From owner-freebsd-stable@FreeBSD.ORG  Sat Aug  4 22:36:18 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 80C4416A421
	for <stable@freebsd.org>; Sat,  4 Aug 2007 22:36:18 +0000 (UTC)
	(envelope-from peterjeremy@optushome.com.au)
Received: from turion.vk2pj.dyndns.org
	(c220-239-20-82.belrs4.nsw.optusnet.com.au [220.239.20.82])
	by mx1.freebsd.org (Postfix) with ESMTP id E61AF13C4A5
	for <stable@freebsd.org>; Sat,  4 Aug 2007 22:36:15 +0000 (UTC)
	(envelope-from peterjeremy@optushome.com.au)
Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1])
	by turion.vk2pj.dyndns.org (8.14.1/8.14.1) with ESMTP id l74LvvgT002900
	for <stable@freebsd.org>; Sun, 5 Aug 2007 07:57:57 +1000 (EST)
	(envelope-from peter@turion.vk2pj.dyndns.org)
Received: (from peter@localhost)
	by turion.vk2pj.dyndns.org (8.14.1/8.14.1/Submit) id l74LvvsY002899
	for stable@freebsd.org; Sun, 5 Aug 2007 07:57:57 +1000 (EST)
	(envelope-from peter)
Date: Sun, 5 Aug 2007 07:57:57 +1000
From: Peter Jeremy <peterjeremy@optushome.com.au>
To: stable@freebsd.org
Message-ID: <20070804215757.GA2860@turion.vk2pj.dyndns.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1"
Content-Disposition: inline
X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc
User-Agent: Mutt/1.5.16 (2007-06-09)
Cc: 
Subject: Page fault panic due to corrupt callwheel entries
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Aug 2007 22:36:18 -0000


--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

My laptop running -stable from late June panic'd overnight in
softclock:
Fatal trap 12: page fault while in kernel mode
fault virtual address   =3D 0x410
fault code              =3D supervisor read data, page not present
instruction pointer     =3D 0x8:0xffffffff80278619
stack pointer           =3D 0x10:0xffffffffa3543b80
frame pointer           =3D 0x10:0xffffffffa3543bd0
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D resume, IOPL =3D 0
current process         =3D 12 (swi4: clock)
trap number             =3D 12
panic: page fault
KDB: stack backtrace:
panic() at panic+0x1c1
trap_fatal() at trap_fatal+0x298
trap() at trap+0x1a8
calltrap() at calltrap+0x5
--- trap 0xc, rip =3D 0xffffffff80278619, rsp =3D 0xffffffffa3543b80, rbp =
=3D 0xffffffffa3543bd0 ---
softclock() at softclock+0xa9
ithread_loop() at ithread_loop+0x132

WHen I went looking, I found 3 adjacent callwheel entries had
tqh_first set to 0x400.  A single-bit glitch I might write off but the
same 'glitch' in 3 entries seems odd.  The 3 cases had tqh_last
pointing at the callwheel slot so they were supposed to be empty.
Does anyone have any ideas?

(kgdb) p softticks
$2 =3D 0x64f5ebe
(kgdb) p callwheelmask
$3 =3D 0x7fff
(kgdb) p callwheelsize
$4 =3D 0x8000
(kgdb) p callwheel[0x5ebe]
$5 =3D {
  tqh_first =3D 0x400,=20
  tqh_last =3D 0xffffffff98d6ac80
}
(kgdb) p callwheel[0x5ebd]
$6 =3D {
  tqh_first =3D 0x0,=20
  tqh_last =3D 0xffffffff98d6ac70
}
(kgdb) p callwheel[0x5ebf]
$7 =3D {
  tqh_first =3D 0x400,=20
  tqh_last =3D 0xffffffff98d6ac90
}
(kgdb) p callwheel[0x5ec0]
$8 =3D {
  tqh_first =3D 0x400,=20
  tqh_last =3D 0xffffffff98d6aca0
}
(kgdb) p callwheel[0x5ec1]
$9 =3D {
  tqh_first =3D 0xffffff00287cdb20,=20
  tqh_last =3D 0xffffff00287cdb20
}
(kgdb) =20
--=20
Peter Jeremy

--RnlQjJ0d97Da+TV1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQFGtPZl/opHv/APuIcRAnBHAJoCNys8xeKi3B+25JB+yYX9jY2aFwCgqZ0e
9B1voRq3DVsuc9rOxgcPxyk=
=6mQW
-----END PGP SIGNATURE-----

--RnlQjJ0d97Da+TV1--