Created attachment 245101 [details] debugger stuff - following...the chicken ._. hmt.ko causes kernel panic while booting (or if loaded after) FreeBSD 14 - Beta 2. Disabling this module, or disabling the touchpad in BIOS allows system to boot fully. Hardware: ASUS Expertbook B5602 - 13th Gen (Raptor Lake). Included is the details of the panic and the debug stuff. = <118>Autoloading module: iichid iichid0: <ASUE1210:01 04F3:32D0 I2C HID device> at addr 0x15 on iicbus1 iichid0: Interrupt setup failed. Fallback to sampling hidbus0: <HID bus> on iichid0 <118>Autoloading module: hms hms0: <ASUE1210:01 04F3:32D0 Mouse> on hidbus0 hms0: 2 buttons and [XYWH] coordinates ID=1 <118>Autoloading module: hmt Fatal trap 12: page fault while in kernel mode cpuid = 12; apic id = 28 fault virtual address = 0xfffff80c1597db40 fault code = supervisor write data, page not present instruction pointer = 0x20:0xffffffff82fa0467 stack pointer = 0x28:0xfffffe01357978c0 frame pointer = 0x28:0xfffffe0135797a10 code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1613 (devctl) rdi: 0000000000000054 rsi: fffffe0135797948 rdx: 0000000000000003 rcx: 00000002fffffffd r8: 0000000000000003 r9: 0000000000000278 rax: 00000000ffffffff rbx: fffff80010279900 rbp: fffffe0135797a10 r10: 0000000000000000 r11: fffffe01357979d4 r12: 0000000000000001 r13: 0000000000000000 r14: fffff8001597d000 r15: 0000000000000001 trap number = 12 panic: page fault cpuid = 12 time = 1695371528 KDB: stack backtrace: #0 0xffffffff80b8fcad at kdb_backtrace+0x5d #1 0xffffffff80b42db2 at vpanic+0x132 #2 0xffffffff80b42c73 at panic+0x43 #3 0xffffffff8100b81c at trap_fatal+0x40c #4 0xffffffff8100b86f at trap_pfault+0x4f #5 0xffffffff80fe22b8 at calltrap+0x8 #6 0xffffffff80b7dfcf at device_probe_child+0x14f #7 0xffffffff80b7f0cb at device_probe+0x6b #8 0xffffffff80b813b7 at bus_generic_driver_added+0x77 #9 0xffffffff80b7cdd9 at devclass_driver_added+0x39 #10 0xffffffff80b84dcb at device_do_deferred_actions+0x3b #11 0xffffffff80b849e7 at devctl2_ioctl+0x507 #12 0xffffffff809d0b7c at devfs_ioctl+0xcc #13 0xffffffff80c3b264 at vn_ioctl+0xd4 #14 0xffffffff809d121e at devfs_ioctl_f+0x1e #15 0xffffffff80bb11b5 at kern_ioctl+0x255 #16 0xffffffff80bb0ef3 at sys_ioctl+0x123 #17 0xffffffff8100c0d9 at amd64_syscall+0x109 Uptime: 11s Dumping 817 out of 15963 MB:..2%..12%..22%..32%..42%..51%..61%..71%..81%..92% __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57 57 __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu,
Here we're crashing while parsing a HID report descriptor, it looks like the descriptor is invalid somehow but the driver isn't doing enough validation: 753 if (hi.collevel == 1 && 754 hi.usage >= HID_USAGE2(HUP_BUTTON, left_btn) && 755 hi.usage <= HID_USAGE2(HUP_BUTTON, HMT_BTN_MAX)) { 756 btn = (hi.usage & 0xFFFF) - left_btn; 757 setbit(sc->buttons, btn); 758 sc->btn_loc[btn] = hi.loc; 759 if (btn >= sc->max_button) 760 sc->max_button = btn + 1; 761 break; 762 } In particular, we don't check that "btn" is in the range [0, 7]. I'm not sure if this means that the descriptor is invalid or whether we're missing some special case?
Let me know if you need any further data.