Re: panic: vm_page_free_toq: freeing mapped page

From: Ulrich Spörlein <uqs_at_spoerlein.net> Date: Mon, 13 Jul 2009 12:02:15 +0200 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:51 UTC

On Sun, 12.07.2009 at 18:58:44 -0500, Alan Cox wrote:
> On Sun, Jul 12, 2009 at 3:31 PM, Ulrich Spörlein <uqs_at_spoerlein.net> wrote:
> > Hi,
> >
> > 8.0 BETA1 _at_ r195622 will panic reliably when running the clang static
> > analyzer on a buildworld with something like the following panic:
> >
> > panic: vm_page_free_toq: freeing mapped page 0xffffff00c9715b30
> > cpuid = 1
> > KDB: stack backtrace:
> > db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
> > panic() at panic+0x182
> > vm_page_free_toq() at vm_page_free_toq+0x1f6
> > vm_object_terminate() at vm_object_terminate+0xb7
> > vm_object_deallocate() at vm_object_deallocate+0x17a
> > _vm_map_unlock() at _vm_map_unlock+0x70
> > vm_map_remove() at vm_map_remove+0x6f
> > vmspace_free() at vmspace_free+0x56
> > vmspace_exec() at vmspace_exec+0x56
> > exec_new_vmspace() at exec_new_vmspace+0x133
> > exec_elf32_imgact() at exec_elf32_imgact+0x2ee
> > kern_execve() at kern_execve+0x3b2
> > execve() at execve+0x3d
> > syscall() at syscall+0x1af
> > Xfast_syscall() at Xfast_syscall+0xe1
> > --- syscall (59, FreeBSD ELF64, execve), rip = 0x800c20d0c, rsp =
> > 0x7fffffffd6f8, rbp = 0x7fffffffdbf0 ---
> > KDB: enter: panic
> > exclusive sleep mutex vm page queue mutex (vm page queue mutex) r = 0
> > (0xffffffff8095ea60) locked _at_ /data/freebsd-head/sys/vm/vm_object.c:688
> > exclusive sleep mutex vm object (standard object) r = 0
> > (0xffffff0046453798) locked _at_ /data/freebsd-head/sys/vm/vm_object.c:450
> > exclusive sleep mutex vm page queue mutex (vm page queue mutex) r = 0
> > (0xffffffff8095ea60) locked _at_ /data/freebsd-head/sys/vm/vm_object.c:688
> > exclusive sleep mutex vm object (standard object) r = 0
> > (0xffffff0046453798) locked _at_ /data/freebsd-head/sys/vm/vm_object.c:450
> > exclusive sleep mutex pmap (pmap) r = 0 (0xffffff003c8b02b8) locked _at_
> > /data/freebsd-head/sys/amd64/amd64/pmap.c:3955
> > shared sx user map (user map) r = 0 (0xffffff003c8b0200) locked _at_
> > /data/freebsd-head/sys/vm/vm_map.c:3522
> > exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xffffff0004698e40) locked _at_
> > /data/freebsd-head/sys/kern/uipc_sockbuf.c:148
> >
> Can you please elaborate on the kernel configuration that you are using?

Of course, sorry for omitting this. Attached is a diff against the
GENERIC kernel. I just recently removed some COMPAT settings, FLOWTABLE and
doubled MSGBUF_SIZE to get a complete verbose dmesg dumped (for snd_hda
configuration, man that output is huge!).

I am currently updating kernel/world and will test a GENERIC afterwards.
I'll report back soon

Cheers,
Ulrich Spörlein