Another "invalid ASID" panic on an rpi3 running r354796

bob prohaska fbsd at www.zefox.net
Tue Nov 19 00:12:20 UTC 2019 

The "invalid ASID" patch seemed to apply without error and caused no
visible problems on a Pi3 running r354796. An attempt to crash the 
machine by running stress2's misc/all.sh test for perhaps an hour failed.

However, after stopping stress2 I started an old build of www/chromium,
and the machine promptly panic'd:

panic: invalid ASID
cpuid = 0
time = 1574121393
KDB: stack backtrace:
db_trace_self() at db_trace_self_wrapper+0x28
	 pc = 0xffff00000072947c  lr = 0xffff0000001064f0
	 sp = 0xffff000051927310  fp = 0xffff000051927520

db_trace_self_wrapper() at vpanic+0x18c
	 pc = 0xffff0000001064f0  lr = 0xffff000000400b5c
	 sp = 0xffff000051927530  fp = 0xffff0000519275e0

vpanic() at panic+0x44
	 pc = 0xffff000000400b5c  lr = 0xffff00000040090c
	 sp = 0xffff0000519275f0  fp = 0xffff000051927670

panic() at pmap_remove_write+0x564
	 pc = 0xffff00000040090c  lr = 0xffff000000740e9c
	 sp = 0xffff000051927680  fp = 0xffff0000519276e0

pmap_remove_write() at vfs_busy_pages+0xe8
	 pc = 0xffff000000740e9c  lr = 0xffff0000004accec
	 sp = 0xffff0000519276f0  fp = 0xffff000051927730

vfs_busy_pages() at bufwrite+0x10c
	 pc = 0xffff0000004accec  lr = 0xffff0000004aa628
	 sp = 0xffff000051927740  fp = 0xffff000051927770

bufwrite() at cluster_wbuild+0x624
	 pc = 0xffff0000004aa628  lr = 0xffff0000004bb360
	 sp = 0xffff000051927780  fp = 0xffff000051927820

cluster_wbuild() at flushbufqueues+0x4c0
	 pc = 0xffff0000004bb360  lr = 0xffff0000004b2610
	 sp = 0xffff000051927830  fp = 0xffff0000519278e0

flushbufqueues() at buf_daemon+0x228
	 pc = 0xffff0000004b2610  lr = 0xffff0000004b1d20
	 sp = 0xffff0000519278f0  fp = 0xffff000051927940

buf_daemon() at fork_exit+0x7c
	 pc = 0xffff0000004b1d20  lr = 0xffff0000003c0eb0
	 sp = 0xffff000051927950  fp = 0xffff000051927980

fork_exit() at fork_trampoline+0x10
	 pc = 0xffff0000003c0eb0  lr = 0xffff0000007458bc
	 sp = 0xffff000051927990  fp = 0x0000000000000000

KDB: enter: panic
[ thread pid 23 tid 100068 ]
Stopped at      0
db> bt
Tracing pid 23 tid 100068 td 0xfffffd0000d7e560
db_trace_self() at db_stack_trace+0xf8
         pc = 0xffff00000072947c  lr = 0xffff000000103934
         sp = 0xffff000051926ee0  fp = 0xffff000051926f10

db_stack_trace() at db_command+0x228
         pc = 0xffff000000103934  lr = 0xffff0000001035ac
         sp = 0xffff000051926f20  fp = 0xffff000051927000

db_command() at db_command_loop+0x58
         pc = 0xffff0000001035ac  lr = 0xffff000000103354
         sp = 0xffff000051927010  fp = 0xffff000051927030

db_command_loop() at db_trap+0xf4
         pc = 0xffff000000103354  lr = 0xffff000000106658
         sp = 0xffff000051927040  fp = 0xffff000051927260

db_trap() at kdb_trap+0x1d8
         pc = 0xffff000000106658  lr = 0xffff0000004490f4
         sp = 0xffff000051927270  fp = 0xffff000051927320
        
kdb_trap() at do_el1h_sync+0xf4
         pc = 0xffff0000004490f4  lr = 0xffff000000745b30
         sp = 0xffff000051927330  fp = 0xffff000051927360

do_el1h_sync() at handle_el1h_sync+0x78
         pc = 0xffff000000745b30  lr = 0xffff00000072b878
         sp = 0xffff000051927370  fp = 0xffff000051927480

handle_el1h_sync() at kdb_enter+0x34
         pc = 0xffff00000072b878  lr = 0xffff000000448740
         sp = 0xffff000051927490  fp = 0xffff000051927520

kdb_enter() at vpanic+0x1a8
         pc = 0xffff000000448740  lr = 0xffff000000400b78
         sp = 0xffff000051927530  fp = 0xffff0000519275e0

vpanic() at panic+0x44
         pc = 0xffff000000400b78  lr = 0xffff00000040090c
         sp = 0xffff0000519275f0  fp = 0xffff000051927670
        
panic() at pmap_remove_write+0x564
         pc = 0xffff00000040090c  lr = 0xffff000000740e9c
         sp = 0xffff000051927680  fp = 0xffff0000519276e0

pmap_remove_write() at vfs_busy_pages+0xe8
         pc = 0xffff000000740e9c  lr = 0xffff0000004accec
         sp = 0xffff0000519276f0  fp = 0xffff000051927730

vfs_busy_pages() at bufwrite+0x10c
         pc = 0xffff0000004accec  lr = 0xffff0000004aa628
         sp = 0xffff000051927740  fp = 0xffff000051927770

bufwrite() at cluster_wbuild+0x624
         pc = 0xffff0000004aa628  lr = 0xffff0000004bb360
         sp = 0xffff000051927780  fp = 0xffff000051927820

cluster_wbuild() at flushbufqueues+0x4c0
         pc = 0xffff0000004bb360  lr = 0xffff0000004b2610
         sp = 0xffff000051927830  fp = 0xffff0000519278e0
        
flushbufqueues() at buf_daemon+0x228
         pc = 0xffff0000004b2610  lr = 0xffff0000004b1d20
         sp = 0xffff0000519278f0  fp = 0xffff000051927940

buf_daemon() at fork_exit+0x7c
         pc = 0xffff0000004b1d20  lr = 0xffff0000003c0eb0
         sp = 0xffff000051927950  fp = 0xffff000051927980

fork_exit() at fork_trampoline+0x10
         pc = 0xffff0000003c0eb0  lr = 0xffff0000007458bc
         sp = 0xffff000051927990  fp = 0x0000000000000000

db> 

Please let me know if there's anything I can do to gather more
useful information.

Thanks for reading,

bob prohaska

More information about the freebsd-arm mailing list