From owner-freebsd-current@FreeBSD.ORG Mon Jul 13 17:15:06 2009 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F243106564A; Mon, 13 Jul 2009 17:15:06 +0000 (UTC) (envelope-from uqs@spoerlein.net) Received: from acme.spoerlein.net (cl-43.dus-01.de.sixxs.net [IPv6:2a01:198:200:2a::2]) by mx1.freebsd.org (Postfix) with ESMTP id 76C468FC17; Mon, 13 Jul 2009 17:15:05 +0000 (UTC) (envelope-from uqs@spoerlein.net) Received: from acme.spoerlein.net (localhost.spoerlein.net [127.0.0.1]) by acme.spoerlein.net (8.14.3/8.14.3) with ESMTP id n6DHF4eB076692 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 13 Jul 2009 19:15:04 +0200 (CEST) (envelope-from uqs@spoerlein.net) Received: (from uqs@localhost) by acme.spoerlein.net (8.14.3/8.14.3/Submit) id n6DHF45s076691; Mon, 13 Jul 2009 19:15:04 +0200 (CEST) (envelope-from uqs@spoerlein.net) Date: Mon, 13 Jul 2009 19:15:04 +0200 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= To: Kip Macy Message-ID: <20090713171503.GA76464@acme.spoerlein.net> Mail-Followup-To: Kip Macy , current@freebsd.org References: <20090712203105.GJ2145@acme.spoerlein.net> <3c1674c90907121422v1a45de5bnc4f83c767bd4d331@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <3c1674c90907121422v1a45de5bnc4f83c767bd4d331@mail.gmail.com> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: current@freebsd.org Subject: Re: panic: vm_page_free_toq: freeing mapped page X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jul 2009 17:15:06 -0000 On Sun, 12.07.2009 at 14:22:23 -0700, Kip Macy wrote: > On Sun, Jul 12, 2009 at 1:31 PM, Ulrich Spörlein wrote: > > Hi, > > > > 8.0 BETA1 @ r195622 will panic reliably when running the clang static > > analyzer on a buildworld with something like the following panic: > > > > panic: vm_page_free_toq: freeing mapped page 0xffffff00c9715b30 > > cpuid = 1 > > KDB: stack backtrace: > > db_trace_self_wrapper() at db_trace_self_wrapper+0x2a > > panic() at panic+0x182 > > vm_page_free_toq() at vm_page_free_toq+0x1f6 > > vm_object_terminate() at vm_object_terminate+0xb7 > > vm_object_deallocate() at vm_object_deallocate+0x17a > > _vm_map_unlock() at _vm_map_unlock+0x70 > > vm_map_remove() at vm_map_remove+0x6f > > vmspace_free() at vmspace_free+0x56 > > vmspace_exec() at vmspace_exec+0x56 > > exec_new_vmspace() at exec_new_vmspace+0x133 > > exec_elf32_imgact() at exec_elf32_imgact+0x2ee > > kern_execve() at kern_execve+0x3b2 > > execve() at execve+0x3d > > syscall() at syscall+0x1af > > Xfast_syscall() at Xfast_syscall+0xe1 > > --- syscall (59, FreeBSD ELF64, execve), rip = 0x800c20d0c, rsp = 0x7fffffffd6f8, rbp = 0x7fffffffdbf0 --- > Can you try the following change: > > http://svn.freebsd.org/viewvc/base/user/kmacy/releng_7_2_fcs/sys/vm/vm_object.c?r1=192842&r2=195297 Applied this to HEAD by hand an ran with it, it died 20-30 minutes into the scan-build run. So no luck there. Next up is a test using the GENERIC kernel. Cheers, Uli