From nobody@FreeBSD.org  Tue Sep 21 19:56:41 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EB07810656A8
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 21 Sep 2010 19:56:40 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id CDB8B8FC1F
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 21 Sep 2010 19:56:40 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o8LJuejx053843
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 21 Sep 2010 19:56:40 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o8LJuee7053842;
	Tue, 21 Sep 2010 19:56:40 GMT
	(envelope-from nobody)
Message-Id: <201009211956.o8LJuee7053842@www.freebsd.org>
Date: Tue, 21 Sep 2010 19:56:40 GMT
From: Alexey Ivanov <need4spam@bk.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [panic] [suj] Panic on portbuild
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         150796
>Category:       kern
>Synopsis:       [panic] [suj] [ufs] [softupdates] Panic on portbuild
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    mckusick
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 21 20:00:15 UTC 2010
>Closed-Date:    Thu Jan 13 23:14:37 UTC 2011
>Last-Modified:  Thu Jan 13 23:14:37 UTC 2011
>Originator:     Alexey Ivanov
>Release:        FreeBSD-CURRENT
>Organization:
>Environment:
FreeBSD PH34R 9.0-CURRENT FreeBSD 9.0-CURRENT #33 r212906=51fe03f: Mon Sep 20 22:55:50 MSD 2010     savetherbtz@PH34R:/usr/obj/usr/src/sys/PH34R.9  i386
>Description:
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01

fault virtual address	= 0x18
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc0b6c679
stack pointer	        = 0x28:0xe906b848
frame pointer	        = 0x28:0xe906b850
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 80358 (conftest)
trap number		= 12
panic: page fault
cpuid = 1
Uptime: 3h16m44s
Physical memory: 3038 MB
Dumping 349 MB: 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14

#0  doadump () at pcpu.h:231
231	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:231
#1  0xc08e9c53 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416
#2  0xc08e9ec3 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:590
#3  0xc0c73b39 in trap_fatal (frame=0xe906b808, eva=24) at /usr/src/sys/i386/i386/trap.c:980
#4  0xc0c73dfc in trap_pfault (frame=0xe906b808, usermode=0, eva=24) at /usr/src/sys/i386/i386/trap.c:893
#5  0xc0c74442 in trap (frame=0xe906b808) at /usr/src/sys/i386/i386/trap.c:568
#6  0xc0c5c91c in calltrap () at /usr/src/sys/i386/i386/exception.s:168
#7  0xc0b6c679 in free_jremref (jremref=0x0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:3570
#8  0xc0b76b15 in cancel_diradd (dap=0xc9dd8dc0, dirrem=0xca7d4640, jremref=0x0, dotremref=0xcafee2c0, dotdotremref=0x0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:6775
#9  0xc0b7715d in newdirrem (bp=0xdba06754, dp=0xce594b54, ip=0xca8a3000, isrmdir=1, prevdirremp=0xe906b8fc) at /usr/src/sys/ufs/ffs/ffs_softdep.c:7198
#10 0xc0b771ff in softdep_setup_directory_change (bp=0xdba06754, dp=0xce594b54, ip=0xca8a3000, newinum=3815424, isrmdir=1) at /usr/src/sys/ufs/ffs/ffs_softdep.c:7264
#11 0xc0b89d0e in ufs_dirrewrite (dp=0xce594b54, oip=0xca8a3000, newinum=3815424, newtype=4, isrmdir=1) at /usr/src/sys/ufs/ufs/ufs_lookup.c:1304
#12 0xc0b94cfc in ufs_rename (ap=0xe906bbd8) at /usr/src/sys/ufs/ufs/ufs_vnops.c:1429
#13 0xc0c8e6d4 in VOP_RENAME_APV (vop=0xc0e542e0, a=0xe906bbd8) at vnode_if.c:1474
#14 0xc09832b3 in kern_renameat (td=0xcc21b5a0, oldfd=-100, old=0x80484d2 <Address 0x80484d2 out of bounds>, newfd=-100, new=0x80484c6 <Address 0x80484c6 out of bounds>, pathseg=UIO_USERSPACE)
    at vnode_if.h:636
#15 0xc098348b in kern_rename (td=0xcc21b5a0, from=0x80484d2 <Address 0x80484d2 out of bounds>, to=0x80484c6 <Address 0x80484c6 out of bounds>, pathseg=UIO_USERSPACE)
    at /usr/src/sys/kern/vfs_syscalls.c:3574
#16 0xc09834b6 in rename (td=0xcc21b5a0, uap=0xe906bcec) at /usr/src/sys/kern/vfs_syscalls.c:3551
#17 0xc0927a6f in syscallenter (td=0xcc21b5a0, sa=0xe906bce4) at /usr/src/sys/kern/subr_trap.c:319
#18 0xc0c73e4d in syscall (frame=0xe906bd28) at /usr/src/sys/i386/i386/trap.c:1095
#19 0xc0c5c9b1 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:266
#20 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)

(kgdb) list *0xc0b6c679
0xc0b6c679 is in free_jremref (/usr/src/sys/ufs/ffs/ffs_softdep.c:3572).
3567	static void
3568	free_jremref(jremref)
3569		struct jremref *jremref;
3570	{
3571	
3572		if (jremref->jr_ref.if_jsegdep)
3573			free_jsegdep(jremref->jr_ref.if_jsegdep);
3574		if (jremref->jr_state & IOSTARTED)
3575			panic("free_jremref: IO still pending");
3576		WORKITEM_FREE(jremref, D_JREMREF);

>How-To-Repeat:
http://lists.freebsd.org/pipermail/freebsd-current/2010-July/018391.html

mkdir("foo", 00700);
mkdir("bar", 00700);

rename("foo", "bar");

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-fs 
Responsible-Changed-By: arundel 
Responsible-Changed-When: Wed Sep 22 12:24:16 UTC 2010 
Responsible-Changed-Why:  
Assign to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=150796 
Responsible-Changed-From-To: freebsd-fs->mckusick 
Responsible-Changed-By: mckusick 
Responsible-Changed-When: Fri Dec 31 06:01:39 UTC 2010 
Responsible-Changed-Why:  
ng over responsibility for this bug report. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=150796 
State-Changed-From-To: open->patched 
State-Changed-By: mckusick 
State-Changed-When: Fri Dec 31 06:02:22 UTC 2010 
State-Changed-Why:  
This bug should have been fixed with system revision 216817. 
Once the fix has been confirmed with the submitter this 
report will be closed. No MFC is required as it affects only 
journaled soft updates which are not in 8.x or earlier systems. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=150796 
State-Changed-From-To: patched->closed 
State-Changed-By: mckusick 
State-Changed-When: Thu Jan 13 23:13:49 UTC 2011 
State-Changed-Why:  
Confirmed fixed with system revision 216817. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=150796 
>Unformatted:
