Re: kern/57400

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,dave_daniels%argonet.co.uk@localhost
Subject: Re: kern/57400
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Mon, 15 May 2023 12:50:02 +0000 (UTC)

The following reply was made to PR kern/57400; it has been noted by GNATS.

From: mlelstv%serpens.de@localhost (Michael van Elst)
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/57400
Date: Mon, 15 May 2023 12:41:12 -0000 (UTC)

 dave_daniels%argonet.co.uk@localhost (David daniels) writes:

 > Thank you for all your updates. I appreciate your thoughts on
 > getting rid of the 'wsmouse0 detached' messages but my main
 > concern is the kernel panic I was seeing. Has anyone had any
 > thoughts on this?

 The crash comes from:

 Stopped in pid 0.5 (system) at netnsd:wsevent_inject+0x7c: str R0,[r1,r3]

                 we = EVARRAY(ev, ev->put);
                 we->type = events[i].type;

 where we is a NULL pointer, e.g. ev->q is a NULL pointer.
 This isn't checked in wsbell_detach, wskbd_detach, wsmouse_detach.
 But wmmux_do_ioctl for WSMUXIO_INJECTEVENT does not check ev->q.

 wskbd_deliver_event and wsmouse_input only check ev->q if compiled
 with DIAGNOSTIC (that's a bug by itself).

 So if you test a kernel with DIAGNOSTIC and instead of a crash
 you get a diagnostic message, then we know where the problem is.

 Otherwise it's probably a race with 'wsmouse detached' and
 preventing the auto-detach is a crude workaround.

Prev by Date: Re: kern/57400
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: Re: kern/57400
Next by Thread: Re: kern/57400
Indexes:

Home | Main Index | Thread Index | Old Index