panic: vm_page_astate_fcmpset: invalid head requeue request on RPI3

Michael Tuexen tuexen at freebsd.org
Thu Jan 2 11:03:49 UTC 2020 

> On 2. Jan 2020, at 01:12, bob prohaska <fbsd at www.zefox.net> wrote:
> 
> While playing at compiling www/chromium using 
> FreeBSD 13.0-CURRENT (GENERIC) #2 r356165: Mon Dec 30 09:59:03 PST 2019
> the machine crashed, reporting 
> panic: vm_page_astate_fcmpset: invalid head requeue request for page 0xfffffd0031880490
This problem is NOT arm specific. I've seen it on an amd64 system running syzkaller:
http://212.201.121.91:10000/crash?id=00704eb865e893ffda473a4859e062eef512cbde

Best regards
Michael
> 
> cpuid = 2
> time = 1577921727
> KDB: stack backtrace:
> db_trace_self() at db_trace_self_wrapper+0x28
> 	 pc = 0xffff000000735c5c  lr = 0xffff000000106814
> 	 sp = 0xffff0000521ec240  fp = 0xffff0000521ec450
> 
> db_trace_self_wrapper() at vpanic+0x18c
> 	 pc = 0xffff000000106814  lr = 0xffff000000408d90
> 	 sp = 0xffff0000521ec460  fp = 0xffff0000521ec510
> 
> vpanic() at panic+0x44
> 	 pc = 0xffff000000408d90  lr = 0xffff000000408b40
> 	 sp = 0xffff0000521ec520  fp = 0xffff0000521ec5a0
> 
> panic() at _vm_page_pqstate_commit_dequeue+0x340
> 	 pc = 0xffff000000408b40  lr = 0xffff0000006ed840
> 	 sp = 0xffff0000521ec5b0  fp = 0xffff0000521ec5f0
> 
> _vm_page_pqstate_commit_dequeue() at vm_page_pqstate_commit_dequeue+0xb8
> 	 pc = 0xffff0000006ed840  lr = 0xffff0000006e954c
> 	 sp = 0xffff0000521ec600  fp = 0xffff0000521ec640
> 
> vm_page_pqstate_commit_dequeue() at vm_page_pqstate_commit+0x50
> 	 pc = 0xffff0000006e954c  lr = 0xffff0000006e93ac
> 	 sp = 0xffff0000521ec650  fp = 0xffff0000521ec670
> 
> vm_page_pqstate_commit() at vm_pageout_laundry_worker+0x5e4
> 	 pc = 0xffff0000006e93ac  lr = 0xffff0000006f02c0
> 	 sp = 0xffff0000521ec680  fp = 0xffff0000521ec940
> 
> vm_pageout_laundry_worker() at fork_exit+0x7c
> 	 pc = 0xffff0000006f02c0  lr = 0xffff0000003c7fdc
> 	 sp = 0xffff0000521ec950  fp = 0xffff0000521ec980
> 
> fork_exit() at fork_trampoline+0x10
> 	 pc = 0xffff0000003c7fdc  lr = 0xffff00000075230c
> 	 sp = 0xffff0000521ec990  fp = 0x0000000000000000
> 
> KDB: enter: panic
> [ thread pid 21 tid 100071 ]
> Stopped at      0
> db> bt
> Tracing pid 21 tid 100071 td 0xfffffd0001078560
> db_trace_self() at db_stack_trace+0xf8
>        pc = 0xffff000000735c5c  lr = 0xffff000000103c58
>        sp = 0xffff0000521ebe10  fp = 0xffff0000521ebe40
> 
> db_stack_trace() at db_command+0x228
>        pc = 0xffff000000103c58  lr = 0xffff0000001038d0
>        sp = 0xffff0000521ebe50  fp = 0xffff0000521ebf30
> 
> db_command() at db_command_loop+0x58
>        pc = 0xffff0000001038d0  lr = 0xffff000000103678
>        sp = 0xffff0000521ebf40  fp = 0xffff0000521ebf60
> 
> db_command_loop() at db_trap+0xf4
>        pc = 0xffff000000103678  lr = 0xffff00000010697c
>        sp = 0xffff0000521ebf70  fp = 0xffff0000521ec190
> 
> db_trap() at kdb_trap+0x1d8
>        pc = 0xffff00000010697c  lr = 0xffff0000004510d0
>        sp = 0xffff0000521ec1a0  fp = 0xffff0000521ec250
> 
> kdb_trap() at do_el1h_sync+0xf4
>        pc = 0xffff0000004510d0  lr = 0xffff000000752588
>        sp = 0xffff0000521ec260  fp = 0xffff0000521ec290
> 
> do_el1h_sync() at handle_el1h_sync+0x78
>        pc = 0xffff000000752588  lr = 0xffff000000738078
>        sp = 0xffff0000521ec2a0  fp = 0xffff0000521ec3b0
> 
> handle_el1h_sync() at kdb_enter+0x34
>        pc = 0xffff000000738078  lr = 0xffff00000045071c
>        sp = 0xffff0000521ec3c0  fp = 0xffff0000521ec450
> 
> kdb_enter() at vpanic+0x1a8
>        pc = 0xffff00000045071c  lr = 0xffff000000408dac
>        sp = 0xffff0000521ec460  fp = 0xffff0000521ec510
> 
> vpanic() at panic+0x44
>        pc = 0xffff000000408dac  lr = 0xffff000000408b40
>        sp = 0xffff0000521ec520  fp = 0xffff0000521ec5a0
> 
> panic() at _vm_page_pqstate_commit_dequeue+0x340
>        pc = 0xffff000000408b40  lr = 0xffff0000006ed840
>        sp = 0xffff0000521ec5b0  fp = 0xffff0000521ec5f0
> 
> _vm_page_pqstate_commit_dequeue() at vm_page_pqstate_commit_dequeue+0xb8
>        pc = 0xffff0000006ed840  lr = 0xffff0000006e954c
>        sp = 0xffff0000521ec600  fp = 0xffff0000521ec640
> 
> vm_page_pqstate_commit_dequeue() at vm_page_pqstate_commit+0x50
>        pc = 0xffff0000006e954c  lr = 0xffff0000006e93ac
>        sp = 0xffff0000521ec650  fp = 0xffff0000521ec670
> 
> vm_page_pqstate_commit() at vm_pageout_laundry_worker+0x5e4
>        pc = 0xffff0000006e93ac  lr = 0xffff0000006f02c0
>        sp = 0xffff0000521ec680  fp = 0xffff0000521ec940
> 
> vm_pageout_laundry_worker() at fork_exit+0x7c
>        pc = 0xffff0000006f02c0  lr = 0xffff0000003c7fdc
>        sp = 0xffff0000521ec950  fp = 0xffff0000521ec980
> 
> fork_exit() at fork_trampoline+0x10
>        pc = 0xffff0000003c7fdc  lr = 0xffff00000075230c
>        sp = 0xffff0000521ec990  fp = 0x0000000000000000
> 
> db> 
> 
> Thanks for reading, if there's anything to try please let me know.
> 
> bob prohaska
> 
> _______________________________________________
> freebsd-arm at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-arm
> To unsubscribe, send any mail to "freebsd-arm-unsubscribe at freebsd.org"

More information about the freebsd-current mailing list