Re: GPF on boot with devmatch

From: Warner Losh <imp_at_bsdimp.com> Date: Sun, 4 Oct 2020 23:13:56 -0600 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC

On Sun, Oct 4, 2020, 11:07 PM Xin Li <delphij_at_delphij.net> wrote:

> Hi,
>
> I'm seeing this panic at boot after upgrading from r366217 to r366364,
> and continues to exist for r366421 (but I haven't find out the exact
> change that caused it).  Preloading the relevant kernel modules
> (uhid.ko, ums.ko and wmt.ko) seems to make the kernel boot correctly.
>

What happens if you disable devmatch and load these modules by hand? What
happens if you load them from rc.d scripts with devmatch disabled?

Warner

This is not reproducible on my laptop, which will load many more kernel
> modules.
>
> ===
> Autoloading module: uhid.ko
> Autoloading module: wmt.ko
>
>
> Fatal trap 9: general protection fault while in kernel mode
> cpuid = 2; apic id = 04
> instruction pointer     = 0x20:0xffffffff806ad6eb
> stack pointer           = 0x28:0xfffffe01850cd960
> frame pointer           = 0x28:0xfffffe01850cd9e0
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 740 (devmatch)
> trap number             = 9
> panic: general protection fault
> cpuid = 3
> time = 1601866799
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> 0xfffffe01850cd670
> vpanic() at vpanic+0x182/frame 0xfffffe01850cd6c0
> panic() at panic+0x43/frame 0xfffffe01850cd720
> trap_fatal() at trap_fatal+0x387/frame 0xfffffe01850cd780
> trap() at trap+0xa4/frame 0xfffffe01850cd890
> calltrap() at calltrap+0x8/frame 0xfffffe01850cd890
> --- trap 0x9, rip = 0xffffffff806ad6eb, rsp = 0xfffffe01850cd960, rbp =
> 0xfffffe01850cd9e0 ---
> sysctl_devices() at sysctl_devices+0x24b/frame 0xfffffe01850cd9e0
> sysctl_root_handler_locked() at sysctl_root_handler_locked+0x9c/frame
> 0xfffffe01850cda30
> sysctl_root() at sysctl_root+0x20a/frame 0xfffffe01850cdab0
> userland_sysctl() at userland_sysctl+0x17d/frame 0xfffffe01850cdb60
> sys___sysctl() at sys___sysctl+0x5f/frame 0xfffffe01850cdc10
> amd64_syscall() at amd64_syscall+0x135/frame 0xfffffe01850cdd30
> fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01850cdd30
> --- syscall (202, FreeBSD ELF64, sys___sysctl), rip = 0x80038968a, rsp =
> 0x7fffffffd988, rbp = 0x7fffffffd9c0 ---
> ===
>
> sysctl_devices+0x24b (0x6dab) was:
>
>         sb->s_len += strlen(p);
>     6d50:       4c 89 e7                mov    %r12,%rdi
>     6d53:       e8 00 00 00 00          callq  6d58 <sysctl_devices+0x1f8>
>     6d58:       48 01 45 b0             add    %rax,-0x50(%rbp)
>     6d5c:       48 8d 7d 88             lea    -0x78(%rbp),%rdi
>         sbuf_putc(&sb, '\0');
>     6d60:       31 f6                   xor    %esi,%esi
>     6d62:       e8 00 00 00 00          callq  6d67 <sysctl_devices+0x207>
>         MPASS((sb->s_flags & SBUF_INCLUDENUL) == 0);
>     6d67:       f6 45 b8 02             testb  $0x2,-0x48(%rbp)
>     6d6b:       0f 85 10 01 00 00       jne    6e81 <sysctl_devices+0x321>
>         if (sb->s_error != 0)
>     6d71:       83 7d a0 00             cmpl   $0x0,-0x60(%rbp)
>     6d75:       0f 85 8c 00 00 00       jne    6e07 <sysctl_devices+0x2a7>
>         p = EOB(sb);
>     6d7b:       4c 8b 65 88             mov    -0x78(%rbp),%r12
>     6d7f:       48 8b 45 b0             mov    -0x50(%rbp),%rax
>         *p = '\0';      /* sbuf buffer isn't NUL terminated until
> sbuf_finish() */
>     6d83:       41 c6 04 04 00          movb   $0x0,(%r12,%rax,1)
>         space = SPACE(sb);
>     6d88:       4c 8b 6d a8             mov    -0x58(%rbp),%r13
>     6d8c:       4c 2b 6d b0             sub    -0x50(%rbp),%r13
>         if (space <= 1) {
>     6d90:       49 83 fd 01             cmp    $0x1,%r13
>     6d94:       77 09                   ja     6d9f <sysctl_devices+0x23f>
>                 sb->s_error = ENOMEM;
>     6d96:       c7 45 a0 0c 00 00 00    movl   $0xc,-0x60(%rbp)
>     6d9d:       eb 68                   jmp    6e07 <sysctl_devices+0x2a7>
>     6d9f:       49 01 c4                add    %rax,%r12
>         return (dev->parent);
>     6da2:       48 8b 7b 28             mov    0x28(%rbx),%rdi
>         if (parent == NULL) {
>     6da6:       48 85 ff                test   %rdi,%rdi
>     6da9:       74 4b                   je     6df6 <sysctl_devices+0x296>
>         KOBJOPLOOKUP(((kobj_t)_dev)->ops,bus_child_location_str);
>     6dab:       48 8b 07                mov    (%rdi),%rax
>     6dae:       48 c7 c2 00 00 00 00    mov    $0x0,%rdx
>     6db5:       0f b6 0d 00 00 00 00    movzbl 0x0(%rip),%ecx        #
> 6dbc <sysctl_devices+0x25c>
>     6dbc:       4c 8b 04 c8             mov    (%rax,%rcx,8),%r8
>     6dc0:       49 39 10                cmp    %rdx,(%r8)
>     6dc3:       74 22                   je     6de7 <sysctl_devices+0x287>
>     6dc5:       48 8d 34 c8             lea    (%rax,%rcx,8),%rsi
>     6dc9:       48 89 7d d0             mov    %rdi,-0x30(%rbp)
>     6dcd:       48 8b b8 00 08 00 00    mov    0x800(%rax),%rdi
>     6dd4:       48 c7 c2 00 00 00 00    mov    $0x0,%rdx
>     6ddb:       e8 00 00 00 00          callq  6de0 <sysctl_devices+0x280>
>     6de0:       48 8b 7d d0             mov    -0x30(%rbp),%rdi
>     6de4:       49 89 c0                mov    %rax,%r8
>         rc = ((bus_child_location_str_t *) _m)(_dev, _child, _buf,
> _buflen);
>     6de7:       48 89 de                mov    %rbx,%rsi
>