usb/125510: repeated plug and unplug of USB mass storage devices
leads to stall, panics
seth.hutchins at baesystems.com
Fri Jul 11 15:10:04 UTC 2008
>Synopsis: repeated plug and unplug of USB mass storage devices leads to stall, panics
>Arrival-Date: Fri Jul 11 15:10:03 UTC 2008
>Originator: S. Hutchins
FreeBSD 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 root at logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
Tested on at least two separate machines, a Shuttle with ICH6 and an Intel Server with an ICH8.
Repeatedly plug and unplug a mass storage device. It doesn't seem to matter what kind. The kernel will panic. There are multiple locations for the panic, but I expect the system state that triggers the panic is related: it's always a NULL dereference, and it's always the result of plugging or unplugging the device, and the EIPs are relatively close.
I have two panics logged on the stock FreeBSD 7 kernel:
The first is a dereference off of NULL faulting address == 0:
EIP = 20:0xc04675b6
Supervisor write, page not present; trap 12 in proc 2 (g_event)
The second is a dereference 0x10 off of NULL, faulting address == 0x10:
EIP = 20:0xc04801e5
Supervisor write, page not present; trap 12 in proc 35 (usb2)
Likewise, if a mass storage device(s) is already plugged in and doing I/O, and another device is plugged and unplugged repeatedly, the I/O on the other device(s) will eventually stall, even if that original device is connected through nested hubs. This can impact multiple devices at once. The message is shown:
<dev>: BBB reset failed, IOERROR
<dev>: BBB bulk-in clear stall failed (TIMEOUT)
<dev>: BBB bulk-out clear stall failed (TIMEOUT)
The device is unresponsive until it is removed and reconnected.
To yield a panic, choose a mass storage device at random. Repeatedly plug and unplug the device, especially prior to the system indicating that the device has been detected.
To yield a stall, attach a mass storage device and start non-stop I/O to it. You can also choose to select multiple mass storage devices and have them all do I/O. Plug this device or hub into one port into the EHCI host controller. Repeatedly plug and unplug another mass storage device into an adjacent port. Other ports may work but I believe they must be associated with the same host controller. Eventually I/O on one or more of the connected devices will stall.
Make sure NULL isn't dereferenced, to fix the first set of problems. This may not be trivial. Apparently the USB driver is subtle and quick to panic.
More information about the freebsd-usb