Subject: Re: kern/33603: panic on inserting a umodem on usb hub on cardbus card
To: None <gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,>
From: Christos Zoulas <christos@zoulas.com>
List: netbsd-bugs
Date: 06/04/2006 15:39:01
On Jun 4,  6:35pm, smb@cs.columbia.edu ("Steven M. Bellovin") wrote:
-- Subject: Re: kern/33603: panic on inserting a umodem on usb hub on cardbus

| The following reply was made to PR kern/33603; it has been noted by GNATS.
| 
| From: "Steven M. Bellovin" <smb@cs.columbia.edu>
| To: gnats-bugs@NetBSD.org
| Cc: 
| Subject: Re: kern/33603: panic on inserting a umodem on usb hub on cardbus
|  card
| Date: Sun, 4 Jun 2006 14:33:21 -0400
| 
|  I've uploaded some (slightly blurry but -- I think -- readable jpgs of the
|  backtrace at http://www.machshav.com/~smb/bt1.jpg and
|  http://www.machshav.com/~smb/bt2.jpg

Ok, here's the transcribed function trace [with sizes of objects that
they allocate on the stack, for a 32 bit machine] The biggest problem
is cardbus_rescan [fixed], usbd_probe_and_attach [fixed], and usbd_devinfo
[fixed]. I think that we saved enough for now.

christos

    int swap			= 4			
    usb_string_descriptor_t us  = 256
    char *s			= 4
    int i, n			= 8
    u_int16_t			= 2
    uspbd_status	`	= 4
    int size			= 4
    frame ------		= 280	!!!
usbd_get_string
    usb_device_descriptor_t *	= 4
    int				= 4
    frame ------		= 8
usbd_devinfo_vp
    usb_device_descriptor_t *	= 4
    char vendor[...]		= 384
    char product[...]		= 384
    int bcd, ..			= 8
    char *ep			= 4
    frame ------		= 784	!!!
usbd_devinfo
    char *			= 4
    frame ------		= 4
udbd_devinfo_alloc
    struct softc *sc		= 4
    struct usb_attach_ *	= 4
    usbd_device_handle		= 4
    char *			= 4
    usbd_status			= 4
    struct usbd_hub *		= 4
    usb_device_request_t	= 8
    usb_hub_descriptor_t	= 8
    int ... x 5			= 20
    usbd_interface_handle	= 4
    usb_endpoint_decriptor *	= 4
    struct usbd_tt *		= 4
    frame ------		= 72
uhub_attach
    device			= 4
    struct cftable *		= 4
    struct cfdriver *		= 4
    struct cfattach *		= 4
    size_t x 2			= 8
    const char *		= 4
    int				= 4
    char num[10]		= 10
    struct cfiattr *		= 4
    frame ------		= 54
config_attach_loc
    struct usb_attach_arg	= 44
    usb_device_descriptor_t *	= 4
    int x 4			= 16
    usbd_status			= 4
    device_ptr_t		= 4
    usbd_interface_handle[256]	= 1024
    frame ------		= 1096	!!!
usbd_probe_and_attach
    usbd_device_handle x 2	= 8
    struct usbd_device *	= 4
    usb_device_descriptor_t *	= 4
    usbp_port_status_t		= 4
    usbd_status			= 4
    int x 3			= 12
    frame ------		= 36
udbd_new_device
    struct usb_softc *		= 4
    usbd_device_handle		= 4
    usbd_status			= 4
    int x 2			= 8
    struct usb_event		= 20
    frame ------		= 40
usb_attach
    device			= 4
    struct cftable *		= 4
    struct cfdriver *		= 4
    struct cfattach *		= 4
    size_t x 2			= 8
    const char *		= 4
    int				= 4
    char num[10]		= 10
    struct cfiattr *		= 4
    frame ------		= 54
config_attach_loc
    frame ------		= 0
config_found
    struct softc *		= 4
    cardbus_attach_args		= 4
    cardbus_devfunc_t		= 4
    cardbus_chipset_tag_t	= 4
    cardbus_function_tag_t	= 4
    cardbusreg_t		= 4
    char devinfo[256]		= 256
    usbd_status			= 4
    const char *vendor		= 4
    const char *devname		= 4
    frame ------		= 292 !!!
ohci_cardbus_attach
    device			= 4
    struct cftable *		= 4
    struct cfdriver *		= 4
    struct cfattach *		= 4
    size_t x 2			= 8
    const char *		= 4
    int				= 4
    char num[10]		= 10
    struct cfiattr *		= 4
    frame ------		= 54
config_attach_loc
    struct cardbus_softc *	= 4
    cardbus_chipset_tag_t	= 4
    cardbus_function_tag_t	= 4
    cardbustag_t		= 4
    cardbusreg_t x 2		= 12
    cardbusreg_t		= 4
    u_int8_t tuple[2048]	= 2048
    int cdstatus		= 4
    int function, nfunction	= 8
    struct device *csc		= 4
    cardbus_devfunc_t		= 4
    frame ------		= 2100 !!!
cardbus_rescan
    cardbus_chipset_tag_t	= 4
    cardbus_function_tag_t	= 4
    int				= 4
    frame ------		= 12
cardbus_attach_card
    cardslot_softc *sc		= 4
    cardslot_event *ce		= 4
    int x 2			= 8
    frame ------		= 16
cardslot_event_thread