Re: one time crash in usb_allocmem_flags

To: Alexander Nasonov <alnsn%yandex.ru@localhost>
Subject: Re: one time crash in usb_allocmem_flags
From: Nick Hudson <skrll%netbsd.org@localhost>
Date: Mon, 10 Feb 2014 08:15:29 +0000

On 02/09/14 19:48, Alexander Nasonov wrote:

Hi,

I was running current amd64 (last updated few weeks ago) when I got
a random crash shortly after switching to X mode. If my analysis is
correct, it crashed in usb_allocmem_flags inside this loop:

         LIST_FOREACH(f, &usb_frag_freelist, next) {
                 KDASSERTMSG(usb_valid_block_p(f->block, &usb_blk_fraglist),
                     "%s: usb frag %p: unknown block pointer %p",
                      __func__, f, f->block);
                 if (f->block->tag == tag)
                         break;
         }

It couldn't access f->block->tag. I wasn't actively using any of
the usb devices at that time. I wonder if it's a known problem or
should I file a PR? Details of the analysis is below.


Please fill a PR so it doesn't get forgotten about.

At first glance it doesn't look like that usb_frag_freelist isn'tprotected correctly. I looks more like random corruption. What was thevalue of %edx?


Thanks,
Nick

Follow-Ups:
- Re: one time crash in usb_allocmem_flags
  - From: Alexander Nasonov

References:
- one time crash in usb_allocmem_flags
  - From: Alexander Nasonov

Prev by Date: Re: 4byte aligned com(4) and PCI_MAPREG_TYPE_MEM
Next by Date: Re: one time crash in usb_allocmem_flags
Previous by Thread: one time crash in usb_allocmem_flags
Next by Thread: Re: one time crash in usb_allocmem_flags
Indexes:

Home | Main Index | Thread Index | Old Index