From owner-freebsd-bugs Mon Dec 16 07:10:05 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id HAA11208 for bugs-outgoing; Mon, 16 Dec 1996 07:10:05 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id HAA11193; Mon, 16 Dec 1996 07:10:03 -0800 (PST) Resent-Date: Mon, 16 Dec 1996 07:10:03 -0800 (PST) Resent-Message-Id: <199612161510.HAA11193@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, Received:(from nobody@localhost) by.freefall.freebsd.org.id.HAA11139;Mon; (8.8.4/8.8.4);, 16 Dec 1996 07:09:41.-0800 (PST) Message-Id: <199612161509.HAA11139@freefall.freebsd.org> Date: Mon, 16 Dec 1996 07:09:41 -0800 (PST) From: curt@tkg.com To: freebsd-gnats-submit@freebsd.org X-Send-Pr-Version: www-1.0 Subject: bin/2226: ill-defined mouse device crashes system Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 2226 >Category: bin >Synopsis: ill-defined mouse device crashes system >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Dec 16 07:10:02 PST 1996 >Last-Modified: >Originator: curt finch >Organization: TKG >Release: 2.1.5 >Environment: FreeBSD logan 2.1.5-RELEASE FreeBSD 2.1.5-RELEASE #0: Sun Dec 15 14:42:45 CST 1996 root@logan:/usr/src/sys/compile/CURT i386 >Description: i had a ps/2 mouse. even though dmesg said it was not detected, a /dev/mse0 device was created. 'cat /dev/mse0' crashes the machine. such user command should not be able to crash the system if we want freebsd to achieve a reputation of robustness. (this is the kind of thing we would fix in aix for sure) >How-To-Repeat: boot a dell dimension on a kernel where psm0 is not defined but should be. type 'cat /dev/mse0' >Fix: maybe spec_open() needs to be a little more careful? not sure. The dump and kernel available for analysis from ftp://ftp.tkg.com/private/curt/crash.tgz 12 megs gzipped. GDB 4.13 (i386-unknown-freebsd), Copyright 1994 Free Software Foundation, Inc... IdlePTD 207000 current pcb at 1f9210 panic: page fault #0 boot (howto=256) at ../../i386/i386/machdep.c:912 912 dumppcb.pcb_ptd = rcr3(); (kgdb) #0 boot (howto=256) at ../../i386/i386/machdep.c:912 #1 0xf0112b73 in panic (fmt=0xf01a724c "page fault") at ../../kern/subr_prf.c:116 #2 0xf01a7d82 in trap_fatal (frame=0xefbffd6c) at ../../i386/i386/trap.c:748 #3 0xf01a78f4 in trap_pfault (frame=0xefbffd6c, usermode=0) at ../../i386/i386/trap.c:670 #4 0xf01a7563 in trap (frame={tf_es = 16, tf_ds = -257425392, tf_edi = 27, tf_esi = -1073545062, tf_ebp = -272630344, tf_isp = -272630380, tf_ebx = -2147483648, tf_edx = 0, tf_ecx = -266316512, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = 0, tf_cs = 8, tf_eflags = 78470, tf_esp = -266598368, tf_ss = 0}) at ../../i386/i386/trap.c:310 #5 0xf019d451 in calltrap () #6 0xf012fb53 in spec_open (ap=0xefbffe1c) at ../../miscfs/specfs/spec_vnops.c:181 #7 0xf012cdf4 in vn_open (ndp=0xefbffee8, fmode=7, cmode=2528) at ./vnode_if.h:96 #8 0xf012a37f in open (p=0xf0aa2b00, uap=0xefbfff94, retval=0xefbfff8c) at ../../kern/vfs_syscalls.c:646 #9 0xf01a7fd6 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 1667172, tf_esi = 0, tf_ebp = -272638604, tf_isp = -272629788, tf_ebx = 1667172, tf_edx = 1831124, tf_ecx = 1, tf_eax = 5, tf_trapno = 12870, tf_err = 12870, tf_eip = 136168005, tf_cs = 31, tf_eflags = 12870, tf_esp = -272638620, tf_ss = 39}) at ../../i386/i386/trap.c:908 #10 0xf019d49b in Xsyscall () #11 0x6f5a6 in ?? () #12 0x6f4f0 in ?? () #13 0x79dc8 in ?? () #14 0x79eb1 in ?? () #15 0x8c192 in ?? () #16 0x10d3 in ?? () (kgdb) >Audit-Trail: >Unformatted: