Date: Fri, 11 Jul 2008 15:04:35 GMT From: "S. Hutchins" <seth.hutchins@baesystems.com> To: freebsd-gnats-submit@FreeBSD.org Subject: usb/125510: repeated plug and unplug of USB mass storage devices leads to stall, panics Message-ID: <200807111504.m6BF4ZG3001112@www.freebsd.org> Resent-Message-ID: <200807111510.m6BFA3dS058506@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 125510 >Category: usb >Synopsis: repeated plug and unplug of USB mass storage devices leads to stall, panics >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-usb >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jul 11 15:10:03 UTC 2008 >Closed-Date: >Last-Modified: >Originator: S. Hutchins >Release: 7.0-RELEASE >Organization: >Environment: FreeBSD 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: Tested on at least two separate machines, a Shuttle with ICH6 and an Intel Server with an ICH8. Repeatedly plug and unplug a mass storage device. It doesn't seem to matter what kind. The kernel will panic. There are multiple locations for the panic, but I expect the system state that triggers the panic is related: it's always a NULL dereference, and it's always the result of plugging or unplugging the device, and the EIPs are relatively close. I have two panics logged on the stock FreeBSD 7 kernel: The first is a dereference off of NULL faulting address == 0: EIP = 20:0xc04675b6 Supervisor write, page not present; trap 12 in proc 2 (g_event) The second is a dereference 0x10 off of NULL, faulting address == 0x10: EIP = 20:0xc04801e5 Supervisor write, page not present; trap 12 in proc 35 (usb2) Likewise, if a mass storage device(s) is already plugged in and doing I/O, and another device is plugged and unplugged repeatedly, the I/O on the other device(s) will eventually stall, even if that original device is connected through nested hubs. This can impact multiple devices at once. The message is shown: <dev>: BBB reset failed, IOERROR <dev>: BBB bulk-in clear stall failed (TIMEOUT) <dev>: BBB bulk-out clear stall failed (TIMEOUT) The device is unresponsive until it is removed and reconnected. >How-To-Repeat: To yield a panic, choose a mass storage device at random. Repeatedly plug and unplug the device, especially prior to the system indicating that the device has been detected. To yield a stall, attach a mass storage device and start non-stop I/O to it. You can also choose to select multiple mass storage devices and have them all do I/O. Plug this device or hub into one port into the EHCI host controller. Repeatedly plug and unplug another mass storage device into an adjacent port. Other ports may work but I believe they must be associated with the same host controller. Eventually I/O on one or more of the connected devices will stall. >Fix: Make sure NULL isn't dereferenced, to fix the first set of problems. This may not be trivial. Apparently the USB driver is subtle and quick to panic. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807111504.m6BF4ZG3001112>