usb/128093: panic in ohci_softintr: OXFER(xfer)->xfer.pipe == NULL

Eric van Gyzen eric at
Tue Oct 14 13:50:02 UTC 2008

>Number:         128093
>Category:       usb
>Synopsis:       panic in ohci_softintr: OXFER(xfer)->xfer.pipe == NULL
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-usb
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 14 13:50:01 UTC 2008
>Originator:     Eric van Gyzen
>Release:        FreeBSD 7.0-RELEASE-p2 amd64

==== dmesg ====

Copyright (c) 1992-2008 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.0-RELEASE-p2 #1: Sat Jun 21 21:05:56 CDT 2008
    vangyzen at
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ (2310.66-MHz K8-class CPU)
  Origin = "AuthenticAMD"  Id = 0x60fb2  Stepping = 2
  AMD Features=0xea500800<SYSCALL,NX,MMX+,FFXSR,RDTSCP,LM,3DNow!+,3DNow!>
  AMD Features2=0x11f<LAHF,CMP,SVM,ExtAPIC,CR8,Prefetch>
  Cores per package: 2
usable memory = 2137505792 (2038 MB)
avail memory  = 2062901248 (1967 MB)
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
ioapic0: Changing APIC ID to 4
ioapic0 <Version 1.1> irqs 0-23 on motherboard
kbd1 at kbdmux0
ath_hal: (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
acpi0: <Nvidia ASUSACPI> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: reservation of 0, a0000 (3) failed
acpi0: reservation of 100000, 7fde0000 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
acpi_hpet0: <High Precision Event Timer> iomem 0xfefff000-0xfefff3ff on acpi0
Timecounter "HPET" frequency 25000000 Hz quality 900
cpu0: <ACPI CPU> on acpi0
powernow0: <PowerNow! K8> on cpu0
device_attach: powernow0 attach returned 6
cpu1: <ACPI CPU> on acpi0
powernow1: <PowerNow! K8> on cpu1
device_attach: powernow1 attach returned 6
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pci0: <memory, RAM> at device 0.0 (no driver attached)
isab0: <PCI-ISA bridge> at device 1.0 on pci0
isa0: <ISA bus> on isab0
pci0: <serial bus, SMBus> at device 1.1 (no driver attached)
ohci0: <OHCI (generic) USB controller> mem 0xfe02f000-0xfe02ffff at device 2.0 on pci0
ohci0: [ITHREAD]
usb0: OHCI version 1.0, legacy support
usb0: SMM does not respond, resetting
usb0: <OHCI (generic) USB controller> on ohci0
usb0: USB revision 1.0
uhub0: <nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
uhub0: 10 ports with 10 removable, self powered
ehci0: <EHCI (generic) USB 2.0 controller> mem 0xfe02e000-0xfe02e0ff at device 2.1 on pci0
ehci0: [ITHREAD]
usb1: EHCI version 1.0
usb1: companion controller, 10 ports each: usb0
usb1: <EHCI (generic) USB 2.0 controller> on ehci0
usb1: USB revision 2.0
uhub1: <nVidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb1
uhub1: 10 ports with 10 removable, self powered
umass0: <Seagate FreeAgentDesktop, class 0/0, rev 2.00/0.00, addr 2> on uhub1
atapci0: <nVidia nForce MCP55 UDMA133 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 4.0 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
atapci1: <nVidia nForce MCP55 SATA300 controller> port 0x9f0-0x9f7,0xbf0-0xbf3,0x970-0x977,0xb70-0xb73,0xdc00-0xdc0f mem 0xfe02d000-0xfe02dfff irq 20 at device 5.0 on pci0
atapci1: [ITHREAD]
ata2: <ATA channel 0> on atapci1
ata2: [ITHREAD]
ata3: <ATA channel 1> on atapci1
ata3: [ITHREAD]
atapci2: <nVidia nForce MCP55 SATA300 controller> port 0x9e0-0x9e7,0xbe0-0xbe3,0x960-0x967,0xb60-0xb63,0xc800-0xc80f mem 0xfe02c000-0xfe02cfff irq 21 at device 5.1 on pci0
atapci2: [ITHREAD]
ata4: <ATA channel 0> on atapci2
ata4: [ITHREAD]
ata5: <ATA channel 1> on atapci2
ata5: [ITHREAD]
atapci3: <nVidia nForce MCP55 SATA300 controller> port 0xc400-0xc407,0xc000-0xc003,0xbc00-0xbc07,0xb800-0xb803,0xb400-0xb40f mem 0xfe02b000-0xfe02bfff irq 22 at device 5.2 on pci0
atapci3: [ITHREAD]
ata6: <ATA channel 0> on atapci3
ata6: [ITHREAD]
ata7: <ATA channel 1> on atapci3
ata7: [ITHREAD]
pcib1: <ACPI PCI-PCI bridge> at device 6.0 on pci0
pci1: <ACPI PCI bus> on pcib1
ath0: <Atheros 5212> mem 0xfdef0000-0xfdefffff irq 17 at device 7.0 on pci1
ath0: [ITHREAD]
ath0: using obsoleted if_watchdog interface
ath0: Ethernet address: 00:11:95:91:32:f4
ath0: mac 7.9 phy 4.5 radio 5.6
pcm0: <NVidia MCP55 High Definition Audio Controller> mem 0xfe024000-0xfe027fff irq 23 at device 6.1 on pci0
pcm0: [ITHREAD]
nfe0: <NVIDIA nForce MCP55 Networking Adapter> port 0xb000-0xb007 mem 0xfe02a000-0xfe02afff,0xfe029000-0xfe0290ff,0xfe028000-0xfe02800f irq 20 at device 8.0 on pci0
miibus0: <MII bus> on nfe0
e1000phy0: <Marvell 88E1116 Gigabit PHY> PHY 1 on miibus0
e1000phy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX-FDX, auto
nfe0: Ethernet address: 00:1e:8c:3e:20:ea
nfe0: [FILTER]
nfe0: [FILTER]
nfe0: [FILTER]
nfe0: [FILTER]
nfe0: [FILTER]
nfe0: [FILTER]
nfe0: [FILTER]
nfe0: [FILTER]
pcib2: <ACPI PCI-PCI bridge> at device 15.0 on pci0
pci2: <ACPI PCI bus> on pcib2
vgapci0: <VGA-compatible display> port 0xac00-0xacff mem 0xe8000000-0xefffffff,0xfddf0000-0xfddfffff irq 16 at device 0.0 on pci2
drm0: <ATI Radeon RV370 X600 Pro> on vgapci0
info: [drm] Initialized radeon 1.25.0 20060524
vgapci1: <VGA-compatible display> mem 0xfdde0000-0xfddeffff at device 0.1 on pci2
acpi_tz0: <Thermal Zone> on acpi0
sio0: configured irq 4 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0: configured irq 4 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
sio0: [FILTER]
orm0: <ISA Option ROM> at iomem 0xc0000-0xccfff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
ums0: <Dell Dell USB Mouse, class 0/0, rev 2.00/1.10, addr 2> on uhub0
ums0: 3 buttons and Z dir.
ukbd0: <DELL DELL USB Keyboard, class 0/0, rev 1.10/1.05, addr 3> on uhub0
kbd2 at ukbd0
ugen0: <APC Back-UPS ES 500 FW:801.e5.D USB FW:e5, class 0/0, rev 1.10/1.06, addr 4> on uhub0
Timecounters tick every 1.000 msec
acd0: DVDR <TSSTcorpCD/DVDW TS-H552U/US03> at ata0-master UDMA33
ad4: 152627MB <Hitachi HDS721616PLA380 P22OABEA> at ata2-master SATA300
pcm0: <HDA Codec: Analog Devices AD1988B>
pcm0: <HDA Driver Revision: 20071129_0050>
SMP: AP CPU #1 Launched!
da0 at umass-sim0 bus 0 target 0 lun 0
da0: <Seagate FreeAgentDesktop 100D> Fixed Direct Access SCSI-4 device 
da0: 40.000MB/s transfers
da0: 238475MB (488397168 512 byte sectors: 255H 63S/T 30401C)
GEOM_LABEL: Label for provider da0s1 is ufs/backup.
GEOM_LABEL: Label for provider da0s1 is ntfs/FreeAgent Drive.
Trying to mount root from ufs:/dev/ad4s1a
WARNING: / was not properly dismounted
ath0: link state changed to UP
nfe0: link state changed to UP

==== kernel config ====

GENERIC minus unused stuff.

# based on:
# $FreeBSD: src/sys/amd64/conf/GENERIC,v 1.484. 2008/02/06 03:24:28 scottl Exp $

ident		EDDIE

makeoptions	DEBUG=-g		# Build kernel with gdb(1) debug symbols

options 	SCHED_4BSD		# 4BSD scheduler
options 	PREEMPTION		# Enable kernel thread preemption
options 	INET			# InterNETworking
options 	INET6			# IPv6 communications protocols
options 	FFS			# Berkeley Fast Filesystem
options 	SOFTUPDATES		# Enable FFS soft updates support
options 	UFS_ACL			# Support for access control lists
options 	UFS_DIRHASH		# Improve performance on big directories
options 	UFS_GJOURNAL		# Enable gjournal-based UFS journaling
options 	CD9660			# ISO 9660 Filesystem
options 	GEOM_PART_GPT		# GUID Partition Tables.
options 	GEOM_LABEL		# Provides labelization
options 	COMPAT_43TTY		# BSD 4.3 TTY compat [KEEP THIS!]
options 	COMPAT_IA32		# Compatible with i386 binaries
options 	COMPAT_FREEBSD4		# Compatible with FreeBSD4
options 	COMPAT_FREEBSD5		# Compatible with FreeBSD5
options 	COMPAT_FREEBSD6		# Compatible with FreeBSD6
options 	SCSI_DELAY=5000		# Delay (in ms) before probing SCSI
options 	KTRACE			# ktrace(1) support
options 	SYSVSHM			# SYSV-style shared memory
options 	SYSVMSG			# SYSV-style message queues
options 	SYSVSEM			# SYSV-style semaphores
options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
options 	ADAPTIVE_GIANT		# Giant mutex is adaptive.
options 	STOP_NMI		# Stop CPUS using NMI instead of IPI
options 	AUDIT			# Security event auditing

# Make an SMP-capable kernel by default
options 	SMP			# Symmetric MultiProcessor Kernel

# CPU frequency control
device		cpufreq

# Bus support.
device		acpi
device		pci

# Floppy drives
device		fdc

# ATA and ATAPI devices
device		ata
device		atadisk		# ATA disk drives
device		ataraid		# ATA RAID drives
device		atapicd		# ATAPI CDROM drives
options 	ATA_STATIC_ID	# Static device numbering

# SCSI peripherals
device		scbus		# SCSI bus (required for SCSI)
device		da		# Direct Access (disks)
device		cd		# CD
device		pass		# Passthrough device (direct SCSI access)
device		ses		# SCSI Environmental Services (and SAF-TE)

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc		# AT keyboard controller
device		atkbd		# AT keyboard
device		psm		# PS/2 mouse

device		kbdmux		# keyboard multiplexer

device		vga		# VGA video card driver

device		splash		# Splash screen and screen saver support

# syscons is the default console driver, resembling an SCO console
device		sc

device		agp		# support several AGP chipsets

# Serial (COM) ports
device		sio		# 8250, 16[45]50 based serial ports
device		uart		# Generic UART driver

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device		miibus		# MII bus support
device		nfe		# nVidia nForce MCP on-board Ethernet

# Wireless NIC cards
device		wlan		# 802.11 support
device		wlan_wep	# 802.11 WEP support
device		wlan_ccmp	# 802.11 CCMP support
device		wlan_tkip	# 802.11 TKIP support
device		wlan_amrr	# AMRR transmit rate control algorithm
device		wlan_scan_ap	# 802.11 AP mode scanning
device		wlan_scan_sta	# 802.11 STA mode scanning
device		ath		# Atheros pci/cardbus NIC's
device		ath_hal		# Atheros HAL (Hardware Access Layer)
device		ath_rate_sample	# SampleRate tx rate control for ath

# Pseudo devices.
device		loop		# Network loopback
device		random		# Entropy device
device		ether		# Ethernet support
device		tun		# Packet tunnel.
device		pty		# Pseudo-ttys (telnet etc)
device		gif		# IPv6 and IPv4 tunneling
device		firmware	# firmware assist module

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device		bpf		# Berkeley packet filter

# USB support
device		uhci		# UHCI PCI->USB interface
device		ohci		# OHCI PCI->USB interface
device		ehci		# EHCI PCI->USB interface (USB 2.0)
device		usb		# USB Bus (required)
#device		udbp		# USB Double Bulk Pipe devices
device		ugen		# Generic
device		uhid		# "Human Interface Devices"
device		ukbd		# Keyboard
device		ulpt		# Printer
device		umass		# Disks/Mass storage - Requires scbus and da
device		ums		# Mouse
device		uscanner	# Scanners


The system panicked on input from a USB keyboard.

X was running.  The system had been idle, so the monitor was off.
I have a habit of hitting Ctrl to make it "wake up"; that's probably
what I did this time, but I'm not certain.  It didn't respond, so I
hit a few more keys (Num Lock, Ctrl-Alt-F1, etc).  Eventually, I hit
Ctrl-Alt-Delete, and it rebooted.  Most likely, the system had just
finished dumping core and rebooted on its own, and the timing was
just a coincidence.

I've been running this setup for nine months, and this is the first
instance of this panic.  One might suspect it's a timing issue.

#7  0xffffffff8040332e in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:169
#8  0xffffffff8020a4a0 in ohci_softintr (v=Variable "v" is not available.)
    at /usr/src/sys/dev/usb/ohci.c:1428
#9  0xffffffff8020bc30 in ohci_intr1 (sc=0xffffffff80a44000)
    at /usr/src/sys/dev/usb/ohci.c:1194
#10 0xffffffff8025bff0 in ithread_loop (arg=0xffffff00012356c0)
    at /usr/src/sys/kern/kern_intr.c:1036

(kgdb) f 8
#8  0xffffffff8020a4a0 in ohci_softintr (v=Variable "v" is not available.)
    at /usr/src/sys/dev/usb/ohci.c:1428
1428                    usb_rem_task(OXFER(xfer)->xfer.pipe->device,

(kgdb) l
1423                    if ((std->flags & OHCI_CALL_DONE) == 0)
1424                            continue;
1426                    /* Normal transfer completion */
1427                    callout_stop(&xfer->timeout_handle);
1428                    usb_rem_task(OXFER(xfer)->xfer.pipe->device,
1429                        &OXFER(xfer)->abort_task);
1430                    for (p = xfer->hcpriv; p->xfer == xfer; p = n) {
1431                            n = p->nexttd;
1432                            ohci_free_std(sc, p);

(kgdb) p * ((struct ohci_xfer *)(xfer))
$2 = {xfer = {pipe = 0x0, priv = 0xff00000000000000, 
    buffer = 0xffffffff80628bdc, length = 8, actlen = 8, flags = 4, 
    timeout = 0, status = USBD_NORMAL_COMPLETION, 
    callback = 0xffffffff80215f80 <ukbd_intr>, done = 1 '\001', request = {
      bmRequestType = 0 '\0', bRequest = 0 '\0', wValue = "\000", 
      wIndex = "\000", wLength = "\000"}, frlengths = 0x0, nframes = 0, 
    device = 0xffffff00014d9d00, dmamap = {segs = {{ds_addr = 6458332, 
          ds_len = 8}, {ds_addr = 0, ds_len = 0} <repeats 32 times>}, 
      nsegs = 1, map = 0x0}, allocbuf = 0x0, rqflags = 16, next = {
      stqe_next = 0x0}, hcpriv = 0xffffff000130af50, timeout_handle = {
      c_links = {sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, 
          tqe_prev = 0x0}}, c_time = 0, c_arg = 0x0, c_func = 0, 
      c_mtx = 0xffffffff8062d7e0, c_flags = 0}}, abort_task = {next = {
      tqe_next = 0x0, tqe_prev = 0x0}, 
    fun = 0xffffffff8020a080 <ohci_timeout_task>, arg = 0xffffff0001238000, 
    queue = -1}, ohci_xfer_flags = 0}

(kgdb) p ((struct ohci_xfer *)(xfer))->xfer.pipe
$3 = (struct usbd_pipe *) 0x0

(kgdb) p cpuid_to_pcpu[0]->pc_curthread->td_proc->p_comm
$1 = "irq21: ohci0+\000\000\000\000\000\000"

(kgdb) p cpuid_to_pcpu[1]->pc_curthread->td_proc->p_comm
$2 = "audit\000r", '\0' <repeats 12 times>

I'm comfortable with kernel debugging, but I know nothing about the
USB code.  If you know where to look, I'll gladly give you all the
data you need.





More information about the freebsd-usb mailing list