From owner-freebsd-current@freebsd.org Thu Jan 2 13:58:30 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1B42A1F7CFB; Thu, 2 Jan 2020 13:58:30 +0000 (UTC) (envelope-from vidwer@gmail.com) Received: from mail-ot1-x342.google.com (mail-ot1-x342.google.com [IPv6:2607:f8b0:4864:20::342]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47pV4P741Pz4RYR; Thu, 2 Jan 2020 13:58:29 +0000 (UTC) (envelope-from vidwer@gmail.com) Received: by mail-ot1-x342.google.com with SMTP id k14so57191412otn.4; Thu, 02 Jan 2020 05:58:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1Np9hTJ+HnMqW9yoB2odhuV3i9H2dub40W06D4ninls=; b=S5QKMmiWajiymWE5nXWZyq+6k+BNyAsegGyrdj0pQ00t5+Fq+nOJMBUJ52BUKOeAMZ yfAwVYRvmnGGC+znj9GfPNsZiaTtTs7VS+AyIs7Ewdj3JZoO36Wj0pZJ2tZinvg7htn1 oiQMUKPoXLG9hbipb1gioERZmwSaghjDFRhm4Zsf4zb7E7u1tOAbfyLRk3y0Nrw0sL8O hCTkFCSC0QSZjq+w6bS2WB1cfW2ZYnF/49zOGm4QxGsOpT+7Z3MGRSDOrgtE1CqMr4hx gpdRJY9S53vdVJr1ogMAD7vFJaknYwAIgUnVxnfF07U2SVMbAXEVrvlVV15ooW+sPdv6 NUIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1Np9hTJ+HnMqW9yoB2odhuV3i9H2dub40W06D4ninls=; b=kVjMm5t06JNyPg7yhv+3vUgKsr6u2NNoJWhF3cgXv6FBBLqNL+rGJYyh85Se7krp+r VX3Y66MN5vxwvAv86IbJr4122G9EeZBzFivij8Zx6k69AmGqhZLrAA6dyag1KtXI5BP+ IL3QYPwew9k88r4buVG3DYMSK+ss3J7n1Z3yvvSUd86eT1w1xJLRNJG74NREcY4/I0OZ tg9BiEfa1/TvpEHiPRLmQDjxfwLccvHUaPyACUcax2om5+LPEOamA4SH7P7MwjotvzTJ E7QGVRAvtsEV1bha/GvAoquAZR8KsRBE5r0+oCZrFwwSsXqD2OfkRoWjWmK0HC2nuIqh +hnw== X-Gm-Message-State: APjAAAXdmJ15+D0+oIb+Xu0aEaTRjdRdKmsVh7cTdjCOzhdS2W2z11EO fhQ2CkC9gMF4BQk8kydLf5aOVmz51CoQTBCsO7qfSgUC X-Google-Smtp-Source: APXvYqwtXMhDZCHl/8Knx35tydqCULUAh50ri91oCrhnnaJxOdT9zL95I8/AMC2uJLn6fx1xNHCEBMRR5ppq97Sr23E= X-Received: by 2002:a05:6830:1e21:: with SMTP id t1mr73848652otr.194.1577973508408; Thu, 02 Jan 2020 05:58:28 -0800 (PST) MIME-Version: 1.0 References: <20200102001231.GA84583@www.zefox.net> In-Reply-To: From: Idwer Vollering Date: Thu, 2 Jan 2020 14:58:16 +0100 Message-ID: Subject: Re: panic: vm_page_astate_fcmpset: invalid head requeue request on RPI3 To: Michael Tuexen Cc: bob prohaska , freebsd-arm@freebsd.org, freebsd-current Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 47pV4P741Pz4RYR X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-6.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jan 2020 13:58:30 -0000 This can happen on amd64, on r356262, too. $ kgdb /boot/kernel/kernel vmcore.0 GNU gdb (GDB) 8.3.1 [GDB v8.3.1 for FreeBSD] Copyright (C) 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd13.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel... Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug... Unread portion of the kernel message buffer: panic: vm_page_astate_fcmpset: invalid head requeue request for page 0xfffffe0001c8a7b8 cpuid = 2 time = 1577970641 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00567ff710 vpanic() at vpanic+0x17e/frame 0xfffffe00567ff770 panic() at panic+0x43/frame 0xfffffe00567ff7d0 _vm_page_pqstate_commit_dequeue() at _vm_page_pqstate_commit_dequeue+0x34f/frame 0xfffffe00567ff840 vm_page_pqstate_commit_dequeue() at vm_page_pqstate_commit_dequeue+0x96/frame 0xfffffe00567ff880 vm_page_pqstate_commit() at vm_page_pqstate_commit+0x46/frame 0xfffffe00567ff8b0 vm_pageout_laundry_worker() at vm_pageout_laundry_worker+0x5be/frame 0xfffffe00567ffb30 fork_exit() at fork_exit+0x80/frame 0xfffffe00567ffb70 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00567ffb70 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu, (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:392 #2 0xffffffff8049bbba in db_dump (dummy=, dummy2=, dummy3=, dummy4=) at /usr/src/sys/ddb/db_command.c:575 #3 0xffffffff8049b97c in db_command (last_cmdp=, cmd_table=, dopager=1) at /usr/src/sys/ddb/db_command.c:482 #4 0xffffffff8049b6ed in db_command_loop () at /usr/src/sys/ddb/db_command.c:535 #5 0xffffffff8049e918 in db_trap (type=, code=) at /usr/src/sys/ddb/db_main.c:252 #6 0xffffffff80c15ab7 in kdb_trap (type=3, code=0, tf=) at /usr/src/sys/kern/subr_kdb.c:691 #7 0xffffffff8106a9d4 in trap (frame=0xfffffe00567ff640) at /usr/src/sys/amd64/amd64/trap.c:585 #8 #9 kdb_enter (why=0xffffffff811f6c89 "panic", msg=) at /usr/src/sys/kern/subr_kdb.c:478 #10 0xffffffff80bca46a in vpanic (fmt=, ap=) at /usr/src/sys/kern/kern_shutdown.c:897 #11 0xffffffff80bca203 in panic (fmt=0xffffffff81c7b008 "\260\266\033\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:835 #12 0xffffffff80f2bb8f in _vm_page_pqstate_commit_dequeue (pq=, m=0xfffffe0001c8a7b8, old=0xfffffe00567ff900, new=...) at /usr/src/sys/vm/vm_page.h:790 #13 0xffffffff80f27d76 in vm_page_pqstate_commit_dequeue (m=0xfffffe0001c8a7b8, old=0xfffffe00567ff900, new=...) at /usr/src/sys/vm/vm_page.c:3369 #14 0xffffffff80f27c06 in vm_page_pqstate_commit (m=0xfffffe0001c8a7b8, old=0x80, new=...) at /usr/src/sys/vm/vm_page.c:3446 #15 0xffffffff80f2e82e in vm_pageout_launder (vmd=, launder=982, in_shortfall=) at /usr/src/sys/vm/vm_pageout.c:839 #16 vm_pageout_laundry_worker (arg=) at /usr/src/sys/vm/vm_pageout.c:1101 #17 0xffffffff80b87650 in fork_exit (callout=0xffffffff80f2e270 , arg=0x0, frame=0xfffffe00567ffb80) at /usr/src/sys/kern/kern_fork.c:1058 #18 (kgdb) up #1 doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:392 392 dumptid = curthread->td_tid; (kgdb) #2 0xffffffff8049bbba in db_dump (dummy=, dummy2=, dummy3=, dummy4=) at /usr/src/sys/ddb/db_command.c:575 575 error = doadump(false); (kgdb) #3 0xffffffff8049b97c in db_command (last_cmdp=, cmd_table=, dopager=1) at /usr/src/sys/ddb/db_command.c:482 482 (*cmd->fcn)(addr, have_addr, count, modif); (kgdb) #4 0xffffffff8049b6ed in db_command_loop () at /usr/src/sys/ddb/db_command.c:535 535 db_command(&db_last_command, &db_cmd_table, /* dopager */ 1); (kgdb) #5 0xffffffff8049e918 in db_trap (type=, code=) at /usr/src/sys/ddb/db_main.c:252 252 db_command_loop(); (kgdb) #6 0xffffffff80c15ab7 in kdb_trap (type=3, code=0, tf=) at /usr/src/sys/kern/subr_kdb.c:691 691 handled = be->dbbe_trap(type, code); (kgdb) #7 0xffffffff8106a9d4 in trap (frame=0xfffffe00567ff640) at /usr/src/sys/amd64/amd64/trap.c:585 585 if (kdb_trap(type, dr6, frame)) (kgdb) #8 (kgdb) #9 kdb_enter (why=0xffffffff811f6c89 "panic", msg=) at /usr/src/sys/kern/subr_kdb.c:478 478 kdb_why = KDB_WHY_UNSET; (kgdb) #10 0xffffffff80bca46a in vpanic (fmt=, ap=) at /usr/src/sys/kern/kern_shutdown.c:897 897 kdb_enter(KDB_WHY_PANIC, "panic"); (kgdb) #11 0xffffffff80bca203 in panic (fmt=0xffffffff81c7b008 "\260\266\033\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:835 835 vpanic(fmt, ap); (kgdb) #12 0xffffffff80f2bb8f in _vm_page_pqstate_commit_dequeue (pq=, m=0xfffffe0001c8a7b8, old=0xfffffe00567ff900, new=...) at /usr/src/sys/vm/vm_page.h:790 790 KASSERT((new.flags & PGA_ENQUEUED) == 0 || new.queue != PQ_NONE, (kgdb) #13 0xffffffff80f27d76 in vm_page_pqstate_commit_dequeue (m=0xfffffe0001c8a7b8, old=0xfffffe00567ff900, new=...) at /usr/src/sys/vm/vm_page.c:3369 3369 ret = _vm_page_pqstate_commit_dequeue(pq, m, old, new); (kgdb) #14 0xffffffff80f27c06 in vm_page_pqstate_commit (m=0xfffffe0001c8a7b8, old=0x80, new=...) at /usr/src/sys/vm/vm_page.c:3446 3446 if (!vm_page_pqstate_commit_dequeue(m, old, new)) (kgdb) #15 0xffffffff80f2e82e in vm_pageout_launder (vmd=, launder=982, in_shortfall=) at /usr/src/sys/vm/vm_pageout.c:839 839 if (!vm_page_pqstate_commit(m, &old, new)) (kgdb) #16 vm_pageout_laundry_worker (arg=) at /usr/src/sys/vm/vm_pageout.c:1101 1101 target -= min(vm_pageout_launder(vmd, launder, (kgdb) #17 0xffffffff80b87650 in fork_exit (callout=0xffffffff80f2e270 , arg=0x0, frame=0xfffffe00567ffb80) at /usr/src/sys/kern/kern_fork.c:1058 1058 callout(arg, frame); (kgdb) #18 (kgdb) Initial frame selected; you cannot go up. Op do 2 jan. 2020 om 12:03 schreef Michael Tuexen : > > > On 2. Jan 2020, at 01:12, bob prohaska wrote: > > > > While playing at compiling www/chromium using > > FreeBSD 13.0-CURRENT (GENERIC) #2 r356165: Mon Dec 30 09:59:03 PST 2019 > > the machine crashed, reporting > > panic: vm_page_astate_fcmpset: invalid head requeue request for page 0xfffffd0031880490 > This problem is NOT arm specific. I've seen it on an amd64 system running syzkaller: > http://212.201.121.91:10000/crash?id=00704eb865e893ffda473a4859e062eef512cbde > > Best regards > Michael > > > > cpuid = 2 > > time = 1577921727 > > KDB: stack backtrace: > > db_trace_self() at db_trace_self_wrapper+0x28 > > pc = 0xffff000000735c5c lr = 0xffff000000106814 > > sp = 0xffff0000521ec240 fp = 0xffff0000521ec450 > > > > db_trace_self_wrapper() at vpanic+0x18c > > pc = 0xffff000000106814 lr = 0xffff000000408d90 > > sp = 0xffff0000521ec460 fp = 0xffff0000521ec510 > > > > vpanic() at panic+0x44 > > pc = 0xffff000000408d90 lr = 0xffff000000408b40 > > sp = 0xffff0000521ec520 fp = 0xffff0000521ec5a0 > > > > panic() at _vm_page_pqstate_commit_dequeue+0x340 > > pc = 0xffff000000408b40 lr = 0xffff0000006ed840 > > sp = 0xffff0000521ec5b0 fp = 0xffff0000521ec5f0 > > > > _vm_page_pqstate_commit_dequeue() at vm_page_pqstate_commit_dequeue+0xb8 > > pc = 0xffff0000006ed840 lr = 0xffff0000006e954c > > sp = 0xffff0000521ec600 fp = 0xffff0000521ec640 > > > > vm_page_pqstate_commit_dequeue() at vm_page_pqstate_commit+0x50 > > pc = 0xffff0000006e954c lr = 0xffff0000006e93ac > > sp = 0xffff0000521ec650 fp = 0xffff0000521ec670 > > > > vm_page_pqstate_commit() at vm_pageout_laundry_worker+0x5e4 > > pc = 0xffff0000006e93ac lr = 0xffff0000006f02c0 > > sp = 0xffff0000521ec680 fp = 0xffff0000521ec940 > > > > vm_pageout_laundry_worker() at fork_exit+0x7c > > pc = 0xffff0000006f02c0 lr = 0xffff0000003c7fdc > > sp = 0xffff0000521ec950 fp = 0xffff0000521ec980 > > > > fork_exit() at fork_trampoline+0x10 > > pc = 0xffff0000003c7fdc lr = 0xffff00000075230c > > sp = 0xffff0000521ec990 fp = 0x0000000000000000 > > > > KDB: enter: panic > > [ thread pid 21 tid 100071 ] > > Stopped at 0 > > db> bt > > Tracing pid 21 tid 100071 td 0xfffffd0001078560 > > db_trace_self() at db_stack_trace+0xf8 > > pc = 0xffff000000735c5c lr = 0xffff000000103c58 > > sp = 0xffff0000521ebe10 fp = 0xffff0000521ebe40 > > > > db_stack_trace() at db_command+0x228 > > pc = 0xffff000000103c58 lr = 0xffff0000001038d0 > > sp = 0xffff0000521ebe50 fp = 0xffff0000521ebf30 > > > > db_command() at db_command_loop+0x58 > > pc = 0xffff0000001038d0 lr = 0xffff000000103678 > > sp = 0xffff0000521ebf40 fp = 0xffff0000521ebf60 > > > > db_command_loop() at db_trap+0xf4 > > pc = 0xffff000000103678 lr = 0xffff00000010697c > > sp = 0xffff0000521ebf70 fp = 0xffff0000521ec190 > > > > db_trap() at kdb_trap+0x1d8 > > pc = 0xffff00000010697c lr = 0xffff0000004510d0 > > sp = 0xffff0000521ec1a0 fp = 0xffff0000521ec250 > > > > kdb_trap() at do_el1h_sync+0xf4 > > pc = 0xffff0000004510d0 lr = 0xffff000000752588 > > sp = 0xffff0000521ec260 fp = 0xffff0000521ec290 > > > > do_el1h_sync() at handle_el1h_sync+0x78 > > pc = 0xffff000000752588 lr = 0xffff000000738078 > > sp = 0xffff0000521ec2a0 fp = 0xffff0000521ec3b0 > > > > handle_el1h_sync() at kdb_enter+0x34 > > pc = 0xffff000000738078 lr = 0xffff00000045071c > > sp = 0xffff0000521ec3c0 fp = 0xffff0000521ec450 > > > > kdb_enter() at vpanic+0x1a8 > > pc = 0xffff00000045071c lr = 0xffff000000408dac > > sp = 0xffff0000521ec460 fp = 0xffff0000521ec510 > > > > vpanic() at panic+0x44 > > pc = 0xffff000000408dac lr = 0xffff000000408b40 > > sp = 0xffff0000521ec520 fp = 0xffff0000521ec5a0 > > > > panic() at _vm_page_pqstate_commit_dequeue+0x340 > > pc = 0xffff000000408b40 lr = 0xffff0000006ed840 > > sp = 0xffff0000521ec5b0 fp = 0xffff0000521ec5f0 > > > > _vm_page_pqstate_commit_dequeue() at vm_page_pqstate_commit_dequeue+0xb8 > > pc = 0xffff0000006ed840 lr = 0xffff0000006e954c > > sp = 0xffff0000521ec600 fp = 0xffff0000521ec640 > > > > vm_page_pqstate_commit_dequeue() at vm_page_pqstate_commit+0x50 > > pc = 0xffff0000006e954c lr = 0xffff0000006e93ac > > sp = 0xffff0000521ec650 fp = 0xffff0000521ec670 > > > > vm_page_pqstate_commit() at vm_pageout_laundry_worker+0x5e4 > > pc = 0xffff0000006e93ac lr = 0xffff0000006f02c0 > > sp = 0xffff0000521ec680 fp = 0xffff0000521ec940 > > > > vm_pageout_laundry_worker() at fork_exit+0x7c > > pc = 0xffff0000006f02c0 lr = 0xffff0000003c7fdc > > sp = 0xffff0000521ec950 fp = 0xffff0000521ec980 > > > > fork_exit() at fork_trampoline+0x10 > > pc = 0xffff0000003c7fdc lr = 0xffff00000075230c > > sp = 0xffff0000521ec990 fp = 0x0000000000000000 > > > > db> > > > > Thanks for reading, if there's anything to try please let me know. > > > > bob prohaska > > > > _______________________________________________ > > freebsd-arm@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-arm > > To unsubscribe, send any mail to "freebsd-arm-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"