Date: Thu, 2 Jan 2020 12:03:45 +0100 From: Michael Tuexen <tuexen@freebsd.org> To: bob prohaska <fbsd@www.zefox.net> Cc: freebsd-arm@freebsd.org, freebsd-current <freebsd-current@freebsd.org> Subject: Re: panic: vm_page_astate_fcmpset: invalid head requeue request on RPI3 Message-ID: <AE617FD7-3215-43FC-8D11-F1C4D1FC7B39@freebsd.org> In-Reply-To: <20200102001231.GA84583@www.zefox.net> References: <20200102001231.GA84583@www.zefox.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 2. Jan 2020, at 01:12, bob prohaska <fbsd@www.zefox.net> wrote: >=20 > While playing at compiling www/chromium using=20 > FreeBSD 13.0-CURRENT (GENERIC) #2 r356165: Mon Dec 30 09:59:03 PST = 2019 > the machine crashed, reporting=20 > panic: vm_page_astate_fcmpset: invalid head requeue request for page = 0xfffffd0031880490 This problem is NOT arm specific. I've seen it on an amd64 system = running syzkaller: = http://212.201.121.91:10000/crash?id=3D00704eb865e893ffda473a4859e062eef51= 2cbde Best regards Michael >=20 > cpuid =3D 2 > time =3D 1577921727 > KDB: stack backtrace: > db_trace_self() at db_trace_self_wrapper+0x28 > pc =3D 0xffff000000735c5c lr =3D 0xffff000000106814 > sp =3D 0xffff0000521ec240 fp =3D 0xffff0000521ec450 >=20 > db_trace_self_wrapper() at vpanic+0x18c > pc =3D 0xffff000000106814 lr =3D 0xffff000000408d90 > sp =3D 0xffff0000521ec460 fp =3D 0xffff0000521ec510 >=20 > vpanic() at panic+0x44 > pc =3D 0xffff000000408d90 lr =3D 0xffff000000408b40 > sp =3D 0xffff0000521ec520 fp =3D 0xffff0000521ec5a0 >=20 > panic() at _vm_page_pqstate_commit_dequeue+0x340 > pc =3D 0xffff000000408b40 lr =3D 0xffff0000006ed840 > sp =3D 0xffff0000521ec5b0 fp =3D 0xffff0000521ec5f0 >=20 > _vm_page_pqstate_commit_dequeue() at = vm_page_pqstate_commit_dequeue+0xb8 > pc =3D 0xffff0000006ed840 lr =3D 0xffff0000006e954c > sp =3D 0xffff0000521ec600 fp =3D 0xffff0000521ec640 >=20 > vm_page_pqstate_commit_dequeue() at vm_page_pqstate_commit+0x50 > pc =3D 0xffff0000006e954c lr =3D 0xffff0000006e93ac > sp =3D 0xffff0000521ec650 fp =3D 0xffff0000521ec670 >=20 > vm_page_pqstate_commit() at vm_pageout_laundry_worker+0x5e4 > pc =3D 0xffff0000006e93ac lr =3D 0xffff0000006f02c0 > sp =3D 0xffff0000521ec680 fp =3D 0xffff0000521ec940 >=20 > vm_pageout_laundry_worker() at fork_exit+0x7c > pc =3D 0xffff0000006f02c0 lr =3D 0xffff0000003c7fdc > sp =3D 0xffff0000521ec950 fp =3D 0xffff0000521ec980 >=20 > fork_exit() at fork_trampoline+0x10 > pc =3D 0xffff0000003c7fdc lr =3D 0xffff00000075230c > sp =3D 0xffff0000521ec990 fp =3D 0x0000000000000000 >=20 > KDB: enter: panic > [ thread pid 21 tid 100071 ] > Stopped at 0 > db> bt > Tracing pid 21 tid 100071 td 0xfffffd0001078560 > db_trace_self() at db_stack_trace+0xf8 > pc =3D 0xffff000000735c5c lr =3D 0xffff000000103c58 > sp =3D 0xffff0000521ebe10 fp =3D 0xffff0000521ebe40 >=20 > db_stack_trace() at db_command+0x228 > pc =3D 0xffff000000103c58 lr =3D 0xffff0000001038d0 > sp =3D 0xffff0000521ebe50 fp =3D 0xffff0000521ebf30 >=20 > db_command() at db_command_loop+0x58 > pc =3D 0xffff0000001038d0 lr =3D 0xffff000000103678 > sp =3D 0xffff0000521ebf40 fp =3D 0xffff0000521ebf60 >=20 > db_command_loop() at db_trap+0xf4 > pc =3D 0xffff000000103678 lr =3D 0xffff00000010697c > sp =3D 0xffff0000521ebf70 fp =3D 0xffff0000521ec190 >=20 > db_trap() at kdb_trap+0x1d8 > pc =3D 0xffff00000010697c lr =3D 0xffff0000004510d0 > sp =3D 0xffff0000521ec1a0 fp =3D 0xffff0000521ec250 >=20 > kdb_trap() at do_el1h_sync+0xf4 > pc =3D 0xffff0000004510d0 lr =3D 0xffff000000752588 > sp =3D 0xffff0000521ec260 fp =3D 0xffff0000521ec290 >=20 > do_el1h_sync() at handle_el1h_sync+0x78 > pc =3D 0xffff000000752588 lr =3D 0xffff000000738078 > sp =3D 0xffff0000521ec2a0 fp =3D 0xffff0000521ec3b0 >=20 > handle_el1h_sync() at kdb_enter+0x34 > pc =3D 0xffff000000738078 lr =3D 0xffff00000045071c > sp =3D 0xffff0000521ec3c0 fp =3D 0xffff0000521ec450 >=20 > kdb_enter() at vpanic+0x1a8 > pc =3D 0xffff00000045071c lr =3D 0xffff000000408dac > sp =3D 0xffff0000521ec460 fp =3D 0xffff0000521ec510 >=20 > vpanic() at panic+0x44 > pc =3D 0xffff000000408dac lr =3D 0xffff000000408b40 > sp =3D 0xffff0000521ec520 fp =3D 0xffff0000521ec5a0 >=20 > panic() at _vm_page_pqstate_commit_dequeue+0x340 > pc =3D 0xffff000000408b40 lr =3D 0xffff0000006ed840 > sp =3D 0xffff0000521ec5b0 fp =3D 0xffff0000521ec5f0 >=20 > _vm_page_pqstate_commit_dequeue() at = vm_page_pqstate_commit_dequeue+0xb8 > pc =3D 0xffff0000006ed840 lr =3D 0xffff0000006e954c > sp =3D 0xffff0000521ec600 fp =3D 0xffff0000521ec640 >=20 > vm_page_pqstate_commit_dequeue() at vm_page_pqstate_commit+0x50 > pc =3D 0xffff0000006e954c lr =3D 0xffff0000006e93ac > sp =3D 0xffff0000521ec650 fp =3D 0xffff0000521ec670 >=20 > vm_page_pqstate_commit() at vm_pageout_laundry_worker+0x5e4 > pc =3D 0xffff0000006e93ac lr =3D 0xffff0000006f02c0 > sp =3D 0xffff0000521ec680 fp =3D 0xffff0000521ec940 >=20 > vm_pageout_laundry_worker() at fork_exit+0x7c > pc =3D 0xffff0000006f02c0 lr =3D 0xffff0000003c7fdc > sp =3D 0xffff0000521ec950 fp =3D 0xffff0000521ec980 >=20 > fork_exit() at fork_trampoline+0x10 > pc =3D 0xffff0000003c7fdc lr =3D 0xffff00000075230c > sp =3D 0xffff0000521ec990 fp =3D 0x0000000000000000 >=20 > db>=20 >=20 > Thanks for reading, if there's anything to try please let me know. >=20 > bob prohaska >=20 > _______________________________________________ > freebsd-arm@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-arm > To unsubscribe, send any mail to "freebsd-arm-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AE617FD7-3215-43FC-8D11-F1C4D1FC7B39>