Date: Mon, 24 Sep 2001 15:44:15 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Matt Dillon <dillon@earth.backplane.com> Cc: Ian Dowse <iedowse@maths.tcd.ie>, hackers@freebsd.org Subject: Re: VM Corruption - stumped, anyone have any ideas? Message-ID: <Pine.BSF.4.21.0109241540230.51124-100000@InterJet.elischer.org> In-Reply-To: <200109242113.f8OLDbV96558@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
remember that we hit almost this problem with the KSE stuff during debugging? The pointers in the last few entries of the vm_page_buckets array got corrupted when an agument to a function that manipulated whatever was next in ram was 0, and it turned out that it was 0 because of some PTE flushing thing (you are the one that found it... remember?) (there was a line of asm code missing) On Mon, 24 Sep 2001, Matt Dillon wrote: > > : > :In message <200109241914.f8OJE4l95477@earth.backplane.com>, Matt Dillon writes: > :> > :>$8 = 58630 > :>(kgdb) print vm_page_buckets[$8] > : > :What is vm_page_hash_mask? The chunk of memory you printed out below > :looks alright; it is consistent with vm_page_array == 0xc051c000. Is > :it just the vm_page_buckets[] pointer that is corrupt? > : > :The address 0xc08428cc is (char *)&vm_page_array[55060] + 28, and > :sizeof(struct vm_page) is 60, so 0xc08428cc is in the middle of > :a vm_page within vm_page_array[]. > : > :Ian > > (kgdb) print vm_page_buckets[58630] > $5 = (struct vm_page *) 0xc08428cc > (kgdb) print vm_page_array > $6 = 0xc051c000 > (kgdb) print vm_page_hash_mask > $7 = 262143 > (kgdb) print &vm_page_array[55060] > $11 = (struct vm_page *) 0xc08428b0 > (kgdb) print &vm_page_array[55061] > $10 = (struct vm_page *) 0xc08428ec > > Yowzer. How the hell did that happen! Yes, you're right, the > vm_page_array[] pointer has gotten corrupted. If we assume that > the vm_page_t is valid (0xc0842acc), then the vm_page_buckets[] > pointer should be that. > > vm_page_buckets[58630] -> c08428cc > panic on vm_page_t m -> c0842acc > > Ok, so the corruption here is that an 'a' turned into an '8'. 1010 turned > into 1000... a bit got cleared. > > This is very similar to the corruption I found on one of Yahoo's > machines. Except on that machine two bits were changed. It's as though > some other subsystem is trying to manipulate a flag in a structure using > a bad structure pointer. > > -Matt > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0109241540230.51124-100000>