[Bug 285853] hv_hid: kernel built with -O0 panics in hv_hid_probe()
Date: Wed, 02 Apr 2025 16:23:09 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285853
Bug ID: 285853
Summary: hv_hid: kernel built with -O0 panics in hv_hid_probe()
Product: Base System
Version: 15.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: lexi@hemlock.eden.le-fay.org
- FreeBSD 15.0 fe9278888fd4414abe2d922e469cf608005f4c65
- Hyper-V client, Windows 11 10.0.26100
using this kernel config:
% cat GENERIC.NOOPT
include GENERIC
ident "GENERIC.NOOPT"
makeoptions COPTFLAGS="-O0 -fno-strict-aliasing"
options KSTACK_PAGES=20
%
the system panics on boot in hv_hid_probe() with the stack trace shown below.
note that 0xffffffff83d11000 (the IP) is the first instruction in hv_hid_probe:
(kgdb) disass hv_hid_probe
Dump of assembler code for function hv_hid_probe:
0xffffffff83d11000 <+0>: add %al,(%rax)
0xffffffff83d11002 <+2>: add %al,(%rax)
0xffffffff83d11004 <+4>: add %al,(%rax)
0xffffffff83d11006 <+6>: add %al,(%rax)
0xffffffff83d11008 <+8>: add %al,(%rax)
0xffffffff83d1100a <+10>: add %al,(%rax)
0xffffffff83d1100c <+12>: add %al,(%rax)
0xffffffff83d1100e <+14>: (bad)
0xffffffff83d1100f <+15>: loopne 0xffffffff83d11038 <hv_hid_probe+56>
i'm not entirely convinced this is specific to hv_hid, since not loading hv_hid
causes a later panic in epair.
panic message:
Trying to mount root from zfs:zroot/ROOT/default []...
WARNING: WITNESS option enabled, expect reduced performance.
<118>Setting hostuuid: 16820fb7-4c79-4ea6-a817-29da42b640ec.
<118>Setting hostid: 0x5b730d29.
<118>no pools available to import
<118>Starting file system checks:
<118>/dev/gpt/efiboot0: FILESYSTEM CLEAN; SKIPPING CHECKS
<118>Mounting local filesystems:.
<118>Autoloading module: hv_hid
Fatal trap 12: page fault while in kernel mode
cpuid = 11; apic id = 0b
fault virtual address = 0xffffffff83d11000
fault code = supervisor write data, protection violation
instruction pointer = 0x20:0xffffffff83d11000
stack pointer = 0x28:0xfffffe0092594758
frame pointer = 0x28:0xfffffe0092594790
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 130 (devctl)
rdi: fffff8000197b300 rsi: ffffffff820d9720 rdx: ffffffff820d9720
rcx: ffffffff83d121b0 r8: fefefefefefefeff r9: 8080808080808080
rax: ffffffff83d11000 rbx: 000019e97c87cf20 rbp: fffffe0092594790
r10: ffffffff83d1210b r11: 97ff8c8a9d9289ff r12: 000019e159353c78
r13: 000019e159353c90 r14: 0000000000000001 r15: 000019e97a0c2e57
trap number = 12
panic: page fault
cpuid = 11
time = 1743610017
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x28/frame 0xfffffe0092594110
kdb_backtrace() at kdb_backtrace+0x3e/frame 0xfffffe00925941c0
vpanic() at vpanic+0x21b/frame 0xfffffe0092594300
panic() at panic+0x4e/frame 0xfffffe0092594360
trap_fatal() at trap_fatal+0x83/frame 0xfffffe0092594390
trap_pfault() at trap_pfault+0x5c6/frame 0xfffffe0092594470
trap() at trap+0x69e/frame 0xfffffe0092594660
trap_check() at trap_check+0x3d/frame 0xfffffe0092594680
calltrap() at calltrap+0x8/frame 0xfffffe0092594680
--- trap 0xc, rip = 0xffffffff83d11000, rsp = 0xfffffe0092594758, rbp =
0xfffffe0092594790 ---
hv_hid_probe() at hv_hid_probe/frame 0xfffffe0092594790
device_probe_child() at device_probe_child+0x179/frame 0xfffffe00925947f0
device_probe() at device_probe+0x81/frame 0xfffffe0092594820
device_probe_and_attach() at device_probe_and_attach+0x1a/frame
0xfffffe0092594850
bus_generic_driver_added() at bus_generic_driver_added+0x43/frame
0xfffffe0092594880
BUS_DRIVER_ADDED() at BUS_DRIVER_ADDED+0x89/frame 0xfffffe00925948c0
devclass_driver_added() at devclass_driver_added+0x69/frame 0xfffffe00925948f0
device_do_deferred_actions() at device_do_deferred_actions+0x4c/frame
0xfffffe0092594910
devctl2_ioctl() at devctl2_ioctl+0x943/frame 0xfffffe0092594a70
devfs_ioctl() at devfs_ioctl+0x17d/frame 0xfffffe0092594b10
VOP_IOCTL_APV() at VOP_IOCTL_APV+0xfd/frame 0xfffffe0092594b40
VOP_IOCTL() at VOP_IOCTL+0x66/frame 0xfffffe0092594bc0
vn_ioctl() at vn_ioctl+0x191/frame 0xfffffe0092594c30
devfs_ioctl_f() at devfs_ioctl_f+0x57/frame 0xfffffe0092594c80
fo_ioctl() at fo_ioctl+0x3e/frame 0xfffffe0092594cc0
kern_ioctl() at kern_ioctl+0x28f/frame 0xfffffe0092594d30
sys_ioctl() at sys_ioctl+0x26b/frame 0xfffffe0092594e20
syscallenter() at syscallenter+0x5b8/frame 0xfffffe0092594e80
amd64_syscall() at amd64_syscall+0x5e/frame 0xfffffe0092594f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0092594f30
--- syscall (54, FreeBSD ELF64, ioctl), rip = 0x19e97d35dbfa, rsp =
0x19e97a0c29e8, rbp = 0x19e97a0c2aa0 ---
KDB: enter: panic
Reading symbols from /boot/kernel/filemon.ko...
Reading symbols from /usr/lib/debug//boot/kernel/filemon.ko.debug...
Reading symbols from /boot/kernel/zfs.ko...
Reading symbols from /usr/lib/debug//boot/kernel/zfs.ko.debug...
Reading symbols from /boot/kernel/hv_hid.ko...
Reading symbols from /usr/lib/debug//boot/kernel/hv_hid.ko.debug...
Reading symbols from /boot/kernel/hms.ko...
Reading symbols from /usr/lib/debug//boot/kernel/hms.ko.debug...
Reading symbols from /boot/kernel/hidmap.ko...
Reading symbols from /usr/lib/debug//boot/kernel/hidmap.ko.debug...
0xffffffff80f3d090 in doadump (textdump=0) at ../../../kern/kern_shutdown.c:404
404 dump_savectx();
(kgdb) where
#0 0xffffffff80f3d090 in doadump (textdump=0) at
../../../kern/kern_shutdown.c:404
#1 0xffffffff805cf610 in db_dump (dummy=-2131056059, dummy2=false, dummy3=-1,
dummy4=0xfffffe0092593c30 "") at ../../../ddb/db_command.c:596
#2 0xffffffff805cf416 in db_command (last_cmdp=0xffffffff82206590
<db_last_command>, cmd_table=0x0, dopager=true) at
../../../ddb/db_command.c:508
#3 0xffffffff805cf021 in db_command_loop () at ../../../ddb/db_command.c:555
#4 0xffffffff805d3921 in db_trap (type=3, code=0) at
../../../ddb/db_main.c:267
#5 0xffffffff80fab1c0 in kdb_trap (type=3, code=0, tf=0xfffffe00925940e0) at
../../../kern/subr_kdb.c:790
#6 0xffffffff816cace5 in trap (frame=0xfffffe00925940e0) at
../../../amd64/amd64/trap.c:608
#7 0xffffffff816cbded in trap_check (frame=0xfffffe00925940e0) at
../../../amd64/amd64/trap.c:660
#8 <signal handler called>
#9 breakpoint () at /home/ivy/src/bsd/bridge-1q/sys/amd64/include/cpufunc.h:62
#10 0xffffffff80faa724 in kdb_enter (why=0xffffffff818ebe8a "panic",
msg=0xffffffff818ebe8a "panic") at ../../../kern/subr_kdb.c:555
#11 0xffffffff80f3d715 in vpanic (fmt=0xffffffff8189d258 "%s",
ap=0xfffffe0092594340) at ../../../kern/kern_shutdown.c:966
#12 0xffffffff80f3d22e in panic (fmt=0xffffffff8189d258 "%s") at
../../../kern/kern_shutdown.c:892
#13 0xffffffff816cb193 in trap_fatal (frame=0xfffffe0092594690,
eva=18446744071626100736) at ../../../amd64/amd64/trap.c:960
#14 0xffffffff816cb7e6 in trap_pfault (frame=0xfffffe0092594690,
usermode=false, signo=0x0, ucode=0x0) at ../../../amd64/amd64/trap.c:869
#15 0xffffffff816ca97e in trap (frame=0xfffffe0092594690) at
../../../amd64/amd64/trap.c:442
#16 0xffffffff816cbded in trap_check (frame=0xfffffe0092594690) at
../../../amd64/amd64/trap.c:660
#17 <signal handler called>
#18 hv_hid_probe (dev=0xfffff8000197b300) at
/home/ivy/src/bsd/bridge-1q/sys/dev/hyperv/input/hv_hid.c:384
#19 0xffffffff80f8f1e1 in DEVICE_PROBE (dev=0xfffff8000197b300) at
./device_if.h:115
#20 0xffffffff80f8ecd9 in device_probe_child (dev=0xfffff80001914100,
child=0xfffff8000197b300) at ../../../kern/subr_bus.c:1723
#21 0xffffffff80f90291 in device_probe (dev=0xfffff8000197b300) at
../../../kern/subr_bus.c:2524
#22 0xffffffff80f904ca in device_probe_and_attach (dev=0xfffff8000197b300) at
../../../kern/subr_bus.c:2546
#23 0xffffffff80f93303 in bus_generic_driver_added (dev=0xfffff80001914100,
driver=0xffffffff83d13120 <hv_hid_driver>) at ../../../kern/subr_bus.c:3870
#24 0xffffffff80f97619 in BUS_DRIVER_ADDED (_dev=0xfffff80001914100,
_driver=0xffffffff83d13120 <hv_hid_driver>) at ./bus_if.h:210
#25 0xffffffff80f8d219 in devclass_driver_added (dc=0xfffff80001751600,
driver=0xffffffff83d13120 <hv_hid_driver>) at ../../../kern/subr_bus.c:661
#26 0xffffffff80f9908c in device_do_deferred_actions () at
../../../kern/subr_bus.c:5688
#27 0xffffffff80f98b53 in devctl2_ioctl (cdev=0xfffff8000151dc00,
cmd=2157462540, data=0xfffff8000db44c00 "", fflag=1, td=0xfffff8000e3c3740) at
../../../kern/subr_bus.c:5974
#28 0xffffffff80d287cd in devfs_ioctl (ap=0xfffffe0092594b58) at
../../../fs/devfs/devfs_vnops.c:950
#29 0xffffffff817e98ed in VOP_IOCTL_APV (vop=0xffffffff820c6898
<devfs_specops>, a=0xfffffe0092594b58) at vnode_if.c:1229
#30 0xffffffff810c3706 in VOP_IOCTL (vp=0xfffff8001194fdc0, command=2157462540,
data=0xfffff8000db44c00, fflag=1, cred=0xfffff8000da6ac00,
td=0xfffff8000e3c3740) at ./vnode_if.h:637
#31 0xffffffff810bb351 in vn_ioctl (fp=0xfffff8000e32f690, com=2157462540,
data=0xfffff8000db44c00, active_cred=0xfffff8000da6ac00, td=0xfffff8000e3c3740)
at ../../../kern/vfs_vnops.c:1768
#32 0xffffffff80d28e47 in devfs_ioctl_f (fp=0xfffff8000e32f690, com=2157462540,
data=0xfffff8000db44c00, cred=0xfffff8000da6ac00, td=0xfffff8000e3c3740)
at ../../../fs/devfs/devfs_vnops.c:881
#33 0xffffffff80feae4e in fo_ioctl (fp=0xfffff8000e32f690, com=2157462540,
data=0xfffff8000db44c00, active_cred=0xfffff8000da6ac00, td=0xfffff8000e3c3740)
at ../../../sys/file.h:375
#34 0xffffffff80feac4f in kern_ioctl (td=0xfffff8000e3c3740, fd=3,
com=2157462540, data=0xfffff8000db44c00 "") at ../../../kern/sys_generic.c:806
#35 0xffffffff80fea91b in sys_ioctl (td=0xfffff8000e3c3740,
uap=0xfffff8000e3c3b40) at ../../../kern/sys_generic.c:714
#36 0xffffffff816cce08 in syscallenter (td=0xfffff8000e3c3740) at
../../../amd64/amd64/../../kern/subr_syscall.c:191
#37 0xffffffff816cc5ce in amd64_syscall (td=0xfffff8000e3c3740, traced=0) at
../../../amd64/amd64/trap.c:1201
#38 <signal handler called>
#39 0x000019e97d35dbfa in ?? ()
Backtrace stopped: Cannot access memory at address 0x19e97a0c29e8
--
You are receiving this mail because:
You are the assignee for the bug.