebsd.org: domain of markjdb@gmail.com designates 2607:f8b0:4864:20::834 as permitted sender) smtp.mailfrom=markjdb@gmail.com X-Spamd-Result: default: False [-2.69 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; SUBJECT_HAS_EXCLAIM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.99)[-0.991]; FORGED_SENDER(0.30)[markj@freebsd.org,markjdb@gmail.com]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::834:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[markj@freebsd.org,markjdb@gmail.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::834:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::834:from]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2020 17:06:49 -0000 On Wed, Dec 30, 2020 at 08:43:17AM -0800, Neel Chauhan wrote: > Hi all, > > I'm writing a patch to support the VMD subsystem in Intel TigerLake > systems such as the HP Spectre x360 13t-aw200. VMD is needed for NVMe > here. > > The patch is as follows > > --- a/sys/dev/vmd/vmd.c > +++ b/sys/dev/vmd/vmd.c > @@ -66,13 +66,20 @@ struct vmd_type { > #define INTEL_VENDOR_ID 0x8086 > #define INTEL_DEVICE_ID_VMD 0x201d > #define INTEL_DEVICE_ID_VMD2 0x28c0 > +#define INTEL_DEVICE_ID_VMD3 0x9a0b > > static struct vmd_type vmd_devs[] = { > { INTEL_VENDOR_ID, INTEL_DEVICE_ID_VMD, "Intel Volume > Management Device" }, > { INTEL_VENDOR_ID, INTEL_DEVICE_ID_VMD2, "Intel Volume > Management Device" }, > + { INTEL_VENDOR_ID, INTEL_DEVICE_ID_VMD3, "Intel Volume > Management Device" }, > { 0, 0, NULL } > > However, when I use the patch, I get a kernel panic related to PCI: > https://imgur.com/a/XUQksOi (sorry for the image) > > It gives me the Bad tailq NEXT(0xffffffff81cde660->tqh_last) != NULL > error. > > Could you please help me figure out why it's panicking? Based on the backtrace, we are panicking in rman_init() because the global rman_head list is corrupted (the panic message is basically stating that the next element of the last element of the list is not NULL). This suggests that the item was freed without removing it from the list, i.e., an rman_fini() call is missing. vmd_attach() creates a resource container with rman_init(). If vmd_attach() fails for some reason, it calls vmd_free(), which is supposed to roll back anything done by vmd_attach(). Note that if attach is successful, the driver subsystem may later call vmd_detach() to deinitialize the driver, and vmd_detach() does a bit of extra work in addition to calling vmd_free()...