Date: Thu, 2 Aug 2007 23:39:48 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: ytriffy <ytriffy@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: [panic]Fatal trap 12: page fault while in kernel mode Message-ID: <20070802233804.G18327@fledge.watson.org> In-Reply-To: <46AF826E.8000209@gmail.com> References: <46AF826E.8000209@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-2120122349-1186094388=:18327 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 31 Jul 2007, ytriffy wrote: > Trap 12 occured when I rebooted PC. Sending you backtrace. My system: amd= 64=20 > 3200+ Venice, MB ECS nForce4 A939,Samsung 250GB and WD 250 GB, 2 memory= =20 > banks 512MB each, videocard: Geforce 6600gt 128MB, NIC on realtek chip,= =20 > sound card cirrus logic cs4281. It's very unstable, crashes happen every= =20 > day, so I'm hoping you would say why(any hints what hardware may cause it= ).=20 > How to repeat it? I don't know. It happened once during reboot process. In general, you want to report this sort of bug using the send-pr interface= ,=20 or the gnats web submission form. In the past, I've quite a few bug report= s=20 sent to hackers@ get lost because many FreeBSD developers don't subscribe t= o=20 the list. You could also consider sending it to stable@, since that's the= =20 mailing list for discussing 6-STABLE development. FYI, this looks like a= =20 NULL-pointer dereference in the VFS shutdown code. Robert N M Watson Computer Laboratory University of Cambridge > > [root@freelanc /var]# uname -a > FreeBSD freelanc.dubki.ru <http://freelanc.dubki.ru>; 6.2-STABLE-200706=20 > FreeBSD 6.2-STABLE-200706 > #1: Mon Jul 23 13:34:27 MSD 2007 > root@freelanc.dubki.ru:/usr/obj/usr/src/sys/DEBUGGER > KERN i386 > > [root@freelanc /usr/obj/usr/src/sys/DEBUGGERKERN]# kgdb kernel.debug > /var/crash/vmcore.3 > kgdb: kvm_nlist(_stopped_cpus): > kgdb: kvm_nlist(_stoppcbs): > [GDB will not be able to debug user-mode threads: > /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you > are > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details= =2E > This GDB was configured as "i386-marcel-freebsd". > > Unread portion of the kernel message buffer: > <118>Jul 25 14:06:32 freelanc syslogd: exiting on signal 15 > Waiting (max 60 seconds) for system process `vnlru' to stop...done > Waiting (max 60 seconds) for system process `syncer' to stop... > Syncing disks, vnodes remaining...6 5 3 1 0 0 done > Waiting (max 60 seconds) for system process `bufdaemon' to stop...done > All buffers synced. > > > Fatal trap 12: page fault while in kernel mode > fault virtual address =3D 0x4 > fault code =3D supervisor read, page not present > instruction pointer =3D 0x20:0xc058a4e0 > stack pointer =3D 0x28:0xe9455c48 > frame pointer =3D 0x28:0xe9455c58 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, def32 1, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 44922 (reboot) > panic: from debugger > Uptime: 2h45m36s > Dumping 1022 MB (2 chunks) > chunk 0: 1MB (159 pages) ... ok > chunk 1: 1022MB (261600 pages) 1006 990 974 958 942 926 910 894 878 862 > 846 830 814 798 782 766 750 734 718 702 686 670 654 638 622 606 590 574 > 558 542 526 510 494 478 462 446 430 414 398 382 366 350 334 318 302 286 > 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14 > > #0 doadump () at pcpu.h:165 > 165 __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td)); > (kgdb) bt > #0 doadump () at pcpu.h:165 > #1 0xc053d916 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:= 409 > #2 0xc053dbdc in panic (fmt=3D0xc06f5278 "from debugger") > at /usr/src/sys/kern/kern_shutdown.c:565 > #3 0xc045361d in db_panic (addr=3D-1067932448, have_addr=3D0, count=3D-1, > modif=3D0xe9455a74 "") at /usr/src/sys/ddb/db_command.c:438 > #4 0xc04535b4 in db_command (last_cmdp=3D0xc0766784, cmd_table=3D0x0, > aux_cmd_tablep=3D0xc0728e90, aux_cmd_tablep_end=3D0xc0728e94) > at /usr/src/sys/ddb/db_command.c:350 > #5 0xc045367c in db_command_loop () at /usr/src/sys/ddb/db_command.c:458 > #6 0xc0455291 in db_trap (type=3D12, code=3D0) at > /usr/src/sys/ddb/db_main.c:222 > #7 0xc0556a2b in kdb_trap (type=3D12, code=3D0, tf=3D0xe9455c08) > at /usr/src/sys/kern/subr_kdb.c:473 > #8 0xc06cba6c in trap_fatal (frame=3D0xe9455c08, eva=3D4) > at /usr/src/sys/i386/i386/trap.c:828 > #9 0xc06cb7d7 in trap_pfault (frame=3D0xe9455c08, usermode=3D0, eva=3D4) > at /usr/src/sys/i386/i386/trap.c:745 > #10 0xc06cb3f1 in trap (frame=3D > {tf_fs =3D 8, tf_es =3D 40, tf_ds =3D 40, tf_edi =3D -381330360, tf_esi = =3D > -993547624, tf_ebp =3D -381330344, tf_isp =3D -381330380, tf_ebx =3D 0, t= f_edx > =3D -992513384, tf_ecx =3D 4, tf_eax =3D -950651024, tf_trapno =3D 12, tf= _err =3D > 0, tf_eip =3D -1067932448, tf_cs =3D 32, tf_eflags =3D 590338, tf_esp =3D= 0, > tf_ss =3D -992305712}) > at /usr/src/sys/i386/i386/trap.c:435 > #11 0xc06b8b1a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 > #12 0xc058a4e0 in cache_purgevfs (mp=3D0xc4d77298) > at /usr/src/sys/kern/vfs_cache.c:622 > #13 0xc0591f29 in dounmount (mp=3D0xc4d77298, flags=3D524288, td=3D0xc62c= e300) > at /usr/src/sys/kern/vfs_mount.c:1214 > #14 0xc0597d0a in vfs_unmountall () at /usr/src/sys/kern/vfs_subr.c:2837 > #15 0xc053d807 in boot (howto=3D0) at /usr/src/sys/kern/kern_shutdown.c:3= 91 > #16 0xc053d2a2 in reboot (td=3D0xc62ce300, uap=3D0xc7563770) > at /usr/src/sys/kern/kern_shutdown.c:169 > #17 0xc06cbdbb in syscall (frame=3D > {tf_fs =3D 59, tf_es =3D 59, tf_ds =3D 59, tf_edi =3D 2, tf_esi =3D 18, t= f_ebp =3D > -1077941304, tf_isp =3D -381330076, tf_ebx =3D 0, tf_edx =3D -1, tf_ecx = =3D > 672491264, tf_eax =3D 55, tf_trapno =3D 12, tf_err =3D 2, tf_eip =3D 6718= 02263, > tf_cs =3D 51, tf_eflags =3D 662, tf_esp =3D -1077941380, tf_ss =3D 59}) a= t > /usr/src/sys/i386/i386/trap.c:983 > #18 0xc06b8b6f in Xint0x80_syscall () at > /usr/src/sys/i386/i386/exception.s:200 > #19 0x00000033 in ?? () > Previous frame inner to this frame (corrupt stack?) > (kgdb) up 19 > #19 0x00000033 in ?? () > (kgdb) down 1 > #18 0xc06b8b6f in Xint0x80_syscall () at > /usr/src/sys/i386/i386/exception.s:200 > 200 call syscall > Current language: auto; currently asm > (kgdb) down 1 > #17 0xc06cbdbb in syscall (frame=3D > {tf_fs =3D 59, tf_es =3D 59, tf_ds =3D 59, tf_edi =3D 2, tf_esi =3D 18, t= f_ebp =3D > -1077941304, tf_isp =3D -381330076, tf_ebx =3D 0, tf_edx =3D -1, tf_ecx = =3D > 672491264, tf_eax =3D 55, tf_trapno =3D 12, tf_err =3D 2, tf_eip =3D 6718= 02263, > tf_cs =3D 51, tf_eflags =3D 662, tf_esp =3D -1077941380, tf_ss =3D 59}) a= t > /usr/src/sys/i386/i386/trap.c:983 > 983 error =3D (*callp->sy_call)(td, args); > Current language: auto; currently c > (kgdb) p *callp > $1 =3D {sy_narg =3D 65537, sy_call =3D 0xc053d258 <reboot>, sy_auevent = =3D 20} > (kgdb) p *callp->sy_call > $2 =3D {int (struct thread *, void *)} 0xc053d258 <reboot> > (kgdb) p td > $3 =3D (struct thread *) 0xc62ce300 > (kgdb) p args > $4 =3D {0, 9, -994250272, -1077941388, 0, 0, 3, 0} > (kgdb) down 1 > #16 0xc053d2a2 in reboot (td=3D0xc62ce300, uap=3D0xc7563770) > at /usr/src/sys/kern/kern_shutdown.c:169 > 169 boot(uap->opt); > (kgdb) p uap > $5 =3D (struct reboot_args *) 0xc7563770 > (kgdb) p uap->opt > $6 =3D 2 > (kgdb) down 1 > #15 0xc053d807 in boot (howto=3D0) at /usr/src/sys/kern/kern_shutdown.c:3= 91 > 391 vfs_unmountall(); > (kgdb) down 1 > #14 0xc0597d0a in vfs_unmountall () at /usr/src/sys/kern/vfs_subr.c:2837 > 2837 error =3D dounmount(mp, MNT_FORCE, td); > (kgdb) p mp > $7 =3D (struct mount *) 0xc4d77298 > (kgdb) p td > $8 =3D (struct thread *) 0xc62ce300 > (kgdb) down 1 > #13 0xc0591f29 in dounmount (mp=3D0xc4d77298, flags=3D524288, td=3D0xc62c= e300) > at /usr/src/sys/kern/vfs_mount.c:1214 > 1214 cache_purgevfs(mp); /* remove cache entries for this file sys */ > (kgdb) down 1 > #12 0xc058a4e0 in cache_purgevfs (mp=3D0xc4d77298) > at /usr/src/sys/kern/vfs_cache.c:622 > 622 for (ncp =3D LIST_FIRST(ncpp); ncp !=3D 0; ncp =3D nnp) { > (kgdb) p ncp > $9 =3D (struct namecache *) 0x4 > (kgdb) p ncpp > $10 =3D (struct nchashhead *) 0xc4c7aa98 > (kgdb) down 1 > #11 0xc06b8b1a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 > 139 call trap > Current language: auto; currently asm > (kgdb) down 1 > #10 0xc06cb3f1 in trap (frame=3D > {tf_fs =3D 8, tf_es =3D 40, tf_ds =3D 40, tf_edi =3D -381330360, tf_esi = =3D > -993547624, tf_ebp =3D -381330344, tf_isp =3D -381330380, tf_ebx =3D 0, t= f_edx > =3D -992513384, tf_ecx =3D 4, tf_eax =3D -950651024, tf_trapno =3D 12, tf= _err =3D > 0, tf_eip =3D -1067932448, tf_cs =3D 32, tf_eflags =3D 590338, tf_esp =3D= 0, > tf_ss =3D -992305712}) > at /usr/src/sys/i386/i386/trap.c:435 > 435 (void) trap_pfault(&frame, FALSE, eva); > Current language: auto; currently c > (kgdb) p frame > $11 =3D {tf_fs =3D 8, tf_es =3D 40, tf_ds =3D 40, tf_edi =3D -381330360, > tf_esi =3D -993547624, tf_ebp =3D -381330344, tf_isp =3D -381330380, tf_e= bx =3D 0, > tf_edx =3D -992513384, tf_ecx =3D 4, tf_eax =3D -950651024, tf_trapno =3D= 12, > tf_err =3D 0, tf_eip =3D -1067932448, tf_cs =3D 32, tf_eflags =3D 590338, > tf_esp =3D 0, tf_ss =3D -992305712} > (kgdb) p eva > $12 =3D 4 > (kgdb) down 1 > #9 0xc06cb7d7 in trap_pfault (frame=3D0xe9455c08, usermode=3D0, eva=3D4) > at /usr/src/sys/i386/i386/trap.c:745 > 745 trap_fatal(frame, eva); > (kgdb) down 1 > #8 0xc06cba6c in trap_fatal (frame=3D0xe9455c08, eva=3D4) > at /usr/src/sys/i386/i386/trap.c:828 > 828 if (kdb_trap(type, 0, frame)) { > (kgdb) p type > $13 =3D 12 > (kgdb) down 1 > #7 0xc0556a2b in kdb_trap (type=3D12, code=3D0, tf=3D0xe9455c08) > at /usr/src/sys/kern/subr_kdb.c:473 > 473 handled =3D kdb_dbbe->dbbe_trap(type, code); > (kgdb) p kdb_dbbe > $14 =3D (struct kdb_dbbe *) 0xc072f0e0 > (kgdb) p kdb_dbbe->dbbe_trap > $15 =3D (dbbe_trap_f *) 0xc04551ac <db_trap> > (kgdb) p type > $16 =3D 12 > (kgdb) p code > $17 =3D 0 > (kgdb) down 1 > #6 0xc0455291 in db_trap (type=3D12, code=3D0) at > /usr/src/sys/ddb/db_main.c:222 > 222 db_command_loop(); > (kgdb) down 1 > #5 0xc045367c in db_command_loop () at /usr/src/sys/ddb/db_command.c:458 > 458 db_command(&db_last_command, db_command_table, > (kgdb) p &db_last_command > $18 =3D (struct command **) 0xc0766784 > (kgdb) p db_command_table > $19 =3D {{name =3D 0xc0726d8d "print", fcn =3D 0xc0453e44 <db_print_cmd>,= flag > =3D 0, > more =3D 0x0}, {name =3D 0xc0707446 "p", fcn =3D 0xc0453e44 <db_print_cmd= >, > flag =3D 0, more =3D 0x0}, {name =3D 0xc06f521d "examine", > fcn =3D 0xc0453b74 <db_examine_cmd>, flag =3D 256, more =3D 0x0}, { > name =3D 0xc06f3248 "x", fcn =3D 0xc0453b74 <db_examine_cmd>, flag =3D 25= 6, > more =3D 0x0}, {name =3D 0xc06f5225 "search", > fcn =3D 0xc0453f44 <db_search_cmd>, flag =3D 257, more =3D 0x0}, { > name =3D 0xc06fc7c7 "set", fcn =3D 0xc0456d98 <db_set_cmd>, flag =3D 1, > more =3D 0x0}, {name =3D 0xc071c1dc "write", fcn =3D 0xc045714c <db_write= _cmd>, > flag =3D 258, more =3D 0x0}, {name =3D 0xc070470c "w", > fcn =3D 0xc045714c <db_write_cmd>, flag =3D 258, more =3D 0x0}, { > name =3D 0xc0711df9 "delete", fcn =3D 0xc045312c <db_delete_cmd>, flag = =3D 0, > more =3D 0x0}, {name =3D 0xc06f3296 "d", fcn =3D 0xc045312c <db_delete_cm= d>, > flag =3D 0, more =3D 0x0}, {name =3D 0xc06f522c "break", > fcn =3D 0xc0453144 <db_breakpoint_cmd>, flag =3D 0, more =3D 0x0}, { > name =3D 0xc06f5232 "dwatch", fcn =3D 0xc0457014 <db_deletewatch_cmd>, > flag =3D 0, more =3D 0x0}, {name =3D 0xc06f5233 "watch", > fcn =3D 0xc045702c <db_watchpoint_cmd>, flag =3D 2, more =3D 0x0}, { > name =3D 0xc06f5239 "dhwatch", fcn =3D 0xc04570e4 <db_deletehwatch_cmd>, > flag =3D 0, more =3D 0x0}, {name =3D 0xc06f523a "hwatch", > fcn =3D 0xc0457118 <db_hwatchpoint_cmd>, flag =3D 0, more =3D 0x0}, { > name =3D 0xc0721ca0 "step", fcn =3D 0xc0456438 <db_single_step_cmd>, flag= =3D 0, > more =3D 0x0}, {name =3D 0xc06f55e4 "s", > fcn =3D 0xc0456438 <db_single_step_cmd>, flag =3D 0, more =3D 0x0}, { > name =3D 0xc06f5241 "continue", fcn =3D 0xc045653c <db_continue_cmd>, > flag =3D 0, more =3D 0x0}, {name =3D 0xc0713305 "c", > fcn =3D 0xc045653c <db_continue_cmd>, flag =3D 0, more =3D 0x0}, { > name =3D 0xc06f524a "until", fcn =3D 0xc04564a0 <db_trace_until_call_cmd>= , > flag =3D 0, more =3D 0x0}, {name =3D 0xc06f5250 "next", > fcn =3D 0xc04564e8 <db_trace_until_matching_cmd>, flag =3D 0, more =3D 0x= 0}, { > name =3D 0xc070d7da "match", fcn =3D 0xc04564e8 <db_trace_until_matching_= cmd>, > flag =3D 0, more =3D 0x0}, {name =3D 0xc070882b "trace", > fcn =3D 0xc0453a4c <db_stack_trace>, flag =3D 1, more =3D 0x0}, { > name =3D 0xc06f5255 "alltrace", fcn =3D 0xc0453b20 <db_stack_trace_all>, > flag =3D 0, more =3D 0x0}, {name =3D 0xc07249cf "where", > fcn =3D 0xc0453a4c <db_stack_trace>, flag =3D 1, more =3D 0x0}, { > name =3D 0xc06f525e "bt", fcn =3D 0xc0453a4c <db_stack_trace>, flag =3D 1= , > more =3D 0x0}, {name =3D 0xc071aa99 "call", fcn =3D 0xc04536b0 <db_fncall= >, > flag =3D 1, more =3D 0x0}, {name =3D 0xc06f5261 "show", fcn =3D 0, flag = =3D 0, > more =3D 0xc072edc0}, {name =3D 0xc07126a2 "ps", fcn =3D 0xc0455784 <db_p= s>, > flag =3D 0, more =3D 0x0}, {name =3D 0xc06f5266 "gdb", > fcn =3D 0xc0453a18 <db_gdb>, flag =3D 0, more =3D 0x0}, { > name =3D 0xc06fc600 "reset", fcn =3D 0xc0453920 <db_reset>, flag =3D 0, > more =3D 0x0}, {name =3D 0xc06f526a "kill", fcn =3D 0xc04537d8 <db_kill>, > flag =3D 1, more =3D 0x0}, {name =3D 0xc06f526f "watchdog", > fcn =3D 0xc045392c <db_watchdog>, flag =3D 0, more =3D 0x0}, { > name =3D 0xc070887d "thread", fcn =3D 0xc0456a10 <db_set_thread>, flag = =3D 1, > more =3D 0x0}, {name =3D 0x0, fcn =3D 0, flag =3D 0, more =3D 0x0}} > (kgdb) down 1 > #4 0xc04535b4 in db_command (last_cmdp=3D0xc0766784, cmd_table=3D0x0, > aux_cmd_tablep=3D0xc0728e90, aux_cmd_tablep_end=3D0xc0728e94) > at /usr/src/sys/ddb/db_command.c:350 > 350 (*cmd->fcn)(addr, have_addr, count, modif); > (kgdb) p addr > $20 =3D -1067932448 > (kgdb) p have_addr > $21 =3D 0 > (kgdb) p count > $22 =3D -1 > (kgdb) p modif > $23 =3D > "\000ZEDj\214ZE\220ZE\211\a\000\000ZE\"LJ\000\000\000\000\000=A4\2005y\r\= 000\000\000\2005y\r\000\000\000\001\000\000\000=BBZE\213j=BBZEj\000@@\036wx= \000\000\000\200pv\f\000\000\000ZE<VE=A7p,SE\f\000\000\000\200pvJE"=20 > > (kgdb) down 1 > #3 0xc045361d in db_panic (addr=3D-1067932448, have_addr=3D0, count=3D-1, > modif=3D0xe9455a74 "") at /usr/src/sys/ddb/db_command.c:438 > 438 panic("from debugger"); > (kgdb) down 1 > #2 0xc053dbdc in panic (fmt=3D0xc06f5278 "from debugger") > at /usr/src/sys/kern/kern_shutdown.c:565 > 565 boot(bootopt); > (kgdb) p bootopt > $24 =3D 260 > (kgdb) down 1 > #1 0xc053d916 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:= 409 > 409 doadump(); > (kgdb) down 1 > #0 doadump () at pcpu.h:165 > 165 __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td)); > (kgdb) > > Some other info orequired - feel free to email me:) > Best regards, Slava. > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org= " > --0-2120122349-1186094388=:18327--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070802233804.G18327>