Subject: kern/19564: kernel panic with wsconsctl -m
To: None <gnats-bugs@gnats.netbsd.org>
From: None <kawamoto@tenjin.org>
List: netbsd-bugs
Date: 12/26/2002 13:54:18 
>Number:         19564
>Category:       kern
>Synopsis:       kernel panic with wsconsctl -m
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Dec 25 20:55:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     KAWAMOTO Yosihisa
>Release:        NetBSD 1.6K (Dec 22 2002)
>Organization:
	tenjin.org
>Environment:
System: NetBSD tenjin 1.6K NetBSD 1.6K (SALLY) #127: Thu Dec 26 05:01:12 JST 2002 kawamoto@linus.ics.es.osaka-u.ac.jp:/usr/src/sys/arch/i386/compile/SALLY i386
Architecture: i386
Machine: i386
>Description:
	With wsmoused or X window system, kernel does panic as follows:
		# sh /etc/rc.d/wsmoused start
		Starting wsmoused.
		# wsconsctl -m -a
		type=ps2
		# (I move mouse and see the kernel messages on console)
		wsmouse_input: evar->q=NULL
		wsmouse_input: evar->q=NULL
		wsmouse_input: evar->q=NULL
		wsmouse_input: evar->q=NULL
		wsmouse_input: evar->q=NULL
		wsmouse_input: evar->q=NULL
		wsmouse_input: evar->q=NULL
		wsmouse_input: evar->q=NULL
		# sh /etc/rc.d/wsmoused stop
		Stopping wsmoused.
		Waiting for PIDS: 322panic: free: addr 0x0 not within kmem_map
		Stopped in pid 322 (wsmoused) at        cpu_Debugger+0x4:      leave
		db> tr
		cpu_Debugger(0,c08f1138,d2fdda5c,c031d4bb,c08f1200) at cpu_Debugger+0x4
		panic(c03cf860,0,0,0,c08f1138) at panic+0xad
		free(0,2,d303dd30,c031b8e0,c08f1100) at free+0x29
		wsevent_fini(c08f1138,0,d303dd60,c031b870,c08f1100) at wsevent_fini+0x17
		wsmuxclose(4100,5,2000,d29a8784,d2fdda5c) atwsmuxclose+0x4c
		spec_close(d303ddfc,30002,d2fdda5c,c02ddd03,d2fdda5c) at spec_close+0x178
		...
		syscall_plain(2b,2b,2b,2b,0) at syscall_plain+0xa7
		db> sync
		syncing disks... done

	Real mouse drivers are follows:
		# dmesg | egrep '(mouse|ms)'
		pms0 at pckbc0 (aux slot)
		wsmouse0 at pms0 mux 0
		ums0 at uhidev1: 3 buttons and Z dir.
		wsmouse1 at ums0 mux 0

>How-To-Repeat:
	As above.
>Fix:
	I don't know.
>Release-Note:
>Audit-Trail:
>Unformatted: