https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278161
Bug ID: 278161
Summary: [panic] kernel panic on kern_munmap from awk process
Product: Base System
Version: 14.0-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
[ng7:~]# kgdb /usr/lib/debug/boot/kernel/kernel.debug /var/crash/vmcore.0
GNU gdb (GDB) 14.1 [GDB v14.1 for FreeBSD]
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd14.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/lib/debug/boot/kernel/kernel.debug...
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
cpuid = 4; apic id = 04
fault virtual address = 0x30
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80986d13
stack pointer = 0x28:0xfffffe010279abe0
frame pointer = 0x28:0xfffffe010279ac30
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 41337 (awk)
rdi: ffffffff80f5cdc0 rsi: fffffe010279acd0 rdx: 0000302d4e0a1000
rcx: 000007fd78a3807f r8: 000ffffffffff000 r9: fffffe010279acd0
rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe010279ac30
r10: 000007fffffff000 r11: 0000000000000000 r12: 0000000000000020
r13: fffff802875c7f80 r14: 0000000000000040 r15: fffff800271b1d38
trap number = 12
panic: page fault
cpuid = 4
time = 1712172060
KDB: stack backtrace:
#0 0xffffffff80688add at kdb_backtrace+0x5d
#1 0xffffffff8063f141 at vpanic+0x131
#2 0xffffffff8063f003 at panic+0x43
#3 0xffffffff80994e7f at trap_fatal+0x40f
#4 0xffffffff80994ecf at trap_pfault+0x4f
#5 0xffffffff8096d3a8 at calltrap+0x8
#6 0xffffffff8098c9dc at pmap_remove_ptes+0xdc
#7 0xffffffff8097d972 at pmap_remove1+0x552
#8 0xffffffff808f63ff at vm_map_delete+0x1af
#9 0xffffffff808ff730 at kern_munmap+0x90
#10 0xffffffff80995729 at amd64_syscall+0x109
#11 0xffffffff8096dcbb at fast_syscall_common+0xf8
Uptime: 64d6h51m44s
Dumping 6112 out of 32712 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%
Reading symbols from /boot/kernel/zfs.ko...
Reading symbols from /usr/lib/debug//boot/kernel/zfs.ko.debug...
Reading symbols from /boot/kernel/acl_nfs4.ko...
Reading symbols from /usr/lib/debug//boot/kernel/acl_nfs4.ko.debug...
Reading symbols from /boot/kernel/xdr.ko...
Reading symbols from /usr/lib/debug//boot/kernel/xdr.ko.debug...
Reading symbols from /boot/kernel/cryptodev.ko...
Reading symbols from /usr/lib/debug//boot/kernel/cryptodev.ko.debug...
Reading symbols from /boot/kernel/cpuctl.ko...
Reading symbols from /usr/lib/debug//boot/kernel/cpuctl.ko.debug...
Reading symbols from /boot/kernel/opensolaris.ko...
Reading symbols from /usr/lib/debug//boot/kernel/opensolaris.ko.debug...
Reading symbols from /boot/kernel/ipmi.ko...
Reading symbols from /usr/lib/debug//boot/kernel/ipmi.ko.debug...
Reading symbols from /boot/kernel/smbus.ko...
Reading symbols from /usr/lib/debug//boot/kernel/smbus.ko.debug...
Reading symbols from /boot/kernel/if_lagg.ko...
Reading symbols from /usr/lib/debug//boot/kernel/if_lagg.ko.debug...
Reading symbols from /boot/kernel/if_infiniband.ko...
Reading symbols from /usr/lib/debug//boot/kernel/if_infiniband.ko.debug...
Reading symbols from /boot/kernel/coretemp.ko...
Reading symbols from /usr/lib/debug//boot/kernel/coretemp.ko.debug...
Reading symbols from /boot/kernel/ichsmb.ko...
Reading symbols from /usr/lib/debug//boot/kernel/ichsmb.ko.debug...
Reading symbols from /boot/kernel/uhid.ko...
Reading symbols from /usr/lib/debug//boot/kernel/uhid.ko.debug...
Reading symbols from /boot/kernel/ums.ko...
Reading symbols from /usr/lib/debug//boot/kernel/ums.ko.debug...
Reading symbols from /boot/kernel/usbhid.ko...
Reading symbols from /usr/lib/debug//boot/kernel/usbhid.ko.debug...
Reading symbols from /boot/kernel/hidbus.ko...
--Type <RET> for more, q to quit, c to continue without paging--
Reading symbols from /usr/lib/debug//boot/kernel/hidbus.ko.debug...
Reading symbols from /boot/kernel/mac_ntpd.ko...
Reading symbols from /usr/lib/debug//boot/kernel/mac_ntpd.ko.debug...
__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
57 __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
(kgdb) bt
#0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1 doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdownc:405
#2 0xffffffff8063ecd7 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:523
#3 0xffffffff8063f1ae in vpanic (fmt=0xffffffff80a260e3 "%s",
ap=ap@entry=0xfffffe010279aa30) at /usr/src/sys/kern/kern_shutdown.c:967
#4 0xffffffff8063f003 in panic (fmt=<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:891
#5 0xffffffff80994e7f in trap_fatal (frame=0xfffffe010279ab20, eva=48) at
/usr/src/sys/amd64/amd64/trap.c:952
#6 0xffffffff80994ecf in trap_pfault (frame=0xfffffe010279ab20,
usermode=false, signo=<optimized out>, ucode=<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:760
#7 <signal handler called>
#8 pmap_remove_pte (pmap=pmap@entry=0xfffff800271b1d38,
ptq=ptq@entry=0xfffff803f4a0c508, va=va@entry=52971140943872,
ptepde=16989077607, free=free@entry=0xfffffe010279acb0,
lockp=lockp@entry=0xfffffe010279acd0)
at /usr/src/sys/amd64/amd64/pmap.c:6287
#9 0xffffffff8098c9dc in pmap_remove_ptes (pmap=pmap@entry=0xfffff800271b1d38,
sva=52971140943872, sva@entry=52971140415488, eva=eva@entry=52971142381568,
pde=0xfffff80016da7380, free=free@entry=0xfffffe010279acb0,
lockp=lockp@entry=0xfffffe010279acd0) at
/usr/src/sys/amd64/amd64/pmap.c:6352
#10 0xffffffff8097d972 in pmap_remove1 (pmap=0xfffff800271b1d38,
sva=52971140415488, eva=52971142512640, map_delete=<optimized out>) at
/usr/src/sys/amd64/amd64/pmap.c:6505
#11 0xffffffff8097dadf in pmap_map_delete (pmap=0xffffffff80f5cdc0
<vm_phys_fictitious_reg_lock>, sva=18446741879022791888, eva=52971140943872) at
/usr/src/sys/amd64/amd64/pmap.c:6539
#12 0xffffffff808f63ff in vm_map_delete (map=map@entry=0xfffff800271b1c08,
start=start@entry=52971140415488, end=end@entry=52971142512640) at
/usr/src/sys/vm/vm_map.c:4045
#13 0xffffffff808ff730 in kern_munmap (td=0xfffff800036f8000, addr0=<optimized
out>, size=<optimized out>) at /usr/src/sys/vm/vm_mmap.c:619
#14 0xffffffff80995729 in syscallenter (td=0xfffff800036f8000) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:188
#15 amd64_syscall (td=0xfffff800036f8000, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1194
#16 <signal handler called>
#17 0x00000008233b5d3a in ?? ()
Backtrace stopped: Cannot access memory at address 0x820aeeb28
(kgdb) up
#1 doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdownc:405
405 dump_savectx();
(kgdb)
#2 0xffffffff8063ecd7 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:523
523 doadump(TRUE);
(kgdb)
#3 0xffffffff8063f1ae in vpanic (fmt=0xffffffff80a260e3 "%s",
ap=ap@entry=0xfffffe010279aa30) at /usr/src/sys/kern/kern_shutdown.c:967
967 kern_reboot(bootopt);
(kgdb)
#4 0xffffffff8063f003 in panic (fmt=<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:891
891 vpanic(fmt, ap);
(kgdb)
#5 0xffffffff80994e7f in trap_fatal (frame=0xfffffe010279ab20, eva=48) at
/usr/src/sys/amd64/amd64/trap.c:952
952 panic("%s", type < nitems(trap_msg) ? trap_msg[type] :
(kgdb) p type
$27 = <optimized out>
(kgdb) l
947 if (handled)
948 return;
949 }
950 #endif
951 printf("trap number = %d\n", type);
952 panic("%s", type < nitems(trap_msg) ? trap_msg[type] :
953 "unknown/reserved trap");
954 }
955
956 #ifdef KDTRACE_HOOKS
(kgdb) l -
937 printf("r10: %016lx r11: %016lx r12: %016lx\n", frame->tf_r10,
938 frame->tf_r11, frame->tf_r12);
939 printf("r13: %016lx r14: %016lx r15: %016lx\n", frame->tf_r13,
940 frame->tf_r14, frame->tf_r15);
941
942 #ifdef KDB
943 if (debugger_on_trap) {
944 kdb_why = KDB_WHY_TRAP;
945 handled = kdb_trap(type, 0, frame);
946 kdb_why = KDB_WHY_UNSET;
(kgdb) p frame
$28 = (struct trapframe *) 0xfffffe010279ab20
(kgdb) p *frame
$29 = {tf_rdi = -2131374656, tf_rsi = -2194686759728, tf_rdx = 52971140943872,
tf_rcx = 8785232101503, tf_r8 = 4503599627366400, tf_r9 = -2194686759728,
tf_rax = 0, tf_rbx = 0, tf_rbp = -2194686759888, tf_r10 = 8796093018112,
tf_r11 = 0, tf_r12 = 32, tf_r13 = -8785232101504, tf_r14 = 64, tf_r15 =
-8795436933832, tf_trapno = 12, tf_fs = 19, tf_gs = 27, tf_addr = 48, tf_flags
= 1, tf_es = 59, tf_ds = 59, tf_err = 0, tf_rip = -2137494253, tf_cs = 32,
tf_rflags = 66118, tf_rsp = -2194686759968, tf_ss = 40}
(kgdb) up
#6 0xffffffff80994ecf in trap_pfault (frame=0xfffffe010279ab20,
usermode=false, signo=<optimized out>, ucode=<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:760
760 if (td->td_critnest != 0 ||
(kgdb) l
755 * lock, then it is most likely a fatal kernel page
fault.
756 * If WITNESS is enabled, then it's going to whine
about
757 * bogus LORs with various VM locks, so just skip to
the
758 * fatal trap handling directly.
759 */
760 if (td->td_critnest != 0 ||
761 WITNESS_CHECK(WARN_SLEEPOK | WARN_GIANTOK, NULL,
762 "Kernel page fault") != 0) {
763 trap_fatal(frame, eva);
764 return (-1);
(kgdb) p frame
$30 = (struct trapframe *) 0xfffffe010279ab20
(kgdb) p eva
$31 = 48
(kgdb) p td
$32 = (struct thread *) 0xfffff800036f8000
(kgdb) p *td
$33 = {td_lock = 0xfffffe0038409200, td_proc = 0xfffffe00e056c580, td_plist =
{tqe_next = 0x0, tqe_prev = 0xfffffe00e056c590}, td_runq = {tqe_next = 0x0,
tqe_prev = 0xfffffe0038409408}, {td_slpq = {tqe_next = 0x0,
tqe_prev = 0xfffff8039730a580}, td_zombie = 0x0}, td_lockq = {tqe_next =
0x0, tqe_prev = 0xfffffe0143d4ea58}, td_hash = {le_next = 0x0, le_prev =
0xfffffe00e00a5ec0}, td_cpuset = 0xfffff80002ae6d00, td_domain = {
dr_policy = 0xffffffff80c01110 <domainset_firsttouch>, dr_iter = 239359},
td_sel = 0x0, td_sleepqueue = 0xfffff8039730a580, td_turnstile =
0xfffff80002e37900, td_rlqe = 0xfffff8000cd42e10, td_umtxq =
0xfffff80003700480,
td_tid = 100312, td_sigqueue = {sq_signals = {__bits = {0, 0, 0, 0}}, sq_kill
= {__bits = {0, 0, 0, 0}}, sq_ptrace = {__bits = {0, 0, 0, 0}}, sq_list =
{tqh_first = 0x0, tqh_last = 0xfffff800036f80d8}, sq_proc = 0xfffffe00e056c580,
sq_flags = 1}, td_lend_user_pri = 255 '\377', td_allocdomain = 0 '\000',
td_base_ithread_pri = 0 '\000', td_kmsan = 0x0, td_flags = 6, td_ast = 0,
td_inhibitors = 0, td_pflags = 0, td_pflags2 = 0, td_dupfd = 0, td_sqqueue = 0,
td_wchan = 0x0, td_wmesg = 0x0, td_owepreempt = 0 '\000', td_tsqueue = 0
'\000', td_stopsched = 1 '\001', td_locks = 0, td_rw_rlocks = 0, td_sx_slocks =
0, td_lk_slocks = 0, td_blocked = 0x0, td_lockname = 0x0, td_contested = {
lh_first = 0x0}, td_sleeplocks = 0x0, td_intr_nesting_level = 0, td_pinned
= 1, td_realucred = 0xfffff8036a565800, td_ucred = 0xfffff8036a565800, td_limit
= 0xfffff803d5a6f500, td_slptick = 0, td_blktick = 0,
td_swvoltick = -888747322, td_swinvoltick = 0, td_cow = 28, td_ru = {ru_utime
= {tv_sec = 0, tv_usec = 0}, ru_stime = {tv_sec = 0, tv_usec = 0}, ru_maxrss =
0, ru_ixrss = 0, ru_idrss = 0, ru_isrss = 0, ru_minflt = 65, ru_majflt = 0,
ru_nswap = 0, ru_inblock = 0, ru_oublock = 0, ru_msgsnd = 0, ru_msgrcv = 0,
ru_nsignals = 0, ru_nvcsw = 1, ru_nivcsw = 0}, td_rux = {rux_runtime = 0,
rux_uticks = 0, rux_sticks = 0, rux_iticks = 0, rux_uu = 0, rux_su = 0,
rux_tu = 0}, td_incruntime = 562220, td_runtime = 562220, td_pticks = 0,
td_sticks = 0, td_iticks = 0, td_uticks = 0, td_intrval = 0, td_oldsigmask =
{__bits = {0, 0, 0, 0}}, td_generation = 1, td_sigstk = {ss_sp = 0x0, ss_size =
0,
ss_flags = 4}, td_xsig = 0, td_profil_addr = 0, td_profil_ticks = 0,
td_name = "awk", '\000' <repeats 16 times>, td_fpop = 0x0, td_dbgflags = 0,
td_si = {si_signo = 0, si_errno = 0, si_code = 0, si_pid = 0, si_uid = 0,
si_status = 0, si_addr = 0x0, si_value = {sival_int = 0, sival_ptr = 0x0,
sigval_int = 0, sigval_ptr = 0x0}, _reason = {_fault = {_trapno = 0}, _timer =
{_timerid = 0, _overrun = 0}, _mesgq = {_mqd = 0}, _poll = {_band = 0},
_capsicum = {_syscall = 0}, __spare__ = {__spare1__ = 0, __spare2__ = {0,
0, 0, 0, 0, 0, 0}}}}, td_ng_outbound = 0, td_osd = {osd_nslots = 0, osd_slots =
0x0, osd_next = {le_next = 0x0, le_prev = 0x0}}, td_map_def_user = 0x0,
td_dbg_forked = 0, td_vp_reserved = 0x0, td_no_sleeping = 0, td_su = 0x0,
td_sleeptimo = 0, td_rtcgen = 0, td_errno = 0, td_vslock_sz = 0, td_kcov_info =
0x0, td_ucredref = -9, td_sigmask = {__bits = {0, 0, 0, 0}},
td_rqindex = 25 '\031', td_base_pri = 52 '4', td_priority = 52 '4',
td_pri_class = 3 '\003', td_user_pri = 100 'd', td_base_user_pri = 100 'd',
td_rb_list = 0, td_rbp_list = 0, td_rb_inact = 0, td_sa = {code = 73,
original_code = 73,
callp = 0xffffffff80c486b0 <sysent+2336>, args = {52971140415488, 2097152,
3, 2097151, 0, 0, 0, 0}}, td_sigblock_ptr = 0x5594989a4910, td_sigblock_val =
0, td_pcb = 0xfffff800036f8520, td_state = TDS_RUNNING, td_uretoff = {
tdu_retval = {0, 3}, tdu_off = 0}, td_cowgen = 0, td_slpcallout = {c_links
= {le = {le_next = 0x0, le_prev = 0xfffffe003843cb20}, sle = {sle_next = 0x0},
tqe = {tqe_next = 0x0, tqe_prev = 0xfffffe003843cb20}},
c_time = 23856685301620388, c_precision = 80530631250, c_arg =
0xfffff800036f8000, c_func = 0xffffffff806988b0 <sleepq_timeout>, c_lock = 0x0,
c_flags = 0, c_iflags = 272, c_cpu = 0}, td_frame = 0xfffffe010279af40,
td_kstack = 18446741879022776320, td_kstack_pages = 4, td_critnest = 1, td_md
= {md_spinlock_count = 1, md_saved_flags = 582, md_spurflt_addr =
47518932344832, md_invl_gen = {gen = 6283878933, {link = {le_next = 0x0,
le_prev = 0x64}, {
next = 0x0, saved_pri = 100 'd'}}}, md_efirt_tmp = 0, md_efirt_dis_pf
= 0, md_pcb = {pcb_r15 = -2131742328, pcb_r14 = -2198079557120, pcb_r13 =
-8796049711104, pcb_r12 = -2141217104, pcb_rbp = 0, pcb_rsp = -2194686759112,
pcb_rbx = -8796035383296, pcb_rip = -2137594880, pcb_fsbase = 0,
pcb_gsbase = 0, pcb_kgsbase = 0, pcb_cr0 = 0, pcb_cr2 = 0, pcb_cr3 = 0, pcb_cr4
= 0, pcb_dr0 = 0, pcb_dr1 = 0, pcb_dr2 = 0, pcb_dr3 = 0, pcb_dr6 = 0, pcb_dr7 =
0,
pcb_gdt = {rd_limit = 0, rd_base = 0}, pcb_idt = {rd_limit = 0, rd_base =
0}, pcb_ldt = {rd_limit = 0, rd_base = 0}, pcb_tr = 0, pcb_flags = 24,
pcb_initial_fpucw = 895, pcb_onfault = 0x0, pcb_saved_ucr3 = 0, pcb_tssp = 0x0,
pcb_efer = 0, pcb_star = 0, pcb_lstar = 0, pcb_cstar = 0, pcb_sfmask = 0,
pcb_save = 0xfffffe0105e94380, pcb_pad = {0, 0, 0, 0, 0}}, md_stack_base =
18446741879022792704, md_usr_fpu_save = 0xfffffe0105e94380}, td_ar = 0x0,
td_lprof = {{lh_first = 0x0}, {lh_first = 0x0}}, td_dtrace =
0xfffff8000c970b00, td_vnet = 0x0, td_vnet_lpush = 0x0, td_intr_frame = 0x0,
td_rfppwait_p = 0xfffffe01401b5000, td_ma = 0x0, td_ma_cnt = 0, td_emuldata =
0x0,
td_lastcpu = 4, td_oncpu = 4, td_lkpi_task = 0x0, td_pmcpend = 0,
td_remotereq = 0x0, td_ktr_io_lim = 0}
(kgdb) up
#7 <signal handler called>
(kgdb) up
#8 pmap_remove_pte (pmap=pmap@entry=0xfffff800271b1d38,
ptq=ptq@entry=0xfffff803f4a0c508, va=va@entry=52971140943872,
ptepde=16989077607, free=free@entry=0xfffffe010279acb0,
lockp=lockp@entry=0xfffffe010279acd0)
at /usr/src/sys/amd64/amd64/pmap.c:6287
6287 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
(kgdb) p m
$34 = (vm_page_t) 0x0
(kgdb) p lockp
$35 = (struct rwlock **) 0xfffffe010279acd0
(kgdb) p *lockp
$36 = (struct rwlock *) 0x0
(kgdb) l
6282 m = PHYS_TO_VM_PAGE(oldpte & PG_FRAME);
6283 if ((oldpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
6284 vm_page_dirty(m);
6285 if (oldpte & PG_A)
6286 vm_page_aflag_set(m, PGA_REFERENCED);
6287 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
6288 pmap_pvh_free(&m->md, pmap, va);
6289 if (TAILQ_EMPTY(&m->md.pv_list) &&
6290 (m->flags & PG_FICTITIOUS) == 0) {
6291 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
(kgdb) p oldpte
$37 = 18446735288477450112
(kgdb) l -
6272 PG_A = pmap_accessed_bit(pmap);
6273 PG_M = pmap_modified_bit(pmap);
6274 PG_RW = pmap_rw_bit(pmap);
6275
6276 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
6277 oldpte = pte_load_clear(ptq);
6278 if (oldpte & PG_W)
6279 pmap->pm_stats.wired_count -= 1;
6280 pmap_resident_count_adj(pmap, -1);
6281 if (oldpte & PG_MANAGED) {
(kgdb) p pmap
$38 = (pmap_t) 0xfffff800271b1d38
(kgdb) p *pmap
$39 = {pm_mtx = {lock_object = {lo_name = 0xffffffff80a4bc2c "pmap", lo_flags =
21168128, lo_data = 0, lo_witness = 0x0}, mtx_lock = 18446735277674168320},
pm_pmltop = 0xfffff802b9d05000, pm_pmltopu = 0x0, pm_cr3 = 11707371520,
pm_ucr3 = 18446744073709551615, pm_pvchunk = {tqh_first = 0xfffff806412fb000,
tqh_last = 0xfffff807d1faf008}, pm_active = {__bits = {16, 0 <repeats 15
times>}}, pm_type = PT_X86, pm_stats = {resident_count = 524, wired_count =
-1},
pm_root = {rt_root = 0x1}, pm_eptgen = 0, pm_eptsmr = 0x0, pm_flags = 256,
pm_pcidp = 0xfffffe015e1c6108, pm_pkru = {rs_trie = {pt_root = 0x0},
rs_dup_data = 0x0, rs_free_data = 0x0, rs_data_ctx = 0x0, rs_alloc_flags = 0}}
(kgdb) p ptq
$40 = (pt_entry_t *) 0xfffff803f4a0c508
(kgdb) p *ptq
Cannot access memory at address 0xfffff803f4a0c508
(kgdb) up
#9 0xffffffff8098c9dc in pmap_remove_ptes (pmap=pmap@entry=0xfffff800271b1d38,
sva=52971140943872, sva@entry=52971140415488, eva=eva@entry=52971142381568,
pde=0xfffff80016da7380, free=free@entry=0xfffffe010279acb0,
lockp=lockp@entry=0xfffffe010279acd0) at
/usr/src/sys/amd64/amd64/pmap.c:6352
6352 if (pmap_remove_pte(pmap, pte, sva, *pde, free, lockp))
{
(kgdb) p pmap
$41 = (pmap_t) 0xfffff800271b1d38
(kgdb) p pte
$42 = (pt_entry_t *) 0xfffff803f4a0c508
(kgdb) p sva
$43 = 52971140943872
(kgdb) p *pde
Cannot access memory at address 0xfffff80016da7380
(kgdb) p free
$44 = (struct spglist *) 0xfffffe010279acb0
(kgdb) p *free
$45 = {slh_first = 0x0}
(kgdb) p lockp
$46 = (struct rwlock **) 0xfffffe010279acd0
(kgdb) l
6347 }
6348 if ((*pte & PG_G) == 0)
6349 anyvalid = true;
6350 else if (va == eva)
6351 va = sva;
6352 if (pmap_remove_pte(pmap, pte, sva, *pde, free, lockp))
{
6353 sva += PAGE_SIZE;
6354 break;
6355 }
6356 }
(kgdb) up
#10 0xffffffff8097d972 in pmap_remove1 (pmap=0xfffff800271b1d38,
sva=52971140415488, eva=52971142512640, map_delete=<optimized out>) at
/usr/src/sys/amd64/amd64/pmap.c:6505
6505 if (pmap_remove_ptes(pmap, sva, va_next, pde, &free,
&lock))
(kgdb) l
6500 * range being removed.
6501 */
6502 if (va_next > eva)
6503 va_next = eva;
6504
6505 if (pmap_remove_ptes(pmap, sva, va_next, pde, &free,
&lock))
6506 anyvalid = 1;
6507 }
6508 if (lock != NULL)
6509 rw_wunlock(lock);
(kgdb) p pmap
$47 = (pmap_t) 0xfffff800271b1d38
(kgdb) p sva
$48 = 52971140415488
(kgdb) p va_next
$49 = 52971142381568
(kgdb) p pde
$50 = <optimized out>
(kgdb) p &free
$51 = (struct spglist *) 0xfffffe010279acb0
(kgdb) p &lock
$52 = (struct rwlock **) 0xfffffe010279acd0
(kgdb) up
#11 0xffffffff8097dadf in pmap_map_delete (pmap=0xffffffff80f5cdc0
<vm_phys_fictitious_reg_lock>, sva=18446741879022791888, eva=52971140943872) at
/usr/src/sys/amd64/amd64/pmap.c:6539
6539 pmap_remove1(pmap, sva, eva, true);
(kgdb) l
6534 * of a logical mapping.
6535 */
6536 void
6537 pmap_map_delete(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
6538 {
6539 pmap_remove1(pmap, sva, eva, true);
6540 }
6541
6542 /*
6543 * Routine: pmap_remove_all
(kgdb) p pmap
$53 = (pmap_t) 0xffffffff80f5cdc0 <vm_phys_fictitious_reg_lock>
(kgdb) p sva
$54 = 18446741879022791888
(kgdb) p eva
$55 = 52971140943872
(kgdb) up
#12 0xffffffff808f63ff in vm_map_delete (map=map@entry=0xfffff800271b1c08,
start=start@entry=52971140415488, end=end@entry=52971142512640) at
/usr/src/sys/vm/vm_map.c:4045
4045 pmap_map_delete(map->pmap, entry->start,
entry->end);
(kgdb) l
4040 * mappings could exist. For instance, it does not
4041 * make sense to call pmap_remove() for guard entries.
4042 */
4043 if ((entry->eflags & MAP_ENTRY_IS_SUB_MAP) != 0 ||
4044 entry->object.vm_object != NULL)
4045 pmap_map_delete(map->pmap, entry->start,
entry->end);
4046
4047 if (entry->end == map->anon_loc)
4048 map->anon_loc = entry->start;
4049
(kgdb) p entry
$56 = <optimized out>
(kgdb) up
#13 0xffffffff808ff730 in kern_munmap (td=0xfffff800036f8000, addr0=<optimized
out>, size=<optimized out>) at /usr/src/sys/vm/vm_mmap.c:619
619 rv = vm_map_delete(map, addr, end);
(kgdb) l
614 }
615 }
616 }
617 }
618 #endif
619 rv = vm_map_delete(map, addr, end);
620
621 #ifdef HWPMC_HOOKS
622 if (rv == KERN_SUCCESS && __predict_false(pmc_handled)) {
623 /* downgrade the lock to prevent a LOR with the pmc-sx
lock */
(kgdb) p map
$57 = (vm_map_t) 0xfffff800271b1c08
(kgdb) p addr
$58 = 52971140415488
(kgdb) p end
$59 = 52971142512640
(kgdb) up
#14 0xffffffff80995729 in syscallenter (td=0xfffff800036f8000) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:188
188 error = (se->sy_call)(td, sa->args);
(kgdb) l
183 #endif
184
185 if (!sy_thr_static)
186 syscall_thread_exit(td, se);
187 } else {
188 error = (se->sy_call)(td, sa->args);
189 /* Save the latest error return value. */
190 if (__predict_false((td->td_pflags & TDP_NERRNO) != 0))
191 td->td_pflags &= ~TDP_NERRNO;
192 else
(kgdb) p se
$60 = (struct sysent *) 0xffffffff80c486b0 <sysent+2336>
(kgdb) p *se
$61 = {sy_call = 0xffffffff808ff680 <sys_munmap>, sy_systrace_args_func = 0x0,
sy_narg = 2 '\002', sy_flags = 1 '\001', sy_auevent = 213, sy_entry = 0,
sy_return = 0, sy_thrcnt = 1}
(kgdb) p td
$62 = (struct thread *) 0xfffff800036f8000
(kgdb) p sa
$63 = <optimized out>
--
You are receiving this mail because:
You are the assignee for the bug.
