Date: Mon, 26 Jan 2004 14:18:42 -0500 From: ANISH MISTRY <mistry.7@osu.edu> To: des@des.no (=?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?=) Cc: freebsd-current@freebsd.org Subject: Re: usb panic Message-ID: <79dba5f6.a5f679db@osu.edu>
next in thread | raw e-mail | index | archive | help
I can confirm this=2C I posted about the same thing a few months ago=2C a= nd was just told =22not to do that=22=2C but if you have a fix I=27d be w= illing to test it out=2E -- Anish Mistry ----- Original Message ----- From=3A des=40des=2Eno (Dag-Erling Sm=F8rgrav) Date=3A Monday=2C January 26=2C 2004 2=3A11 pm Subject=3A usb panic =3E Doing =22kldunload ums=3B kldload ums=22 while a mouse was connected = (to =3E trigger a devd event without having to physically disconnect and =3E reconnect the mouse) triggered the following panic=3A =3E = =3E kernel=3A type 12 trap=2C code=3D0 =3E Stopped at strncpy+0x14=3A movb 0(=25edx)=2C=25al =3E db=3E where =3E strncpy(c66a6524=2C0=2C10=2Cc1745504=2Cc66a6400) at strncpy+0x14 =3E usbd=5Ffill=5Fdeviceinfo(c5f92900=2Cc66a6400=2C1=2C0=2Cc05b707e) at = =3E usbd=5Ffill=5Fdeviceinfo+0x121usbioctl(c05ffe20=2Cc1745504=2Cc66a6400= =2C1=2Cc64aa690) at usbioctl+0x223 =3E spec=5Fioctl(ec00ab88=2Cec00ac34=2Cc04f4c0f=2Cec00ab88=2Cc05f7bc0) at= = =3E spec=5Fioctl+0xf2spec=5Fvnoperate(ec00ab88) at spec=5Fvnoperate+0x13 =3E vn=5Fioctl(c63f3aa0=2Cc1745504=2Cc66a6400=2Cc66fb080=2Cc64aa690) at = =3E vn=5Fioctl+0x17fioctl(c64aa690=2Cec00ad14=2C3=2C1=2C282) at ioctl+0x3= 7c =3E syscall(2f=2C2f=2C2f=2C6=2C0) at syscall+0x22b =3E Xint0x80=5Fsyscall() at Xint0x80=5Fsyscall+0x1d =3E --- syscall (54=2C FreeBSD ELF32=2C ioctl)=2C eip =3D 0x880b7a17=2C e= sp =3D = =3E 0xbfbfe2ac=2C ebp =3D 0xbfbfe458 --- =3E = =3E as usual=2C dumps are broken=2C but the code at least looks like this= =3A =3E = =3E (gdb) l *(usbd=5Ffill=5Fdeviceinfo+0x121) =3E 0x33d5 is in usbd=5Ffill=5Fdeviceinfo = =3E (/usr/src/sys/dev/usb/usb=5Fsubr=2Ec=3A1282)=2E1277 if (de= v- =3E =3Esubdevs !=3D NULL) =7B =3E 1278 for (i =3D 0=3B dev-=3Esubdevs=5Bi=5D =26=26 =3E 1279 i =3C USB=5FMAX=5FDEVNAMES=3B i+= +) =7B =3E 1280 strncpy(di-=3Eudi=5Fdevnames=5Bi=5D=2C= = =3E USBDEVPTRNAME(dev-=3Esubdevs=5Bi=5D)=2C =3E 1281 USB=5FMAX=5FDEVNAMELEN)=3B =3E 1282 di- =3E =3Eudi=5Fdevnames=5Bi=5D=5BUSB=5FMAX=5FDEVNAMELEN-1=5D =3D =27=5C0=27= =3B =3E 1283 =7D =3E 1284 =7D else =7B =3E 1285 i =3D 0=3B =3E 1286 =7D =3E = =3E so dev-=3Esubdevs=5Bi=5D is not NULL=2C but it does not have a name s= ince =3E USBDEVPTRNAME(dev-=3Esubdevs=5Bi=5D) is NULL=2E Looks like better lo= cking and =3E invariants are required=3B it shouldn=27t be possible (IMHO) for that= code =3E to stumble across an incomplete bdev=2E =3E = =3E (BTW=2C we should use strlcpy() here rather than strncpy()) =3E = =3E DES =3E -- = =3E Dag-Erling Sm=F8rgrav - des=40des=2Eno =3E =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F =3E freebsd-current=40freebsd=2Eorg mailing list =3E http=3A//lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-current =3E To unsubscribe=2C send any mail to =22freebsd-current- =3E unsubscribe=40freebsd=2Eorg=22
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79dba5f6.a5f679db>