| From: | YONETANI Tomokazu <qhwt+dragonfly-bugs@xxxxxxxxxx> |
| Date: | Thu, 27 May 2004 20:15:44 +0900 |
Hello.
After the device layer rollup commit, ucom driver panics when
I disconnect from a tip(1) session. Attached is the backtrace
from the panic. The problem is that ucomclose() is releasing
tp->t_dev too early, and ucomstop() passes it to minor()
without chacking the value, resulting in a NULL-pointer dereference.
I'm not sure how to fix this, but I think you have to push down
the following block in usbclose()
if (tp->t_dev) {
release_dev(tp->t_dev);
tp->t_dev = NULL;
}
down to somewhere after the label `quit:'.
Attachment:
crash.txt.gz
Description: application/gunzip