panic: assertion: pmap->pm_stats.resident_count > 0 in pmap_release_free_page
YONETANI Tomokazu
qhwt+dfly at les.ath.cx
Thu Dec 24 02:35:43 PST 2009
On Wed, Dec 23, 2009 at 08:42:47PM -0800, Matthew Dillon wrote:
> The panic is due to pmap->pm_stats.resident_count being off by 1.
> It should have been left with a count of 1 with only the page
> directory page left to purge but the count was 0.
>
> I'm thinking possibly something in the pmap unwiring code, possibly
> in _pmap_unwire_pte_hold(), could be racing.
>
> Here is a patch to try. It adds a bunch of assertions in an attempt
> to catch the potential race.
It panicked at almost the same place as before:
(kgdb) bt
:
#4 0xc01a14fc in panic (fmt=0xc030329e "assertion: %s in %s")
at /usr/src/sys/kern/kern_shutdown.c:743
#5 0xc02d9cc4 in pmap_release_free_page (pmap=0x0, p=0xc1026410)
at /usr/src/sys/platform/pc32/i386/pmap.c:1157
#6 0xc02d9f23 in pmap_release (pmap=0xdaebd9f4)
at /usr/src/sys/platform/pc32/i386/pmap.c:1358
#7 0xc029c654 in vmspace_terminate (vm=0xdaebd970)
at /usr/src/sys/vm/vm_map.c:313
#8 0xc017ee84 in _sysref_put (sr=0xdaebda68)
at /usr/src/sys/kern/kern_sysref.c:318
#9 0xc02a5f22 in sysref_put (ve=0xc3223200, vkp=<value optimized out>)
at /usr/src/sys/sys/sysref2.h:85
#10 vmspace_entry_delete (ve=0xc3223200, vkp=<value optimized out>)
at /usr/src/sys/vm/vm_vmspace.c:518
#11 0xc02a639a in sys_vmspace_destroy (uap=0xdbb3dcf0)
at /usr/src/sys/vm/vm_vmspace.c:147
#12 0xc02dcd8c in syscall2 (frame=0xdbb3dd40)
at /usr/src/sys/platform/pc32/i386/trap.c:1359
#13 0xc02c83f6 in Xint0x80_syscall ()
at /usr/src/sys/platform/pc32/i386/exception.s:876
:
(kgdb) fr 5
#5 0xc02d9cc4 in pmap_release_free_page (pmap=0x0, p=0xc1026410)
at /usr/src/sys/platform/pc32/i386/pmap.c:1157
1157 KKASSERT(pmap->pm_stats.resident_count > 0);
(kgdb) l -12,+18
1140 static int
1141 pmap_release_free_page(struct pmap *pmap, vm_page_t p)
1142 {
1143 unsigned *pde = (unsigned *) pmap->pm_pdir;
1144 /*
1145 * This code optimizes the case of freeing non-busy
1146 * page-table pages. Those pages are zero now, and
1147 * might as well be placed directly into the zero queue.
1148 */
1149 if (vm_page_sleep_busy(p, FALSE, "pmaprl"))
1150 return 0;
1151
1152 vm_page_busy(p);
1153
1154 /*
1155 * Remove the page table page from the processes address space.
1156 */
1157 KKASSERT(pmap->pm_stats.resident_count > 0);
1158 KKASSERT(pde[p->pindex]);
More information about the Bugs
mailing list