NetBSD Problem Report #19564
Received: (qmail 11011 invoked by uid 605); 26 Dec 2002 04:54:22 -0000
Message-Id: <200212260454.gBQ4sI118104@mail.tenjin.org>
Date: Thu, 26 Dec 2002 13:54:18 +0900 (JST)
From: kawamoto@tenjin.org
Sender: gnats-bugs-owner@netbsd.org
Reply-To: kawamoto@tenjin.org
To: gnats-bugs@gnats.netbsd.org
Cc: kawamoto@tenjin.org
Subject: kernel panic with wsconsctl -m
X-Send-Pr-Version: 3.95
>Number: 19564
>Category: kern
>Synopsis: kernel panic with wsconsctl -m
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: analyzed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Dec 26 04:55:00 +0000 2002
>Closed-Date:
>Last-Modified: Fri May 23 17:17:48 +0000 2003
>Originator: KAWAMOTO Yosihisa
>Release: NetBSD 1.6K (Dec 22 2002)
>Organization:
tenjin.org
>Environment:
System: NetBSD tenjin 1.6K NetBSD 1.6K (SALLY) #127: Thu Dec 26 05:01:12 JST 2002 kawamoto@linus.ics.es.osaka-u.ac.jp:/usr/src/sys/arch/i386/compile/SALLY i386
Architecture: i386
Machine: i386
>Description:
With wsmoused or X window system, kernel does panic as follows:
# sh /etc/rc.d/wsmoused start
Starting wsmoused.
# wsconsctl -m -a
type=ps2
# (I move mouse and see the kernel messages on console)
wsmouse_input: evar->q=NULL
wsmouse_input: evar->q=NULL
wsmouse_input: evar->q=NULL
wsmouse_input: evar->q=NULL
wsmouse_input: evar->q=NULL
wsmouse_input: evar->q=NULL
wsmouse_input: evar->q=NULL
wsmouse_input: evar->q=NULL
# sh /etc/rc.d/wsmoused stop
Stopping wsmoused.
Waiting for PIDS: 322panic: free: addr 0x0 not within kmem_map
Stopped in pid 322 (wsmoused) at cpu_Debugger+0x4: leave
db> tr
cpu_Debugger(0,c08f1138,d2fdda5c,c031d4bb,c08f1200) at cpu_Debugger+0x4
panic(c03cf860,0,0,0,c08f1138) at panic+0xad
free(0,2,d303dd30,c031b8e0,c08f1100) at free+0x29
wsevent_fini(c08f1138,0,d303dd60,c031b870,c08f1100) at wsevent_fini+0x17
wsmuxclose(4100,5,2000,d29a8784,d2fdda5c) atwsmuxclose+0x4c
spec_close(d303ddfc,30002,d2fdda5c,c02ddd03,d2fdda5c) at spec_close+0x178
...
syscall_plain(2b,2b,2b,2b,0) at syscall_plain+0xa7
db> sync
syncing disks... done
Real mouse drivers are follows:
# dmesg | egrep '(mouse|ms)'
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
ums0 at uhidev1: 3 buttons and Z dir.
wsmouse1 at ums0 mux 0
>How-To-Repeat:
As above.
>Fix:
I don't know.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: kern-bug-people->jmmv
Responsible-Changed-By: gmcgarry
Responsible-Changed-When: Sun May 4 01:40:59 UTC 2003
Responsible-Changed-Why:
Bug introduced with wsmoused changes. Can you deal with it Julio?
State-Changed-From-To: open->analyzed
State-Changed-By: jmmv
State-Changed-When: Mon May 5 19:17:27 UTC 2003
State-Changed-Why:
This bug wasn't introduced with wsmoused; it just shows it.
wsmoused uses (by default) /dev/wsmouse to read from the mouse; this device
is controlled by wsmux and is redirected to the appropiate attached wsmouse*
device. In contrast, wsconsctl opens /dev/wsmouse0, bypassing wsmux and
using the wsmouse driver directly.
Let's analyze the code in the kernel. open()'s and close()'s are handled
in different places depending if you used /dev/wsmouse or /dev/wsmouse[0-9]
(i.e., wsmux and wsmouse respectively). If the device is open through wsmux,
wsmouse won't notice it, and the open reference count won't be incremented,
thus when closed (wsconsctl finishes while wsmoused is running) the kernel
enters an unconsistent state.
If you configure wsmoused to use /dev/wsmouse0, then everything works fine
because the reference count is handled properly.
This problem also affects wskbd, as it can be opened through wsmux too.
The panic does not happen any more (nor all those error messages), although
wsmoused stops working.
Responsible-Changed-From-To: jmmv->kern-bug-people
Responsible-Changed-By: jmmv
Responsible-Changed-When: Fri May 23 17:17:05 UTC 2003
Responsible-Changed-Why:
I don't feel qualified enough to fix this right now. Sorry.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.