Tappan@BBNG.ARPA (Dan Tappan) (08/15/85)
One of our vaxen, a 785, has been crashing on and off with protection fault panics - recently the crash rate has gotten high enough to make the machine almost unusable. From looking at the crash dumps the general scenario seems to be this: Either Copyin or Copyout is called (from uiomove) with a buffer and length in system space which runs right up to (but does not overlap) a non-existant page (PTE 0). For example it might be called with address 8032ab00, length 400 where 8032ab00-8032aeff exist, but 8032af00 is a non-existant page). The fault occurs on the movc3 instruction (either to or from the buffer depending on Copyin or Copyout) with the failing virtual address being the first byte of the non-existant page (8032af00 in the example above). According to the documentation on movc3 it will return with R1 (R3) pointing one byte beyond the end of the source (destination) string. This is, of course, the failing address. My question is : is movc3 supposed to actually reference that byte? If so, are we missing some patch that would prevent Copyin (Copyout) from doing movc3's next to non-existant pages? If not, is this evidence that our hardware is busted? Thanks, Dan (Note, I've seen the recent discussion on 'protection fault's caused by PROBE instructions next to page boundries - this is not that). -------