Comment 53 for bug 1178707

So the first one did not show some immediately obvious hint. And I think the lockup of that was posted in comment #52 is a completely different issue (also wondering about the kernel version in there, is that a mainline kernel?). Anyway, that rather seems to be a bug which I thought we had a patch in upstream stable (v3.2.40: xen: Send spinlock IPI to all waiters). Certainly not a crash but a lockup and unlikely related to the 2.6.32 bug of bad pages.

The crash from comment #51 could be a little more interesting. Though it is at least a different way in which brokenness is detected. Actually it does not seem to be detected at all but freeing some pages seems to run into a page fault and the second trace looks to be from adding dynamic memory.

In all recent traces it is phantomjs that is affected (or running on the cpu that produces the error). I wonder, would it be possible to point to the source from which that comes from? Normally userspace should not be able to cause that sort of corruption but maybe the way this code works allows to see what goes wrong.