panic: vm_page_free_toq: freeing mapped page

Hi,

8.0 BETA1 _at_ r195622 will panic reliably when running the clang static
analyzer on a buildworld with something like the following panic:

panic: vm_page_free_toq: freeing mapped page 0xffffff00c9715b30
cpuid = 1
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
panic() at panic+0x182
vm_page_free_toq() at vm_page_free_toq+0x1f6
vm_object_terminate() at vm_object_terminate+0xb7
vm_object_deallocate() at vm_object_deallocate+0x17a
_vm_map_unlock() at _vm_map_unlock+0x70
vm_map_remove() at vm_map_remove+0x6f
vmspace_free() at vmspace_free+0x56
vmspace_exec() at vmspace_exec+0x56
exec_new_vmspace() at exec_new_vmspace+0x133
exec_elf32_imgact() at exec_elf32_imgact+0x2ee
kern_execve() at kern_execve+0x3b2
execve() at execve+0x3d
syscall() at syscall+0x1af
Xfast_syscall() at Xfast_syscall+0xe1
--- syscall (59, FreeBSD ELF64, execve), rip = 0x800c20d0c, rsp = 0x7fffffffd6f8, rbp = 0x7fffffffdbf0 ---
KDB: enter: panic
exclusive sleep mutex vm page queue mutex (vm page queue mutex) r = 0 (0xffffffff8095ea60) locked _at_ /data/freebsd-head/sys/vm/vm_object.c:688
exclusive sleep mutex vm object (standard object) r = 0 (0xffffff0046453798) locked _at_ /data/freebsd-head/sys/vm/vm_object.c:450
exclusive sleep mutex vm page queue mutex (vm page queue mutex) r = 0 (0xffffffff8095ea60) locked _at_ /data/freebsd-head/sys/vm/vm_object.c:688
exclusive sleep mutex vm object (standard object) r = 0 (0xffffff0046453798) locked _at_ /data/freebsd-head/sys/vm/vm_object.c:450
exclusive sleep mutex pmap (pmap) r = 0 (0xffffff003c8b02b8) locked _at_ /data/freebsd-head/sys/amd64/amd64/pmap.c:3955
shared sx user map (user map) r = 0 (0xffffff003c8b0200) locked _at_ /data/freebsd-head/sys/vm/vm_map.c:3522
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xffffff0004698e40) locked _at_ /data/freebsd-head/sys/kern/uipc_sockbuf.c:148


Cheers,
Ulrich Spörlein