https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241059
--- Comment #4 from Mark Johnston <ma...@freebsd.org> ---
This particular crash was caused by a bit-flip. %rcx contains a direct map
address with one of the upper bits set to 0:
...
0xffffffff81098b43 <+1267>: jmp 0xffffffff81098bc0
<pmap_remove_pages+1392>
0xffffffff81098b45 <+1269>: add $0xffffffffffffffff,%rax
0xffffffff81098b49 <+1273>: mov %rax,0x78(%r8)
0xffffffff81098b4d <+1277>: mov 0x48(%rdx,%rbx,8),%rax
0xffffffff81098b52 <+1282>: mov %rsi,%rcx
0xffffffff81098b55 <+1285>: add $0x40,%rcx
0xffffffff81098b59 <+1289>: test %rax,%rax
0xffffffff81098b5c <+1292>: lea 0x10(%rax),%rax
0xffffffff81098b60 <+1296>: cmove %rcx,%rax
0xffffffff81098b64 <+1300>: mov 0x50(%rdx,%rbx,8),%rcx
0xffffffff81098b69 <+1305>: mov %rcx,(%rax)
0xffffffff81098b6c <+1308>: mov 0x48(%rdx,%rbx,8),%rax
0xffffffff81098b71 <+1313>: mov 0x50(%rdx,%rbx,8),%rcx
=> 0xffffffff81098b76 <+1318>: mov %rax,(%rcx)
...
(kgdb) info reg
rax 0x0 0
rbx 0x1e0 480
rcx 0xf7fff802c4df2d20 -576469536503550688
^
rdx 0xfffff806af211000 -8767385038848
rsi 0xfffff807f0b673f0 -8761989762064
rdi 0xffffffff81a49240 -2119921088
rbp 0xfffffe009c39e8c0 0xfffffe009c39e8c0
rsp 0xfffffe009c39e7e0 0xfffffe009c39e7e0
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
