Site Navigation

Date:      Thu, 1 Feb 2007 13:23:30 +0200
From:      Kostik Belousov <kostikbel@gmail.com>
To:        Henri Hennebert <hlh@restart.be>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: 6.2-RELEASE - Fatal trap 12 - nvidia driver ?
Message-ID:  <20070201112330.GG56152@deviant.kiev.zoral.com.ua>
In-Reply-To: <45C1C365.7020106@restart.be>
References:  <45C1C365.7020106@restart.be>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--APlYHCtpeOhspHkB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Feb 01, 2007 at 11:39:33AM +0100, Henri Hennebert wrote:
> Hello,
>=20
> I experience Fatal trap 12 when I shutdown if I have run the X server=20
> (with nvidia driver 1.0.9746). This crash happen 4/5 of the time. It is=
=20
> in devfs_populate_loop() in devfs.c. I don't have the vmcore anymore :-/.
>=20
> To look futher, I add options INVARIANTS (and INVARIANT_SUPPORT) and now=
=20
> the crash happen when I start the X server (startxfce4) when the splash=
=20
> screen is dispayed.
>=20
> The loaded modules are:
>=20
> [root@morzine ~]# kldstat
> Id Refs Address    Size     Name
>  1   15 0xc0400000 40ccc0   kernel
>  2    1 0xc080d000 42e8     if_tap.ko
>  3    1 0xc0812000 2cbc     ng_ether.ko
>  4    2 0xc0815000 c83c     netgraph.ko
>  5    2 0xc0822000 3d604    sound.ko
>  6    1 0xc0860000 4f7c     acpi_video.ko
>  7    2 0xc0865000 59f5c    acpi.ko
>  8    1 0xc08bf000 6d2b2c   nvidia.ko
>  9    1 0xc0f92000 10340    snd_hda.ko
> 10    1 0xc6fe7000 2000     accf_http.ko
> 11    1 0xc703f000 3000     daemon_saver.ko
>=20
>=20
> sound.ka and snd_hda.ko are from http://people.freebsd.org/~ariff/.
>=20
> The chash informations:
>=20
> [root@morzine MORZINE_INVARIANTS]# kgdb kernel.debug /backup/crash/vmcore=
.8
> [GDB will not be able to debug user-mode threads:=20
> /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you =
are
> welcome to change it and/or distribute copies of it under certain=20
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for detail=
s.
> This GDB was configured as "i386-marcel-freebsd".
>=20
> Unread portion of the kernel message buffer:
>=20
>=20
> Fatal trap 12: page fault while in kernel mode
> cpuid =3D 1; apic id =3D 01
> fault virtual address   =3D 0xdeadc0de
> fault code              =3D supervisor read, page not present
> instruction pointer     =3D 0x20:0xc04c8aa3
> stack pointer           =3D 0x28:0xe91a783c
> frame pointer           =3D 0x28:0xe91a7858
> code segment            =3D base 0x0, limit 0xfffff, type 0x1b
>                         =3D DPL 0, pres 1, def32 1, gran 1
> processor eflags        =3D interrupt enabled, resume, IOPL =3D 3
> current process         =3D 1093 (Xorg)
> trap number             =3D 12
> panic: page fault
> cpuid =3D 0
> KDB: stack backtrace:
> kdb_backtrace(100,c6ec2780,28,e91a77fc,c,...) at kdb_backtrace+0x29
> panic(c06af91d,c06e7c67,0,fffff,c09b,...) at panic+0x114
> trap_fatal(e91a77fc,deadc0de,c6ec2780,c1462000,deadc000,...) at=20
> trap_fatal+0x2ce
> trap_pfault(e91a77fc,0,deadc0de) at trap_pfault+0x187
> trap(8,e91a0028,28,c7245900,c72d6980,...) at trap+0x341
> calltrap() at calltrap+0x5
> --- trap 0xc, eip =3D 0xc04c8aa3, esp =3D 0xe91a783c, ebp =3D 0xe91a7858 =
---
> devfs_populate_loop(c6b9a500,0) at devfs_populate_loop+0x7b
> devfs_populate(c6b9a500,c6bb6b1c,b7,c6ce8005,0,...) at devfs_populate+0x32
> devfs_lookupx(e91a79c4,e91a795c,c6b9a514,c06bbb19,299) at=20
> devfs_lookupx+0x1db
> devfs_lookup(e91a79c4) at devfs_lookup+0x3b
> VOP_LOOKUP_APV(c06fc1c0,e91a79c4) at VOP_LOOKUP_APV+0x87
> lookup(e91a7bcc) at lookup+0x4d9
> namei(e91a7bcc) at namei+0x3be
> vn_open_cred(e91a7bcc,e91a7ccc,c0,c6ffb900,e,...) at vn_open_cred+0x277
> vn_open(e91a7bcc,e91a7ccc,c0,e) at vn_open+0x1e
> kern_open(c6ec2780,bfbfe2c0,0,3,bfbfe2c0,...) at kern_open+0xe1
> open(c6ec2780,e91a7d04) at open+0x1a
> syscall(3b,872003b,bfbf003b,0,8202000,...) at syscall+0x247
> Xint0x80_syscall() at Xint0x80_syscall+0x1f
> --- syscall (5, FreeBSD ELF32, open), eip =3D 0x282ba4b3, esp =3D=20
> 0xbfbfe27c, ebp =3D 0xbfbfe358 ---
> Uptime: 2m4s
> Dumping 2046 MB (2 chunks)
>   chunk 0: 1MB (158 pages) ... ok
>   chunk 1: 2046MB (523760 pages) 2030 2014 1998 1982 1966 1950 1934=20
> 1918 1902 1886 1870 1854 1838 1822 1806 1790 1774 1758 1742 1726 1710=20
> 1694 1678 1662 1646 1630 1614 1598 1582 1566 1550 1534 1518 1502 1486=20
> 1470 1454 1438 1422 1406 1390 1374 1358 1342 1326 1310 1294 1278 1262=20
> 1246 1230 1214 1198 1182 1166 1150 1134 1118 1102 1086 1070 1054 1038=20
> 1022 1006 990 974 958 942 926 910 894 878 862 846 830 814 798 782 766=20
> 750 734 718 702 686 670 654 638 622 606 590 574 558 542 526 510 494 478=
=20
> 462 446 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190=
=20
> 174 158 142 126 110 94 78 62 46 30 14
>=20
> #0  doadump () at pcpu.h:165
> 165             __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td));
> (kgdb) bt
> #0  doadump () at pcpu.h:165
> #1  0xc051fbf0 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c=
:409
> #2  0xc051ff05 in panic (fmt=3D0xc06af91d "%s") at=20
> /usr/src/sys/kern/kern_shutdown.c:565
> #3  0xc0683ae2 in trap_fatal (frame=3D0xe91a77fc, eva=3D3735929054)
>     at /usr/src/sys/i386/i386/trap.c:837
> #4  0xc06837eb in trap_pfault (frame=3D0xe91a77fc, usermode=3D0, eva=3D37=
35929054)
>     at /usr/src/sys/i386/i386/trap.c:745
> #5  0xc0683435 in trap (frame=3D
>       {tf_fs =3D 8, tf_es =3D -384171992, tf_ds =3D 40, tf_edi =3D -95391=
9232,=20
> tf_esi =3D -953325184, tf_ebp =3D -384141224, tf_isp =3D -384141272, tf_e=
bx =3D=20
> 0, tf_edx =3D -559038242, tf_ecx =3D -1066230976, tf_eax =3D 0, tf_trapno=
 =3D=20
> 12, tf_err =3D 0, tf_eip =3D -1068725597, tf_cs =3D 32, tf_eflags =3D 217=
5511,=20
> tf_esp =3D -1066641139, tf_ss =3D 353}) at /usr/src/sys/i386/i386/trap.c:=
435
> #6  0xc06703ea in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #7  0xc04c8aa3 in devfs_populate_loop (dm=3D0xc6b9a500, cleanup=3D0)
>     at /usr/src/sys/fs/devfs/devfs_devs.c:370
> #8  0xc04c8dea in devfs_populate (dm=3D0xc6b9a500) at=20
> /usr/src/sys/fs/devfs/devfs_devs.c:486
> #9  0xc04cac33 in devfs_lookupx (ap=3D0x0, dm_unlock=3D0xe91a795c)
>     at /usr/src/sys/fs/devfs/devfs_vnops.c:586
> #10 0xc04caff3 in devfs_lookup (ap=3D0xe91a79c4) at=20
> /usr/src/sys/fs/devfs/devfs_vnops.c:666
> #11 0xc06943a7 in VOP_LOOKUP_APV (vop=3D0xc06fc1c0, a=3D0xe91a79c4) at=20
> vnode_if.c:99
> #12 0xc056c70d in lookup (ndp=3D0xe91a7bcc) at vnode_if.h:56
> #13 0xc056bfd2 in namei (ndp=3D0xe91a7bcc) at=20
> /usr/src/sys/kern/vfs_lookup.c:211
> #14 0xc057e3df in vn_open_cred (ndp=3D0xe91a7bcc, flagp=3D0xe91a7ccc,=20
> cmode=3D192, cred=3D0xc6ffb900,
>     fdidx=3D14) at /usr/src/sys/kern/vfs_vnops.c:183
> #15 0xc057e166 in vn_open (ndp=3D0xdeadc0de, flagp=3D0xe91a7ccc, cmode=3D=
192,=20
> fdidx=3D14)
>     at /usr/src/sys/kern/vfs_vnops.c:91
> #16 0xc0577065 in kern_open (td=3D0xc6ec2780, path=3D0x0,=20
> pathseg=3DUIO_USERSPACE, flags=3D3,
>     mode=3D-1077943616) at /usr/src/sys/kern/vfs_syscalls.c:1009
> #17 0xc0576f4e in open (td=3D0xc6ec2780, uap=3D0xe91a7d04) at=20
> /usr/src/sys/kern/vfs_syscalls.c:973
> #18 0xc0683daf in syscall (frame=3D
>       {tf_fs =3D 59, tf_es =3D 141688891, tf_ds =3D -1078001605, tf_edi =
=3D 0,=20
> tf_esi =3D 136323072, tf_ebp =3D -1077943464, tf_isp =3D -384139932, tf_e=
bx =3D=20
> 136255232, tf_edx =3D 12, tf_ecx =3D 0, tf_eax =3D 5, tf_trapno =3D 0, tf=
_err =3D=20
> 2, tf_eip =3D 673948851, tf_cs =3D 51, tf_eflags =3D 2110102, tf_esp =3D=
=20
> -1077943684, tf_ss =3D 59}) at /usr/src/sys/i386/i386/trap.c:983
> #19 0xc067043f in Xint0x80_syscall () at=20
> /usr/src/sys/i386/i386/exception.s:200
> #20 0x00000033 in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> (kgdb) f 7
> #7  0xc04c8aa3 in devfs_populate_loop (dm=3D0xc6b9a500, cleanup=3D0)
>     at /usr/src/sys/fs/devfs/devfs_devs.c:370
> 370                     if ((cleanup || !(cdp->cdp_flags & CDP_ACTIVE)) &&
> (kgdb) list
> 365
> 366                     /*
> 367                      * If we are unmounting, or the device has been=
=20
> destroyed,
> 368                      * clean up our dirent.
> 369                      */
> 370                     if ((cleanup || !(cdp->cdp_flags & CDP_ACTIVE)) &&
> 371                         dm->dm_idx <=3D cdp->cdp_maxdirent &&
> 372                         cdp->cdp_dirents[dm->dm_idx] !=3D NULL) {
> 373                             de =3D cdp->cdp_dirents[dm->dm_idx];
> 374                             cdp->cdp_dirents[dm->dm_idx] =3D NULL;
> (kgdb)
>=20
> Does the nvidia driver don't play right with devfs ?
>=20
> Thanks for your time,

See PR/108078

--APlYHCtpeOhspHkB
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFFwc2xC3+MBN1Mb4gRAnC8AKCq3/MlABUWc9ZN/H+7ipcyVqQQzwCfZtol
2K0OjaW+JueWpSb+zJgH7rw=
=LCQE
-----END PGP SIGNATURE-----

--APlYHCtpeOhspHkB--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070201112330.GG56152>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact