Date: Sat, 01 Jan 2005 19:06:31 +0100 From: Joel Dahl <joel@automatvapen.se> To: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: RELENG_5: Fatal trap 12: page fault while in kernel mode Message-ID: <1104602791.571.17.camel@dude.automatvapen.se>
next in thread | raw e-mail | index | archive | help
--=-RpgTlD6jpYIXk2fyXbTf
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
I got this when I tried to blank a CD with burncd, and I can reproduce
it. Most of it is written by hand, and I'm no debugger guru, so here
goes...
This is RELENG_5, cvsup'ed and built today (dmesg is attached):
# uname -a
FreeBSD dude.automatvapen.se 5.3-STABLE FreeBSD 5.3-STABLE #0:
Sat Jan 1 14:36:28 CET 2005
joel@dude.automatvapen.se:/usr/obj/usr/src/sys/WRK i386
# burncd -f /dev/acd0 blank fixate
blanking CD - 100% done
fixating CD, please wait..
kernel trap 12 with interrupts disabled
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xfffc
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc052cb63
stack pointer = 0x10:0xd5453c08
frame pointer = 0x10:0xd5453c28
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = resume, IOPL = 0
current process = 6 (thread taskq)
[thread 100047]
Stopped at turnstile_wait+0xa3: movl 0(%edx),%eax
db> trace
turnstile_wait(0,c1c1c368,fffc,220,c1c1c368) at turnstile_wait+0xa3
_mtx_lock_sleep(c1c1c368,c1a3baf0,0,c06d246a,4f) at _mtx_lock_sleep
+0x12c
_mtx_lock_flags(c1c1c368,0,c06d246a,4f,1) at _mtx_lock_flags+0xbf
_sema_post(c1c1c368,c06c1ac2,18b,c1a29c58) at _sema_post+0x2a
ata_completed(c1c1c320,1,c06d524a,bd,c1a29c58) at ata_completed+0x44b
taskqueue_run(c1a29c40,c1a29c58,5c,c06cc2f9,0) at taskqueue_run+0xb2
taskqueue_thread_loop(c0733148,d5453d48,c06cfc49,31f,c0733148) at
taskqueue_thread_loop+0x3b
fork_exit(c052b620,c0733148,d5453d48) at fork_exit+0xc6
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xd5453d7c, ebp = 0 ---
db> show reg
cs 0x8
ds 0x10
es 0x10
fs 0x18
ss 0x10
eax 0
ecx 0x1
edx 0xfffc
ebx 0xc1c1c368
esp 0xd5453c08
ebp 0xd5453c28
esi 0xc1a3baf0
edi 0
eip 0xc052cb63 turnstile_wait+oxa3
efl 0x10006
dr0 0
dr1 0
dr2 0
dr3 0
dr4 0xffff0ff0
dr5 0x400
dr6 0xffff0ff0
dr7 0x400
turnstile_wait+0xa3: movl 0(%edx),%eax
db> call doadump
Dumping 511 MB
panic: blockable sleep lock (sleep mutex) taskqueue
@ /usr/src/sys/kern/subr_taskqueue.c:132
Uptime: 13:50s
I reproduced the original panic again, and did this at the prompt:
db> cont
panic: blockable sleep lock (sleep mutex) process lock
@ /usr/src/sys/i386/i386/
trap.c:699
KDB: enter: panic
[thread 100047]
Stopped at kdb_enter+0x30: leave
db> call doadump
Dumping 511 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304
320 336 352 368 384 400 416 432 448 464 480 496
Dump complete
0xf
db> reset
So, kgdb gives me this:
# kgdb kernel.debug vmcore.1
[GDB will not be able to debug user-mode
threads: /usr/lib/libthread_db.so: Undefined symbol "p
s_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-marcel-freebsd".
doadump () at pcpu.h:159
(kgdb) bt
#0 doadump () at pcpu.h:159
#1 0xc044e695 in db_fncall (dummy1=0, dummy2=0, dummy3=1999,
dummy4=0xd5453928 "@ar@") at /usr/src/sys/ddb/db_command.c:531
#2 0xc044e412 in db_command (last_cmdp=0xc07258c4, cmd_table=0x0,
aux_cmd_tablep=0xc06f19ec, aux_cmd_tablep_end=0xc06f19f0)
at /usr/src/sys/ddb/db_command.c:349
#3 0xc044e51a in db_command_loop ()
at /usr/src/sys/ddb/db_command.c:455
#4 0xc0450515 in db_trap (type=3, code=0)
at /usr/src/sys/ddb/db_main.c:221
#5 0xc0523bf7 in kdb_trap (type=0, code=0, tf=0xd5453a74)
at /usr/src/sys/kern/subr_kdb.c:418
#6 0xc0694a8a in trap (frame=
{tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 1, tf_esi =
-1066575188, tf_ebp = -716883268, tf_isp = -716883296, tf_ebx = -7168832
at /usr/src/sys/i386/i386/trap.c:576
#7 0xc0682c1a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
#8 0x00000018 in ?? ()
#9 0x00000010 in ?? ()
#10 0x00000010 in ?? ()
#11 0x00000001 in ?? ()
#12 0xc06d5aac in ?? ()
#13 0xd5453abc in ?? ()
#14 0xd5453aa0 in ?? ()
#15 0xd5453af4 in ?? ()
#16 0x00000001 in ?? ()
#17 0xc1015000 in ?? ()
#18 0x00000012 in ?? ()
#19 0x00000003 in ?? ()
#20 0x00000000 in ?? ()
#21 0xc0523900 in kdb_enter (msg=0x0) at cpufunc.h:56
#22 0xc050874c in panic (
fmt=0xc06d5aac "blockable sleep lock (%s) %s @ %s:%d")
at /usr/src/sys/kern/kern_shutdown.c:550
#23 0xc052e03e in witness_checkorder (lock=0xc1a3a3f4, flags=9,
file=0xc06ec8d0 "/usr/src/sys/i386/i386/trap.c", line=699)
at /usr/src/sys/kern/subr_witness.c:714
#24 0xc04fe57a in _mtx_lock_flags (m=0xc1a3a3f4, opts=0,
file=0xc06ec8d0 "/usr/src/sys/i386/i386/trap.c", line=699)
at /usr/src/sys/kern/kern_mutex.c:271
#25 0xc0694c11 in trap_pfault (frame=0xd5453bc8, usermode=0, eva=65532)
at /usr/src/sys/i386/i386/trap.c:699
#26 0xc069490d in trap (frame=
{tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi =
-1046234384, tf_ebp = -716882904, tf_isp = -716882956, tf_ebx = -1044264
at /usr/src/sys/i386/i386/trap.c:417
#27 0xc0682c1a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
#28 0x00000018 in ?? ()
#29 0x00000010 in ?? ()
#30 0x00000010 in ?? ()
#31 0x00000000 in ?? ()
#32 0xc1a3baf0 in ?? ()
#33 0xd5453c28 in ?? ()
#34 0xd5453bf4 in ?? ()
#35 0xc1c1c818 in ?? ()
#36 0x0000fffc in ?? ()
#37 0x00000001 in ?? ()
#38 0x00000000 in ?? ()
#39 0x0000000c in ?? ()
#40 0x00000000 in ?? ()
#41 0xc052cb63 in turnstile_wait (ts=0x0, lock=0xc1c1c818, owner=0xfffc)
at /usr/src/sys/kern/subr_turnstile.c:480
#42 0xc04fea8c in _mtx_lock_sleep (m=0xc1c1c818, td=0xc1a3baf0, opts=0,
file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:560
#43 0xc04fe5af in _mtx_lock_flags (m=0xc1c1c818, opts=0,
file=0xc06d246a "/usr/src/sys/kern/kern_sema.c", line=79)
at /usr/src/sys/kern/kern_mutex.c:273
#44 0xc05078aa in _sema_post (sema=0xc1c1c818,
file=0xc06c1ac2 "/usr/src/sys/dev/ata/ata-queue.c", line=395)
at /usr/src/sys/kern/kern_sema.c:79
#45 0xc0454c7b in ata_completed (context=0xc1c1c7d0, dummy=1)
at /usr/src/sys/dev/ata/ata-queue.c:395
#46 0xc052b542 in taskqueue_run (queue=0xc1a29c40)
at /usr/src/sys/kern/subr_taskqueue.c:191
#47 0xc052b65b in taskqueue_thread_loop (arg=0x0)
at /usr/src/sys/kern/subr_taskqueue.c:237
#48 0xc04f0e36 in fork_exit (callout=0xc052b620
<taskqueue_thread_loop>,
arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:807
#49 0xc0682c7c in fork_trampoline ()
at /usr/src/sys/i386/i386/exception.s:209
--
Joel
--=-RpgTlD6jpYIXk2fyXbTf
Content-Disposition: attachment; filename=dmesg
Content-Type: text/plain; name=dmesg; charset=us-ascii
Content-Transfer-Encoding: 7bit
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.3-STABLE #0: Sat Jan 1 14:36:28 CET 2005
joel@dude.automatvapen.se:/usr/obj/usr/src/sys/WRK
WARNING: WITNESS option enabled, expect reduced performance.
mptable_probe: MP Config Table has bad signature: \^E\^G
ACPI APIC Table: <Nvidia AWRDACPI>
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: AMD Athlon(tm) XP 3000+ (2162.75-MHz 686-class CPU)
Origin = "AuthenticAMD" Id = 0x6a0 Stepping = 0
Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
AMD Features=0xc0400000<AMIE,DSP,3DNow!>
real memory = 536805376 (511 MB)
avail memory = 515629056 (491 MB)
ioapic0 <Version 1.1> irqs 0-23 on motherboard
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <Nvidia AWRDACPI> on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
agp0: <NVIDIA nForce2 AGP Controller> mem 0xe0000000-0xe3ffffff at device 0.0 on pci0
pci0: <memory, RAM> at device 0.1 (no driver attached)
pci0: <memory, RAM> at device 0.2 (no driver attached)
pci0: <memory, RAM> at device 0.3 (no driver attached)
pci0: <memory, RAM> at device 0.4 (no driver attached)
pci0: <memory, RAM> at device 0.5 (no driver attached)
isab0: <PCI-ISA bridge> at device 1.0 on pci0
isa0: <ISA bus> on isab0
pci0: <serial bus, SMBus> at device 1.1 (no driver attached)
ohci0: <OHCI (generic) USB controller> mem 0xe8003000-0xe8003fff irq 22 at device 2.0 on pci0
ohci0: [GIANT-LOCKED]
usb0: OHCI version 1.0, legacy support
usb0: <OHCI (generic) USB controller> on ohci0
usb0: USB revision 1.0
uhub0: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ulpt0: hp deskjet 5550, rev 2.00/1.00, addr 2, iclass 7/1
ulpt0: using bi-directional mode
ohci1: <OHCI (generic) USB controller> mem 0xe8004000-0xe8004fff irq 21 at device 2.1 on pci0
ohci1: [GIANT-LOCKED]
usb1: OHCI version 1.0, legacy support
usb1: <OHCI (generic) USB controller> on ohci1
usb1: USB revision 1.0
uhub1: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
ums0: Microsoft Microsoft 5-Button Mouse with IntelliEye(TM), rev 1.10/3.00, addr 2, iclass 3/1
ums0: 5 buttons and Z dir.
pci0: <serial bus, USB> at device 2.2 (no driver attached)
pci0: <network, ethernet> at device 4.0 (no driver attached)
pcm0: <nVidia nForce2> port 0xb400-0xb47f,0xb000-0xb0ff mem 0xe8001000-0xe8001fff irq 21 at device 6.0 on pci0
pcm0: [GIANT-LOCKED]
pcm0: <Avance Logic ALC650 AC97 Codec>
pcib1: <ACPI PCI-PCI bridge> at device 8.0 on pci0
pci1: <ACPI PCI bus> on pcib1
fxp0: <Intel 82550 Pro/100 Ethernet> port 0x9000-0x903f mem 0xe7000000-0xe701ffff,0xe7020000-0xe7020fff irq 17 at device 9.0 on pci1
miibus0: <MII bus> on fxp0
inphy0: <i82555 10/100 media interface> on miibus0
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: Ethernet address: 00:02:b3:d6:fd:4b
atapci0: <nVidia nForce2 UDMA133 controller> port 0xf000-0xf00f,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 9.0 on pci0
ata0: channel #0 on atapci0
ata1: channel #1 on atapci0
pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pci2: <display, VGA> at device 0.0 (no driver attached)
pci2: <display> at device 0.1 (no driver attached)
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
ppc0: <ECP parallel printer port> port 0x778-0x77b,0x378-0x37f irq 7 drq 3 on acpi0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/16 bytes threshold
ppbus0: <Parallel port bus> on ppc0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
orm0: <ISA Option ROMs> at iomem 0xd2000-0xd37ff,0xd0000-0xd17ff,0xc0000-0xccfff on isa0
pmtimer0 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 2162746483 Hz quality 800
Timecounters tick every 10.000 msec
ad0: 76319MB <ST380023A/3.53> [155061/16/63] at ata0-master UDMA100
ad1: 117246MB <Maxtor 6Y120P0/YAR41BW0> [238216/16/63] at ata0-slave UDMA133
acd0: DVDR <NEC DVD RW ND-3500AG/2.16> at ata1-master UDMA33
Mounting root from ufs:/dev/ad0s2a
--=-RpgTlD6jpYIXk2fyXbTf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1104602791.571.17.camel>