Project

General

Profile

Actions

Bug #13639

open

Crash: mutex_enter: bad mutex. Related to USB?

Added by Gernot Strasser 2 months ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

panic[cpu15]/thread=fffffe007bc77c20:
mutex_enter: bad mutex, lp=fffffe59743558e0 owner=fffffe007d00ec20 thread=fffffe007bc77c20

fffffe007bc77910 unix:mutex_panic+4a ()
fffffe007bc77980 unix:mutex_vector_enter+307 ()
fffffe007bc779c0 usba:usba_add_to_list+3f ()
fffffe007bc77a30 usba:usba_hcdi_cb+a2 ()
fffffe007bc77a90 xhci:xhci_endpoint_tick+136 ()
fffffe007bc77af0 genunix:callout_list_expire+8f ()
fffffe007bc77b20 genunix:callout_expire+33 ()
fffffe007bc77b50 genunix:callout_execute+1e ()
fffffe007bc77c00 genunix:taskq_thread+2cd ()
fffffe007bc77c10 unix:thread_start+b ()

AMD System on ASRock Rack X470D4U2-2T

I can provide a dump if interested

Actions #1

Updated by Dan McDonald 2 months ago

This appears to be a use-after-free.

> $C
fffffe007bc778f0 vpanic()
fffffe007bc77910 mutex_panic+0x4a(fffffffffb95bdc1, fffffe59743558e0)
fffffe007bc77980 mutex_vector_enter+0x307(fffffe59743558e0)
fffffe007bc779c0 usba_add_to_list+0x3f(fffffe59740e8a98, fffffe59743558d0)
fffffe007bc77a30 usba_hcdi_cb+0xa2(fffffe59740e89f8, fffffe5974355960, c)
fffffe007bc77a90 xhci_endpoint_tick+0x136(fffffe59414fc800)
fffffe007bc77af0 callout_list_expire+0x8f(fffffe592f7373c0, fffffe594067e280)
fffffe007bc77b20 callout_expire+0x33(fffffe592f7373c0)
fffffe007bc77b50 callout_execute+0x1e(fffffe592f7373c0)
fffffe007bc77c00 taskq_thread+0x2cd(fffffe59339d96e8)
fffffe007bc77c10 thread_start+0xb()
> fffffe59743558e0::whatis
fffffe59743558e0 is fffffe59743558d0+10, freed from kmem_alloc_224
> 

If it is possible to reproduce this bug with kmem_flags=0xf in /etc/system, or even better, a DEBUG kernel, the subsequent coredump would provide even more clues about who freed the buffer and possibly why (assuming an ASSERT didn't kick in beforehand).

I'll continue to dive into this dump in case something pops out, however.

Actions

Also available in: Atom PDF