kernel panic trying to utilize a da(4)/umass(4) device with
ohci(4)
Brian F. Feldman
green at FreeBSD.org
Thu Nov 20 19:09:42 PST 2003
Thanks for the patches to try! They unfortunately didn't fix the crash I
have, but I found out why it's occurring.
See ohci.c:1389:
if (std->td.td_cbp != 0)
len -= le32toh(std->td.td_be) -
le32toh(std->td.td_cbp) + 1;
In one of my transfers (look in my log for the 2560 byte one) that statement
actually adds 8192 to len, which is utterly bogus because you can see it
only allocates 2560 -- hence when it tries to finish the transfer it
memcpy()'s way too much memory and my kernel segfaults. If I #if 0 this out,
I'm left only with "umass0: BBB reset failed, STALLED" messages... which is
a lot better than before! I don't know under what situations that bit of
code makes sense, but it definitely needs more reviewing!
Please check out my debugging messages and tell me if you see any hints as
to why the transfers are getting stalled. I should have looked at the
debugging messages long ago, I guess. Thanks!
http://green.homeunix.org/~green/ohci-debugging.txt.gz
--
Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\
<> green at FreeBSD.org \ The Power to Serve! \
Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\
More information about the freebsd-current
mailing list