Date: Tue, 10 Feb 2026 12:03:39 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 293085] evdev crash upon usb mouse disconnect with evdev_moused runing Message-ID: <bug-293085-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293085 Bug ID: 293085 Summary: evdev crash upon usb mouse disconnect with evdev_moused runing Product: Base System Version: 14.3-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: avg@FreeBSD.org I have evedev_moused installed and enabled for occasional use while in console, but I spend most of the time under X. I had some USB devices disconnected by accident while in X and the system crashed. Here is some info from before the crash and crash itself: kernel: ugen3.5: <Logitech Advanced Corded Mouse M500s> at usbus3 (disconnected) kernel: usbhid2: at uhub3, port 3, addr 4 (disconnected) kernel: kernel: hms1: detached kernel: kernel: Fatal trap 9: general protection fault while in kernel mode kernel: cpuid = 0; kernel: apic id = 00 kernel: instruction pointer = 0x20:0xffffffff80982cb8 kernel: stack pointer = 0x28:0xfffffe059faf5b50 kernel: frame pointer = 0x28:0xfffffe059faf5bf0 kernel: code segment = base 0x0, limit 0xfffff, type 0x1b kernel: = DPL 0, pres 1, long 1, def32 0, gran 1 kernel: processor eflags = kernel: interrupt enabled, resume, IOPL = 0 kernel: current process = 29372 (moused) kernel: rdi: fffff81137f92128 rsi: ffffffff80e7fb47 rdx: 0000000000000263 kernel: rcx: ffffffff80e3a67a r8: fffff80db436c000 r9: 00000000000072bc kernel: rax: fffff80107b11000 rbx: fffff81137f92128 rbp: fffffe059faf5bf0 kernel: r10: 0000000000000981 r11: ffffffff80e7f8d0 r12: deadc0dedeadc0c0 kernel: r13: fffff80db436c000 r14: 0000000000000001 r15: 0000000000000000 The stack trace: (kgdb) bt #0 __curthread () at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/amd64/include/pcpu_aux.h:57 #1 doadump (textdump=textdump@entry=1) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/kern/kern_shutdown.c:423 #2 0xffffffff80976d01 in kern_reboot (howto=260) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/kern/kern_shutdown.c:541 #3 0xffffffff80977278 in vpanic (fmt=0xffffffff80e3db49 "%s", ap=0xfffffe059faf5900) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/kern/kern_shutdown.c:1021 #4 0xffffffff80976fe3 in panic (fmt=<unavailable>) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/kern/kern_shutdown.c:945 #5 0xffffffff80d05458 in trap_fatal (frame=0xfffffe059faf5a90, eva=<optimized out>) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/amd64/amd64/trap.c:1000 #6 0xffffffff80d0533b in trap (frame=frame@entry=0xfffffe059faf5a90) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/amd64/amd64/trap.c:545 #7 0xffffffff80d05c79 in trap_check (frame=0xfffffe059faf5a90) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/amd64/amd64/trap.c:695 #8 <signal handler called> #9 _sx_xlock_hard (sx=sx@entry=0xfffff81137f92128, x=<optimized out>, opts=<optimized out>, file=file@entry=0xffffffff80de48c9 "/usr/home/avg/devel/freebsd-src-new/machines/trant/sys/dev/evdev/cdev.c", line=line@entry=156) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/kern/kern_sx.c:685 #10 0xffffffff80982a58 in _sx_xlock (sx=0xfffff81137f92128, opts=611, opts@entry=0, file=0xffffffff80de48c9 "/usr/home/avg/devel/freebsd-src-new/machines/trant/sys/dev/evdev/cdev.c", line=line@entry=156) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/kern/kern_sx.c:331 #11 0xffffffff806d659c in evdev_dtor (data=0xfffff8010a133000) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/dev/evdev/cdev.c:156 #12 0xffffffff8081010b in devfs_destroy_cdevpriv (p=0xfffff805d554c8c0) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/fs/devfs/devfs_vnops.c:212 #13 0xffffffff80813d33 in devfs_fpdrop (fp=0xfffff810dc0d3e60) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/fs/devfs/devfs_vnops.c:226 #14 devfs_close_f (fp=0xfffff810dc0d3e60, td=<optimized out>) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/fs/devfs/devfs_vnops.c:795 #15 0xffffffff8090e7ea in fo_close (fp=0xfffff810dc0d3e60, td=0xffffffff80e7fb47) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/sys/file.h:397 #16 _fdrop (fp=fp@entry=0xfffff810dc0d3e60, td=0xffffffff80e7fb47, td@entry=0xfffff80db436c000) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/kern/kern_descrip.c:3756 #17 0xffffffff80911d73 in closef (fp=fp@entry=0xfffff810dc0d3e60, td=td@entry=0xfffff80db436c000) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/kern/kern_descrip.c:2851 #18 0xffffffff80915b11 in closefp_impl (fdp=fdp@entry=0xfffffe03cc23ac90, fd=fd@entry=4, fp=fp@entry=0xfffff810dc0d3e60, td=td@entry=0xfffff80db436c000, audit=true) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/kern/kern_descrip.c:1324 #19 0xffffffff8090f79f in closefp (fdp=0xfffffe03cc23ac90, fd=4, fp=0xfffff810dc0d3e60, td=0xfffff80db436c000, holdleaders=true, audit=true) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/kern/kern_descrip.c:1381 #20 kern_close (td=0xfffff80db436c000, fd=4) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/kern/kern_descrip.c:1417 #21 0xffffffff8090f66b in sys_close (td=0xfffff81137f92128, uap=<optimized out>) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/kern/kern_descrip.c:1398 #22 0xffffffff80d0625b in syscallenter (td=0xfffff80db436c000) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/amd64/amd64/../../kern/subr_syscall.c:193 #23 amd64_syscall (td=0xfffff80db436c000, traced=<optimized out>) at /usr/home/avg/devel/freebsd-src-new/machines/trant/sys/amd64/amd64/trap.c:1241 I have a crash dump, so I can provide any additional info from kgdb. I should note that I have INVARIANTS enabled. It seems that the issue is a use-after-free, based on deadc0dedeadc0c0, -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-293085-227>