From owner-freebsd-current@FreeBSD.ORG Sun Jul 12 20:31:07 2009 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E211106566C for ; Sun, 12 Jul 2009 20:31:07 +0000 (UTC) (envelope-from uqs@spoerlein.net) Received: from acme.spoerlein.net (cl-43.dus-01.de.sixxs.net [IPv6:2a01:198:200:2a::2]) by mx1.freebsd.org (Postfix) with ESMTP id D00D38FC18 for ; Sun, 12 Jul 2009 20:31:06 +0000 (UTC) (envelope-from uqs@spoerlein.net) Received: from acme.spoerlein.net (localhost.spoerlein.net [127.0.0.1]) by acme.spoerlein.net (8.14.3/8.14.3) with ESMTP id n6CKV59G051592 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 12 Jul 2009 22:31:05 +0200 (CEST) (envelope-from uqs@spoerlein.net) Received: (from uqs@localhost) by acme.spoerlein.net (8.14.3/8.14.3/Submit) id n6CKV51L051591 for current@freebsd.org; Sun, 12 Jul 2009 22:31:05 +0200 (CEST) (envelope-from uqs@spoerlein.net) Date: Sun, 12 Jul 2009 22:31:05 +0200 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= To: current@freebsd.org Message-ID: <20090712203105.GJ2145@acme.spoerlein.net> Mail-Followup-To: current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Subject: panic: vm_page_free_toq: freeing mapped page X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jul 2009 20:31:07 -0000 Hi, 8.0 BETA1 @ r195622 will panic reliably when running the clang static analyzer on a buildworld with something like the following panic: panic: vm_page_free_toq: freeing mapped page 0xffffff00c9715b30 cpuid = 1 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2a panic() at panic+0x182 vm_page_free_toq() at vm_page_free_toq+0x1f6 vm_object_terminate() at vm_object_terminate+0xb7 vm_object_deallocate() at vm_object_deallocate+0x17a _vm_map_unlock() at _vm_map_unlock+0x70 vm_map_remove() at vm_map_remove+0x6f vmspace_free() at vmspace_free+0x56 vmspace_exec() at vmspace_exec+0x56 exec_new_vmspace() at exec_new_vmspace+0x133 exec_elf32_imgact() at exec_elf32_imgact+0x2ee kern_execve() at kern_execve+0x3b2 execve() at execve+0x3d syscall() at syscall+0x1af Xfast_syscall() at Xfast_syscall+0xe1 --- syscall (59, FreeBSD ELF64, execve), rip = 0x800c20d0c, rsp = 0x7fffffffd6f8, rbp = 0x7fffffffdbf0 --- KDB: enter: panic exclusive sleep mutex vm page queue mutex (vm page queue mutex) r = 0 (0xffffffff8095ea60) locked @ /data/freebsd-head/sys/vm/vm_object.c:688 exclusive sleep mutex vm object (standard object) r = 0 (0xffffff0046453798) locked @ /data/freebsd-head/sys/vm/vm_object.c:450 exclusive sleep mutex vm page queue mutex (vm page queue mutex) r = 0 (0xffffffff8095ea60) locked @ /data/freebsd-head/sys/vm/vm_object.c:688 exclusive sleep mutex vm object (standard object) r = 0 (0xffffff0046453798) locked @ /data/freebsd-head/sys/vm/vm_object.c:450 exclusive sleep mutex pmap (pmap) r = 0 (0xffffff003c8b02b8) locked @ /data/freebsd-head/sys/amd64/amd64/pmap.c:3955 shared sx user map (user map) r = 0 (0xffffff003c8b0200) locked @ /data/freebsd-head/sys/vm/vm_map.c:3522 exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xffffff0004698e40) locked @ /data/freebsd-head/sys/kern/uipc_sockbuf.c:148 Cheers, Ulrich Spörlein