NetBSD Problem Report #33603
From smb@cs.columbia.edu Tue May 30 18:07:21 2006
Return-Path: <smb@cs.columbia.edu>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 68CAD63B863
for <gnats-bugs@gnats.NetBSD.org>; Tue, 30 May 2006 18:07:21 +0000 (UTC)
Message-Id: <20060530165054.374803C0055@berkshire.machshav.com>
Date: Tue, 30 May 2006 12:50:54 -0400 (EDT)
From: smb@cs.columbia.edu
Reply-To: smb@cs.columbia.edu
To: gnats-bugs@NetBSD.org
Subject: panic on inserting a umodem on usb hub on cardbus card
X-Send-Pr-Version: 3.95
>Number: 33603
>Category: kern
>Synopsis: panic on inserting a umodem on usb hub on cardbus card
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue May 30 18:10:00 +0000 2006
>Closed-Date: Fri Aug 23 07:03:19 +0000 2019
>Last-Modified: Fri Aug 23 07:03:19 +0000 2019
>Originator: Steven M. Bellovin
>Release: NetBSD 3.99.20
>Organization:
Department of Computer Science, Columbia University
>Environment:
System: NetBSD berkshire.machshav.com 3.99.20 NetBSD 3.99.20 (BERKSHIRE) #0: Mon May 29 14:02:14 EDT 2006 smb@berkshire.machshav.com:/usr/BUILD/obj/sys/arch/i386/compile/BERKSHIRE i386
Architecture: i386
Machine: i386
>Description:
I have an EVDO Cardbus card that is actually a umodem connected to
a USB hub which is on the card. When I insert it with a kernel
built from Sunday's -current source, the system panics:
supervisor trap double fault code=0 in pid 7.1 (cardslot0),
usbd_get_string+0x17. The back trace is quite long and I have
no way to capture it; my laptop doesn't have a serial port.
Here's output from a working insertion on a May 13 kernel:
May 26 21:00:59 berkshire /netbsd: ohci0 at cardbus0 function 0: NEC USB Host Co
ntroller (rev. 0x43)
May 26 21:00:59 berkshire /netbsd: ohci0: interrupting at 11
May 26 21:00:59 berkshire /netbsd: ohci0: OHCI version 1.0
May 26 21:01:00 berkshire /netbsd: usb4 at ohci0: USB revision 1.0
May 26 21:01:00 berkshire /netbsd: uhub4 at usb4
May 26 21:01:00 berkshire /netbsd: uhub4: NEC OHCI root hub, class 9/0, rev 1.00
/1.00, addr 1
May 26 21:01:00 berkshire /netbsd: uhub4: 1 port with 1 removable, self powered
May 26 21:01:00 berkshire /netbsd: ohci1 at cardbus0 function 1: NEC USB Host Co
ntroller (rev. 0x43)
May 26 21:01:00 berkshire /netbsd: ohci1: interrupting at 11
May 26 21:01:00 berkshire /netbsd: ohci1: OHCI version 1.0
May 26 21:01:00 berkshire /netbsd: usb5 at ohci1: USB revision 1.0
May 26 21:01:00 berkshire /netbsd: uhub5 at usb5
May 26 21:01:00 berkshire /netbsd: uhub5: NEC OHCI root hub, class 9/0, rev 1.00
/1.00, addr 1
May 26 21:01:00 berkshire /netbsd: uhub5: 1 port with 1 removable, self powered
May 26 21:01:02 berkshire /netbsd: umodem0 at uhub4 port 1 configuration 1 inter
face 0
May 26 21:01:02 berkshire /netbsd:
May 26 21:01:02 berkshire /netbsd: umodem0: Curitel Communications, Inc. Curitel
Communications, Inc., rev 1.10/0.00, addr 2, iclass 2/2
May 26 21:01:02 berkshire /netbsd: umodem0: data interface 1, has CM over data,
has break
May 26 21:01:02 berkshire /netbsd: umodem0: status change notification available
May 26 21:01:02 berkshire /netbsd: ucom0 at umodem0
>How-To-Repeat:
See above
>Fix:
Unknown
>Release-Note:
>Audit-Trail:
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/33603: panic on inserting a umodem on usb hub on cardbus
card
Date: Tue, 30 May 2006 15:27:07 -0400
The problem appears to be a kernel stack overflow. Changing UPAGES (in
param.h) from 3 to 5 solved the problem.
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/33603: panic on inserting a umodem on usb hub on cardbus
card
Date: Sun, 4 Jun 2006 14:33:21 -0400
I've uploaded some (slightly blurry but -- I think -- readable jpgs of the
backtrace at http://www.machshav.com/~smb/bt1.jpg and
http://www.machshav.com/~smb/bt2.jpg
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, smb@cs.columbia.edu
Cc:
Subject: Re: kern/33603: panic on inserting a umodem on usb hub on cardbus card
Date: Sun, 4 Jun 2006 15:39:01 -0400
On Jun 4, 6:35pm, smb@cs.columbia.edu ("Steven M. Bellovin") wrote:
-- Subject: Re: kern/33603: panic on inserting a umodem on usb hub on cardbus
| The following reply was made to PR kern/33603; it has been noted by GNATS.
|
| From: "Steven M. Bellovin" <smb@cs.columbia.edu>
| To: gnats-bugs@NetBSD.org
| Cc:
| Subject: Re: kern/33603: panic on inserting a umodem on usb hub on cardbus
| card
| Date: Sun, 4 Jun 2006 14:33:21 -0400
|
| I've uploaded some (slightly blurry but -- I think -- readable jpgs of the
| backtrace at http://www.machshav.com/~smb/bt1.jpg and
| http://www.machshav.com/~smb/bt2.jpg
Ok, here's the transcribed function trace [with sizes of objects that
they allocate on the stack, for a 32 bit machine] The biggest problem
is cardbus_rescan [fixed], usbd_probe_and_attach [fixed], and usbd_devinfo
[fixed]. I think that we saved enough for now.
christos
int swap = 4
usb_string_descriptor_t us = 256
char *s = 4
int i, n = 8
u_int16_t = 2
uspbd_status ` = 4
int size = 4
frame ------ = 280 !!!
usbd_get_string
usb_device_descriptor_t * = 4
int = 4
frame ------ = 8
usbd_devinfo_vp
usb_device_descriptor_t * = 4
char vendor[...] = 384
char product[...] = 384
int bcd, .. = 8
char *ep = 4
frame ------ = 784 !!!
usbd_devinfo
char * = 4
frame ------ = 4
udbd_devinfo_alloc
struct softc *sc = 4
struct usb_attach_ * = 4
usbd_device_handle = 4
char * = 4
usbd_status = 4
struct usbd_hub * = 4
usb_device_request_t = 8
usb_hub_descriptor_t = 8
int ... x 5 = 20
usbd_interface_handle = 4
usb_endpoint_decriptor * = 4
struct usbd_tt * = 4
frame ------ = 72
uhub_attach
device = 4
struct cftable * = 4
struct cfdriver * = 4
struct cfattach * = 4
size_t x 2 = 8
const char * = 4
int = 4
char num[10] = 10
struct cfiattr * = 4
frame ------ = 54
config_attach_loc
struct usb_attach_arg = 44
usb_device_descriptor_t * = 4
int x 4 = 16
usbd_status = 4
device_ptr_t = 4
usbd_interface_handle[256] = 1024
frame ------ = 1096 !!!
usbd_probe_and_attach
usbd_device_handle x 2 = 8
struct usbd_device * = 4
usb_device_descriptor_t * = 4
usbp_port_status_t = 4
usbd_status = 4
int x 3 = 12
frame ------ = 36
udbd_new_device
struct usb_softc * = 4
usbd_device_handle = 4
usbd_status = 4
int x 2 = 8
struct usb_event = 20
frame ------ = 40
usb_attach
device = 4
struct cftable * = 4
struct cfdriver * = 4
struct cfattach * = 4
size_t x 2 = 8
const char * = 4
int = 4
char num[10] = 10
struct cfiattr * = 4
frame ------ = 54
config_attach_loc
frame ------ = 0
config_found
struct softc * = 4
cardbus_attach_args = 4
cardbus_devfunc_t = 4
cardbus_chipset_tag_t = 4
cardbus_function_tag_t = 4
cardbusreg_t = 4
char devinfo[256] = 256
usbd_status = 4
const char *vendor = 4
const char *devname = 4
frame ------ = 292 !!!
ohci_cardbus_attach
device = 4
struct cftable * = 4
struct cfdriver * = 4
struct cfattach * = 4
size_t x 2 = 8
const char * = 4
int = 4
char num[10] = 10
struct cfiattr * = 4
frame ------ = 54
config_attach_loc
struct cardbus_softc * = 4
cardbus_chipset_tag_t = 4
cardbus_function_tag_t = 4
cardbustag_t = 4
cardbusreg_t x 2 = 12
cardbusreg_t = 4
u_int8_t tuple[2048] = 2048
int cdstatus = 4
int function, nfunction = 8
struct device *csc = 4
cardbus_devfunc_t = 4
frame ------ = 2100 !!!
cardbus_rescan
cardbus_chipset_tag_t = 4
cardbus_function_tag_t = 4
int = 4
frame ------ = 12
cardbus_attach_card
cardslot_softc *sc = 4
cardslot_event *ce = 4
int x 2 = 8
frame ------ = 16
cardslot_event_thread
State-Changed-From-To: open->closed
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Fri, 23 Aug 2019 07:03:19 +0000
State-Changed-Why:
this was resolved way back.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home