Dear all I encountered this crash several times by our eject test with Asianux v2 (2.6.9-34.21AXsmp). The immediate cause of the crash was that udev->hcpriv was null when hcd_endpoint_disable was called by usb_disable_endpoint.
I found wrong cleanup timing, that occurred when the two usb_disconnect were called from hub_events and usb_hcd_pci_remove. When the timing occurres, hcd_endpoint_disable reads udev->hcpriv that nulled by hcd_free_dev. I think the cause is that the locking hcd_date_lock between hcd_endpoint_disable and hcd_free_dev is incomplete in this case. *Please refer to the following for details. I would like to fix this problem but I have no idea that how this problem should be fixed in kernel 2.6.9 .(The lasted kernel is fixed ?) -TAKE P.S I think the crash I reported in http://sourceforge.net/mailarchive/message.php?msg_id=28725033 is caused by the wrong cleanup too. ----------------------------------------------------------------------------- ** About our eject test ** Our eject test is the hot remove of USB Host Controller(PCI Board). The test sequence is as follows. --Hot Remove Sequence-- 1)Stopping to supply power to usb devices connected USB Host Controller(PCI board) ---->[2] usb_disconnect from hub_events 2)Stopping to supply power to the PCI board ---->[1] usb_disconnect from usb_hcd_pci_remove ** About wrong cleanup timing ** The two usb_disconnect from usb_hcd_pci_remove and hub_events remove the same USB device. The sequence is as follows [1] usb_disconnect from usb_hcd_pci_remove [2] usb_disconnect from hub_events acpi_os_execute_deferred hub_thread | | | hub_events | ...Omission... | | hub_port_connect_change usb_hcd_pci_remove | | usb_disconnect usb_disconnect(usb1) | | | ---+ | + LOCK(usb1) ---+ | +@ LOCK(usb1-1) | +@ [removing usb1-1] usb_disconnect(usb1-1) +@ usb_disable_device | +@ release_address ---+ +@ usbfs_remove_device + waiting UNLOCK(usb1-1)----------> +@ usb_remove_sysfs_dev_files + +@ UNLOCK(usb1-1) + + device_unregister +@ LOCK(usb1-1) + | +@ [removing usb1-1] + | ...Omission... +@ usb_disable_device + | +@ | + hcd_free_dev +@ usb_disable_endpoint + --> udev->hcpriv == NULL +@ | + return | +@ hcd_endpoint_disable | +@ read udev->hcpriv <---------------------------------- +@ ----> Oops +@ ** syslog (Oops message) ---- ohci_hcd 0000:18:00.0: remove, state 0 usb usb3: USB disconnect, address 1 usb 3-3: USB disconnect, address 4 ohci_hcd 0000:18:00.0: USB bus 3 deregistered ohci_hcd 0000:18:00.1: remove, state 0 usb usb4: USB disconnect, address 1 usb 4-3: USB disconnect, address 2 <------------ [2] usb_disconnect from hub_events ohci_hcd 0000:18:00.1: leak ed e7a39040 (#2) state 0 (has tds) 4-3: USB disconnect, address -1 <------------ [1] usb_disconnect from usb_hcd_pci_remove Unable to handle kernel NULL pointer dereference at virtual address 00000008 printing eip: c025a359 *pde = 344b0001 Oops: 0000 [#1] SMP Modules linked in: md5 ipv6 ses hasipmi hasftctl i2c_dev i2c_core ide_dump scsi_dump diskdump zlib_deflate gemini_dump dm_mirror dm_mod button battery ac joydev sr_mod usb_s torage ohci_hcd hw_random shpchp e1000 lpfc scsi_transport_fc ext3 jbd raid1 aic79xx sd_mod had_mod scsi_mod acpiphp geminifb CPU: 0 EIP: 0060:[<c025a359>] Tainted: GF VLI EFLAGS: 00010046 (2.6.9-34.21AXsmp) EIP is at hcd_endpoint_disable+0x90/0x17f eax: c0349920 ebx: 00000000 ecx: c025a2c9 edx: 00000000 esi: e99c9c00 edi: 00000010 ebp: 00000000 esp: f7f51e10 ds: 007b es: 007b ss: 0068 Process kacpid (pid: 15, threadinfo=f7f51000 task=f7f42cb0) Stack: ebf14d08 00000000 00000000 e99c9c00 00000000 e99c9c00 00000010 f71ca9d4 c025b6df c025b746 e99c9e0c e99c9c00 00000010 c0257699 f71ca9d4 f71ca800 00000002 ebf14d30 c0257687 ebf14d08 f7070000 f7070044 c224ad80 c025d9eb Call Trace: [<c025b6df>] usb_disable_endpoint+0x1e/0x3d [<c025b746>] usb_disable_device+0x15/0xc5 [<c0257699>] usb_disconnect+0xc4/0x130 [<c0257687>] usb_disconnect+0xb2/0x130 [<c025d9eb>] usb_hcd_pci_remove+0x70/0x12e [<c01c963f>] pci_device_remove+0x16/0x28 [<c021fa94>] device_release_driver+0x3c/0x46 [<c021fc77>] bus_remove_device+0x5d/0x97 [<c021ef6f>] device_del+0x6f/0x90 [<c021ef98>] device_unregister+0x8/0x10 [<c01c78f2>] pci_destroy_dev+0x10/0x6d [<f88315c0>] acpiphp_unconfigure_function+0x11/0x5a [acpiphp] [<f8830563>] disable_device+0x46/0x8f [acpiphp] [<f88309ee>] acpiphp_disable_slot+0x30/0x9f [acpiphp] [<f8830660>] acpiphp_check_bridge+0x2a/0x92 [acpiphp] [<f8830744>] handle_hotplug_event_bridge+0x7c/0x108 [acpiphp] [<c01ee7cf>] acpi_ut_release_mutex+0x69/0x6c [<c01f10bb>] acpi_bus_check_device+0x3d/0x5f [<c01f10f5>] acpi_bus_check_scope+0x18/0x1e [<c01f1122>] acpi_bus_notify+0x27/0x36 [<c01de31f>] acpi_ev_notify_dispatch+0x52/0x5b [<c01da0f8>] acpi_os_execute_deferred+0xc/0x16 [<c0131143>] worker_thread+0x168/0x1d5 [<c01da0ec>] acpi_os_execute_deferred+0x0/0x16 [<c011ecf0>] default_wake_function+0x0/0xc [<c011ecf0>] default_wake_function+0x0/0xc [<c0130fdb>] worker_thread+0x0/0x1d5 [<c01346ed>] kthread+0x73/0x9b [<c013467a>] kthread+0x0/0x9b [<c01041f5>] kernel_thread_helper+0x5/0xb Code: 8b 44 24 0c c7 44 a8 44 00 00 00 00 eb 0f 8b 54 24 0c c7 84 aa 84 00 00 00 00 00 00 00 b8 20 99 34 c0 e8 cb 8f 07 00 8b 54 24 04 <8b> 42 08 8d 58 f0 8b 53 10 0f 18 02 90 8b 54 24 04 83 c2 08 39 -------------------------------------------------- Takamasa Ohtake | Servers Software Division | NEC System Technologies, Ltd. | [EMAIL PROTECTED] -------------------------------------------------- ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ linux-usb-devel@lists.sourceforge.net To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
