From ssw@neo.redjade.org  Tue Sep 21 05:43:31 2004
Return-Path: <ssw@neo.redjade.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 73DC216A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 21 Sep 2004 05:43:31 +0000 (GMT)
Received: from neo.redjade.org (neo.redjade.org [219.254.21.62])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B76DD43D2D
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 21 Sep 2004 05:43:30 +0000 (GMT)
	(envelope-from ssw@neo.redjade.org)
Received: from neo.redjade.org (localhost [127.0.0.1])
	by neo.redjade.org (8.13.1/8.13.1) with ESMTP id i8L5hKHU017623;
	Tue, 21 Sep 2004 14:43:20 +0900 (KST)
	(envelope-from ssw@neo.redjade.org)
Received: (from ssw@localhost)
	by neo.redjade.org (8.13.1/8.13.1/Submit) id i8L5hJsj017622;
	Tue, 21 Sep 2004 14:43:19 +0900 (KST)
	(envelope-from ssw)
Message-Id: <200409210543.i8L5hJsj017622@neo.redjade.org>
Date: Tue, 21 Sep 2004 14:43:19 +0900 (KST)
From: Sang Woo Shim <ssw@neo.redjade.org>
Reply-To: Sang Woo Shim <ssw@neo.redjade.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: imp@bsdimp.com
Subject: Panic in kobj_delete when a USB hub is detached.
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         71956
>Category:       kern
>Synopsis:       [panic] [usb] Panic in kobj_delete when a USB hub is detached [6-CURRENT]
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 21 05:50:12 GMT 2004
>Closed-Date:    Wed Nov 03 10:13:56 GMT 2004
>Last-Modified:  Wed Nov 03 10:13:56 GMT 2004
>Originator:     Sang Woo Shim
>Release:        FreeBSD 6.0-CURRENT i386
>Organization:
Icrosstech
>Environment:
System: FreeBSD odin 6.0-CURRENT FreeBSD 6.0-CURRENT #1: Fri Sep 17 13:32:39 KST 2004 root@odin:/usr/obj/usr/src/sys/ODIN i386

	This is Pentium-4 2.4C, with HTT turned off.
>Description:
	If you detach usb-hub with some devices attached under, the system
	panic occurs reliably. I've reproduced the panic with my usb keyboard.
	It is constituted by an usb-hub, and internally usb keyboard is
	attached under the hub.
	In the boot process, all of my usb devices are detached and reattached.
	(don't know why.) And the panic occurs after detaching. So I cannot
	boot with my keyboard attached.
	The panic isn't induced before version 1.63 of uhub.c.

	The following is the tr output in the DDB. (hand-writen)
instruction ptr. 0x8:0xc04c6b73
kobj_delete()
device_delete_child()
usb_disconnect_port()
uhub_detach()
device_detach()
device_delete_child()
usb_disconnect_port()
uhub_explore()
usb_discover()
usb_event_thread()
fork_exit() 
fork_trampoline()

	Grepped output of instruction pointer.
odin:/usr/obj/usr/src/sys/ODIN $ nm kernel.debug | grep c04c6b
c04c6b68 T kobj_delete
odin:/usr/obj/usr/src/sys/ODIN $

	kgdb output.
(kgdb) l *0xc04c6b73 
0xc04c6b73 is in kobj_delete (/usr/src/sys/kern/subr_kobj.c:323).
318     }
319 
320     void
321     kobj_delete(kobj_t obj, struct malloc_type *mtype)
322     {
323             kobj_class_t cls = obj->ops->cls;
324             int refs;
325
326             /*
327              * Consider freeing the compiled method table for the class
(kgdb) fr 24
#24 0xc04c23dc in device_delete_child (dev=0x0, child=0xc1ffba00)
    at /usr/src/sys/kern/subr_bus.c:1489
1489            kobj_delete((kobj_t) child, M_BUS);
(kgdb) p *child
$3 = {ops = 0x0, link = {tqe_next = 0x0, tqe_prev = 0xc1ffbd98}, devlink = {
    tqe_next = 0x0, tqe_prev = 0xc1ffbd8c}, parent = 0xc1ffbd80, children = {
    tqh_first = 0x0, tqh_last = 0xc1ffba18}, driver = 0x0, devclass = 0x0,
  unit = -1, nameunit = 0x0, desc = 0x0, busy = 0, state = DS_NOTPRESEN
>How-To-Repeat:
	As stated, unplug usb-hub with some devices attached to it.
>Fix:

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: iedowse 
State-Changed-When: Wed Nov 3 10:12:18 GMT 2004 
State-Changed-Why:  

This should have been fixed by revision 1.68 of usb_port.h. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=71956 
>Unformatted:
