Fixed now. If you update the tree to have sys/dev/usb/umass.c rev. 1.174 you'll get the fixed files.
Jaromir Le dim. 10 févr. 2019 à 19:31, Tom Ivar Helbekkmo <[email protected]> a écrit : > > It seems that changes made to USB code on February 7th broke the kernel > memory allocation arena. After that point, it is enough to insert a USB > memory stick into my amd64 laptop, and then remove it, to make the > kernel crash. It seems the changes to the allocating and freeing calls > got a bit messed up, leading to internal disagreements about item sizes, > at least in the umass code: > > : dejah# ;cd /var/crash > : dejah# ;dmesg -N netbsd.26 -M netbsd.26.core | tail -23 > [ 1525.390177] umass0: SMI Corporation (0x90c) USB DISK (0x1000), rev > 2.00/11.00, addr 2 > [ 1525.390177] umass0: using SCSI over Bulk-Only > [ 1525.390177] scsibus0 at umass0: 2 targets, 1 lun per target > [ 1525.660323] sd0 at scsibus0 target 0 lun 0: <S31B1103, USB DISK, 1100> > disk removable > [ 1525.660323] sd0: 3864 MB, 7872 cyl, 16 head, 63 sec, 512 bytes/sect x > 7913472 sectors > [ 1537.266612] sd0: detached > [ 1537.266612] scsibus0: detached > [ 1537.266612] panic: kmem_free(0xffff8412b3188208, 8) != allocated size 472 > [ 1537.266612] cpu1: Begin traceback... > [ 1537.266612] vpanic() at netbsd:vpanic+0x16f > [ 1537.266612] snprintf() at netbsd:snprintf > [ 1537.266612] kmem_alloc() at netbsd:kmem_alloc > [ 1537.266612] umass_detach() at netbsd:umass_detach+0xe1 > [ 1537.266612] config_detach() at netbsd:config_detach+0x121 > [ 1537.266612] usb_disconnect_port() at netbsd:usb_disconnect_port+0xb8 > [ 1537.266612] uhub_explore() at netbsd:uhub_explore+0x221 > [ 1537.266612] usb_discover.isra.2() at netbsd:usb_discover.isra.2+0x68 > [ 1537.266612] usb_event_thread() at netbsd:usb_event_thread+0x77 > [ 1537.266612] cpu1: End traceback... > > [ 1537.266612] dumping to dev 0,1 (offset=1472, size=1045482): > [ 1537.266612] dump > : dejah# ;gdb netbsd.gdb > GNU gdb (GDB) 8.0.1 > Copyright (C) 2017 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64--netbsd". > Type "show configuration" for configuration details. > For bug reporting instructions, please see: > <http://www.gnu.org/software/gdb/bugs/>. > Find the GDB manual and other documentation resources online at: > <http://www.gnu.org/software/gdb/documentation/>. > For help, type "help". > Type "apropos word" to search for commands related to "word"... > Reading symbols from netbsd.gdb...done. > (gdb) target kvm netbsd.26.core > 0xffffffff80222d75 in cpu_reboot (howto=howto@entry=260, > bootstr=bootstr@entry=0x0) > at /usr/src/sys/arch/amd64/amd64/machdep.c:726 > 726 dumpsys(); > (gdb) bt > #0 0xffffffff80222d75 in cpu_reboot (howto=howto@entry=260, > bootstr=bootstr@entry=0x0) > at /usr/src/sys/arch/amd64/amd64/machdep.c:726 > #1 0xffffffff809ec2c7 in vpanic (fmt=fmt@entry=0xffffffff813f8838 > "kmem_free(%p, %zu) != allocated size %zu", > ap=ap@entry=0xffff84806a1d5d78) at /usr/src/sys/kern/subr_prf.c:335 > #2 0xffffffff809ec35e in panic (fmt=fmt@entry=0xffffffff813f8838 > "kmem_free(%p, %zu) != allocated size %zu") > at /usr/src/sys/kern/subr_prf.c:254 > #3 0xffffffff809e1944 in kmem_size_check (sz=8, p=0xffff8412b3188200) at > /usr/src/sys/kern/subr_kmem.c:549 > #4 kmem_intr_free (p=0xffff8412b3188200, requested_size=8) at > /usr/src/sys/kern/subr_kmem.c:337 > #5 0xffffffff8047d794 in umass_detach (self=<optimized out>, flags=1) at > /usr/src/sys/dev/usb/umass.c:844 > #6 0xffffffff809d337b in config_detach (dev=dev@entry=0xffff8412a6f78908, > flags=flags@entry=1) > at /usr/src/sys/kern/subr_autoconf.c:1748 > #7 0xffffffff804697df in usb_disconnect_port > (up=up@entry=0xffff84129e303210, parent=<optimized out>, > flags=flags@entry=1) at /usr/src/sys/dev/usb/usb_subr.c:1665 > #8 0xffffffff8046a3a2 in uhub_explore (dev=0xffff84129e2fae20) at > /usr/src/sys/dev/usb/uhub.c:637 > #9 0xffffffff80463e47 in usb_discover (sc=<optimized out>, sc=<optimized > out>) at /usr/src/sys/dev/usb/usb.c:1004 > #10 0xffffffff80463f0e in usb_event_thread (arg=0xffff84129e16bf68) at > /usr/src/sys/dev/usb/usb.c:562 > #11 0xffffffff802097c7 in lwp_trampoline () > #12 0x0000000000000000 in ?? () > (gdb) up > #1 0xffffffff809ec2c7 in vpanic (fmt=fmt@entry=0xffffffff813f8838 > "kmem_free(%p, %zu) != allocated size %zu", > ap=ap@entry=0xffff84806a1d5d78) at /usr/src/sys/kern/subr_prf.c:335 > 335 cpu_reboot(bootopt, NULL); > (gdb) up > #2 0xffffffff809ec35e in panic (fmt=fmt@entry=0xffffffff813f8838 > "kmem_free(%p, %zu) != allocated size %zu") > at /usr/src/sys/kern/subr_prf.c:254 > 254 vpanic(fmt, ap); > (gdb) up > #3 0xffffffff809e1944 in kmem_size_check (sz=8, p=0xffff8412b3188200) at > /usr/src/sys/kern/subr_kmem.c:549 > 549 panic("kmem_free(%p, %zu) != allocated size %zu", > (gdb) list > 544 > 545 hd = (struct kmem_header *)p; > 546 hsz = hd->size; > 547 > 548 if (hsz != sz) { > 549 panic("kmem_free(%p, %zu) != allocated size %zu", > 550 (const uint8_t *)p + SIZE_SIZE, sz, hsz); > 551 } > 552 > 553 hd->size = -1; > (gdb) up > #4 kmem_intr_free (p=0xffff8412b3188200, requested_size=8) at > /usr/src/sys/kern/subr_kmem.c:337 > 337 kmem_size_check(p, requested_size); > (gdb) up > #5 0xffffffff8047d794 in umass_detach (self=<optimized out>, flags=1) at > /usr/src/sys/dev/usb/umass.c:844 > 844 kmem_free(scbus, sizeof(*scbus)); > (gdb) list > 839 default: > 840 /* nothing to do */ > 841 break; > 842 } > 843 > 844 kmem_free(scbus, sizeof(*scbus)); > 845 sc->bus = NULL; > 846 } > 847 > 848 if (rv != 0) > (gdb) quit > : dejah# ; > > -tih > -- > Most people who graduate with CS degrees don't understand the significance > of Lisp. Lisp is the most important idea in computer science. --Alan Kay
