Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x18 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0b6c679 stack pointer = 0x28:0xe906b848 frame pointer = 0x28:0xe906b850 code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 80358 (conftest) trap number = 12 panic: page fault cpuid = 1 Uptime: 3h16m44s Physical memory: 3038 MB Dumping 349 MB: 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14 #0 doadump () at pcpu.h:231 231 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt #0 doadump () at pcpu.h:231 #1 0xc08e9c53 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416 #2 0xc08e9ec3 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:590 #3 0xc0c73b39 in trap_fatal (frame=0xe906b808, eva=24) at /usr/src/sys/i386/i386/trap.c:980 #4 0xc0c73dfc in trap_pfault (frame=0xe906b808, usermode=0, eva=24) at /usr/src/sys/i386/i386/trap.c:893 #5 0xc0c74442 in trap (frame=0xe906b808) at /usr/src/sys/i386/i386/trap.c:568 #6 0xc0c5c91c in calltrap () at /usr/src/sys/i386/i386/exception.s:168 #7 0xc0b6c679 in free_jremref (jremref=0x0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:3570 #8 0xc0b76b15 in cancel_diradd (dap=0xc9dd8dc0, dirrem=0xca7d4640, jremref=0x0, dotremref=0xcafee2c0, dotdotremref=0x0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:6775 #9 0xc0b7715d in newdirrem (bp=0xdba06754, dp=0xce594b54, ip=0xca8a3000, isrmdir=1, prevdirremp=0xe906b8fc) at /usr/src/sys/ufs/ffs/ffs_softdep.c:7198 #10 0xc0b771ff in softdep_setup_directory_change (bp=0xdba06754, dp=0xce594b54, ip=0xca8a3000, newinum=3815424, isrmdir=1) at /usr/src/sys/ufs/ffs/ffs_softdep.c:7264 #11 0xc0b89d0e in ufs_dirrewrite (dp=0xce594b54, oip=0xca8a3000, newinum=3815424, newtype=4, isrmdir=1) at /usr/src/sys/ufs/ufs/ufs_lookup.c:1304 #12 0xc0b94cfc in ufs_rename (ap=0xe906bbd8) at /usr/src/sys/ufs/ufs/ufs_vnops.c:1429 #13 0xc0c8e6d4 in VOP_RENAME_APV (vop=0xc0e542e0, a=0xe906bbd8) at vnode_if.c:1474 #14 0xc09832b3 in kern_renameat (td=0xcc21b5a0, oldfd=-100, old=0x80484d2 <Address 0x80484d2 out of bounds>, newfd=-100, new=0x80484c6 <Address 0x80484c6 out of bounds>, pathseg=UIO_USERSPACE) at vnode_if.h:636 #15 0xc098348b in kern_rename (td=0xcc21b5a0, from=0x80484d2 <Address 0x80484d2 out of bounds>, to=0x80484c6 <Address 0x80484c6 out of bounds>, pathseg=UIO_USERSPACE) at /usr/src/sys/kern/vfs_syscalls.c:3574 #16 0xc09834b6 in rename (td=0xcc21b5a0, uap=0xe906bcec) at /usr/src/sys/kern/vfs_syscalls.c:3551 #17 0xc0927a6f in syscallenter (td=0xcc21b5a0, sa=0xe906bce4) at /usr/src/sys/kern/subr_trap.c:319 #18 0xc0c73e4d in syscall (frame=0xe906bd28) at /usr/src/sys/i386/i386/trap.c:1095 #19 0xc0c5c9b1 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:266 #20 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) list *0xc0b6c679 0xc0b6c679 is in free_jremref (/usr/src/sys/ufs/ffs/ffs_softdep.c:3572). 3567 static void 3568 free_jremref(jremref) 3569 struct jremref *jremref; 3570 { 3571 3572 if (jremref->jr_ref.if_jsegdep) 3573 free_jsegdep(jremref->jr_ref.if_jsegdep); 3574 if (jremref->jr_state & IOSTARTED) 3575 panic("free_jremref: IO still pending"); 3576 WORKITEM_FREE(jremref, D_JREMREF); How-To-Repeat: http://lists.freebsd.org/pipermail/freebsd-current/2010-July/018391.html mkdir("foo", 00700); mkdir("bar", 00700); rename("foo", "bar");
Responsible Changed From-To: freebsd-bugs->freebsd-fs Assign to maintainer(s).
Responsible Changed From-To: freebsd-fs->mckusick ng over responsibility for this bug report.
State Changed From-To: open->patched This bug should have been fixed with system revision 216817. Once the fix has been confirmed with the submitter this report will be closed. No MFC is required as it affects only journaled soft updates which are not in 8.x or earlier systems.
State Changed From-To: patched->closed Confirmed fixed with system revision 216817.