From owner-freebsd-hackers Mon Sep 24 15: 8:14 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from InterJet.elischer.org (c421509-a.pinol1.sfba.home.com [24.7.86.9]) by hub.freebsd.org (Postfix) with ESMTP id A31DC37B414 for ; Mon, 24 Sep 2001 15:08:10 -0700 (PDT) Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA51785; Mon, 24 Sep 2001 15:44:16 -0700 (PDT) Date: Mon, 24 Sep 2001 15:44:15 -0700 (PDT) From: Julian Elischer To: Matt Dillon Cc: Ian Dowse , hackers@freebsd.org Subject: Re: VM Corruption - stumped, anyone have any ideas? In-Reply-To: <200109242113.f8OLDbV96558@earth.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG remember that we hit almost this problem with the KSE stuff during debugging? The pointers in the last few entries of the vm_page_buckets array got corrupted when an agument to a function that manipulated whatever was next in ram was 0, and it turned out that it was 0 because of some PTE flushing thing (you are the one that found it... remember?) (there was a line of asm code missing) On Mon, 24 Sep 2001, Matt Dillon wrote: > > : > :In message <200109241914.f8OJE4l95477@earth.backplane.com>, Matt Dillon writes: > :> > :>$8 = 58630 > :>(kgdb) print vm_page_buckets[$8] > : > :What is vm_page_hash_mask? The chunk of memory you printed out below > :looks alright; it is consistent with vm_page_array == 0xc051c000. Is > :it just the vm_page_buckets[] pointer that is corrupt? > : > :The address 0xc08428cc is (char *)&vm_page_array[55060] + 28, and > :sizeof(struct vm_page) is 60, so 0xc08428cc is in the middle of > :a vm_page within vm_page_array[]. > : > :Ian > > (kgdb) print vm_page_buckets[58630] > $5 = (struct vm_page *) 0xc08428cc > (kgdb) print vm_page_array > $6 = 0xc051c000 > (kgdb) print vm_page_hash_mask > $7 = 262143 > (kgdb) print &vm_page_array[55060] > $11 = (struct vm_page *) 0xc08428b0 > (kgdb) print &vm_page_array[55061] > $10 = (struct vm_page *) 0xc08428ec > > Yowzer. How the hell did that happen! Yes, you're right, the > vm_page_array[] pointer has gotten corrupted. If we assume that > the vm_page_t is valid (0xc0842acc), then the vm_page_buckets[] > pointer should be that. > > vm_page_buckets[58630] -> c08428cc > panic on vm_page_t m -> c0842acc > > Ok, so the corruption here is that an 'a' turned into an '8'. 1010 turned > into 1000... a bit got cleared. > > This is very similar to the corruption I found on one of Yahoo's > machines. Except on that machine two bits were changed. It's as though > some other subsystem is trying to manipulate a flag in a structure using > a bad structure pointer. > > -Matt > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message