Module Name: src
Committed By: riastradh
Date: Sat Mar 19 20:50:32 UTC 2022
Modified Files:
src/sys/dev/usb: usb_subr.c
Log Message:
usb: Insert assertion to diagnose ud_cdesc/ud_ifaces inconsistency.
Syzbot found a way to see ud_cdesc=NULL but ud_ifaces!=NULL:
https://syzkaller.appspot.com/bug?id=e6d4449a128e73a9a88100a5cc833e5cae9fecae
Maybe it's a race with two threads somehow doing usbd_free_device at
the same time when only one should, but let's rule this case out
early on to make it easier to prove it has to be a race.
To generate a diff of this commit:
cvs rdiff -u -r1.274 -r1.275 src/sys/dev/usb/usb_subr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/usb/usb_subr.c
diff -u src/sys/dev/usb/usb_subr.c:1.274 src/sys/dev/usb/usb_subr.c:1.275
--- src/sys/dev/usb/usb_subr.c:1.274 Sun Mar 13 20:44:06 2022
+++ src/sys/dev/usb/usb_subr.c Sat Mar 19 20:50:32 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: usb_subr.c,v 1.274 2022/03/13 20:44:06 riastradh Exp $ */
+/* $NetBSD: usb_subr.c,v 1.275 2022/03/19 20:50:32 riastradh Exp $ */
/* $FreeBSD: src/sys/dev/usb/usb_subr.c,v 1.18 1999/11/17 22:33:47 n_hibma Exp $ */
/*
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: usb_subr.c,v 1.274 2022/03/13 20:44:06 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: usb_subr.c,v 1.275 2022/03/19 20:50:32 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_compat_netbsd.h"
@@ -905,6 +905,7 @@ bad:
/* XXX Use usbd_set_config() to reset the config? */
/* XXX Should we forbid USB_UNCONFIG_NO from bConfigurationValue? */
dev->ud_config = USB_UNCONFIG_NO;
+ KASSERT(dev->ud_ifaces == NULL);
kmem_free(cdp, len);
dev->ud_cdesc = NULL;
if (bdp != NULL) {
