Opened 11 months ago

Closed 11 months ago

#18431 closed bug (fixed)

[regression] usb_disk: KDL on USB drive disconnect

Reported by: X512 Owned by:
Priority: normal Milestone: R1/beta5
Component: Drivers/Disk/USB Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Platform: All

Description

This is hrev57062.

Observed on x86_64 and riscv64.

syslog: 

publish device: node 0xffffffc038f99a00, path disk/usb/3/0/raw, module drivers/disk/usb_disk/device_v1
usb xhci 0: cancel queued transfers (0) for pipe 0xffffffc00702d600 (0)
usb xhci 0: cancel queued transfers (0) for pipe 0xffffffc007278460 (1)
usb xhci 0: transfer error on slot 4 endpoint 2: Length invalid
usb error xhci 0: TRB 0x412e6210 was not found in the endpoint!
usb xhci 0: cancel queued transfers (0) for pipe 0xffffffc007278410 (2)
usb xhci 0: transfer error on slot 4 endpoint 5: Length invalid
usb error xhci 0: TRB 0x412e64e0 was not found in the endpoint!
PANIC: _mutex_lock(): double lock of 0xffffffc00700d9e8 by thread 20
Welcome to Kernel Debugging Land...
Thread 20 "usb explore" running on CPU 2
Stack:
FP: 0xffffffc000fdea00
FP: 0xffffffc000fdea20, PC: 0xffffffc002154aec <kernel_riscv64> arch_debug_call_with_fault_handler + 32
FP: 0xffffffc000fdea70, PC: 0xffffffc0020d6178 <kernel_riscv64> debug_call_with_fault_handler.localalias + 128
FP: 0xffffffc000fdeb00, PC: 0xffffffc0020d74f8 <kernel_riscv64> _ZL20kernel_debugger_loopPKcS0_Pvi + 320
FP: 0xffffffc000fdeb70, PC: 0xffffffc0020d789e <kernel_riscv64> _ZL24kernel_debugger_internalPKcS0_Pvi + 284
FP: 0xffffffc000fdebb0, PC: 0xffffffc0020d7b30 <kernel_riscv64> panic + 86
FP: 0xffffffc000fdec40, PC: 0xffffffc0020c27f8 <kernel_riscv64> _mutex_lock.localalias + 424
FP: 0xffffffc000fdec80, PC: 0xffffffc002529686 <usb_disk> _ZL14usb_disk_closePv + 56
FP: 0xffffffc000fdeca0, PC: 0xffffffc002115246 <kernel_riscv64> _ZL10file_closeP15file_descriptor + 52
FP: 0xffffffc000fdecc0, PC: 0xffffffc002106ef2 <kernel_riscv64> put_fd.localalias + 70
FP: 0xffffffc000fded40, PC: 0xffffffc002115df2 <kernel_riscv64> _ZL29disconnect_mount_or_vnode_fdsP8fs_mountP5vnode + 186
FP: 0xffffffc000fded70, PC: 0xffffffc00211b852 <kernel_riscv64> vfs_disconnect_vnode + 50
FP: 0xffffffc000fdedb0, PC: 0xffffffc0020ed70c <kernel_riscv64> _Z22devfs_unpublish_devicePN8BPrivate10BaseDeviceEb + 146
FP: 0xffffffc000fdedf0, PC: 0xffffffc0020e672a <kernel_riscv64> _ZL16unpublish_deviceP11device_nodePKc + 132
FP: 0xffffffc000fdee20, PC: 0xffffffc00252745a <usb_disk> _ZL23usb_disk_device_removedPv + 78
FP: 0xffffffc000fdee40, PC: 0xffffffc0020ea29a <kernel_riscv64> _ZN11device_node13DeviceRemovedEv.localalias + 54
FP: 0xffffffc000fdee60, PC: 0xffffffc0020ea282 <kernel_riscv64> _ZN11device_node13DeviceRemovedEv.localalias + 30
FP: 0xffffffc000fdee80, PC: 0xffffffc0020ea388 <kernel_riscv64> _ZL15unregister_nodeP11device_node + 48
FP: 0xffffffc000fdeef0, PC: 0xffffffc002568100 <xhci> _ZN6DeviceD2Ev + 126
FP: 0xffffffc000fdef10, PC: 0xffffffc0025682d8 <xhci> _ZN6DeviceD0Ev + 20
FP: 0xffffffc000fdef30, PC: 0xffffffc002564148 <xhci> _ZN4XHCI10FreeDeviceEP6Device.localalias + 28
FP: 0xffffffc000fdef90, PC: 0xffffffc00251824e <usb> _ZN5Stack7ExploreEv + 258
FP: 0xffffffc000fdefc0, PC: 0xffffffc0025182f8 <usb> _ZN5Stack13ExploreThreadEPv + 38
FP: 0xffffffc000fdefe0, PC: 0xffffffc0020ba4dc <kernel_riscv64> _ZL19common_thread_entryPv + 52
FP: 0x0, PC: 0xffffffc002153748 <kernel_riscv64> arch_thread_entry + 0
kdebug>

Change History (3)

comment:1 by kallisti5, 11 months ago

(comment moved to #18432)

Last edited 11 months ago by kallisti5 (previous) (diff)

comment:2 by X512, 11 months ago

Proposed fix (tested):

  • src/add-ons/kernel/drivers/disk/usb/usb_disk/usb_disk.cpp 

    diff --git a/src/add-ons/kernel/drivers/disk/usb/usb_disk/usb_disk.cpp b/src/add-ons/kernel/drivers/disk/usb/usb_disk/usb_disk.cpp
index f94d092081..a049e7b5e7 100644
    a b usb_disk_device_removed(void *cookie)  
    12341234       disk_device *device = (disk_device *)cookie;
    12351235       mutex_lock(&device->lock);
    12361236
    1237        for (uint8 i = 0; i < device->lun_count; i++)
     1237       for (uint8 i = 0; i < device->lun_count; i++) {
     1238               mutex_unlock(&device->lock);
    12381239               gDeviceManager->unpublish_device(device->node, device->luns[i]->name);
     1240               mutex_lock(&device->lock);
     1241       }
    12391242
    12401243       device->removed = true;
    12411244       gUSBModule->cancel_queued_transfers(device->bulk_in);

comment:3 by waddlesplash, 11 months ago

Milestone: UnscheduledR1/beta5
Resolution: fixed
Status: newclosed

Fixed in hrev57063.

Note: See TracTickets for help on using tickets.