Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 5 Aug 2007 07:57:57 +1000
From:      Peter Jeremy <peterjeremy@optushome.com.au>
To:        stable@freebsd.org
Subject:   Page fault panic due to corrupt callwheel entries
Message-ID:  <20070804215757.GA2860@turion.vk2pj.dyndns.org>
next in thread | raw e-mail | index | archive | help 

--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

My laptop running -stable from late June panic'd overnight in
softclock:
Fatal trap 12: page fault while in kernel mode
fault virtual address   =3D 0x410
fault code              =3D supervisor read data, page not present
instruction pointer     =3D 0x8:0xffffffff80278619
stack pointer           =3D 0x10:0xffffffffa3543b80
frame pointer           =3D 0x10:0xffffffffa3543bd0
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D resume, IOPL =3D 0
current process         =3D 12 (swi4: clock)
trap number             =3D 12
panic: page fault
KDB: stack backtrace:
panic() at panic+0x1c1
trap_fatal() at trap_fatal+0x298
trap() at trap+0x1a8
calltrap() at calltrap+0x5
--- trap 0xc, rip =3D 0xffffffff80278619, rsp =3D 0xffffffffa3543b80, rbp =
=3D 0xffffffffa3543bd0 ---
softclock() at softclock+0xa9
ithread_loop() at ithread_loop+0x132

WHen I went looking, I found 3 adjacent callwheel entries had
tqh_first set to 0x400.  A single-bit glitch I might write off but the
same 'glitch' in 3 entries seems odd.  The 3 cases had tqh_last
pointing at the callwheel slot so they were supposed to be empty.
Does anyone have any ideas?

(kgdb) p softticks
$2 =3D 0x64f5ebe
(kgdb) p callwheelmask
$3 =3D 0x7fff
(kgdb) p callwheelsize
$4 =3D 0x8000
(kgdb) p callwheel[0x5ebe]
$5 =3D {
  tqh_first =3D 0x400,=20
  tqh_last =3D 0xffffffff98d6ac80
}
(kgdb) p callwheel[0x5ebd]
$6 =3D {
  tqh_first =3D 0x0,=20
  tqh_last =3D 0xffffffff98d6ac70
}
(kgdb) p callwheel[0x5ebf]
$7 =3D {
  tqh_first =3D 0x400,=20
  tqh_last =3D 0xffffffff98d6ac90
}
(kgdb) p callwheel[0x5ec0]
$8 =3D {
  tqh_first =3D 0x400,=20
  tqh_last =3D 0xffffffff98d6aca0
}
(kgdb) p callwheel[0x5ec1]
$9 =3D {
  tqh_first =3D 0xffffff00287cdb20,=20
  tqh_last =3D 0xffffff00287cdb20
}
(kgdb) =20
--=20
Peter Jeremy

--RnlQjJ0d97Da+TV1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQFGtPZl/opHv/APuIcRAnBHAJoCNys8xeKi3B+25JB+yYX9jY2aFwCgqZ0e
9B1voRq3DVsuc9rOxgcPxyk=
=6mQW
-----END PGP SIGNATURE-----

--RnlQjJ0d97Da+TV1--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070804215757.GA2860>