From owner-freebsd-stable@FreeBSD.ORG  Fri Aug  5 05:14:33 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@FreeBSD.org
Delivered-To: freebsd-stable@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4685D16A41F
	for <freebsd-stable@FreeBSD.org>; Fri,  5 Aug 2005 05:14:33 +0000 (GMT)
	(envelope-from fmc@reanimators.org)
Received: from lots.reanimators.org (lots.reanimators.org [64.142.28.221])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E709C43D45
	for <freebsd-stable@FreeBSD.org>; Fri,  5 Aug 2005 05:14:32 +0000 (GMT)
	(envelope-from fmc@reanimators.org)
Received: from lots.reanimators.org (localhost.reanimators.org [127.0.0.1])
	by lots.reanimators.org (8.13.3/8.13.3) with ESMTP id j755EWI6019404
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Thu, 4 Aug 2005 22:14:32 -0700 (PDT)
	(envelope-from fmc@lots.reanimators.org)
Received: (from fmc@localhost)
	by lots.reanimators.org (8.13.3/8.13.3/Submit) id j755EWpH019403;
	Thu, 4 Aug 2005 22:14:32 -0700 (PDT) (envelope-from fmc)
Message-Id: <200508050514.j755EWpH019403@lots.reanimators.org>
To: freebsd-stable@FreeBSD.org
References: <200507290034.j6T0YLdZ014411@lots.reanimators.org>
	<20050729091624.R74149@fledge.watson.org>
	<200507291809.j6TI9p37035628@lots.reanimators.org>
	<200508021726.j72HQPQG051111@lots.reanimators.org>
	<200508022220.j72MKvUt056654@lots.reanimators.org>
From: Frank McConnell <fmc@reanimators.org>
Date: Thu, 04 Aug 2005 22:14:32 -0700
In-Reply-To: <200508022220.j72MKvUt056654@lots.reanimators.org> (Frank
	McConnell's message of "Tue, 02 Aug 2005 15:20:57 -0700")
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: 
Subject: Re: RELENG_5 PAE panic
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2005 05:14:33 -0000

Further debugging led me to the conclusion that the problem is in
pmap_protect(), in src/sys/i386/i386/pmap.c; and has to do with a
32-bit-truncated pt_entry_t being passed to PHYS_TO_VM_PAGE().
(pt_entry_t is 64 bits if the kernel is built with PAE.)  This caused
a page fault in vm_page_flag_set() which left the thread deadlocked
while holding vm_page_queue_mtx and in turn led to a panic when
another thread tried to acquire vm_page_queue_mtx.

Then I checked the cvs logs, and saw rev 1.524, which looks like what
I was thinking about as a fix, so I'm giving it a spin on top of
earlier-this-week's RELENG_5.  Thus far I'll say that with that change
my usual way of provoking the problem hasn't, yet.

I'm going to try to get this PC put back into co-lo where it can 
get some production-like testing this weekend.  It'd be nice to get
this fix MFC'd to RELENG_5 too.

-Frank McConnell