Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 01 Feb 2007 11:39:33 +0100
From:      Henri Hennebert <hlh@restart.be>
To:        freebsd-stable@freebsd.org
Subject:   6.2-RELEASE - Fatal trap 12 - nvidia driver ?
Message-ID:  <45C1C365.7020106@restart.be>

next in thread | raw e-mail | index | archive | help
Hello,

I experience Fatal trap 12 when I shutdown if I have run the X server 
(with nvidia driver 1.0.9746). This crash happen 4/5 of the time. It is 
in devfs_populate_loop() in devfs.c. I don't have the vmcore anymore :-/.

To look futher, I add options INVARIANTS (and INVARIANT_SUPPORT) and now 
the crash happen when I start the X server (startxfce4) when the splash 
screen is dispayed.

The loaded modules are:

[root@morzine ~]# kldstat
Id Refs Address    Size     Name
  1   15 0xc0400000 40ccc0   kernel
  2    1 0xc080d000 42e8     if_tap.ko
  3    1 0xc0812000 2cbc     ng_ether.ko
  4    2 0xc0815000 c83c     netgraph.ko
  5    2 0xc0822000 3d604    sound.ko
  6    1 0xc0860000 4f7c     acpi_video.ko
  7    2 0xc0865000 59f5c    acpi.ko
  8    1 0xc08bf000 6d2b2c   nvidia.ko
  9    1 0xc0f92000 10340    snd_hda.ko
10    1 0xc6fe7000 2000     accf_http.ko
11    1 0xc703f000 3000     daemon_saver.ko


sound.ka and snd_hda.ko are from http://people.freebsd.org/~ariff/.

The chash informations:

[root@morzine MORZINE_INVARIANTS]# kgdb kernel.debug /backup/crash/vmcore.8
[GDB will not be able to debug user-mode threads: 
/usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0xdeadc0de
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc04c8aa3
stack pointer           = 0x28:0xe91a783c
frame pointer           = 0x28:0xe91a7858
code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 3
current process         = 1093 (Xorg)
trap number             = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
kdb_backtrace(100,c6ec2780,28,e91a77fc,c,...) at kdb_backtrace+0x29
panic(c06af91d,c06e7c67,0,fffff,c09b,...) at panic+0x114
trap_fatal(e91a77fc,deadc0de,c6ec2780,c1462000,deadc000,...) at 
trap_fatal+0x2ce
trap_pfault(e91a77fc,0,deadc0de) at trap_pfault+0x187
trap(8,e91a0028,28,c7245900,c72d6980,...) at trap+0x341
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc04c8aa3, esp = 0xe91a783c, ebp = 0xe91a7858 ---
devfs_populate_loop(c6b9a500,0) at devfs_populate_loop+0x7b
devfs_populate(c6b9a500,c6bb6b1c,b7,c6ce8005,0,...) at devfs_populate+0x32
devfs_lookupx(e91a79c4,e91a795c,c6b9a514,c06bbb19,299) at 
devfs_lookupx+0x1db
devfs_lookup(e91a79c4) at devfs_lookup+0x3b
VOP_LOOKUP_APV(c06fc1c0,e91a79c4) at VOP_LOOKUP_APV+0x87
lookup(e91a7bcc) at lookup+0x4d9
namei(e91a7bcc) at namei+0x3be
vn_open_cred(e91a7bcc,e91a7ccc,c0,c6ffb900,e,...) at vn_open_cred+0x277
vn_open(e91a7bcc,e91a7ccc,c0,e) at vn_open+0x1e
kern_open(c6ec2780,bfbfe2c0,0,3,bfbfe2c0,...) at kern_open+0xe1
open(c6ec2780,e91a7d04) at open+0x1a
syscall(3b,872003b,bfbf003b,0,8202000,...) at syscall+0x247
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (5, FreeBSD ELF32, open), eip = 0x282ba4b3, esp = 
0xbfbfe27c, ebp = 0xbfbfe358 ---
Uptime: 2m4s
Dumping 2046 MB (2 chunks)
   chunk 0: 1MB (158 pages) ... ok
   chunk 1: 2046MB (523760 pages) 2030 2014 1998 1982 1966 1950 1934 
1918 1902 1886 1870 1854 1838 1822 1806 1790 1774 1758 1742 1726 1710 
1694 1678 1662 1646 1630 1614 1598 1582 1566 1550 1534 1518 1502 1486 
1470 1454 1438 1422 1406 1390 1374 1358 1342 1326 1310 1294 1278 1262 
1246 1230 1214 1198 1182 1166 1150 1134 1118 1102 1086 1070 1054 1038 
1022 1006 990 974 958 942 926 910 894 878 862 846 830 814 798 782 766 
750 734 718 702 686 670 654 638 622 606 590 574 558 542 526 510 494 478 
462 446 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190 
174 158 142 126 110 94 78 62 46 30 14

#0  doadump () at pcpu.h:165
165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc051fbf0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc051ff05 in panic (fmt=0xc06af91d "%s") at 
/usr/src/sys/kern/kern_shutdown.c:565
#3  0xc0683ae2 in trap_fatal (frame=0xe91a77fc, eva=3735929054)
     at /usr/src/sys/i386/i386/trap.c:837
#4  0xc06837eb in trap_pfault (frame=0xe91a77fc, usermode=0, eva=3735929054)
     at /usr/src/sys/i386/i386/trap.c:745
#5  0xc0683435 in trap (frame=
       {tf_fs = 8, tf_es = -384171992, tf_ds = 40, tf_edi = -953919232, 
tf_esi = -953325184, tf_ebp = -384141224, tf_isp = -384141272, tf_ebx = 
0, tf_edx = -559038242, tf_ecx = -1066230976, tf_eax = 0, tf_trapno = 
12, tf_err = 0, tf_eip = -1068725597, tf_cs = 32, tf_eflags = 2175511, 
tf_esp = -1066641139, tf_ss = 353}) at /usr/src/sys/i386/i386/trap.c:435
#6  0xc06703ea in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc04c8aa3 in devfs_populate_loop (dm=0xc6b9a500, cleanup=0)
     at /usr/src/sys/fs/devfs/devfs_devs.c:370
#8  0xc04c8dea in devfs_populate (dm=0xc6b9a500) at 
/usr/src/sys/fs/devfs/devfs_devs.c:486
#9  0xc04cac33 in devfs_lookupx (ap=0x0, dm_unlock=0xe91a795c)
     at /usr/src/sys/fs/devfs/devfs_vnops.c:586
#10 0xc04caff3 in devfs_lookup (ap=0xe91a79c4) at 
/usr/src/sys/fs/devfs/devfs_vnops.c:666
#11 0xc06943a7 in VOP_LOOKUP_APV (vop=0xc06fc1c0, a=0xe91a79c4) at 
vnode_if.c:99
#12 0xc056c70d in lookup (ndp=0xe91a7bcc) at vnode_if.h:56
#13 0xc056bfd2 in namei (ndp=0xe91a7bcc) at 
/usr/src/sys/kern/vfs_lookup.c:211
#14 0xc057e3df in vn_open_cred (ndp=0xe91a7bcc, flagp=0xe91a7ccc, 
cmode=192, cred=0xc6ffb900,
     fdidx=14) at /usr/src/sys/kern/vfs_vnops.c:183
#15 0xc057e166 in vn_open (ndp=0xdeadc0de, flagp=0xe91a7ccc, cmode=192, 
fdidx=14)
     at /usr/src/sys/kern/vfs_vnops.c:91
#16 0xc0577065 in kern_open (td=0xc6ec2780, path=0x0, 
pathseg=UIO_USERSPACE, flags=3,
     mode=-1077943616) at /usr/src/sys/kern/vfs_syscalls.c:1009
#17 0xc0576f4e in open (td=0xc6ec2780, uap=0xe91a7d04) at 
/usr/src/sys/kern/vfs_syscalls.c:973
#18 0xc0683daf in syscall (frame=
       {tf_fs = 59, tf_es = 141688891, tf_ds = -1078001605, tf_edi = 0, 
tf_esi = 136323072, tf_ebp = -1077943464, tf_isp = -384139932, tf_ebx = 
136255232, tf_edx = 12, tf_ecx = 0, tf_eax = 5, tf_trapno = 0, tf_err = 
2, tf_eip = 673948851, tf_cs = 51, tf_eflags = 2110102, tf_esp = 
-1077943684, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:983
#19 0xc067043f in Xint0x80_syscall () at 
/usr/src/sys/i386/i386/exception.s:200
#20 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) f 7
#7  0xc04c8aa3 in devfs_populate_loop (dm=0xc6b9a500, cleanup=0)
     at /usr/src/sys/fs/devfs/devfs_devs.c:370
370                     if ((cleanup || !(cdp->cdp_flags & CDP_ACTIVE)) &&
(kgdb) list
365
366                     /*
367                      * If we are unmounting, or the device has been 
destroyed,
368                      * clean up our dirent.
369                      */
370                     if ((cleanup || !(cdp->cdp_flags & CDP_ACTIVE)) &&
371                         dm->dm_idx <= cdp->cdp_maxdirent &&
372                         cdp->cdp_dirents[dm->dm_idx] != NULL) {
373                             de = cdp->cdp_dirents[dm->dm_idx];
374                             cdp->cdp_dirents[dm->dm_idx] = NULL;
(kgdb)

Does the nvidia driver don't play right with devfs ?

Thanks for your time,

Henri




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45C1C365.7020106>