On Mon, 21 Feb 2011, Don Zickus wrote: > > > As a result the below panic happened. Looking at where the panic happened > > > and the assembly code, I am reasonably confident the panic happened at: > > > > > > drivers/usb/core/hcd.c::usb_hcd_unlink_urb::1459 > > > > > > (right before the unlink1 command) > > > hcd = bus_to_hcd(urb->dev->bus); > > > > > > what happens is that urb->dev is NULL and thus the derefence to dev->bus > > > panics the box. > > > > Are you sure that urb->dev is NULL? As opposed to pointing to a memory > > location that used to be occupied by a device structure and now > > contains some other data? > > Well looking at the register in the panic output that is used to > derefernce the memory, it shows 0x0 (r9). Also the panic message itself shows > that it can not access memory at 0x00000040 (which according to the > dissassembly of the code shows a 64-byte offset of r9, which was zero). > So I am pretty sure the urb->dev pointer was NULL. However, I can't say > for sure the urb itself was corrupted or contains new data. > > r0 was supposed to contain the use_count but it doesn't look right. I'll > double check with some good data tomorrow. > > > > > > The only way I can see that happening is usb_put_dev went to zero and > > > released the device (which would mean the usb_put_dev a couple lines later > > > would cause another friendly message). > > > > This would not affect urb->dev, which suggests that you're not looking > > at it the right way. > > Ok. I thought if the refcount from using usb_put_dev went to zero, the > urb->dev would be free'd. Like you said, I am probably mis-understanding > the code. This would cause the usb_device structure to be deallocated, but it wouldn't affect the contents of the URB structure. Which means that urb->dev wouldn't be set to NULL; instead it would continue to point to the memory that used to hold the usb_device structure. What might have happened is that the refcount in urb->kref somehow went to 0 while urb was still in use. Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
