From vkushnir@Alfacom.net  Wed Sep  3 14:47:50 2003
Return-Path: <vkushnir@Alfacom.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A02C016A4BF
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  3 Sep 2003 14:47:50 -0700 (PDT)
Received: from Stalker.alfacom.net (Stalker.Alfacom.net [193.108.124.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C670243FA3
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  3 Sep 2003 14:47:47 -0700 (PDT)
	(envelope-from vkushnir@Alfacom.net)
Received: from kushnir1.kiev.ua (124-175.dialup.Alfacom.net [193.108.124.175])
	by Stalker.alfacom.net (8.12.8/8.12.8) with ESMTP id h83Llfh2012567
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 4 Sep 2003 00:47:43 +0300 (EEST)
Received: from kushnir1.kiev.ua (localhost [127.0.0.1])
	by kushnir1.kiev.ua (8.12.9/8.12.9) with ESMTP id h83Lldsa002080
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 4 Sep 2003 00:47:39 +0300 (EEST)
	(envelope-from vkushnir@kushnir1.kiev.ua)
Received: (from vkushnir@localhost)
	by kushnir1.kiev.ua (8.12.9/8.12.9/Submit) id h83Lldlx002079;
	Thu, 4 Sep 2003 00:47:39 +0300 (EEST)
	(envelope-from vkushnir)
Message-Id: <200309032147.h83Lldlx002079@kushnir1.kiev.ua>
Date: Thu, 4 Sep 2003 00:47:39 +0300 (EEST)
From: Vladimir Kushnir <vkushnir@Alfacom.net>
Reply-To: Vladimir Kushnir <vkushnir@Alfacom.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: cdrecord panicks -CURRENT with ATAPI burner
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         56380
>Category:       kern
>Synopsis:       cdrecord panicks -CURRENT with ATAPI burner
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 03 14:50:14 PDT 2003
>Closed-Date:    Wed Nov 05 14:58:00 PST 2003
>Last-Modified:  Wed Nov 05 14:58:00 PST 2003
>Originator:     Vladimir Kushnir
>Release:        FreeBSD 5.1-CURRENT i386
>Organization:
>Environment:
System: FreeBSD kushnir1.kiev.ua 5.1-CURRENT FreeBSD 5.1-CURRENT #6: Wed Sep 3 08:45:50 EEST 2003 root@kushnir1.kiev.ua:/usr/obj/usr/src/sys/KUSHNIR i386


>Description:
Any attempt to burn with cdrecord (ports/sysutils/cdrtools or 
ports/sysutils/cdrtools-devel) in real or simulation mode immediately
panics system with ATAPI burner. This happens since early August till now,
100% reproducible. DDB diagnostics for the last kernel (GENERIC + atapicam 
- ATA_STATIC_ID, compiled with default flags:

panic:	mutex vm object not owned at /usr/src/sys/vm/vm_page.c:761
Debugger("panic")
Stopped at	Debugger+0x54:	xchgl	%ebx, in_Debugger.0
db>trace
Debugger(c0532adb,c05f53a0,c053219a,cfe06b68,100) at Debugger+0x54
panic(c053219a,c0548b15,c0548ffa,2f9,42) at panic+0xd5
_mtx_assert(c219ade0,1,c0548ffa,2f9,c2198294) at _mtx_assert+0xec
vm_page_alloc(c219ade0,0,0,0,c0531f5b) at vm_page_alloc+0x59
vm_fault_copy_entry(c219de00,c219dd00,c2198294,c2088960,c048139d) at
vm_fault_copy_entry+0xab
vm_map_copy_entry(c219dd00,c219de00,c2088960,c2198294,c058882c) at
vm_map_copy_entry+0x211
vmspace_fork(c219dd00,1,c0547ddd,255,c2360618) at vmspace_fork+0x326
vm_forkproc(c21815f0,c23605ac,c2181130,14,cfe06cbc) at vm_forkproc+0xde
fork1(c21815f0,14,0,cfe06cd8,c21815f0) at fork1+0xead
fork(c21815f0,cfe06d10,c054de6a,3eb,0) at fork+0x2b
syscall(2f,2f,2f,1000,10000) at syscall+0x273
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (2, FreeBSD ELF32, fork), eip = 0x2810fd8f, esp = 0xbfbfd63c,
ebp = 0xbfbfd668

"gdb -k" output:

Script started on Wed Sep  3 23:56:36 2003
 ~> sudo gsb -k /usr/obj/usr/src/sys/KUSHNIR-TEST/kernel.debug /usr/crash/vmcore.0A> sud	 gP80`.0KA11`80`11`@d80`e.0A12`80`e
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: mutex vm object not owned at /usr/src/sys/vm/vm_page.c:761
panic messages:
---
panic: mutex vm object not owned at /usr/src/sys/vm/vm_page.c:761
panic: from debugger
Uptime: 2m54s
Dumping 191 MB
 16 32 48 64 80 96 112 128 144 160 176
---
Reading symbols from /usr/obj/usr/src/sys/KUSHNIR-TEST/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/KUSHNIR-TEST/modules/usr/src/sys/modules/acpi/acpi.ko.debug
Reading symbols from /boot/kernel/green_saver.ko...done.
Loaded symbols for /boot/kernel/green_saver.ko
Reading symbols from /usr/obj/usr/src/sys/KUSHNIR-TEST/modules/usr/src/sys/modules/linux/linux.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/KUSHNIR-TEST/modules/usr/src/sys/modules/linux/linux.ko.debug
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240		dumping++;
(kgdb) where
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1  0xc032d981 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372
#2  0xc032dd17 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
#3  0xc01640c2 in db_panic () at /usr/src/sys/ddb/db_command.c:450
#4  0xc0164022 in db_command (last_cmdp=0xc05cbd60, cmd_table=0x0, 
    aux_cmd_tablep=0xc0553258, aux_cmd_tablep_end=0xc0553270)
    at /usr/src/sys/ddb/db_command.c:346
#5  0xc0164165 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#6  0xc0167165 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:73
#7  0xc04b909c in kdb_trap (type=3, code=0, regs=0xcfe06ae0)
    at /usr/src/sys/i386/i386/db_interface.c:171
#8  0xc04cab7d in trap (frame=
      {tf_fs = -1068236776, tf_es = -807403504, tf_ds = -1070268400, tf_edi = 1, tf_esi = -1068293734, tf_ebp = -807376084, tf_isp = -807376116, tf_ebx = 0, tf_edx = 0, tf_ecx = 32, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1068788908, tf_cs = 8, tf_eflags = 662, tf_esp = -1068186770, tf_ss = -1068291365})
    at /usr/src/sys/i386/i386/trap.c:577
#9  0xc04baa48 in calltrap () at {standard input}:102
#10 0xc032dca5 in panic (fmt=0xc053219a "mutex %s not owned at %s:%d")
    at /usr/src/sys/kern/kern_shutdown.c:534
#11 0xc03246bc in _mtx_assert (m=0xc219ade0, what=0, 
    file=0xc0548ffa "/usr/src/sys/vm/vm_page.c", line=761)
    at /usr/src/sys/kern/kern_mutex.c:855
#12 0xc048af79 in vm_page_alloc (object=0xc219ade0, pindex=0, req=0)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/sys/vm/vm_page.c:761
#13 0xc047d60b in vm_fault_copy_entry (dst_map=0xc219de00, src_map=0xc219dd00, 
    dst_entry=0xc2198294, src_entry=0x0) at /usr/src/sys/vm/vm_fault.c:1073
#14 0xc0483e21 in vm_map_copy_entry (src_map=0xc219dd00, dst_map=0xc219de00, 
    src_entry=0xc2088960, dst_entry=0xc2198294)
    at /usr/src/sys/vm/vm_map.c:2376
#15 0xc0484166 in vmspace_fork (vm1=0xc219dd00)
    at /usr/src/sys/vm/vm_map.c:2491
#16 0xc047ec4e in vm_forkproc (td=0xc21815f0, p2=0xc23605ac, td2=0xc2181130, 
    flags=20) at /usr/src/sys/vm/vm_glue.c:624
#17 0xc03188dd in fork1 (td=0xc21815f0, flags=20, pages=0, procp=0xcfe06cd8)
    at /usr/src/sys/kern/kern_fork.c:654
#18 0xc031786b in fork (td=0xc21815f0, uap=0xcfe06d10)
    at /usr/src/sys/kern/kern_fork.c:102
#19 0xc04cb4b3 in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 4096, tf_esi = 65536, tf_ebp = -1077946776, tf_isp = -807375500, tf_ebx = 64, tf_edx = 1307, tf_ecx = 672806144, tf_eax = 2, tf_trapno = 0, tf_err = 2, tf_eip = 672202127, tf_cs = 31, tf_eflags = 582, tf_esp = -1077946820, tf_ss = 47})
    at /usr/src/sys/i386/i386/trap.c:1005
#20 0xc04baa9d in Xint0x80_syscall () at {standard input}:144
---Can't read userspace from dump, or kernel process---

(kgdb) q
 ~> exit
exit

Script done on Wed Sep  3 23:58:07 2003

>How-To-Repeat:
Burn (or simulate) with cdrecord and ATAPI CD-burner
>Fix:
Unknown
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: kris 
State-Changed-When: Wed Oct 8 14:36:51 PDT 2003 
State-Changed-Why:  
This is believed to be fixed in -CURRENT - can you please update 
and confirm? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56380 

From: Kris Kennaway <kris@obsecurity.org>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/56380: cdrecord panicks -CURRENT with ATAPI burner
Date: Mon, 13 Oct 2003 14:20:52 -0700

 Adding to audit trail.
 
 Kris
 
 ----- Forwarded message from Vladimir Kushnir <vkushnir@Alfacom.net> -----
 
 X-Original-To: kkenn@localhost
 Delivered-To: kkenn@localhost.obsecurity.org
 Delivered-To: kris@freebsd.org
 Date: Tue, 14 Oct 2003 00:05:44 +0300 (EEST)
 From: Vladimir Kushnir <vkushnir@Alfacom.net>
 X-X-Sender: vkushnir@kushnir1.kiev.ua
 To: Kris Kennaway <kris@FreeBSD.org>
 Cc: freebsd-bugs@FreeBSD.org
 Subject: Re: kern/56380: cdrecord panicks -CURRENT with ATAPI burner
 In-Reply-To: <200310082137.h98LbIxN000394@freefall.freebsd.org>
 X-UIDL: fe174372f7a6ed38f544490a0b44e578
 X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.14.5.4
 
 Sorry for delay, here it goes.
 
 On Wed, 8 Oct 2003, Kris Kennaway wrote:
 
 > Synopsis: cdrecord panicks -CURRENT with ATAPI burner
 >
 > State-Changed-From-To: open->feedback
 > State-Changed-By: kris
 > State-Changed-When: Wed Oct 8 14:36:51 PDT 2003
 > State-Changed-Why:
 > This is believed to be fixed in -CURRENT - can you please update
 > and confirm?
 >
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=56380
 >
 >
 
 Uname output:
 FreeBSD  5.1-CURRENT FreeBSD 5.1-CURRENT #4: Mon Oct 13 11:59:52 EEST 2003
 root@kushnir1.kiev.ua:/usr/obj/usr/src/sys/KUSHNIR-TEST  i386
 
 Dmesg and gdb transcript attached.
 Copyright (c) 1992-2003 The FreeBSD Project.
 Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
 	The Regents of the University of California. All rights reserved.
 FreeBSD 5.1-CURRENT #4: Mon Oct 13 11:59:52 EEST 2003
     root@kushnir1.kiev.ua:/usr/obj/usr/src/sys/KUSHNIR-TEST
 Preloaded elf kernel "/boot/kernel.test/kernel" at 0xc0a66000.
 Preloaded elf module "/boot/kernel.test/acpi.ko" at 0xc0a66208.
 Timecounter "i8254" frequency 1193182 Hz quality 0
 CPU: Pentium III/Pentium III Xeon/Celeron (451.02-MHz 686-class CPU)
   Origin = "GenuineIntel"  Id = 0x673  Stepping = 3
   Features=0x387f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,PN,MMX,FXSR,SSE>
 real memory  = 201261056 (191 MB)
 avail memory = 185835520 (177 MB)
 Pentium Pro MTRR support enabled
 npx0: [FAST]
 npx0: <math processor> on motherboard
 npx0: INT 16 interface
 acpi0: <AWARD  AWRDACPI> on motherboard
 pcibios: BIOS version 2.10
 Using $PIR table, 6 entries at 0xc00fdf10
 acpi0: Power Button (fixed)
 Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000
 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
 acpi_cpu0: <CPU> on acpi0
 acpi_tz0: <Thermal Zone> on acpi0
 acpi_button0: <Power Button> on acpi0
 pcib0: <ACPI Host-PCI bridge> port 0x5000-0x500f,0x4000-0x4041,0xcf8-0xcff on acpi0
 pci0: <ACPI PCI bus> on pcib0
 pcib0: slot 2 INTD is routed to irq 10
 pcib0: slot 14 INTA is routed to irq 5
 pcib0: slot 15 INTA is routed to irq 9
 pcib0: slot 16 INTA is routed to irq 10
 agp0: <Intel 82443BX (440 BX) host to PCI bridge> mem 0xe0000000-0xe3ffffff at device 0.0 on pci0
 pcib1: <PCI-PCI bridge> at device 1.0 on pci0
 pci1: <PCI bus> on pcib1
 pcib0: slot 1 INTA is routed to irq 11
 pcib1: slot 0 INTA is routed to irq 11
 pci1: <display, VGA> at device 0.0 (no driver attached)
 isab0: <PCI-ISA bridge> at device 2.0 on pci0
 isa0: <ISA bus> on isab0
 atapci0: <Intel PIIX4 UDMA33 controller> port 0xf000-0xf00f at device 2.1 on pci0
 ata0: at 0x1f0 irq 14 on atapci0
 ata0: [MPSAFE]
 ata1: at 0x170 irq 15 on atapci0
 ata1: [MPSAFE]
 uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0xd000-0xd01f irq 10 at device 2.2 on pci0
 usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0
 usb0: USB revision 1.0
 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
 uhub0: 2 ports with 2 removable, self powered
 pci0: <bridge, PCI-unknown> at device 2.3 (no driver attached)
 pci0: <multimedia> at device 14.0 (no driver attached)
 atapci1: <CMD 649 UDMA100 controller> port 0xe400-0xe40f,0xe000-0xe003,0xdc00-0xdc07,0xd800-0xd803,0xd400-0xd407 irq 9 at device 15.0 on pci0
 atapci1: [MPSAFE]
 ata2: at 0xd400 on atapci1
 ata2: [MPSAFE]
 ata3: at 0xdc00 on atapci1
 ata3: [MPSAFE]
 pci0: <multimedia, audio> at device 16.0 (no driver attached)
 fdc0: <Enhanced floppy controller (i82077, NE72065 or clone)> port 0x3f7,0x3f2-0x3f5 irq 6 drq 2 on acpi0
 fdc0: FIFO enabled, 8 bytes threshold
 fd0: <1440-KB 3.5" drive> on fdc0 drive 0
 sio0 port 0x3f8-0x3ff irq 4 on acpi0
 sio0: type 16550A
 sio1 port 0x2f8-0x2ff irq 3 on acpi0
 sio1: type 16550A
 ppc0 port 0x778-0x77b,0x378-0x37f irq 7 drq 3 on acpi0
 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
 ppc0: FIFO with 16/16/16 bytes threshold
 ppbus0: <Parallel port bus> on ppc0
 plip0: <PLIP network interface> on ppbus0
 lpt0: <Printer> on ppbus0
 lpt0: Interrupt-driven port
 ppi0: <Parallel I/O> on ppbus0
 atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
 atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
 kbd0 at atkbd0
 psm0: <PS/2 Mouse> irq 12 on atkbdc0
 psm0: model Generic PS/2 mouse, device ID 0
 orm0: <Option ROM> at iomem 0xc0000-0xc8fff on isa0
 pmtimer0 on isa0
 sc0: <System console> at flags 0x100 on isa0
 sc0: VGA <16 virtual consoles, flags=0x300>
 vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
 Timecounter "TSC" frequency 451024504 Hz quality 800
 Timecounters tick every 10.000 msec
 acpi_cpu: throttling enabled, 2 steps (100% to 50.0%), currently 100.0%
 acd0: CDRW <_NEC CD-RW NR-9100A> at ata0-master UDMA33
 acd1: CDROM <ATAPI 44X CDROM> at ata1-master UDMA33
 GEOM: create disk ad0 dp=0xc27d6870
 ad0: 57241MB <WDC WD600JB-00CRA1> [116301/16/63] at ata2-master UDMA100
 (probe2:ata1:0:0:0): Recovered Sense
 (probe2:ata1:0:0:0): INQUIRY. CDB: 12 1 80 0 ff 0 
 (probe2:ata1:0:0:0): CAM Status: SCSI Status Error
 (probe2:ata1:0:0:0): SCSI Status: Check Condition
 (probe2:ata1:0:0:0): ILLEGAL REQUEST asc:24,0
 (probe2:ata1:0:0:0): Invalid field in CDB
 (probe2:ata1:0:0:0): Recovered Sense
 (probe2:ata1:0:0:0): INQUIRY. CDB: 12 1 80 0 ff 0 
 (probe2:ata1:0:0:0): CAM Status: SCSI Status Error
 (probe2:ata1:0:0:0): SCSI Status: Check Condition
 (probe2:ata1:0:0:0): ILLEGAL REQUEST asc:24,0
 (probe2:ata1:0:0:0): Invalid field in CDB
 GEOM: create disk cd0 dp=0xc27d1600
 GEOM: create disk cd1 dp=0xc27f2600
 (cd1:ata1:0:0:0): Recovered Sense
 (cd1:ata1:0:0:0): READ CD RECORDED CAPACITY. CDB: 25 0 0 0 0 0 0 0 0 0 
 (cd1:ata1:0:0:0): CAM Status: SCSI Status Error
 (cd1:ata1:0:0:0): SCSI Status: Check Condition
 (cd1:ata1:0:0:0): NOT READY asc:3a,0
 (cd1:ata1:0:0:0): Medium not present
 cd1 at ata1 bus 0 target 0 lun 0
 cd1: <ATAPI 44X CDROM 3.10> Removable CD-ROM SCSI-0 device 
 cd1: 33.000MB/s transfers
 cd1: Attempt to query device size failed: NOT READY, Medium not present
 cd0 at ata0 bus 0 target 0 lun 0
 cd0: <_NEC CD-RW NR-9100A 2.12> Removable CD-ROM SCSI-0 device 
 cd0: 33.000MB/s transfers
 cd0: cd present [108242 x 2048 byte records]
 Mounting root from ufs:/dev/ad0s2a
  [116301/16/63] at ata2-master UDMA100
 
 Script started on Mon Oct 13 23:56:04 2003
  ~> sudo gdb -k /usr/obj/usr/src/sys/KUSHNIR-TEST/kernel.debug /usr/crash/vmcore.1
 GNU gdb 5.2.1 (FreeBSD)
 Copyright 2002 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-undermydesk-freebsd"...
 panic: vm_fault_copy_wired: page missing
 panic messages:
 ---
 panic: vm_fault_copy_wired: page missing
 panic: from debugger
 Uptime: 1m56s
 Dumping 191 MB
  16 32 48 64 80 96 112 128 144 160 176
 ---
 Reading symbols from /boot/kernel/mga.ko...done.
 Loaded symbols for /boot/kernel/mga.ko
 Reading symbols from /boot/kernel/snd_ds1.ko...done.
 Loaded symbols for /boot/kernel/snd_ds1.ko
 Reading symbols from /boot/kernel/snd_pcm.ko...done.
 Loaded symbols for /boot/kernel/snd_pcm.ko
 Reading symbols from /usr/obj/usr/src/sys/KUSHNIR-TEST/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
 Loaded symbols for /usr/obj/usr/src/sys/KUSHNIR-TEST/modules/usr/src/sys/modules/acpi/acpi.ko.debug
 Reading symbols from /usr/obj/usr/src/sys/KUSHNIR-TEST/modules/usr/src/sys/modules/linprocfs/linprocfs.ko.debug...done.
 Loaded symbols for /usr/obj/usr/src/sys/KUSHNIR-TEST/modules/usr/src/sys/modules/linprocfs/linprocfs.ko.debug
 Reading symbols from /usr/obj/usr/src/sys/KUSHNIR-TEST/modules/usr/src/sys/modules/linux/linux.ko.debug...done.
 Loaded symbols for /usr/obj/usr/src/sys/KUSHNIR-TEST/modules/usr/src/sys/modules/linux/linux.ko.debug
 Reading symbols from /boot/kernel/green_saver.ko...done.
 Loaded symbols for /boot/kernel/green_saver.ko
 #0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
 240		dumping++;
 (kgdb) bt
 #0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
 #1  0xc0638d41 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372
 #2  0xc06390d7 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
 #3  0xc0464362 in db_panic () at /usr/src/sys/ddb/db_command.c:450
 #4  0xc04642c2 in db_command (last_cmdp=0xc08d9860, cmd_table=0x0, 
     aux_cmd_tablep=0xc0860948, aux_cmd_tablep_end=0xc0860960)
     at /usr/src/sys/ddb/db_command.c:346
 #5  0xc0464405 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
 #6  0xc0467405 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:73
 #7  0xc07c5c9c in kdb_trap (type=3, code=0, regs=0xcfea5b34)
     at /usr/src/sys/i386/i386/db_interface.c:171
 #8  0xc07d749d in trap (frame=
       {tf_fs = -1065091048, tf_es = -1032388592, tf_ds = -1028456432, tf_edi = 1, tf_esi = -1065004083, tf_ebp = -806724736, tf_isp = -806724768, tf_ebx = 0, tf_edx = 0, tf_ecx = 32, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1065590956, tf_cs = 8, tf_eflags = 646, tf_esp = -1064986187, tf_ss = -1065091285})
     at /usr/src/sys/i386/i386/trap.c:579
 #9  0xc07c7648 in calltrap () at {standard input}:102
 #10 0xc0639065 in panic (fmt=0xc08553cd "vm_fault_copy_wired: page missing")
     at /usr/src/sys/kern/kern_shutdown.c:534
 #11 0xc078a027 in vm_fault_copy_entry (dst_map=0xc153c6e4, src_map=0xc2ae80fc, 
     dst_entry=0xc294e6cc, src_entry=0x0) at /usr/src/sys/vm/vm_fault.c:1187
 #12 0xc0790821 in vm_map_copy_entry (src_map=0xc2ae80fc, dst_map=0xc153c6e4, 
     src_entry=0xc2afcce4, dst_entry=0xc294e6cc)
 ---Type <return> to continue, or q <return> to quit---
     at /usr/src/sys/vm/vm_map.c:2379
 #13 0xc0790b66 in vmspace_fork (vm1=0xc2ae80fc)
     at /usr/src/sys/vm/vm_map.c:2494
 #14 0xc078b66e in vm_forkproc (td=0xc2779ab0, p2=0xc290ad3c, td2=0xc2908130, 
     flags=20) at /usr/src/sys/vm/vm_glue.c:624
 #15 0xc0623ca5 in fork1 (td=0xc2779ab0, flags=20, pages=0, procp=0xcfea5cd8)
     at /usr/src/sys/kern/kern_fork.c:654
 #16 0xc0622ccb in fork (td=0xc2779ab0, uap=0xcfea5d10)
     at /usr/src/sys/kern/kern_fork.c:102
 #17 0xc07d7e20 in syscall (frame=
       {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 4096, tf_esi = 65536, tf_ebp = -1077946760, tf_isp = -806724236, tf_ebx = 64, tf_edx = 1307, tf_ecx = 672843008, tf_eax = 2, tf_trapno = 0, tf_err = 2, tf_eip = 672239007, tf_cs = 31, tf_eflags = 582, tf_esp = -1077946804, tf_ss = 47})
     at /usr/src/sys/i386/i386/trap.c:1009
 #18 0xc07c769d in Xint0x80_syscall () at {standard input}:144
 ---Can't read userspace from dump, or kernel process---
 
 (kgdb) q
  ~> exit
 exit
 
 Script done on Mon Oct 13 23:56:57 2003
 
 
 ----- End forwarded message -----

From: Kris Kennaway <kris@obsecurity.org>
To: freebsd-gnats-submit@FreeBSD.org, vkushnir@Alfacom.net
Cc:  
Subject: Re: kern/56380
Date: Sat, 1 Nov 2003 17:21:15 -0800

 Was this resolved yet?
 
 Kris
State-Changed-From-To: feedback->closed 
State-Changed-By: anholt 
State-Changed-When: Wed Nov 5 14:56:15 PST 2003 
State-Changed-Why:  
Fixed Oct 15th, r1.181 of vm_fault.c.  See kern/57611. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56380 
>Unformatted:
