Bug 271300 - kernel panics when using linux module (mutex umtxql not owned / recursed on non-recursive mutex)
Summary: kernel panics when using linux module (mutex umtxql not owned / recursed on n...
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Dmitry Chagin
URL:
Keywords: crash
Depends on:
Blocks: 247219
  Show dependency treegraph
 
Reported: 2023-05-07 16:55 UTC by Rebecca Cran
Modified: 2023-05-29 13:23 UTC (History)
2 users (show)

See Also:

Attachments
dmesg from a dual-EPYC PowerEdge R7525 (27.05 KB, text/plain)
2023-05-07 16:55 UTC, Rebecca Cran 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Rebecca Cran freebsd_committer freebsd_triage 2023-05-07 16:55:49 UTC 
Created attachment 242039 [details]
dmesg from a dual-EPYC PowerEdge R7525

I'm getting a couple of panics in the linux_sys_futex code when using the VS Code Remote SSH extension from my Linux machine to my FreeBSD 14-CURRENT PowerEdge R7525 system.
I've attached the dmesg.


FreeBSD maxamd 14.0-CURRENT FreeBSD 14.0-CURRENT #3 main-n262792-7e0f8b79b773-dirty: Sun May  7 07:58:16 MDT 2023     bcran@maxamd:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64


First is "mutex umtxql not owned":

root@maxamd:/var/crash # kgdb -n 0
...
Unread portion of the kernel message buffer:
panic: mutex umtxql not owned at /usr/src/sys/kern/kern_umtx.c:510
cpuid = 136
time = 1683471469
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0416344c40
vpanic() at vpanic+0x152/frame 0xfffffe0416344c90
panic() at panic+0x43/frame 0xfffffe0416344cf0
__mtx_assert() at __mtx_assert+0xa0/frame 0xfffffe0416344d00
umtxq_remove_queue() at umtxq_remove_queue+0x4a/frame 0xfffffe0416344d30
linux_sys_futex() at linux_sys_futex+0x5ae/frame 0xfffffe0416344e00
amd64_syscall() at amd64_syscall+0x140/frame 0xfffffe0416344f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0416344f30
--- syscall (202, Linux ELF64, linux_sys_futex), rip = 0x801e0bde2, rsp = 0xc86803da0, rbp = 0x168ed58 ---
KDB: enter: panic
Uptime: 56m5s
Dumping 9776 out of 260660 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:59
59		__asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu,


--------------------------------------------
Second is "_mtx_lock_sleep: recursed on non-recursive mutex umtxql"

Unread portion of the kernel message buffer:
panic: _mtx_lock_sleep: recursed on non-recursive mutex umtxql @ /usr/src/sys/compat/linux/linux_futex.c:718

cpuid = 196
time = 1683477614
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe04ba90bba0
vpanic() at vpanic+0x152/frame 0xfffffe04ba90bbf0
panic() at panic+0x43/frame 0xfffffe04ba90bc50
__mtx_lock_sleep() at __mtx_lock_sleep+0x41f/frame 0xfffffe04ba90bce0
__mtx_lock_flags() at __mtx_lock_flags+0xe9/frame 0xfffffe04ba90bd30
linux_sys_futex() at linux_sys_futex+0x6c5/frame 0xfffffe04ba90be00
amd64_syscall() at amd64_syscall+0x140/frame 0xfffffe04ba90bf30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe04ba90bf30
--- syscall (202, Linux ELF64, linux_sys_futex), rip = 0x80160c1ee, rsp = 0xc8d801c08, rbp = 0 ---
KDB: enter: panic
Uptime: 5m8s
Dumping 9500 out of 260660 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:59
59		__asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu,
Comment 1 Dmitry Chagin freebsd_committer freebsd_triage 2023-05-07 18:43:05 UTC 
Do you have a core? Assuming keys are process shared.
Comment 2 Rebecca Cran freebsd_committer freebsd_triage 2023-05-07 22:11:37 UTC 
Yes, I have cores. I've uploaded them to https://people.freebsd.org/~bcran/crashes/20230507/ .