kern/71956: Panic in kobj_delete when a USB hub is detached.

Sang Woo Shim ssw at neo.redjade.org
Mon Sep 20 22:50:13 PDT 2004 

>Number:         71956
>Category:       kern
>Synopsis:       Panic in kobj_delete when a USB hub is detached.
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 21 05:50:12 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Sang Woo Shim
>Release:        FreeBSD 6.0-CURRENT i386
>Organization:
Icrosstech
>Environment:
System: FreeBSD odin 6.0-CURRENT FreeBSD 6.0-CURRENT #1: Fri Sep 17 13:32:39 KST 2004 root at odin:/usr/obj/usr/src/sys/ODIN i386

	This is Pentium-4 2.4C, with HTT turned off.
>Description:
	If you detach usb-hub with some devices attached under, the system
	panic occurs reliably. I've reproduced the panic with my usb keyboard.
	It is constituted by an usb-hub, and internally usb keyboard is
	attached under the hub.
	In the boot process, all of my usb devices are detached and reattached.
	(don't know why.) And the panic occurs after detaching. So I cannot
	boot with my keyboard attached.
	The panic isn't induced before version 1.63 of uhub.c.

	The following is the tr output in the DDB. (hand-writen)
instruction ptr. 0x8:0xc04c6b73
kobj_delete()
device_delete_child()
usb_disconnect_port()
uhub_detach()
device_detach()
device_delete_child()
usb_disconnect_port()
uhub_explore()
usb_discover()
usb_event_thread()
fork_exit() 
fork_trampoline()

	Grepped output of instruction pointer.
odin:/usr/obj/usr/src/sys/ODIN $ nm kernel.debug | grep c04c6b
c04c6b68 T kobj_delete
odin:/usr/obj/usr/src/sys/ODIN $

	kgdb output.
(kgdb) l *0xc04c6b73 
0xc04c6b73 is in kobj_delete (/usr/src/sys/kern/subr_kobj.c:323).
318     }
319 
320     void
321     kobj_delete(kobj_t obj, struct malloc_type *mtype)
322     {
323             kobj_class_t cls = obj->ops->cls;
324             int refs;
325
326             /*
327              * Consider freeing the compiled method table for the class
(kgdb) fr 24
#24 0xc04c23dc in device_delete_child (dev=0x0, child=0xc1ffba00)
    at /usr/src/sys/kern/subr_bus.c:1489
1489            kobj_delete((kobj_t) child, M_BUS);
(kgdb) p *child
$3 = {ops = 0x0, link = {tqe_next = 0x0, tqe_prev = 0xc1ffbd98}, devlink = {
    tqe_next = 0x0, tqe_prev = 0xc1ffbd8c}, parent = 0xc1ffbd80, children = {
    tqh_first = 0x0, tqh_last = 0xc1ffba18}, driver = 0x0, devclass = 0x0,
  unit = -1, nameunit = 0x0, desc = 0x0, busy = 0, state = DS_NOTPRESEN
>How-To-Repeat:
	As stated, unplug usb-hub with some devices attached to it.
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list