Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Jun 2005 16:38:43 -0700
From:      Maksim Yevmenkin <>
To:        Norbert Koch <>
Cc:        "Freebsd-Hackers@Freebsd.Org" <>
Subject:   Re: kernel panic in usb0; was: RE: using vkbd device
Message-ID:  <>
In-Reply-To: <000001c570e2$79541300$4801a8c0@ws-ew-3.W2KDEMIG>
References:  <000001c570e2$79541300$4801a8c0@ws-ew-3.W2KDEMIG>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

>> The ukbd-specific detaching only works, because I implemented
>> something in ukbd.c, that Hans Petter Selasky []
>> suggested in thread "usbd.conf: detach ukbd". (See the patch files,
>> I posted there)
>> When the kernel panics, it does this in usb0 kernel thread. I
>> figured out that this is only related to connecting/disconnecting 
>> the usb keyboard. It panics without kbdmux loaded and it panics
>> with unmodified ukbd.c. So I'll have to try to remote debug it, as 
>> my embedded device has no swap space at all and so no core dump
>> device (256MB flash/256 MD dram).
> I am observing spurious crashes in usb0 under FreeBSD 4.11.
> Kernel configuration/hardware:
>   HZ=400, NO_SWAPPING, DEVICE_POLLING (with kern.polling.user_frac=90),
>   fxp ethernet, 6x sio, ohci, Pentium MMX 166 MHz

could you try to compile kernel with debugging information? not sure if 
it will fit into ram.

> When quickly connecting/disconnecting

i guess you mean here unplug the keyboard and then immediately plug it 
back, right?

> a usb keyboard, after some time I have a panic in process 3 (usb0),
> either at usbd_ar_pipe+0x7 (when detaching)
>  or at usbd_get_interface_descriptor+0x6 (when attaching).
> Stack traces are:
> (a)
> usbd_ar_pipe+0x7
>   usbd_ar_pipe(0,...)
>   usbd_abort_pipe(0,...)
>   ukbd_enable_intr()
>   ukbd_term()
>   ukbd_detach()
>   device_detach()
>   device_delete_child()
>   usb_discommect_port()
>   uhub_explore()
>   usb_discover()
>   usb_event_thread()

can you tell what value "pipe" handle has? i suspect its NULL

> (b)
> usbd_get_interface_descriptor+0x6
>   usbd_get_interface_descriptor(0)
>   ukbd_attach(c0bf3b80)
>   device_probe_and_attach()
>   usbd_probe_and_attach()
>   usbd_new_device()
>   uhub_explore()
>   usb_discover()
>   usb_event_thread()

can you tell what value "iface" handle has? i suspect its NULL

can you please compile the kernel with "DIAGNOSTIC" and check for 
messages from usb system?

> In situation(a), ipl is at bio, ks_intr_pipe is NULL when calling
> usbd_abort_pipe().

thats ok. splusb is defined as splbio

> In situation (b), ipl is at none, USB_ATTACH_START() in USB_ATTACK(ukbd) in
> ukbd.c
> seems to make problems.

not sure about this one

> The above stack traces are from ddb. Booting the kernel with -gd and using
> gdb -k
> didn't give more information. I almost always get an unusable empty stack
> trace
> and different crash addresses.

too bad :(

> It seems like 'usbd_setup_pipe: failed to start endpoint, IOERROR' always
> comes
> before the crash and ipl is mostly at bio, never at usb.

what is your usb controller? uhci/ohci? what chip?

> When I'm doing these tests, I have an ssh console connected through fxp0
> where I
> run usbd -dv.
> Any idea?

please compile kernel with DIAGNOSTIC and USB_DEBUG. then try to adjust 
various "debug" knobs with sysctl(8) to get debug traces. at this point 
it looks like a race condition of some sort (to me).


Want to link to this message? Use this URL: <>