Date: Sun, 5 Aug 2007 07:57:57 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: stable@freebsd.org Subject: Page fault panic due to corrupt callwheel entries Message-ID: <20070804215757.GA2860@turion.vk2pj.dyndns.org>
next in thread | raw e-mail | index | archive | help
--RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable My laptop running -stable from late June panic'd overnight in softclock: Fatal trap 12: page fault while in kernel mode fault virtual address =3D 0x410 fault code =3D supervisor read data, page not present instruction pointer =3D 0x8:0xffffffff80278619 stack pointer =3D 0x10:0xffffffffa3543b80 frame pointer =3D 0x10:0xffffffffa3543bd0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D resume, IOPL =3D 0 current process =3D 12 (swi4: clock) trap number =3D 12 panic: page fault KDB: stack backtrace: panic() at panic+0x1c1 trap_fatal() at trap_fatal+0x298 trap() at trap+0x1a8 calltrap() at calltrap+0x5 --- trap 0xc, rip =3D 0xffffffff80278619, rsp =3D 0xffffffffa3543b80, rbp = =3D 0xffffffffa3543bd0 --- softclock() at softclock+0xa9 ithread_loop() at ithread_loop+0x132 WHen I went looking, I found 3 adjacent callwheel entries had tqh_first set to 0x400. A single-bit glitch I might write off but the same 'glitch' in 3 entries seems odd. The 3 cases had tqh_last pointing at the callwheel slot so they were supposed to be empty. Does anyone have any ideas? (kgdb) p softticks $2 =3D 0x64f5ebe (kgdb) p callwheelmask $3 =3D 0x7fff (kgdb) p callwheelsize $4 =3D 0x8000 (kgdb) p callwheel[0x5ebe] $5 =3D { tqh_first =3D 0x400,=20 tqh_last =3D 0xffffffff98d6ac80 } (kgdb) p callwheel[0x5ebd] $6 =3D { tqh_first =3D 0x0,=20 tqh_last =3D 0xffffffff98d6ac70 } (kgdb) p callwheel[0x5ebf] $7 =3D { tqh_first =3D 0x400,=20 tqh_last =3D 0xffffffff98d6ac90 } (kgdb) p callwheel[0x5ec0] $8 =3D { tqh_first =3D 0x400,=20 tqh_last =3D 0xffffffff98d6aca0 } (kgdb) p callwheel[0x5ec1] $9 =3D { tqh_first =3D 0xffffff00287cdb20,=20 tqh_last =3D 0xffffff00287cdb20 } (kgdb) =20 --=20 Peter Jeremy --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGtPZl/opHv/APuIcRAnBHAJoCNys8xeKi3B+25JB+yYX9jY2aFwCgqZ0e 9B1voRq3DVsuc9rOxgcPxyk= =6mQW -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070804215757.GA2860>