From owner-freebsd-bugs@FreeBSD.ORG  Mon Aug 13 09:20:07 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8444616A419
	for <freebsd-bugs@hub.freebsd.org>;
	Mon, 13 Aug 2007 09:20:07 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 4B5EB13C46C
	for <freebsd-bugs@hub.freebsd.org>;
	Mon, 13 Aug 2007 09:20:07 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l7D9K6Ei041268
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 13 Aug 2007 09:20:06 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l7D9K6SY041267;
	Mon, 13 Aug 2007 09:20:06 GMT (envelope-from gnats)
Date: Mon, 13 Aug 2007 09:20:06 GMT
Message-Id: <200708130920.l7D9K6SY041267@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Mo McRoberts <mo@nevali.net>
Cc: 
Subject: Re: kern/115374: [panic] vm_fault: fault on nofault entry,
	addr: e120d000
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Mo McRoberts <mo@nevali.net>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Aug 2007 09:20:07 -0000

The following reply was made to PR kern/115374; it has been noted by GNATS.

From: Mo McRoberts <mo@nevali.net>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/115374: [panic] vm_fault: fault on nofault entry, addr: e120d000
Date: Mon, 13 Aug 2007 10:11:30 +0100

 I don't know how much this backtrace helps in finding the problem,  
 but here goes:
 
 [root@sol.nevali.net SOL]# kgdb kernel.debug /var/crash/vmcore.0
 kgdb: kvm_nlist(_stopped_cpus):
 kgdb: kvm_nlist(_stoppcbs):
 [GDB will not be able to debug user-mode threads: /usr/lib/ 
 libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and  
 you are
 welcome to change it and/or distribute copies of it under certain  
 conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for  
 details.
 This GDB was configured as "i386-marcel-freebsd".
 
 Unread portion of the kernel message buffer:
 panic: vm_fault: fault on nofault entry, addr: e120d000
 Uptime: 4h15m43s
 Dumping 735 MB (2 chunks)
    chunk 0: 1MB (159 pages) ... ok
    chunk 1: 735MB (188144 pages) 719 703 687 671 655 639 623 607 591  
 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319  
 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15
 
 #0  doadump () at pcpu.h:165
 165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
 (kgdb) bt
 #0  doadump () at pcpu.h:165
 #1  0xc0672dae in boot (howto=260) at /usr/src/sys/kern/ 
 kern_shutdown.c:409
 #2  0xc0673044 in panic (
      fmt=0xc0915c6e "vm_fault: fault on nofault entry, addr: %lx")
      at /usr/src/sys/kern/kern_shutdown.c:565
 #3  0xc07e7738 in vm_fault (map=0xc104b000, vaddr=3777024000,
      fault_type=1 '\001', fault_flags=0) at /usr/src/sys/vm/ 
 vm_fault.c:279
 #4  0xc088e74a in trap_pfault (frame=0xdb89bbf8, usermode=0,  
 eva=3777024000)
      at /usr/src/sys/i386/i386/trap.c:734
 #5  0xc088e3d9 in trap (frame=
        {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -999804900,  
 tf_esi = -517943298, tf_ebp = -611730300, tf_isp = -611730396, tf_ebx  
 = -1002619648, tf_edx = 0, tf_ecx = 505, tf_eax = -481861602,  
 tf_trapno = 12, tf_err = 0, tf_eip = -1064777994, tf_cs = 32,  
 tf_eflags = 66070, tf_esp = 18412, tf_ss = 2048})
      at /usr/src/sys/i386/i386/trap.c:435
 #6  0xc087caaa in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 #7  0xc088c6f6 in generic_bcopy () at /usr/src/sys/i386/i386/ 
 support.s:489
 Previous frame inner to this frame (corrupt stack?)
 (kgdb) up 7
 #7  0xc088c6f6 in generic_bcopy () at /usr/src/sys/i386/i386/ 
 support.s:489
 489             cld                                     /* nope, copy  
 forwards */
 Current language:  auto; currently asm
 (kgdb)
 
 I'm assuming generic_bcopy()'s being called from whatever is really  
 at fault, and with a corrupted stack it's going to be very difficult  
 to find out what?
 
 Mo.