From owner-freebsd-bugs@FreeBSD.ORG  Wed Jul 28 02:00:39 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9BD6316A4CE
	for <freebsd-bugs@hub.freebsd.org>;
	Wed, 28 Jul 2004 02:00:39 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6D69243D77
	for <freebsd-bugs@hub.freebsd.org>;
	Wed, 28 Jul 2004 02:00:39 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i6S20Q4Q063545
	for <freebsd-bugs@freefall.freebsd.org>; Wed, 28 Jul 2004 02:00:27 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i6S20Q2C063541;
	Wed, 28 Jul 2004 02:00:26 GMT
	(envelope-from gnats)
Resent-Date: Wed, 28 Jul 2004 02:00:26 GMT
Resent-Message-Id: <200407280200.i6S20Q2C063541@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, scrappy@hub.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A323316A4D0
	for <FreeBSD-gnats-submit@freebsd.org>;
	Wed, 28 Jul 2004 01:57:16 +0000 (GMT)
Received: from jupiter.hub.org (jupiter.hub.org [200.46.204.3])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 08FC443D5D
	for <FreeBSD-gnats-submit@freebsd.org>;
	Wed, 28 Jul 2004 01:57:16 +0000 (GMT)
	(envelope-from root@jupiter.hub.org)
Received: from jupiter.hub.org (localhost [127.0.0.1])
	by jupiter.hub.org (8.12.11/8.12.11) with ESMTP id i6S1v8VB049459
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue, 27 Jul 2004 22:57:08 -0300 (ADT)
	(envelope-from root@jupiter.hub.org)
Received: (from root@localhost)
	by jupiter.hub.org (8.12.11/8.12.11/Submit) id i6S1v7WI049445;
	Tue, 27 Jul 2004 22:57:07 -0300 (ADT)
	(envelope-from root)
Message-Id: <200407280157.i6S1v7WI049445@jupiter.hub.org>
Date: Tue, 27 Jul 2004 22:57:07 -0300 (ADT)
From: scrappy@hub.org
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Subject: kern/69685: panic: page fault in ffs_write / b_copy
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: scrappy@hub.org
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jul 2004 02:00:39 -0000


>Number:         69685
>Category:       kern
>Synopsis:       panic: page fault in ffs_write / b_copy
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 28 02:00:26 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Marc G. Fournier
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
Hub.Org Networking Services
>Environment:

>Description:

Script started on Tue Jul 27 22:50:27 2004
jupiter# gdb -k /usr/obj/usr/src/sys/kernel/kernel.debug vmcore.12 
GNU gdb 4.18 (FreeBSD)
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...Deprecated bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 2627 in elfstab_build_psymtabs
Deprecated bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 933 in fill_symbuf

SMP 2 cpus
IdlePTD at physical address 0x00340000
initial pcb at physical address 0x002b0f40
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
mp_lock = 00000002; cpuid = 0; lapic.id = 03000000
fault virtual address	= 0x0
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0x8023e416
stack pointer	        = 0x10:0xb892ec04
frame pointer	        = 0x10:0xb892ec30
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 7 (syncer)
interrupt mask		= none <- SMP: XXX
trap number		= 12
panic: page fault
mp_lock = 00000002; cpuid = 0; lapic.id = 03000000
boot() called on cpu#0

syncing disks... 

Fatal trap 12: page fault while in kernel mode
mp_lock = 00000003; cpuid = 0; lapic.id = 03000000
fault virtual address	= 0x0
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0x8023e416
stack pointer	        = 0x10:0xb892e790
frame pointer	        = 0x10:0xb892e7bc
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 7 (syncer)
interrupt mask		= none <- SMP: XXX
trap number		= 12
panic: page fault
mp_lock = 00000003; cpuid = 0; lapic.id = 03000000
boot() called on cpu#0
Uptime: 51d22h31m49s

dumping to dev #da/0x20001, offset 8519808
---
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
487		if (dumping++) {
(kgdb) where
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0x801522eb in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:316
#2  0x8015275d in panic (fmt=0x80275399 "%s") at /usr/src/sys/kern/kern_shutdown.c:595
#3  0x8023fa41 in trap_fatal (frame=0xb892e750, eva=0) at /usr/src/sys/i386/i386/trap.c:974
#4  0x8023f6ad in trap_pfault (frame=0xb892e750, usermode=0, eva=0) at /usr/src/sys/i386/i386/trap.c:867
#5  0x8023f20b in trap (frame={tf_fs = -1774387176, tf_es = -2042626032, tf_ds = -2042626032, tf_edi = -1509507072, tf_esi = 0, 
      tf_ebp = -1198331972, tf_isp = -1198332036, tf_ebx = 8192, tf_edx = -1509507072, tf_ecx = 2048, tf_eax = -1509507072, 
      tf_trapno = 12, tf_err = 0, tf_eip = -2145131498, tf_cs = 8, tf_eflags = 66054, tf_esp = -1198331732, tf_ss = -1198331760})
    at /usr/src/sys/i386/i386/trap.c:466
#6  0x8023e416 in generic_bcopy ()
#7  0x801f5b65 in ffs_write (ap=0xb892e854) at /usr/src/sys/ufs/ufs/ufs_readwrite.c:547
#8  0x80191451 in union_write (ap=0xb892e898) at vnode_if.h:363
#9  0x8020cca8 in vnode_pager_generic_putpages (vp=0xca66d740, m=0xb892e970, bytecount=8192, flags=12, rtvals=0xb892e93c)
    at vnode_if.h:363
#10 0x801912c2 in union_putpages (ap=0xb892e900) at /usr/src/sys/miscfs/union/union_vnops.c:1047
#11 0x8020caca in vnode_pager_putpages (object=0xc4c81958, m=0xb892e970, count=2, sync=12, rtvals=0xb892e93c) at vnode_if.h:1147
#12 0x80209a0f in vm_pageout_flush (mc=0xb892e970, count=2, flags=12) at /usr/src/sys/vm/vm_pager.h:147
#13 0x8020697b in vm_object_page_collect_flush (object=0xc4c81958, p=0x828b23b0, curgeneration=47865, pagerflags=12)
    at /usr/src/sys/vm/vm_object.c:806
#14 0x80206559 in vm_object_page_clean (object=0xc4c81958, start=0, end=0, flags=4) at /usr/src/sys/vm/vm_object.c:605
#15 0x80182b08 in vfs_msync (mp=0x8fd6c600, flags=2) at /usr/src/sys/kern/vfs_subr.c:2731
#16 0x80183c80 in sync (p=0x802c5440, uap=0x0) at /usr/src/sys/kern/vfs_syscalls.c:582
#17 0x80152086 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:235
#18 0x8015275d in panic (fmt=0x80275399 "%s") at /usr/src/sys/kern/kern_shutdown.c:595
#19 0x8023fa41 in trap_fatal (frame=0xb892ebc4, eva=0) at /usr/src/sys/i386/i386/trap.c:974
#20 0x8023f6ad in trap_pfault (frame=0xb892ebc4, usermode=0, eva=0) at /usr/src/sys/i386/i386/trap.c:867
#21 0x8023f20b in trap (frame={tf_fs = -1851260904, tf_es = -2146303984, tf_ds = -1989672944, tf_edi = -1464680448, tf_esi = 0, 
      tf_ebp = -1198330832, tf_isp = -1198330896, tf_ebx = 8192, tf_edx = -1464680448, tf_ecx = 2048, tf_eax = -1464680448, 
      tf_trapno = 12, tf_err = 0, tf_eip = -2145131498, tf_cs = 8, tf_eflags = 66054, tf_esp = -1198330592, tf_ss = -1198330620})
    at /usr/src/sys/i386/i386/trap.c:466
#22 0x8023e416 in generic_bcopy ()
#23 0x801f5b65 in ffs_write (ap=0xb892ecc8) at /usr/src/sys/ufs/ufs/ufs_readwrite.c:547
#24 0x80191451 in union_write (ap=0xb892ed0c) at vnode_if.h:363
#25 0x8020cca8 in vnode_pager_generic_putpages (vp=0xc83f83c0, m=0xb892ede4, bytecount=8192, flags=12, rtvals=0xb892edb0)
    at vnode_if.h:363
#26 0x801912c2 in union_putpages (ap=0xb892ed74) at /usr/src/sys/miscfs/union/union_vnops.c:1047
#27 0x8020caca in vnode_pager_putpages (object=0xc7076170, m=0xb892ede4, count=2, sync=12, rtvals=0xb892edb0) at vnode_if.h:1147
#28 0x80209a0f in vm_pageout_flush (mc=0xb892ede4, count=2, flags=12) at /usr/src/sys/vm/vm_pager.h:147
#29 0x8020697b in vm_object_page_collect_flush (object=0xc7076170, p=0x835e4830, curgeneration=25361, pagerflags=12)
    at /usr/src/sys/vm/vm_object.c:806
#30 0x80206559 in vm_object_page_clean (object=0xc7076170, start=0, end=0, flags=4) at /usr/src/sys/vm/vm_object.c:605
#31 0x80182b08 in vfs_msync (mp=0x8fd6c600, flags=2) at /usr/src/sys/kern/vfs_subr.c:2731
#32 0x80182ed6 in sync_fsync (ap=0xb892ef7c) at /usr/src/sys/kern/vfs_subr.c:2992
#33 0x801811bf in sched_sync () at vnode_if.h:558
(kgdb) up 7
#7  0x801f5b65 in ffs_write (ap=0xb892e854) at /usr/src/sys/ufs/ufs/ufs_readwrite.c:547
547			error =
(kgdb) list
542	
543			size = BLKSIZE(fs, ip, lbn) - bp->b_resid;
544			if (size < xfersize)
545				xfersize = size;
546	
547			error =
548			    uiomove((char *)bp->b_data + blkoffset, (int)xfersize, uio);
549			if ((ioflag & (IO_VMIO|IO_DIRECT)) && 
550			    (LIST_FIRST(&bp->b_dep) == NULL)) {
551				bp->b_flags |= B_RELBUF;
(kgdb) up
#8  0x80191451 in union_write (ap=0xb892e898) at vnode_if.h:363
363		rc = VCALL(vp, VOFFSET(vop_write), &a);
(kgdb) list
358		a.a_desc = VDESC(vop_write);
359		a.a_vp = vp;
360		a.a_uio = uio;
361		a.a_ioflag = ioflag;
362		a.a_cred = cred;
363		rc = VCALL(vp, VOFFSET(vop_write), &a);
364		return (rc);
365	}
366	struct vop_lease_args {
367		struct vnodeop_desc *a_desc;
(kgdb) quit
jupiter# exit
exit

Script done on Tue Jul 27 22:52:07 2004
>How-To-Repeat:
	
>Fix:

	


>Release-Note:
>Audit-Trail:
>Unformatted: