From owner-freebsd-stable@FreeBSD.ORG Sat Jan 1 18:10:13 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F35916A4CE for ; Sat, 1 Jan 2005 18:10:13 +0000 (GMT) Received: from av8-1-sn3.vrr.skanova.net (av8-1-sn3.vrr.skanova.net [81.228.9.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id D707E43D3F for ; Sat, 1 Jan 2005 18:10:11 +0000 (GMT) (envelope-from joel@automatvapen.se) Received: by av8-1-sn3.vrr.skanova.net (Postfix, from userid 502) id A417B37FAD; Sat, 1 Jan 2005 19:10:10 +0100 (CET) Received: from smtp3-1-sn3.vrr.skanova.net (smtp3-1-sn3.vrr.skanova.net [81.228.9.101]) by av8-1-sn3.vrr.skanova.net (Postfix) with ESMTP id 8A41B37F71 for ; Sat, 1 Jan 2005 19:10:10 +0100 (CET) Received: from t8o55p4.telia.com (t8o55p4.telia.com [81.225.220.124]) by smtp3-1-sn3.vrr.skanova.net (Postfix) with ESMTP id 80AC537E42 for ; Sat, 1 Jan 2005 19:10:07 +0100 (CET) From: Joel Dahl To: "freebsd-stable@freebsd.org" Content-Type: multipart/mixed; boundary="=-RpgTlD6jpYIXk2fyXbTf" Date: Sat, 01 Jan 2005 19:06:31 +0100 Message-Id: <1104602791.571.17.camel@dude.automatvapen.se> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 FreeBSD GNOME Team Port Subject: RELENG_5: Fatal trap 12: page fault while in kernel mode X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jan 2005 18:10:13 -0000 --=-RpgTlD6jpYIXk2fyXbTf Content-Type: text/plain Content-Transfer-Encoding: 7bit I got this when I tried to blank a CD with burncd, and I can reproduce it. Most of it is written by hand, and I'm no debugger guru, so here goes... This is RELENG_5, cvsup'ed and built today (dmesg is attached): # uname -a FreeBSD dude.automatvapen.se 5.3-STABLE FreeBSD 5.3-STABLE #0: Sat Jan 1 14:36:28 CET 2005 joel@dude.automatvapen.se:/usr/obj/usr/src/sys/WRK i386 # burncd -f /dev/acd0 blank fixate blanking CD - 100% done fixating CD, please wait.. kernel trap 12 with interrupts disabled Fatal trap 12: page fault while in kernel mode fault virtual address = 0xfffc fault code = supervisor read, page not present instruction pointer = 0x8:0xc052cb63 stack pointer = 0x10:0xd5453c08 frame pointer = 0x10:0xd5453c28 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = resume, IOPL = 0 current process = 6 (thread taskq) [thread 100047] Stopped at turnstile_wait+0xa3: movl 0(%edx),%eax db> trace turnstile_wait(0,c1c1c368,fffc,220,c1c1c368) at turnstile_wait+0xa3 _mtx_lock_sleep(c1c1c368,c1a3baf0,0,c06d246a,4f) at _mtx_lock_sleep +0x12c _mtx_lock_flags(c1c1c368,0,c06d246a,4f,1) at _mtx_lock_flags+0xbf _sema_post(c1c1c368,c06c1ac2,18b,c1a29c58) at _sema_post+0x2a ata_completed(c1c1c320,1,c06d524a,bd,c1a29c58) at ata_completed+0x44b taskqueue_run(c1a29c40,c1a29c58,5c,c06cc2f9,0) at taskqueue_run+0xb2 taskqueue_thread_loop(c0733148,d5453d48,c06cfc49,31f,c0733148) at taskqueue_thread_loop+0x3b fork_exit(c052b620,c0733148,d5453d48) at fork_exit+0xc6 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xd5453d7c, ebp = 0 --- db> show reg cs 0x8 ds 0x10 es 0x10 fs 0x18 ss 0x10 eax 0 ecx 0x1 edx 0xfffc ebx 0xc1c1c368 esp 0xd5453c08 ebp 0xd5453c28 esi 0xc1a3baf0 edi 0 eip 0xc052cb63 turnstile_wait+oxa3 efl 0x10006 dr0 0 dr1 0 dr2 0 dr3 0 dr4 0xffff0ff0 dr5 0x400 dr6 0xffff0ff0 dr7 0x400 turnstile_wait+0xa3: movl 0(%edx),%eax db> call doadump Dumping 511 MB panic: blockable sleep lock (sleep mutex) taskqueue @ /usr/src/sys/kern/subr_taskqueue.c:132 Uptime: 13:50s I reproduced the original panic again, and did this at the prompt: db> cont panic: blockable sleep lock (sleep mutex) process lock @ /usr/src/sys/i386/i386/ trap.c:699 KDB: enter: panic [thread 100047] Stopped at kdb_enter+0x30: leave db> call doadump Dumping 511 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 Dump complete 0xf db> reset So, kgdb gives me this: # kgdb kernel.debug vmcore.1 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "p s_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". doadump () at pcpu.h:159 (kgdb) bt #0 doadump () at pcpu.h:159 #1 0xc044e695 in db_fncall (dummy1=0, dummy2=0, dummy3=1999, dummy4=0xd5453928 "@ar@") at /usr/src/sys/ddb/db_command.c:531 #2 0xc044e412 in db_command (last_cmdp=0xc07258c4, cmd_table=0x0, aux_cmd_tablep=0xc06f19ec, aux_cmd_tablep_end=0xc06f19f0) at /usr/src/sys/ddb/db_command.c:349 #3 0xc044e51a in db_command_loop () at /usr/src/sys/ddb/db_command.c:455 #4 0xc0450515 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:221 #5 0xc0523bf7 in kdb_trap (type=0, code=0, tf=0xd5453a74) at /usr/src/sys/kern/subr_kdb.c:418 #6 0xc0694a8a in trap (frame= {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 1, tf_esi = -1066575188, tf_ebp = -716883268, tf_isp = -716883296, tf_ebx = -7168832 at /usr/src/sys/i386/i386/trap.c:576 #7 0xc0682c1a in calltrap () at /usr/src/sys/i386/i386/exception.s:140 #8 0x00000018 in ?? () #9 0x00000010 in ?? () #10 0x00000010 in ?? () #11 0x00000001 in ?? () #12 0xc06d5aac in ?? () #13 0xd5453abc in ?? () #14 0xd5453aa0 in ?? () #15 0xd5453af4 in ?? () #16 0x00000001 in ?? () #17 0xc1015000 in ?? () #18 0x00000012 in ?? () #19 0x00000003 in ?? () #20 0x00000000 in ?? () #21 0xc0523900 in kdb_enter (msg=0x0) at cpufunc.h:56 #22 0xc050874c in panic ( fmt=0xc06d5aac "blockable sleep lock (%s) %s @ %s:%d") at /usr/src/sys/kern/kern_shutdown.c:550 #23 0xc052e03e in witness_checkorder (lock=0xc1a3a3f4, flags=9, file=0xc06ec8d0 "/usr/src/sys/i386/i386/trap.c", line=699) at /usr/src/sys/kern/subr_witness.c:714 #24 0xc04fe57a in _mtx_lock_flags (m=0xc1a3a3f4, opts=0, file=0xc06ec8d0 "/usr/src/sys/i386/i386/trap.c", line=699) at /usr/src/sys/kern/kern_mutex.c:271 #25 0xc0694c11 in trap_pfault (frame=0xd5453bc8, usermode=0, eva=65532) at /usr/src/sys/i386/i386/trap.c:699 #26 0xc069490d in trap (frame= {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = -1046234384, tf_ebp = -716882904, tf_isp = -716882956, tf_ebx = -1044264 at /usr/src/sys/i386/i386/trap.c:417 #27 0xc0682c1a in calltrap () at /usr/src/sys/i386/i386/exception.s:140 #28 0x00000018 in ?? () #29 0x00000010 in ?? () #30 0x00000010 in ?? () #31 0x00000000 in ?? () #32 0xc1a3baf0 in ?? () #33 0xd5453c28 in ?? () #34 0xd5453bf4 in ?? () #35 0xc1c1c818 in ?? () #36 0x0000fffc in ?? () #37 0x00000001 in ?? () #38 0x00000000 in ?? () #39 0x0000000c in ?? () #40 0x00000000 in ?? () #41 0xc052cb63 in turnstile_wait (ts=0x0, lock=0xc1c1c818, owner=0xfffc) at /usr/src/sys/kern/subr_turnstile.c:480 #42 0xc04fea8c in _mtx_lock_sleep (m=0xc1c1c818, td=0xc1a3baf0, opts=0, file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:560 #43 0xc04fe5af in _mtx_lock_flags (m=0xc1c1c818, opts=0, file=0xc06d246a "/usr/src/sys/kern/kern_sema.c", line=79) at /usr/src/sys/kern/kern_mutex.c:273 #44 0xc05078aa in _sema_post (sema=0xc1c1c818, file=0xc06c1ac2 "/usr/src/sys/dev/ata/ata-queue.c", line=395) at /usr/src/sys/kern/kern_sema.c:79 #45 0xc0454c7b in ata_completed (context=0xc1c1c7d0, dummy=1) at /usr/src/sys/dev/ata/ata-queue.c:395 #46 0xc052b542 in taskqueue_run (queue=0xc1a29c40) at /usr/src/sys/kern/subr_taskqueue.c:191 #47 0xc052b65b in taskqueue_thread_loop (arg=0x0) at /usr/src/sys/kern/subr_taskqueue.c:237 #48 0xc04f0e36 in fork_exit (callout=0xc052b620 , arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:807 #49 0xc0682c7c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209 -- Joel --=-RpgTlD6jpYIXk2fyXbTf Content-Disposition: attachment; filename=dmesg Content-Type: text/plain; name=dmesg; charset=us-ascii Content-Transfer-Encoding: 7bit Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.3-STABLE #0: Sat Jan 1 14:36:28 CET 2005 joel@dude.automatvapen.se:/usr/obj/usr/src/sys/WRK WARNING: WITNESS option enabled, expect reduced performance. mptable_probe: MP Config Table has bad signature: \^E\^G ACPI APIC Table: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: AMD Athlon(tm) XP 3000+ (2162.75-MHz 686-class CPU) Origin = "AuthenticAMD" Id = 0x6a0 Stepping = 0 Features=0x383fbff AMD Features=0xc0400000 real memory = 536805376 (511 MB) avail memory = 515629056 (491 MB) ioapic0 irqs 0-23 on motherboard npx0: [FAST] npx0: on motherboard npx0: INT 16 interface acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0 cpu0: on acpi0 acpi_button0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 agp0: mem 0xe0000000-0xe3ffffff at device 0.0 on pci0 pci0: at device 0.1 (no driver attached) pci0: at device 0.2 (no driver attached) pci0: at device 0.3 (no driver attached) pci0: at device 0.4 (no driver attached) pci0: at device 0.5 (no driver attached) isab0: at device 1.0 on pci0 isa0: on isab0 pci0: at device 1.1 (no driver attached) ohci0: mem 0xe8003000-0xe8003fff irq 22 at device 2.0 on pci0 ohci0: [GIANT-LOCKED] usb0: OHCI version 1.0, legacy support usb0: on ohci0 usb0: USB revision 1.0 uhub0: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ulpt0: hp deskjet 5550, rev 2.00/1.00, addr 2, iclass 7/1 ulpt0: using bi-directional mode ohci1: mem 0xe8004000-0xe8004fff irq 21 at device 2.1 on pci0 ohci1: [GIANT-LOCKED] usb1: OHCI version 1.0, legacy support usb1: on ohci1 usb1: USB revision 1.0 uhub1: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered ums0: Microsoft Microsoft 5-Button Mouse with IntelliEye(TM), rev 1.10/3.00, addr 2, iclass 3/1 ums0: 5 buttons and Z dir. pci0: at device 2.2 (no driver attached) pci0: at device 4.0 (no driver attached) pcm0: port 0xb400-0xb47f,0xb000-0xb0ff mem 0xe8001000-0xe8001fff irq 21 at device 6.0 on pci0 pcm0: [GIANT-LOCKED] pcm0: pcib1: at device 8.0 on pci0 pci1: on pcib1 fxp0: port 0x9000-0x903f mem 0xe7000000-0xe701ffff,0xe7020000-0xe7020fff irq 17 at device 9.0 on pci1 miibus0: on fxp0 inphy0: on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp0: Ethernet address: 00:02:b3:d6:fd:4b atapci0: port 0xf000-0xf00f,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 9.0 on pci0 ata0: channel #0 on atapci0 ata1: channel #1 on atapci0 pcib2: at device 30.0 on pci0 pci2: on pcib2 pci2: at device 0.0 (no driver attached) pci2: at device 0.1 (no driver attached) sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A ppc0: port 0x778-0x77b,0x378-0x37f irq 7 drq 3 on acpi0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/16 bytes threshold ppbus0: on ppc0 plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 atkbdc0: port 0x64,0x60 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] orm0: at iomem 0xd2000-0xd37ff,0xd0000-0xd17ff,0xc0000-0xccfff on isa0 pmtimer0 on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Timecounter "TSC" frequency 2162746483 Hz quality 800 Timecounters tick every 10.000 msec ad0: 76319MB [155061/16/63] at ata0-master UDMA100 ad1: 117246MB [238216/16/63] at ata0-slave UDMA133 acd0: DVDR at ata1-master UDMA33 Mounting root from ufs:/dev/ad0s2a --=-RpgTlD6jpYIXk2fyXbTf--