[Bug 256806] panic: vm_page_free_prep: freeing mapped page

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 24 Jun 2021 13:55:00 UTC 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256806

            Bug ID: 256806
           Summary: panic: vm_page_free_prep: freeing mapped page
           Product: Base System
           Version: 13.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: niels=freebsd@bakker.net

FreeBSD 13.0-STABLE #6 stable/13-n246074-d77e57f1256-dirty (stable/13 plus the
patch in #256610 applied)

The system crashed somewhere between 05:29:27-05:31:29 in the morning.

panic: vm_page_free_prep: freeing mapped page 0xfffffe0014633408
cpuid = 2
time = 1624505370
KDB: stack backtrace:
#0 0xffffffff80bfe6f5 at kdb_backtrace+0x65
#1 0xffffffff80bb40d1 at vpanic+0x181
#2 0xffffffff80bb3ea3 at panic+0x43
#3 0xffffffff80efd535 at vm_page_free_prep+0x215
#4 0xffffffff80ef54e2 at vm_page_free_toq+0x12
#5 0xffffffff80ef0a17 at vm_object_page_remove+0xb7
#6 0xffffffff80ee9620 at vm_map_entry_delete+0x120
#7 0xffffffff80ee52db at vm_map_delete+0x12b
#8 0xffffffff80ee9840 at vm_map_remove+0x80
#9 0xffffffff80b689f6 at exec_new_vmspace+0x1c6
#10 0xffffffff80b3c0ba at exec_elf64_imgact+0x84a
#11 0xffffffff80b6758c at kern_execve+0x63c
#12 0xffffffff80b66bda at sys_execve+0x5a
#13 0xffffffff8101aeae at amd64_syscall+0x12e
#14 0xffffffff80ff0f3e at fast_syscall_common+0xf8
Uptime: 2d5h39m2s

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff80bb3cfa in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:486
#3  0xffffffff80bb4140 in vpanic (fmt=<optimized out>, ap=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:919
#4  0xffffffff80bb3ea3 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:843
#5  0xffffffff80efd535 in vm_page_free_prep (m=m@entry=0xfffffe0014633408)
    at /usr/src/sys/vm/vm_page.c:3813
#6  0xffffffff80ef54e2 in vm_page_free_toq (m=m@entry=0xfffffe0014633408)
    at /usr/src/sys/vm/vm_page.c:3866
#7  0xffffffff80ef54cb in vm_page_free (m=<unavailable>, 
    m@entry=0xfffffe0014633408) at /usr/src/sys/vm/vm_page.c:1332
#8  0xffffffff80ef0a17 in vm_object_page_remove (object=0xfffff80290744318, 
    start=0, end=<optimized out>, options=2)
    at /usr/src/sys/vm/vm_object.c:2137
#9  0xffffffff80ee9620 in vm_map_entry_delete (
    map=map@entry=0xfffffe012b0ee3e0, entry=entry@entry=0xfffff8007818be40)
    at /usr/src/sys/vm/vm_map.c:3870
#10 0xffffffff80ee52db in vm_map_delete (map=map@entry=0xfffffe012b0ee3e0, 
    start=<optimized out>, start@entry=4096, end=end@entry=140737488355328)
    at /usr/src/sys/vm/vm_map.c:3984
#11 0xffffffff80ee9840 in vm_map_remove (map=map@entry=0xfffffe012b0ee3e0, 
    start=4096, end=140737488355328) at /usr/src/sys/vm/vm_map.c:4002
#12 0xffffffff80b689f6 in exec_new_vmspace (
    imgp=imgp@entry=0xfffffe0120557888, 
    sv=sv@entry=0xffffffff8196b580 <elf64_freebsd_sysvec_la48>)
    at /usr/src/sys/kern/kern_exec.c:1082
#13 0xffffffff80b3c0ba in exec_elf64_imgact (imgp=<optimized out>, 
    imgp@entry=<error reading variable: value is not available>)
    at /usr/src/sys/kern/imgact_elf.c:1248
#14 0xffffffff80b6758c in do_execve (td=0xfffffe011b85d3a0, 
    args=0xfffffe0120557a48, mac_p=<optimized out>, 
    oldvmspace=0xfffffe012b0ee3e0) at /usr/src/sys/kern/kern_exec.c:616
#15 kern_execve (td=<optimized out>, td@entry=0xfffffe011b85d3a0, 
    args=args@entry=0xfffffe0120557a48, mac_p=<optimized out>, 
    mac_p@entry=0x0, oldvmspace=oldvmspace@entry=0xfffffe012b0ee3e0)
    at /usr/src/sys/kern/kern_exec.c:353
#16 0xffffffff80b66bda in sys_execve (td=0xfffffe011b85d3a0, 
    td@entry=<error reading variable: value is not available>, 
    uap=0xfffffe011b85d788, 
    uap@entry=<error reading variable: value is not available>)
    at /usr/src/sys/kern/kern_exec.c:228
#17 0xffffffff8101aeae in syscallenter (td=<optimized out>)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#18 amd64_syscall (td=0xfffffe011b85d3a0, traced=0)
    at /usr/src/sys/amd64/amd64/trap.c:1184
#19 <signal handler called>
#20 0x00000000038fdf76 in ?? ()
Backtrace stopped: Cannot access memory at address 0xc0005be920
(kgdb) 

(kgdb) frame 14
#14 0xffffffff80b6758c in do_execve (td=0xfffffe011b85d3a0,
args=0xfffffe0120557a48, mac_p=<optimized out>, 
    oldvmspace=0xfffffe012b0ee3e0) at /usr/src/sys/kern/kern_exec.c:616
616                     error = (*execsw[i]->ex_imgact)(imgp);
(kgdb) print *args
$3 = {buf = 0xfffffe00c501c000 "/bin/ps", bufkva = 0xfffff80021ec45e0, 
  begin_argv = 0xfffffe00c501c008 "/bin/ps", begin_envv = 0xfffffe00c501c01a
"MAIL=/var/mail/telegraf", 
  endp = 0xfffffe00c501c0dd "IC=en_US.UTF-8", fname = 0xfffffe00c501c000
"/bin/ps", fname_buf = 0x0, 
  stringspace = 524075, argc = 3, envc = 9, fd = 0, fdp = 0x0}
(kgdb) f 15
#15 kern_execve (td=<optimized out>, td@entry=0xfffffe011b85d3a0,
args=args@entry=0xfffffe0120557a48, 
    mac_p=<optimized out>, mac_p@entry=0x0,
oldvmspace=oldvmspace@entry=0xfffffe012b0ee3e0)
    at /usr/src/sys/kern/kern_exec.c:353
353             return (do_execve(td, args, mac_p, oldvmspace));
(kgdb) p *args
$1 = {buf = 0xfffffe00c501c000 "/bin/ps", bufkva = 0xfffff80021ec45e0, 
  begin_argv = 0xfffffe00c501c008 "/bin/ps", begin_envv = 0xfffffe00c501c01a
"MAIL=/var/mail/telegraf", 
  endp = 0xfffffe00c501c0dd "IC=en_US.UTF-8", fname = 0xfffffe00c501c000
"/bin/ps", fname_buf = 0x0, 
  stringspace = 524075, argc = 3, envc = 9, fd = 0, fdp = 0x0}
(kgdb)

-- 
You are receiving this mail because:
You are the assignee for the bug.