Date: Thu, 04 Apr 2024 09:29:40 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 278161] [panic] kernel panic on kern_munmap from awk process Message-ID: <bug-278161-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D278161 Bug ID: 278161 Summary: [panic] kernel panic on kern_munmap from awk process Product: Base System Version: 14.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: supportme@ukr.net [ng7:~]# kgdb /usr/lib/debug/boot/kernel/kernel.debug /var/crash/vmcore.0 GNU gdb (GDB) 14.1 [GDB v14.1 for FreeBSD] Copyright (C) 2023 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htm= l> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd14.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/lib/debug/boot/kernel/kernel.debug... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid =3D 4; apic id =3D 04 fault virtual address =3D 0x30 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80986d13 stack pointer =3D 0x28:0xfffffe010279abe0 frame pointer =3D 0x28:0xfffffe010279ac30 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 41337 (awk) rdi: ffffffff80f5cdc0 rsi: fffffe010279acd0 rdx: 0000302d4e0a1000 rcx: 000007fd78a3807f r8: 000ffffffffff000 r9: fffffe010279acd0 rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe010279ac30 r10: 000007fffffff000 r11: 0000000000000000 r12: 0000000000000020 r13: fffff802875c7f80 r14: 0000000000000040 r15: fffff800271b1d38 trap number =3D 12 panic: page fault cpuid =3D 4 time =3D 1712172060 KDB: stack backtrace: #0 0xffffffff80688add at kdb_backtrace+0x5d #1 0xffffffff8063f141 at vpanic+0x131 #2 0xffffffff8063f003 at panic+0x43 #3 0xffffffff80994e7f at trap_fatal+0x40f #4 0xffffffff80994ecf at trap_pfault+0x4f #5 0xffffffff8096d3a8 at calltrap+0x8 #6 0xffffffff8098c9dc at pmap_remove_ptes+0xdc #7 0xffffffff8097d972 at pmap_remove1+0x552 #8 0xffffffff808f63ff at vm_map_delete+0x1af #9 0xffffffff808ff730 at kern_munmap+0x90 #10 0xffffffff80995729 at amd64_syscall+0x109 #11 0xffffffff8096dcbb at fast_syscall_common+0xf8 Uptime: 64d6h51m44s Dumping 6112 out of 32712 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..= 91% Reading symbols from /boot/kernel/zfs.ko... Reading symbols from /usr/lib/debug//boot/kernel/zfs.ko.debug... Reading symbols from /boot/kernel/acl_nfs4.ko... Reading symbols from /usr/lib/debug//boot/kernel/acl_nfs4.ko.debug... Reading symbols from /boot/kernel/xdr.ko... Reading symbols from /usr/lib/debug//boot/kernel/xdr.ko.debug... Reading symbols from /boot/kernel/cryptodev.ko... Reading symbols from /usr/lib/debug//boot/kernel/cryptodev.ko.debug... Reading symbols from /boot/kernel/cpuctl.ko... Reading symbols from /usr/lib/debug//boot/kernel/cpuctl.ko.debug... Reading symbols from /boot/kernel/opensolaris.ko... Reading symbols from /usr/lib/debug//boot/kernel/opensolaris.ko.debug... Reading symbols from /boot/kernel/ipmi.ko... Reading symbols from /usr/lib/debug//boot/kernel/ipmi.ko.debug... Reading symbols from /boot/kernel/smbus.ko... Reading symbols from /usr/lib/debug//boot/kernel/smbus.ko.debug... Reading symbols from /boot/kernel/if_lagg.ko... Reading symbols from /usr/lib/debug//boot/kernel/if_lagg.ko.debug... Reading symbols from /boot/kernel/if_infiniband.ko... Reading symbols from /usr/lib/debug//boot/kernel/if_infiniband.ko.debug... Reading symbols from /boot/kernel/coretemp.ko... Reading symbols from /usr/lib/debug//boot/kernel/coretemp.ko.debug... Reading symbols from /boot/kernel/ichsmb.ko... Reading symbols from /usr/lib/debug//boot/kernel/ichsmb.ko.debug... Reading symbols from /boot/kernel/uhid.ko... Reading symbols from /usr/lib/debug//boot/kernel/uhid.ko.debug... Reading symbols from /boot/kernel/ums.ko... Reading symbols from /usr/lib/debug//boot/kernel/ums.ko.debug... Reading symbols from /boot/kernel/usbhid.ko... Reading symbols from /usr/lib/debug//boot/kernel/usbhid.ko.debug... Reading symbols from /boot/kernel/hidbus.ko... --Type <RET> for more, q to quit, c to continue without paging-- Reading symbols from /usr/lib/debug//boot/kernel/hidbus.ko.debug... Reading symbols from /boot/kernel/mac_ntpd.ko... Reading symbols from /usr/lib/debug//boot/kernel/mac_ntpd.ko.debug... __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57 57 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57 #1 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown= .c:405 #2 0xffffffff8063ecd7 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:523 #3 0xffffffff8063f1ae in vpanic (fmt=3D0xffffffff80a260e3 "%s", ap=3Dap@entry=3D0xfffffe010279aa30) at /usr/src/sys/kern/kern_shutdown.c:967 #4 0xffffffff8063f003 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:891 #5 0xffffffff80994e7f in trap_fatal (frame=3D0xfffffe010279ab20, eva=3D48)= at /usr/src/sys/amd64/amd64/trap.c:952 #6 0xffffffff80994ecf in trap_pfault (frame=3D0xfffffe010279ab20, usermode=3Dfalse, signo=3D<optimized out>, ucode=3D<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:760 #7 <signal handler called> #8 pmap_remove_pte (pmap=3Dpmap@entry=3D0xfffff800271b1d38, ptq=3Dptq@entry=3D0xfffff803f4a0c508, va=3Dva@entry=3D52971140943872, ptepde=3D16989077607, free=3Dfree@entry=3D0xfffffe010279acb0, lockp=3Dlockp@entry=3D0xfffffe010279acd0) at /usr/src/sys/amd64/amd64/pmap.c:6287 #9 0xffffffff8098c9dc in pmap_remove_ptes (pmap=3Dpmap@entry=3D0xfffff8002= 71b1d38, sva=3D52971140943872, sva@entry=3D52971140415488, eva=3Deva@entry=3D5297114= 2381568, pde=3D0xfffff80016da7380, free=3Dfree@entry=3D0xfffffe010279acb0,=20 lockp=3Dlockp@entry=3D0xfffffe010279acd0) at /usr/src/sys/amd64/amd64/pmap.c:6352 #10 0xffffffff8097d972 in pmap_remove1 (pmap=3D0xfffff800271b1d38, sva=3D52971140415488, eva=3D52971142512640, map_delete=3D<optimized out>) at /usr/src/sys/amd64/amd64/pmap.c:6505 #11 0xffffffff8097dadf in pmap_map_delete (pmap=3D0xffffffff80f5cdc0 <vm_phys_fictitious_reg_lock>, sva=3D18446741879022791888, eva=3D5297114094= 3872) at /usr/src/sys/amd64/amd64/pmap.c:6539 #12 0xffffffff808f63ff in vm_map_delete (map=3Dmap@entry=3D0xfffff800271b1c= 08, start=3Dstart@entry=3D52971140415488, end=3Dend@entry=3D52971142512640) at /usr/src/sys/vm/vm_map.c:4045 #13 0xffffffff808ff730 in kern_munmap (td=3D0xfffff800036f8000, addr0=3D<op= timized out>, size=3D<optimized out>) at /usr/src/sys/vm/vm_mmap.c:619 #14 0xffffffff80995729 in syscallenter (td=3D0xfffff800036f8000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:188 #15 amd64_syscall (td=3D0xfffff800036f8000, traced=3D0) at /usr/src/sys/amd64/amd64/trap.c:1194 #16 <signal handler called> #17 0x00000008233b5d3a in ?? () Backtrace stopped: Cannot access memory at address 0x820aeeb28 (kgdb) up #1 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown= .c:405 405 dump_savectx(); (kgdb)=20 #2 0xffffffff8063ecd7 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:523 523 doadump(TRUE); (kgdb)=20 #3 0xffffffff8063f1ae in vpanic (fmt=3D0xffffffff80a260e3 "%s", ap=3Dap@entry=3D0xfffffe010279aa30) at /usr/src/sys/kern/kern_shutdown.c:967 967 kern_reboot(bootopt); (kgdb)=20 #4 0xffffffff8063f003 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:891 891 vpanic(fmt, ap); (kgdb)=20 #5 0xffffffff80994e7f in trap_fatal (frame=3D0xfffffe010279ab20, eva=3D48)= at /usr/src/sys/amd64/amd64/trap.c:952 952 panic("%s", type < nitems(trap_msg) ? trap_msg[type] : (kgdb) p type $27 =3D <optimized out> (kgdb) l 947 if (handled) 948 return; 949 } 950 #endif 951 printf("trap number =3D %d\n", type); 952 panic("%s", type < nitems(trap_msg) ? trap_msg[type] : 953 "unknown/reserved trap"); 954 } 955=20=20=20=20=20 956 #ifdef KDTRACE_HOOKS (kgdb) l - 937 printf("r10: %016lx r11: %016lx r12: %016lx\n", frame->tf_r= 10, 938 frame->tf_r11, frame->tf_r12); 939 printf("r13: %016lx r14: %016lx r15: %016lx\n", frame->tf_r= 13, 940 frame->tf_r14, frame->tf_r15); 941=20=20=20=20=20 942 #ifdef KDB 943 if (debugger_on_trap) { 944 kdb_why =3D KDB_WHY_TRAP; 945 handled =3D kdb_trap(type, 0, frame); 946 kdb_why =3D KDB_WHY_UNSET; (kgdb) p frame $28 =3D (struct trapframe *) 0xfffffe010279ab20 (kgdb) p *frame $29 =3D {tf_rdi =3D -2131374656, tf_rsi =3D -2194686759728, tf_rdx =3D 5297= 1140943872, tf_rcx =3D 8785232101503, tf_r8 =3D 4503599627366400, tf_r9 =3D -2194686759= 728, tf_rax =3D 0, tf_rbx =3D 0, tf_rbp =3D -2194686759888, tf_r10 =3D 879609301= 8112,=20 tf_r11 =3D 0, tf_r12 =3D 32, tf_r13 =3D -8785232101504, tf_r14 =3D 64, tf= _r15 =3D -8795436933832, tf_trapno =3D 12, tf_fs =3D 19, tf_gs =3D 27, tf_addr =3D 4= 8, tf_flags =3D 1, tf_es =3D 59, tf_ds =3D 59, tf_err =3D 0, tf_rip =3D -2137494253, tf= _cs =3D 32,=20 tf_rflags =3D 66118, tf_rsp =3D -2194686759968, tf_ss =3D 40} (kgdb) up #6 0xffffffff80994ecf in trap_pfault (frame=3D0xfffffe010279ab20, usermode=3Dfalse, signo=3D<optimized out>, ucode=3D<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:760 760 if (td->td_critnest !=3D 0 || (kgdb) l 755 * lock, then it is most likely a fatal kernel page fault. 756 * If WITNESS is enabled, then it's going to whine about 757 * bogus LORs with various VM locks, so just skip to the 758 * fatal trap handling directly. 759 */ 760 if (td->td_critnest !=3D 0 || 761 WITNESS_CHECK(WARN_SLEEPOK | WARN_GIANTOK, NULL, 762 "Kernel page fault") !=3D 0) { 763 trap_fatal(frame, eva); 764 return (-1); (kgdb) p frame $30 =3D (struct trapframe *) 0xfffffe010279ab20 (kgdb) p eva $31 =3D 48 (kgdb) p td $32 =3D (struct thread *) 0xfffff800036f8000 (kgdb) p *td $33 =3D {td_lock =3D 0xfffffe0038409200, td_proc =3D 0xfffffe00e056c580, td= _plist =3D {tqe_next =3D 0x0, tqe_prev =3D 0xfffffe00e056c590}, td_runq =3D {tqe_next = =3D 0x0, tqe_prev =3D 0xfffffe0038409408}, {td_slpq =3D {tqe_next =3D 0x0,=20 tqe_prev =3D 0xfffff8039730a580}, td_zombie =3D 0x0}, td_lockq =3D {t= qe_next =3D 0x0, tqe_prev =3D 0xfffffe0143d4ea58}, td_hash =3D {le_next =3D 0x0, le_pre= v =3D 0xfffffe00e00a5ec0}, td_cpuset =3D 0xfffff80002ae6d00, td_domain =3D { dr_policy =3D 0xffffffff80c01110 <domainset_firsttouch>, dr_iter =3D 23= 9359}, td_sel =3D 0x0, td_sleepqueue =3D 0xfffff8039730a580, td_turnstile =3D 0xfffff80002e37900, td_rlqe =3D 0xfffff8000cd42e10, td_umtxq =3D 0xfffff80003700480,=20 td_tid =3D 100312, td_sigqueue =3D {sq_signals =3D {__bits =3D {0, 0, 0, = 0}}, sq_kill =3D {__bits =3D {0, 0, 0, 0}}, sq_ptrace =3D {__bits =3D {0, 0, 0, 0}}, sq_= list =3D {tqh_first =3D 0x0, tqh_last =3D 0xfffff800036f80d8}, sq_proc =3D 0xfffffe0= 0e056c580,=20 sq_flags =3D 1}, td_lend_user_pri =3D 255 '\377', td_allocdomain =3D 0 = '\000', td_base_ithread_pri =3D 0 '\000', td_kmsan =3D 0x0, td_flags =3D 6, td_ast = =3D 0, td_inhibitors =3D 0, td_pflags =3D 0, td_pflags2 =3D 0, td_dupfd =3D 0, td_= sqqueue =3D 0,=20 td_wchan =3D 0x0, td_wmesg =3D 0x0, td_owepreempt =3D 0 '\000', td_tsqueu= e =3D 0 '\000', td_stopsched =3D 1 '\001', td_locks =3D 0, td_rw_rlocks =3D 0, td_s= x_slocks =3D 0, td_lk_slocks =3D 0, td_blocked =3D 0x0, td_lockname =3D 0x0, td_conteste= d =3D { lh_first =3D 0x0}, td_sleeplocks =3D 0x0, td_intr_nesting_level =3D 0, = td_pinned =3D 1, td_realucred =3D 0xfffff8036a565800, td_ucred =3D 0xfffff8036a565800= , td_limit =3D 0xfffff803d5a6f500, td_slptick =3D 0, td_blktick =3D 0,=20 td_swvoltick =3D -888747322, td_swinvoltick =3D 0, td_cow =3D 28, td_ru = =3D {ru_utime =3D {tv_sec =3D 0, tv_usec =3D 0}, ru_stime =3D {tv_sec =3D 0, tv_usec =3D = 0}, ru_maxrss =3D 0, ru_ixrss =3D 0, ru_idrss =3D 0, ru_isrss =3D 0, ru_minflt =3D 65, ru_maj= flt =3D 0,=20 ru_nswap =3D 0, ru_inblock =3D 0, ru_oublock =3D 0, ru_msgsnd =3D 0, ru= _msgrcv =3D 0, ru_nsignals =3D 0, ru_nvcsw =3D 1, ru_nivcsw =3D 0}, td_rux =3D {rux_runtim= e =3D 0, rux_uticks =3D 0, rux_sticks =3D 0, rux_iticks =3D 0, rux_uu =3D 0, rux_su = =3D 0,=20 rux_tu =3D 0}, td_incruntime =3D 562220, td_runtime =3D 562220, td_ptic= ks =3D 0, td_sticks =3D 0, td_iticks =3D 0, td_uticks =3D 0, td_intrval =3D 0, td_old= sigmask =3D {__bits =3D {0, 0, 0, 0}}, td_generation =3D 1, td_sigstk =3D {ss_sp =3D 0x= 0, ss_size =3D 0,=20 ss_flags =3D 4}, td_xsig =3D 0, td_profil_addr =3D 0, td_profil_ticks = =3D 0, td_name =3D "awk", '\000' <repeats 16 times>, td_fpop =3D 0x0, td_dbgflags = =3D 0, td_si =3D {si_signo =3D 0, si_errno =3D 0, si_code =3D 0, si_pid =3D 0, si_= uid =3D 0,=20 si_status =3D 0, si_addr =3D 0x0, si_value =3D {sival_int =3D 0, sival_= ptr =3D 0x0, sigval_int =3D 0, sigval_ptr =3D 0x0}, _reason =3D {_fault =3D {_trapno =3D= 0}, _timer =3D {_timerid =3D 0, _overrun =3D 0}, _mesgq =3D {_mqd =3D 0}, _poll =3D {_band= =3D 0},=20 _capsicum =3D {_syscall =3D 0}, __spare__ =3D {__spare1__ =3D 0, __sp= are2__ =3D {0, 0, 0, 0, 0, 0, 0}}}}, td_ng_outbound =3D 0, td_osd =3D {osd_nslots =3D 0, o= sd_slots =3D 0x0, osd_next =3D {le_next =3D 0x0, le_prev =3D 0x0}}, td_map_def_user =3D = 0x0,=20 td_dbg_forked =3D 0, td_vp_reserved =3D 0x0, td_no_sleeping =3D 0, td_su = =3D 0x0, td_sleeptimo =3D 0, td_rtcgen =3D 0, td_errno =3D 0, td_vslock_sz =3D 0, td= _kcov_info =3D 0x0, td_ucredref =3D -9, td_sigmask =3D {__bits =3D {0, 0, 0, 0}},=20 td_rqindex =3D 25 '\031', td_base_pri =3D 52 '4', td_priority =3D 52 '4', td_pri_class =3D 3 '\003', td_user_pri =3D 100 'd', td_base_user_pri =3D 10= 0 'd', td_rb_list =3D 0, td_rbp_list =3D 0, td_rb_inact =3D 0, td_sa =3D {code =3D= 73, original_code =3D 73,=20 callp =3D 0xffffffff80c486b0 <sysent+2336>, args =3D {52971140415488, 2= 097152, 3, 2097151, 0, 0, 0, 0}}, td_sigblock_ptr =3D 0x5594989a4910, td_sigblock_v= al =3D 0, td_pcb =3D 0xfffff800036f8520, td_state =3D TDS_RUNNING, td_uretoff =3D { tdu_retval =3D {0, 3}, tdu_off =3D 0}, td_cowgen =3D 0, td_slpcallout = =3D {c_links =3D {le =3D {le_next =3D 0x0, le_prev =3D 0xfffffe003843cb20}, sle =3D {sle= _next =3D 0x0}, tqe =3D {tqe_next =3D 0x0, tqe_prev =3D 0xfffffe003843cb20}},=20 c_time =3D 23856685301620388, c_precision =3D 80530631250, c_arg =3D 0xfffff800036f8000, c_func =3D 0xffffffff806988b0 <sleepq_timeout>, c_lock = =3D 0x0, c_flags =3D 0, c_iflags =3D 272, c_cpu =3D 0}, td_frame =3D 0xfffffe010279a= f40,=20 td_kstack =3D 18446741879022776320, td_kstack_pages =3D 4, td_critnest = =3D 1, td_md =3D {md_spinlock_count =3D 1, md_saved_flags =3D 582, md_spurflt_addr =3D 47518932344832, md_invl_gen =3D {gen =3D 6283878933, {link =3D {le_next =3D= 0x0, le_prev =3D 0x64}, { next =3D 0x0, saved_pri =3D 100 'd'}}}, md_efirt_tmp =3D 0, md_ef= irt_dis_pf =3D 0, md_pcb =3D {pcb_r15 =3D -2131742328, pcb_r14 =3D -2198079557120, pcb= _r13 =3D -8796049711104, pcb_r12 =3D -2141217104, pcb_rbp =3D 0, pcb_rsp =3D -219468= 6759112,=20 pcb_rbx =3D -8796035383296, pcb_rip =3D -2137594880, pcb_fsbase =3D 0, pcb_gsbase =3D 0, pcb_kgsbase =3D 0, pcb_cr0 =3D 0, pcb_cr2 =3D 0, pcb_cr3 = =3D 0, pcb_cr4 =3D 0, pcb_dr0 =3D 0, pcb_dr1 =3D 0, pcb_dr2 =3D 0, pcb_dr3 =3D 0, pcb_dr6 = =3D 0, pcb_dr7 =3D 0,=20 pcb_gdt =3D {rd_limit =3D 0, rd_base =3D 0}, pcb_idt =3D {rd_limit = =3D 0, rd_base =3D 0}, pcb_ldt =3D {rd_limit =3D 0, rd_base =3D 0}, pcb_tr =3D 0, pcb_flags = =3D 24, pcb_initial_fpucw =3D 895, pcb_onfault =3D 0x0, pcb_saved_ucr3 =3D 0, pcb_t= ssp =3D 0x0,=20 pcb_efer =3D 0, pcb_star =3D 0, pcb_lstar =3D 0, pcb_cstar =3D 0, pcb= _sfmask =3D 0, pcb_save =3D 0xfffffe0105e94380, pcb_pad =3D {0, 0, 0, 0, 0}}, md_stack_bas= e =3D 18446741879022792704, md_usr_fpu_save =3D 0xfffffe0105e94380}, td_ar =3D 0x= 0,=20 td_lprof =3D {{lh_first =3D 0x0}, {lh_first =3D 0x0}}, td_dtrace =3D 0xfffff8000c970b00, td_vnet =3D 0x0, td_vnet_lpush =3D 0x0, td_intr_frame = =3D 0x0, td_rfppwait_p =3D 0xfffffe01401b5000, td_ma =3D 0x0, td_ma_cnt =3D 0, td_em= uldata =3D 0x0,=20 td_lastcpu =3D 4, td_oncpu =3D 4, td_lkpi_task =3D 0x0, td_pmcpend =3D 0, td_remotereq =3D 0x0, td_ktr_io_lim =3D 0} (kgdb) up #7 <signal handler called> (kgdb) up #8 pmap_remove_pte (pmap=3Dpmap@entry=3D0xfffff800271b1d38, ptq=3Dptq@entry=3D0xfffff803f4a0c508, va=3Dva@entry=3D52971140943872, ptepde=3D16989077607, free=3Dfree@entry=3D0xfffffe010279acb0, lockp=3Dlockp@entry=3D0xfffffe010279acd0) at /usr/src/sys/amd64/amd64/pmap.c:6287 6287 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m); (kgdb) p m $34 =3D (vm_page_t) 0x0 (kgdb) p lockp $35 =3D (struct rwlock **) 0xfffffe010279acd0 (kgdb) p *lockp $36 =3D (struct rwlock *) 0x0 (kgdb) l 6282 m =3D PHYS_TO_VM_PAGE(oldpte & PG_FRAME); 6283 if ((oldpte & (PG_M | PG_RW)) =3D=3D (PG_M | PG_RW)) 6284 vm_page_dirty(m); 6285 if (oldpte & PG_A) 6286 vm_page_aflag_set(m, PGA_REFERENCED); 6287 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m); 6288 pmap_pvh_free(&m->md, pmap, va); 6289 if (TAILQ_EMPTY(&m->md.pv_list) && 6290 (m->flags & PG_FICTITIOUS) =3D=3D 0) { 6291 pvh =3D pa_to_pvh(VM_PAGE_TO_PHYS(m)); (kgdb) p oldpte $37 =3D 18446735288477450112 (kgdb) l - 6272 PG_A =3D pmap_accessed_bit(pmap); 6273 PG_M =3D pmap_modified_bit(pmap); 6274 PG_RW =3D pmap_rw_bit(pmap); 6275=20=20=20=20 6276 PMAP_LOCK_ASSERT(pmap, MA_OWNED); 6277 oldpte =3D pte_load_clear(ptq); 6278 if (oldpte & PG_W) 6279 pmap->pm_stats.wired_count -=3D 1; 6280 pmap_resident_count_adj(pmap, -1); 6281 if (oldpte & PG_MANAGED) { (kgdb) p pmap $38 =3D (pmap_t) 0xfffff800271b1d38 (kgdb) p *pmap $39 =3D {pm_mtx =3D {lock_object =3D {lo_name =3D 0xffffffff80a4bc2c "pmap"= , lo_flags =3D 21168128, lo_data =3D 0, lo_witness =3D 0x0}, mtx_lock =3D 1844673527767416= 8320}, pm_pmltop =3D 0xfffff802b9d05000, pm_pmltopu =3D 0x0, pm_cr3 =3D 1170737152= 0,=20 pm_ucr3 =3D 18446744073709551615, pm_pvchunk =3D {tqh_first =3D 0xfffff80= 6412fb000, tqh_last =3D 0xfffff807d1faf008}, pm_active =3D {__bits =3D {16, 0 <repeats= 15 times>}}, pm_type =3D PT_X86, pm_stats =3D {resident_count =3D 524, wired_c= ount =3D -1},=20 pm_root =3D {rt_root =3D 0x1}, pm_eptgen =3D 0, pm_eptsmr =3D 0x0, pm_fla= gs =3D 256, pm_pcidp =3D 0xfffffe015e1c6108, pm_pkru =3D {rs_trie =3D {pt_root =3D 0x0}, rs_dup_data =3D 0x0, rs_free_data =3D 0x0, rs_data_ctx =3D 0x0, rs_alloc_fl= ags =3D 0}} (kgdb) p ptq $40 =3D (pt_entry_t *) 0xfffff803f4a0c508 (kgdb) p *ptq Cannot access memory at address 0xfffff803f4a0c508 (kgdb) up #9 0xffffffff8098c9dc in pmap_remove_ptes (pmap=3Dpmap@entry=3D0xfffff8002= 71b1d38, sva=3D52971140943872, sva@entry=3D52971140415488, eva=3Deva@entry=3D5297114= 2381568, pde=3D0xfffff80016da7380, free=3Dfree@entry=3D0xfffffe010279acb0,=20 lockp=3Dlockp@entry=3D0xfffffe010279acd0) at /usr/src/sys/amd64/amd64/pmap.c:6352 6352 if (pmap_remove_pte(pmap, pte, sva, *pde, free, loc= kp)) { (kgdb) p pmap $41 =3D (pmap_t) 0xfffff800271b1d38 (kgdb) p pte $42 =3D (pt_entry_t *) 0xfffff803f4a0c508 (kgdb) p sva $43 =3D 52971140943872 (kgdb) p *pde Cannot access memory at address 0xfffff80016da7380 (kgdb) p free $44 =3D (struct spglist *) 0xfffffe010279acb0 (kgdb) p *free $45 =3D {slh_first =3D 0x0} (kgdb) p lockp $46 =3D (struct rwlock **) 0xfffffe010279acd0 (kgdb) l 6347 } 6348 if ((*pte & PG_G) =3D=3D 0) 6349 anyvalid =3D true; 6350 else if (va =3D=3D eva) 6351 va =3D sva; 6352 if (pmap_remove_pte(pmap, pte, sva, *pde, free, loc= kp)) { 6353 sva +=3D PAGE_SIZE; 6354 break; 6355 } 6356 } (kgdb) up #10 0xffffffff8097d972 in pmap_remove1 (pmap=3D0xfffff800271b1d38, sva=3D52971140415488, eva=3D52971142512640, map_delete=3D<optimized out>) at /usr/src/sys/amd64/amd64/pmap.c:6505 6505 if (pmap_remove_ptes(pmap, sva, va_next, pde, &free, &lock)) (kgdb) l 6500 * range being removed. 6501 */ 6502 if (va_next > eva) 6503 va_next =3D eva; 6504=20=20=20=20 6505 if (pmap_remove_ptes(pmap, sva, va_next, pde, &free, &lock)) 6506 anyvalid =3D 1; 6507 } 6508 if (lock !=3D NULL) 6509 rw_wunlock(lock); (kgdb) p pmap $47 =3D (pmap_t) 0xfffff800271b1d38 (kgdb) p sva $48 =3D 52971140415488 (kgdb) p va_next $49 =3D 52971142381568 (kgdb) p pde $50 =3D <optimized out> (kgdb) p &free $51 =3D (struct spglist *) 0xfffffe010279acb0 (kgdb) p &lock $52 =3D (struct rwlock **) 0xfffffe010279acd0 (kgdb) up #11 0xffffffff8097dadf in pmap_map_delete (pmap=3D0xffffffff80f5cdc0 <vm_phys_fictitious_reg_lock>, sva=3D18446741879022791888, eva=3D5297114094= 3872) at /usr/src/sys/amd64/amd64/pmap.c:6539 6539 pmap_remove1(pmap, sva, eva, true); (kgdb) l 6534 * of a logical mapping. 6535 */ 6536 void 6537 pmap_map_delete(pmap_t pmap, vm_offset_t sva, vm_offset_t eva) 6538 { 6539 pmap_remove1(pmap, sva, eva, true); 6540 } 6541=20=20=20=20 6542 /* 6543 * Routine: pmap_remove_all (kgdb) p pmap $53 =3D (pmap_t) 0xffffffff80f5cdc0 <vm_phys_fictitious_reg_lock> (kgdb) p sva $54 =3D 18446741879022791888 (kgdb) p eva $55 =3D 52971140943872 (kgdb) up #12 0xffffffff808f63ff in vm_map_delete (map=3Dmap@entry=3D0xfffff800271b1c= 08, start=3Dstart@entry=3D52971140415488, end=3Dend@entry=3D52971142512640) at /usr/src/sys/vm/vm_map.c:4045 4045 pmap_map_delete(map->pmap, entry->start, entry->end); (kgdb) l 4040 * mappings could exist. For instance, it does not 4041 * make sense to call pmap_remove() for guard entri= es. 4042 */ 4043 if ((entry->eflags & MAP_ENTRY_IS_SUB_MAP) !=3D 0 || 4044 entry->object.vm_object !=3D NULL) 4045 pmap_map_delete(map->pmap, entry->start, entry->end); 4046=20=20=20=20 4047 if (entry->end =3D=3D map->anon_loc) 4048 map->anon_loc =3D entry->start; 4049=20=20=20=20 (kgdb) p entry $56 =3D <optimized out> (kgdb) up #13 0xffffffff808ff730 in kern_munmap (td=3D0xfffff800036f8000, addr0=3D<op= timized out>, size=3D<optimized out>) at /usr/src/sys/vm/vm_mmap.c:619 619 rv =3D vm_map_delete(map, addr, end); (kgdb) l 614 } 615 } 616 } 617 } 618 #endif 619 rv =3D vm_map_delete(map, addr, end); 620=20=20=20=20=20 621 #ifdef HWPMC_HOOKS 622 if (rv =3D=3D KERN_SUCCESS && __predict_false(pmc_handled))= { 623 /* downgrade the lock to prevent a LOR with the pmc= -sx lock */ (kgdb) p map $57 =3D (vm_map_t) 0xfffff800271b1c08 (kgdb) p addr $58 =3D 52971140415488 (kgdb) p end $59 =3D 52971142512640 (kgdb) up #14 0xffffffff80995729 in syscallenter (td=3D0xfffff800036f8000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:188 188 error =3D (se->sy_call)(td, sa->args); (kgdb) l 183 #endif 184=20=20=20=20=20 185 if (!sy_thr_static) 186 syscall_thread_exit(td, se); 187 } else { 188 error =3D (se->sy_call)(td, sa->args); 189 /* Save the latest error return value. */ 190 if (__predict_false((td->td_pflags & TDP_NERRNO) != =3D 0)) 191 td->td_pflags &=3D ~TDP_NERRNO; 192 else (kgdb) p se $60 =3D (struct sysent *) 0xffffffff80c486b0 <sysent+2336> (kgdb) p *se $61 =3D {sy_call =3D 0xffffffff808ff680 <sys_munmap>, sy_systrace_args_func= =3D 0x0, sy_narg =3D 2 '\002', sy_flags =3D 1 '\001', sy_auevent =3D 213, sy_entry = =3D 0, sy_return =3D 0, sy_thrcnt =3D 1} (kgdb) p td $62 =3D (struct thread *) 0xfffff800036f8000 (kgdb) p sa $63 =3D <optimized out> --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-278161-227>