Date: Tue, 21 Sep 2004 14:43:19 +0900 (KST) From: Sang Woo Shim <ssw@neo.redjade.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: imp@bsdimp.com Subject: kern/71956: Panic in kobj_delete when a USB hub is detached. Message-ID: <200409210543.i8L5hJsj017622@neo.redjade.org> Resent-Message-ID: <200409210550.i8L5oCO3086694@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 71956 >Category: kern >Synopsis: Panic in kobj_delete when a USB hub is detached. >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Sep 21 05:50:12 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Sang Woo Shim >Release: FreeBSD 6.0-CURRENT i386 >Organization: Icrosstech >Environment: System: FreeBSD odin 6.0-CURRENT FreeBSD 6.0-CURRENT #1: Fri Sep 17 13:32:39 KST 2004 root@odin:/usr/obj/usr/src/sys/ODIN i386 This is Pentium-4 2.4C, with HTT turned off. >Description: If you detach usb-hub with some devices attached under, the system panic occurs reliably. I've reproduced the panic with my usb keyboard. It is constituted by an usb-hub, and internally usb keyboard is attached under the hub. In the boot process, all of my usb devices are detached and reattached. (don't know why.) And the panic occurs after detaching. So I cannot boot with my keyboard attached. The panic isn't induced before version 1.63 of uhub.c. The following is the tr output in the DDB. (hand-writen) instruction ptr. 0x8:0xc04c6b73 kobj_delete() device_delete_child() usb_disconnect_port() uhub_detach() device_detach() device_delete_child() usb_disconnect_port() uhub_explore() usb_discover() usb_event_thread() fork_exit() fork_trampoline() Grepped output of instruction pointer. odin:/usr/obj/usr/src/sys/ODIN $ nm kernel.debug | grep c04c6b c04c6b68 T kobj_delete odin:/usr/obj/usr/src/sys/ODIN $ kgdb output. (kgdb) l *0xc04c6b73 0xc04c6b73 is in kobj_delete (/usr/src/sys/kern/subr_kobj.c:323). 318 } 319 320 void 321 kobj_delete(kobj_t obj, struct malloc_type *mtype) 322 { 323 kobj_class_t cls = obj->ops->cls; 324 int refs; 325 326 /* 327 * Consider freeing the compiled method table for the class (kgdb) fr 24 #24 0xc04c23dc in device_delete_child (dev=0x0, child=0xc1ffba00) at /usr/src/sys/kern/subr_bus.c:1489 1489 kobj_delete((kobj_t) child, M_BUS); (kgdb) p *child $3 = {ops = 0x0, link = {tqe_next = 0x0, tqe_prev = 0xc1ffbd98}, devlink = { tqe_next = 0x0, tqe_prev = 0xc1ffbd8c}, parent = 0xc1ffbd80, children = { tqh_first = 0x0, tqh_last = 0xc1ffba18}, driver = 0x0, devclass = 0x0, unit = -1, nameunit = 0x0, desc = 0x0, busy = 0, state = DS_NOTPRESEN >How-To-Repeat: As stated, unplug usb-hub with some devices attached to it. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409210543.i8L5hJsj017622>