GENERIC 7.0-CURRENT from Dec 19 15:56 UTC, vmcore.33

GDB: no debug ports present
KDB: debugger backends: ddb
KDB: current backend: ddb
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD 7.0-CURRENT #45: Mon Dec 19 13:22:37 CET 2005
    pho@crashbox.osted.lan:/usr/src/sys/i386/compile/PHO
WARNING: WITNESS option enabled, expect reduced performance.
ACPI APIC Table: <A M I  OEMAPIC >
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) XEON(TM) CPU 1.80GHz (1799.81-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0xf24  Stepping = 4
  Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM>
  Logical CPUs per core: 2
real memory  = 1073676288 (1023 MB)
avail memory = 1040891904 (992 MB)
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
 cpu2 (AP): APIC ID:  6
 cpu3 (AP): APIC ID:  7
:
Trying to mount root from ufs:/dev/ad0s1a
fxp0: link state changed to UP
lock order reversal:
 1st 0xc53a6cbc vnode interlock (vnode interlock) @ kern/vfs_vnops.c:791
 2nd 0xc106907c system map (system map) @ vm/vm_map.c:2993
KDB: stack backtrace:
kdb_backtrace(0,ffffffff,c0957eb0,c0957f00,c090a8e4) at kdb_backtrace+0x29
witness_checkorder(c106907c,9,c08984af,bb1) at witness_checkorder+0x580
_mtx_lock_flags(c106907c,0,c08984a6,bb1) at _mtx_lock_flags+0x5b
_vm_map_lock_read(c1069000,c08984a6,bb1,1d0d0d0,0) at _vm_map_lock_read+0x22
vm_map_lookup(e773231c,d4ce5000,1,e7732320,e7732310) at vm_map_lookup+0x28
vm_fault(c1069000,d4ce5000,1,0,c5448000) at vm_fault+0x66
trap_pfault(e7732438,0,d4ce5a7d) at trap_pfault+0x137
trap(d0d00008,d0d00028,d0d00028,c5448000,e7732494) at trap+0x3e1
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc07fc650, esp = 0xe7732478, ebp = 0xe7732480 ---
stack_save(e7732494) at stack_save+0x1c
lockmgr(c53a6c4c,3002,c53a6cbc,c5448000,e773251c) at lockmgr+0x51
vop_stdlock(e7732560,c091e7e0,e7732560,e773252c,c078f96c) at vop_stdlock+0x21
VOP_LOCK_APV(c091ed20,e7732560,e7732540,c082283b,e7732560) at VOP_LOCK_APV+0x87
ffs_lock(e7732560,1002,c53a6bf4,e773257c,c06b4344) at ffs_lock+0x10
VOP_LOCK_APV(c091e7e0,e7732560) at VOP_LOCK_APV+0x87
vn_lock(c53a6bf4,1002,c5448000) at vn_lock+0xac
lookup(e7732884,26e,0,c5448000,c0803bb9) at lookup+0xce
namei(e7732884) at namei+0x37e
vn_open_cred(e7732884,e7732770,180,c527b680,ffffffff) at vn_open_cred+0x5b
vn_open(e7732884,e7732770,180,ffffffff,ffffffff) at vn_open+0x1e
coredump(c5448000) at coredump+0x1fb
sigexit(c5448000,4,c55f1918,0,c08a12cc) at sigexit+0x61
sendsig(8048794,e7732cd4,c54480d4) at sendsig+0x3ba
trapsignal(c5448000,e7732cd4) at trapsignal+0x198
trap(3b,3b,3b,2804ea2c,bfbfebdc) at trap+0x60a
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0x804c069, esp = 0xa1f80b32, ebp = 0xd4ce5a79 ---


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0xd4ce5a7d
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc07fbbb8
stack pointer           = 0x28:0xe77320e4
frame pointer           = 0x28:0xe773211c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 96368 (crashme)
[thread pid 96368 tid 100144 ]
Stopped at      db_read_bytes+0x30:     movb    0(%edx),%al
db> where
Tracing pid 96368 tid 100144 td 0xc5448000
db_read_bytes(d4ce5a7d,3,e7732130) at db_read_bytes+0x30
db_get_value(d4ce5a7d,4,0) at db_get_value+0x19
db_numargs(d4ce5a79,0,d4ce5a81,0,10) at db_numargs+0x13
db_backtrace(c5448000,0,d4ce5a79,804c069,3e7) at db_backtrace+0x194
db_trace_self(c087fc5a) at db_trace_self+0x2b
kdb_backtrace(0,ffffffff,c0957eb0,c0957f00,c090a8e4) at kdb_backtrace+0x29
witness_checkorder(c106907c,9,c08984af,bb1) at witness_checkorder+0x580
_mtx_lock_flags(c106907c,0,c08984a6,bb1) at _mtx_lock_flags+0x5b
_vm_map_lock_read(c1069000,c08984a6,bb1,1d0d0d0,0) at _vm_map_lock_read+0x22
vm_map_lookup(e773231c,d4ce5000,1,e7732320,e7732310) at vm_map_lookup+0x28
vm_fault(c1069000,d4ce5000,1,0,c5448000) at vm_fault+0x66
trap_pfault(e7732438,0,d4ce5a7d) at trap_pfault+0x137
trap(d0d00008,d0d00028,d0d00028,c5448000,e7732494) at trap+0x3e1
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc07fc650, esp = 0xe7732478, ebp = 0xe7732480 ---
stack_save(e7732494) at stack_save+0x1c
lockmgr(c53a6c4c,3002,c53a6cbc,c5448000,e773251c) at lockmgr+0x51
vop_stdlock(e7732560,c091e7e0,e7732560,e773252c,c078f96c) at vop_stdlock+0x21
VOP_LOCK_APV(c091ed20,e7732560,e7732540,c082283b,e7732560) at VOP_LOCK_APV+0x87
ffs_lock(e7732560,1002,c53a6bf4,e773257c,c06b4344) at ffs_lock+0x10
VOP_LOCK_APV(c091e7e0,e7732560) at VOP_LOCK_APV+0x87
vn_lock(c53a6bf4,1002,c5448000) at vn_lock+0xac
lookup(e7732884,26e,0,c5448000,c0803bb9) at lookup+0xce
namei(e7732884) at namei+0x37e
vn_open_cred(e7732884,e7732770,180,c527b680,ffffffff) at vn_open_cred+0x5b
vn_open(e7732884,e7732770,180,ffffffff,ffffffff) at vn_open+0x1e
coredump(c5448000) at coredump+0x1fb
sigexit(c5448000,4,c55f1918,0,c08a12cc) at sigexit+0x61
sendsig(8048794,e7732cd4,c54480d4) at sendsig+0x3ba
trapsignal(c5448000,e7732cd4) at trapsignal+0x198
trap(3b,3b,3b,2804ea2c,bfbfebdc) at trap+0x60a
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0x804c069, esp = 0xa1f80b32, ebp = 0xd4ce5a79 ---
*** error reading from address d4ce5a7d ***
db> call doadump
Dumping 1023 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 1023MB (261872 pages) 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 ... ok

Dump complete
= 0xf
db> reset
cpu_reset: Restarting BSP
cpu_reset_proxy: Stopped CPU 1

(kgdb) l *0xc07fbbb8
0xc07fbbb8 is in db_read_bytes (../../../i386/i386/db_interface.c:63).
58        prev_jb = kdb_jmpbuf(jb);
59        ret = setjmp(jb);
60        if (ret == 0) {
61           src = (char *)addr;
62           while (size-- > 0)
63              *data++ = *src++;
64        }
65        (void)kdb_jmpbuf(prev_jb);
66        return (ret);
67      }
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc046a7b3 in db_fncall (dummy1=0xc09c0260, dummy2=0x0, dummy3=0x0, dummy4=0xe7731eb4 "à\036sç\204$\177ÀÌ\036sçÐ\036sç\220\a")
    at ../../../ddb/db_command.c:489
#2  0xc046a5b8 in db_command (last_cmdp=0xc092f0c4, cmd_table=0x0, aux_cmd_tablep=0xc08a9110, aux_cmd_tablep_end=0xc08a912c)
    at ../../../ddb/db_command.c:404
#3  0xc046a680 in db_command_loop () at ../../../ddb/db_command.c:455
#4  0xc046c299 in db_trap (type=0xc, code=0x0) at ../../../ddb/db_main.c:228
#5  0xc066b780 in kdb_trap (type=0xc, code=0x0, tf=0xe77320a4) at ../../../kern/subr_kdb.c:485
#6  0xc0810be0 in trap_fatal (frame=0xe77320a4, eva=0xd4ce5a7d) at ../../../i386/i386/trap.c:853
#7  0xc0810923 in trap_pfault (frame=0xe77320a4, usermode=0x0, eva=0xd4ce5a7d) at ../../../i386/i386/trap.c:770
#8  0xc081053d in trap (frame=
      {tf_fs = 0xc0940008, tf_es = 0x28, tf_ds = 0x28, tf_edi = 0xc0a17180, tf_esi = 0x4, tf_ebp = 0xe773211c, tf_isp = 0xe77320d0, tf_ebx = 0x0, tf_edx = 0xd4ce5a7d, tf_ecx = 0x7c4c069, tf_eax = 0x0, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xc07fbbb8, tf_cs = 0x20, tf_eflags = 0x10213, tf_esp = 0x0, tf_ss = 0xe77320e8}) at ../../../i386/i386/trap.c:455
#9  0xc07fd56a in calltrap () at ../../../i386/i386/exception.s:137
#10 0xc07fbbb8 in db_read_bytes (addr=0xd4ce5a7d, size=0x3, data=0xe7732130 "") at ../../../i386/i386/db_interface.c:63
#11 0xc0469dad in db_get_value (addr=0xd4ce5a7d, size=0x4, is_signed=0x0) at ../../../ddb/db_access.c:66
#12 0xc07fbf5b in db_numargs (fp=0xd4ce5a79) at ../../../i386/i386/db_trace.c:207
#13 0xc07fc524 in db_backtrace (td=0xc5448000, tf=0x0, frame=0xd4ce5a79, pc=0x804c069, count=0x3e7) at ../../../i386/i386/db_trace.c:458
#14 0xc07fc60b in db_trace_self () at pcpu.h:162
#15 0xc066b405 in kdb_backtrace () at ../../../kern/subr_kdb.c:253
#16 0xc0675a58 in witness_checkorder (lock=0xc106907c, flags=0x9, file=0xc08984af "vm/vm_map.c", line=0xbb1)
    at ../../../kern/subr_witness.c:1085
#17 0xc0649393 in _mtx_lock_flags (m=0xc106907c, opts=0x0, file=0xc08984a6 "../../../vm/vm_map.c", line=0xbb1)
    at ../../../kern/kern_mutex.c:284
#18 0xc07a734e in _vm_map_lock_read (map=0x0, file=0x7c4c069 <Address 0x7c4c069 out of bounds>, line=0xd4ce5a7d) at ../../../vm/vm_map.c:374
#19 0xc07aa404 in vm_map_lookup (var_map=0xe773231c, vaddr=0xd4ce5000, fault_typea=0x1, out_entry=0xe7732320, object=0x0, pindex=0x7c4c069,
    out_prot=0x0, wired=0xe77322f8) at ../../../vm/vm_map.c:2993
#20 0xc07a36b6 in vm_fault (map=0xc1069000, vaddr=0xd4ce5000, fault_type=0x1, fault_flags=0x0) at ../../../vm/vm_fault.c:233
#21 0xc08108cf in trap_pfault (frame=0xe7732438, usermode=0x0, eva=0xd4ce5a7d) at ../../../i386/i386/trap.c:759
#22 0xc081053d in trap (frame=
      {tf_fs = 0xd0d00008, tf_es = 0xd0d00028, tf_ds = 0xd0d00028, tf_edi = 0xc5448000, tf_esi = 0xe7732494, tf_ebp = 0xe7732480, tf_isp = 0xe7732464, tf_ebx = 0xd4ce5a79, tf_edx = 0xc07fd56a, tf_ecx = 0xe7732494, tf_eax = 0x0, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xc07fc650, tf_cs = 0x20, tf_eflags = 0x10212, tf_esp = 0x3002, tf_ss = 0xc53a6cbc}) at ../../../i386/i386/trap.c:455
#23 0xc07fd56a in calltrap () at ../../../i386/i386/exception.s:137
#24 0xc07fc650 in stack_save (st=0xe7732494) at ../../../i386/i386/db_trace.c:521
#25 0xc0645d15 in lockmgr (lkp=0xc53a6c4c, flags=0x3002, interlkp=0xc53a6cbc, td=0xc5448000) at ../../../kern/kern_lock.c:172
#26 0xc06a0585 in vop_stdlock (ap=0xc07fd56a) at ../../../kern/vfs_default.c:263
#27 0xc082283b in VOP_LOCK_APV (vop=0xc0912be0, a=0xe7732560) at vnode_if.c:1612
#28 0xc078f96c in ffs_lock (ap=0xe7732560) at ../../../ufs/ffs/ffs_vnops.c:341
#29 0xc082283b in VOP_LOCK_APV (vop=0xc091e7e0, a=0xe7732560) at vnode_if.c:1612
#30 0xc06b4344 in vn_lock (vp=0xc53a6bf4, flags=0x1002, td=0xc5448000) at vnode_if.h:844
#31 0xc06a21a2 in lookup (ndp=0xe7732884) at ../../../kern/vfs_lookup.c:382
#32 0xc06a1e72 in namei (ndp=0xe7732884) at ../../../kern/vfs_lookup.c:203
#33 0xc06b31f7 in vn_open_cred (ndp=0xe7732884, flagp=0xe7732770, cmode=0x180, cred=0xc527b680, fdidx=0xffffffff)
    at ../../../kern/vfs_vnops.c:125
#34 0xc06b319a in vn_open (ndp=0xc07fd56a, flagp=0xe7732770, cmode=0x180, fdidx=0xffffffff) at ../../../kern/vfs_vnops.c:91
#35 0xc0656023 in coredump (td=0xc5448000) at ../../../kern/kern_sig.c:3056
#36 0xc0655a55 in sigexit (td=0xc5448000, sig=0x4) at ../../../kern/kern_sig.c:2854
#37 0xc0804e4a in sendsig (catcher=0x8048794, ksi=0xe7732cd4, mask=0xc54480d4) at ../../../i386/i386/machdep.c:637
#38 0xc0654148 in trapsignal (td=0xc5448000, ksi=0xe7732cd4) at ../../../kern/kern_sig.c:1895
#39 0xc0810766 in trap (frame=
      {tf_fs = 0x3b, tf_es = 0x3b, tf_ds = 0x3b, tf_edi = 0x2804ea2c, tf_esi = 0xbfbfebdc, tf_ebp = 0xd4ce5a79, tf_isp = 0xe7732d64, tf_ebx = 0x3400, tf_edx = 0xa541ba, tf_ecx = 0x804c058, tf_eax = 0x0, tf_trapno = 0xc, tf_err = 0x3400, tf_eip = 0x804c069, tf_cs = 0x33, tf_eflags = 0x10293, tf_esp = 0xa1f80b32, tf_ss = 0x3b}) at ../../../i386/i386/trap.c:665
#40 0xc07fd56a in calltrap () at ../../../i386/i386/exception.s:137
#41 0x0804c069 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) f 12
#12 0xc07fbf5b in db_numargs (fp=0xd4ce5a79) at ../../../i386/i386/db_trace.c:207
207       argp = (int *)db_get_value((int)&fp->f_retaddr, 4, FALSE);
(kgdb) p fp
$5 = (struct i386_frame *) 0xd4ce5a79
(kgdb) up
#13 0xc07fc524 in db_backtrace (td=0xc5448000, tf=0x0, frame=0xd4ce5a79, pc=0x804c069, count=0x3e7) at ../../../i386/i386/db_trace.c:458
458             narg = db_numargs(frame);
(kgdb) up
#14 0xc07fc60b in db_trace_self () at pcpu.h:162
162     {
(kgdb) info loc
frame = (struct i386_frame *) 0xd4ce5a7d
callpc = 0x0
ebp = 0xe77321e8