From owner-freebsd-current@FreeBSD.ORG Mon Jul 13 18:16:52 2009 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7AEB9106566B; Mon, 13 Jul 2009 18:16:52 +0000 (UTC) (envelope-from uqs@spoerlein.net) Received: from acme.spoerlein.net (cl-43.dus-01.de.sixxs.net [IPv6:2a01:198:200:2a::2]) by mx1.freebsd.org (Postfix) with ESMTP id E9C758FC1B; Mon, 13 Jul 2009 18:16:51 +0000 (UTC) (envelope-from uqs@spoerlein.net) Received: from acme.spoerlein.net (localhost.spoerlein.net [127.0.0.1]) by acme.spoerlein.net (8.14.3/8.14.3) with ESMTP id n6DIGoah078025 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 13 Jul 2009 20:16:50 +0200 (CEST) (envelope-from uqs@spoerlein.net) Received: (from uqs@localhost) by acme.spoerlein.net (8.14.3/8.14.3/Submit) id n6DIGoiE078024; Mon, 13 Jul 2009 20:16:50 +0200 (CEST) (envelope-from uqs@spoerlein.net) Date: Mon, 13 Jul 2009 20:16:50 +0200 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= To: Kip Macy , Alan Cox Message-ID: <20090713181650.GB76464@acme.spoerlein.net> Mail-Followup-To: Kip Macy , Alan Cox , current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20090713100215.GK2145@acme.spoerlein.net> <20090713171503.GA76464@acme.spoerlein.net> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: current@freebsd.org Subject: Re: panic: vm_page_free_toq: freeing mapped page X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jul 2009 18:16:52 -0000 On Mon, 13.07.2009 at 19:15:03 +0200, Ulrich Spörlein wrote: > On Sun, 12.07.2009 at 14:22:23 -0700, Kip Macy wrote: > > On Sun, Jul 12, 2009 at 1:31 PM, Ulrich Spörlein wrote: > > > Hi, > > > > > > 8.0 BETA1 @ r195622 will panic reliably when running the clang static > > > analyzer on a buildworld with something like the following panic: > > > > > > panic: vm_page_free_toq: freeing mapped page 0xffffff00c9715b30 > > > cpuid = 1 > > > KDB: stack backtrace: > > > db_trace_self_wrapper() at db_trace_self_wrapper+0x2a > > > panic() at panic+0x182 > > > vm_page_free_toq() at vm_page_free_toq+0x1f6 > > > vm_object_terminate() at vm_object_terminate+0xb7 > > > vm_object_deallocate() at vm_object_deallocate+0x17a > > > _vm_map_unlock() at _vm_map_unlock+0x70 > > > vm_map_remove() at vm_map_remove+0x6f > > > vmspace_free() at vmspace_free+0x56 > > > vmspace_exec() at vmspace_exec+0x56 > > > exec_new_vmspace() at exec_new_vmspace+0x133 > > > exec_elf32_imgact() at exec_elf32_imgact+0x2ee > > > kern_execve() at kern_execve+0x3b2 > > > execve() at execve+0x3d > > > syscall() at syscall+0x1af > > > Xfast_syscall() at Xfast_syscall+0xe1 > > > --- syscall (59, FreeBSD ELF64, execve), rip = 0x800c20d0c, rsp = 0x7fffffffd6f8, rbp = 0x7fffffffdbf0 --- > > Can you try the following change: > > > > http://svn.freebsd.org/viewvc/base/user/kmacy/releng_7_2_fcs/sys/vm/vm_object.c?r1=192842&r2=195297 > > Applied this to HEAD by hand an ran with it, it died 20-30 minutes into > the scan-build run. So no luck there. Next up is a test using the > GENERIC kernel. No improvement with a GENERIC kernel. Next up will be to run this with clean sysctl, loader.conf, etc. Then I'll try disabling SMP. Does the backtrace above point to any specific subsystem? I'm using UFS, ZFS and GELI on this machine and could try a few combinations... Bye, Uli