Hello,
I experience Fatal trap 12 when I shutdown if I have run the X server
(with nvidia driver 1.0.9746). This crash happen 4/5 of the time. It is
in devfs_populate_loop() in devfs.c. I don't have the vmcore anymore :-/.
To look futher, I add options INVARIANTS (and INVARIANT_SUPPORT) and now
the crash happen when I start the X server (startxfce4) when the splash
screen is dispayed.
The loaded modules are:
[root@morzine ~]# kldstat
Id Refs Address Size Name
1 15 0xc0400000 40ccc0 kernel
2 1 0xc080d000 42e8 if_tap.ko
3 1 0xc0812000 2cbc ng_ether.ko
4 2 0xc0815000 c83c netgraph.ko
5 2 0xc0822000 3d604 sound.ko
6 1 0xc0860000 4f7c acpi_video.ko
7 2 0xc0865000 59f5c acpi.ko
8 1 0xc08bf000 6d2b2c nvidia.ko
9 1 0xc0f92000 10340 snd_hda.ko
10 1 0xc6fe7000 2000 accf_http.ko
11 1 0xc703f000 3000 daemon_saver.ko
sound.ka and snd_hda.ko are from http://people.freebsd.org/~ariff/.
The chash informations:
[root@morzine MORZINE_INVARIANTS]# kgdb kernel.debug /backup/crash/vmcore.8
[GDB will not be able to debug user-mode threads:
/usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0xdeadc0de
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc04c8aa3
stack pointer = 0x28:0xe91a783c
frame pointer = 0x28:0xe91a7858
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 3
current process = 1093 (Xorg)
trap number = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
kdb_backtrace(100,c6ec2780,28,e91a77fc,c,...) at kdb_backtrace+0x29
panic(c06af91d,c06e7c67,0,fffff,c09b,...) at panic+0x114
trap_fatal(e91a77fc,deadc0de,c6ec2780,c1462000,deadc000,...) at
trap_fatal+0x2ce
trap_pfault(e91a77fc,0,deadc0de) at trap_pfault+0x187
trap(8,e91a0028,28,c7245900,c72d6980,...) at trap+0x341
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc04c8aa3, esp = 0xe91a783c, ebp = 0xe91a7858 ---
devfs_populate_loop(c6b9a500,0) at devfs_populate_loop+0x7b
devfs_populate(c6b9a500,c6bb6b1c,b7,c6ce8005,0,...) at devfs_populate+0x32
devfs_lookupx(e91a79c4,e91a795c,c6b9a514,c06bbb19,299) at
devfs_lookupx+0x1db
devfs_lookup(e91a79c4) at devfs_lookup+0x3b
VOP_LOOKUP_APV(c06fc1c0,e91a79c4) at VOP_LOOKUP_APV+0x87
lookup(e91a7bcc) at lookup+0x4d9
namei(e91a7bcc) at namei+0x3be
vn_open_cred(e91a7bcc,e91a7ccc,c0,c6ffb900,e,...) at vn_open_cred+0x277
vn_open(e91a7bcc,e91a7ccc,c0,e) at vn_open+0x1e
kern_open(c6ec2780,bfbfe2c0,0,3,bfbfe2c0,...) at kern_open+0xe1
open(c6ec2780,e91a7d04) at open+0x1a
syscall(3b,872003b,bfbf003b,0,8202000,...) at syscall+0x247
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (5, FreeBSD ELF32, open), eip = 0x282ba4b3, esp =
0xbfbfe27c, ebp = 0xbfbfe358 ---
Uptime: 2m4s
Dumping 2046 MB (2 chunks)
chunk 0: 1MB (158 pages) ... ok
chunk 1: 2046MB (523760 pages) 2030 2014 1998 1982 1966 1950 1934
1918 1902 1886 1870 1854 1838 1822 1806 1790 1774 1758 1742 1726 1710
1694 1678 1662 1646 1630 1614 1598 1582 1566 1550 1534 1518 1502 1486
1470 1454 1438 1422 1406 1390 1374 1358 1342 1326 1310 1294 1278 1262
1246 1230 1214 1198 1182 1166 1150 1134 1118 1102 1086 1070 1054 1038
1022 1006 990 974 958 942 926 910 894 878 862 846 830 814 798 782 766
750 734 718 702 686 670 654 638 622 606 590 574 558 542 526 510 494 478
462 446 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190
174 158 142 126 110 94 78 62 46 30 14
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r"
(td));
(kgdb) bt
#0 doadump () at pcpu.h:165
#1 0xc051fbf0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2 0xc051ff05 in panic (fmt=0xc06af91d "%s") at
/usr/src/sys/kern/kern_shutdown.c:565
#3 0xc0683ae2 in trap_fatal (frame=0xe91a77fc, eva=3735929054)
at /usr/src/sys/i386/i386/trap.c:837
#4 0xc06837eb in trap_pfault (frame=0xe91a77fc, usermode=0, eva=3735929054)
at /usr/src/sys/i386/i386/trap.c:745
#5 0xc0683435 in trap (frame {tf_fs = 8, tf_es = -384171992, tf_ds = 40,
tf_edi = -953919232,
tf_esi = -953325184, tf_ebp = -384141224, tf_isp = -384141272, tf_ebx =
0, tf_edx = -559038242, tf_ecx = -1066230976, tf_eax = 0, tf_trapno =
12, tf_err = 0, tf_eip = -1068725597, tf_cs = 32, tf_eflags = 2175511,
tf_esp = -1066641139, tf_ss = 353}) at /usr/src/sys/i386/i386/trap.c:435
#6 0xc06703ea in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc04c8aa3 in devfs_populate_loop (dm=0xc6b9a500, cleanup=0)
at /usr/src/sys/fs/devfs/devfs_devs.c:370
#8 0xc04c8dea in devfs_populate (dm=0xc6b9a500) at
/usr/src/sys/fs/devfs/devfs_devs.c:486
#9 0xc04cac33 in devfs_lookupx (ap=0x0, dm_unlock=0xe91a795c)
at /usr/src/sys/fs/devfs/devfs_vnops.c:586
#10 0xc04caff3 in devfs_lookup (ap=0xe91a79c4) at
/usr/src/sys/fs/devfs/devfs_vnops.c:666
#11 0xc06943a7 in VOP_LOOKUP_APV (vop=0xc06fc1c0, a=0xe91a79c4) at
vnode_if.c:99
#12 0xc056c70d in lookup (ndp=0xe91a7bcc) at vnode_if.h:56
#13 0xc056bfd2 in namei (ndp=0xe91a7bcc) at
/usr/src/sys/kern/vfs_lookup.c:211
#14 0xc057e3df in vn_open_cred (ndp=0xe91a7bcc, flagp=0xe91a7ccc,
cmode=192, cred=0xc6ffb900,
fdidx=14) at /usr/src/sys/kern/vfs_vnops.c:183
#15 0xc057e166 in vn_open (ndp=0xdeadc0de, flagp=0xe91a7ccc, cmode=192,
fdidx=14)
at /usr/src/sys/kern/vfs_vnops.c:91
#16 0xc0577065 in kern_open (td=0xc6ec2780, path=0x0,
pathseg=UIO_USERSPACE, flags=3,
mode=-1077943616) at /usr/src/sys/kern/vfs_syscalls.c:1009
#17 0xc0576f4e in open (td=0xc6ec2780, uap=0xe91a7d04) at
/usr/src/sys/kern/vfs_syscalls.c:973
#18 0xc0683daf in syscall (frame {tf_fs = 59, tf_es = 141688891, tf_ds =
-1078001605, tf_edi = 0,
tf_esi = 136323072, tf_ebp = -1077943464, tf_isp = -384139932, tf_ebx =
136255232, tf_edx = 12, tf_ecx = 0, tf_eax = 5, tf_trapno = 0, tf_err =
2, tf_eip = 673948851, tf_cs = 51, tf_eflags = 2110102, tf_esp =
-1077943684, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:983
#19 0xc067043f in Xint0x80_syscall () at
/usr/src/sys/i386/i386/exception.s:200
#20 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) f 7
#7 0xc04c8aa3 in devfs_populate_loop (dm=0xc6b9a500, cleanup=0)
at /usr/src/sys/fs/devfs/devfs_devs.c:370
370 if ((cleanup || !(cdp->cdp_flags & CDP_ACTIVE))
&&
(kgdb) list
365
366 /*
367 * If we are unmounting, or the device has been
destroyed,
368 * clean up our dirent.
369 */
370 if ((cleanup || !(cdp->cdp_flags & CDP_ACTIVE))
&&
371 dm->dm_idx <= cdp->cdp_maxdirent &&
372 cdp->cdp_dirents[dm->dm_idx] != NULL) {
373 de = cdp->cdp_dirents[dm->dm_idx];
374 cdp->cdp_dirents[dm->dm_idx] = NULL;
(kgdb)
Does the nvidia driver don't play right with devfs ?
Thanks for your time,
Henri
On Thu, Feb 01, 2007 at 11:39:33AM +0100, Henri Hennebert wrote:> Hello, > > I experience Fatal trap 12 when I shutdown if I have run the X server > (with nvidia driver 1.0.9746). This crash happen 4/5 of the time. It is > in devfs_populate_loop() in devfs.c. I don't have the vmcore anymore :-/. > > To look futher, I add options INVARIANTS (and INVARIANT_SUPPORT) and now > the crash happen when I start the X server (startxfce4) when the splash > screen is dispayed. > > The loaded modules are: > > [root@morzine ~]# kldstat > Id Refs Address Size Name > 1 15 0xc0400000 40ccc0 kernel > 2 1 0xc080d000 42e8 if_tap.ko > 3 1 0xc0812000 2cbc ng_ether.ko > 4 2 0xc0815000 c83c netgraph.ko > 5 2 0xc0822000 3d604 sound.ko > 6 1 0xc0860000 4f7c acpi_video.ko > 7 2 0xc0865000 59f5c acpi.ko > 8 1 0xc08bf000 6d2b2c nvidia.ko > 9 1 0xc0f92000 10340 snd_hda.ko > 10 1 0xc6fe7000 2000 accf_http.ko > 11 1 0xc703f000 3000 daemon_saver.ko > > > sound.ka and snd_hda.ko are from http://people.freebsd.org/~ariff/. > > The chash informations: > > [root@morzine MORZINE_INVARIANTS]# kgdb kernel.debug /backup/crash/vmcore.8 > [GDB will not be able to debug user-mode threads: > /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you are > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "i386-marcel-freebsd". > > Unread portion of the kernel message buffer: > > > Fatal trap 12: page fault while in kernel mode > cpuid = 1; apic id = 01 > fault virtual address = 0xdeadc0de > fault code = supervisor read, page not present > instruction pointer = 0x20:0xc04c8aa3 > stack pointer = 0x28:0xe91a783c > frame pointer = 0x28:0xe91a7858 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 3 > current process = 1093 (Xorg) > trap number = 12 > panic: page fault > cpuid = 0 > KDB: stack backtrace: > kdb_backtrace(100,c6ec2780,28,e91a77fc,c,...) at kdb_backtrace+0x29 > panic(c06af91d,c06e7c67,0,fffff,c09b,...) at panic+0x114 > trap_fatal(e91a77fc,deadc0de,c6ec2780,c1462000,deadc000,...) at > trap_fatal+0x2ce > trap_pfault(e91a77fc,0,deadc0de) at trap_pfault+0x187 > trap(8,e91a0028,28,c7245900,c72d6980,...) at trap+0x341 > calltrap() at calltrap+0x5 > --- trap 0xc, eip = 0xc04c8aa3, esp = 0xe91a783c, ebp = 0xe91a7858 --- > devfs_populate_loop(c6b9a500,0) at devfs_populate_loop+0x7b > devfs_populate(c6b9a500,c6bb6b1c,b7,c6ce8005,0,...) at devfs_populate+0x32 > devfs_lookupx(e91a79c4,e91a795c,c6b9a514,c06bbb19,299) at > devfs_lookupx+0x1db > devfs_lookup(e91a79c4) at devfs_lookup+0x3b > VOP_LOOKUP_APV(c06fc1c0,e91a79c4) at VOP_LOOKUP_APV+0x87 > lookup(e91a7bcc) at lookup+0x4d9 > namei(e91a7bcc) at namei+0x3be > vn_open_cred(e91a7bcc,e91a7ccc,c0,c6ffb900,e,...) at vn_open_cred+0x277 > vn_open(e91a7bcc,e91a7ccc,c0,e) at vn_open+0x1e > kern_open(c6ec2780,bfbfe2c0,0,3,bfbfe2c0,...) at kern_open+0xe1 > open(c6ec2780,e91a7d04) at open+0x1a > syscall(3b,872003b,bfbf003b,0,8202000,...) at syscall+0x247 > Xint0x80_syscall() at Xint0x80_syscall+0x1f > --- syscall (5, FreeBSD ELF32, open), eip = 0x282ba4b3, esp = > 0xbfbfe27c, ebp = 0xbfbfe358 --- > Uptime: 2m4s > Dumping 2046 MB (2 chunks) > chunk 0: 1MB (158 pages) ... ok > chunk 1: 2046MB (523760 pages) 2030 2014 1998 1982 1966 1950 1934 > 1918 1902 1886 1870 1854 1838 1822 1806 1790 1774 1758 1742 1726 1710 > 1694 1678 1662 1646 1630 1614 1598 1582 1566 1550 1534 1518 1502 1486 > 1470 1454 1438 1422 1406 1390 1374 1358 1342 1326 1310 1294 1278 1262 > 1246 1230 1214 1198 1182 1166 1150 1134 1118 1102 1086 1070 1054 1038 > 1022 1006 990 974 958 942 926 910 894 878 862 846 830 814 798 782 766 > 750 734 718 702 686 670 654 638 622 606 590 574 558 542 526 510 494 478 > 462 446 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190 > 174 158 142 126 110 94 78 62 46 30 14 > > #0 doadump () at pcpu.h:165 > 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); > (kgdb) bt > #0 doadump () at pcpu.h:165 > #1 0xc051fbf0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 > #2 0xc051ff05 in panic (fmt=0xc06af91d "%s") at > /usr/src/sys/kern/kern_shutdown.c:565 > #3 0xc0683ae2 in trap_fatal (frame=0xe91a77fc, eva=3735929054) > at /usr/src/sys/i386/i386/trap.c:837 > #4 0xc06837eb in trap_pfault (frame=0xe91a77fc, usermode=0, eva=3735929054) > at /usr/src/sys/i386/i386/trap.c:745 > #5 0xc0683435 in trap (frame> {tf_fs = 8, tf_es = -384171992, tf_ds = 40, tf_edi = -953919232, > tf_esi = -953325184, tf_ebp = -384141224, tf_isp = -384141272, tf_ebx = > 0, tf_edx = -559038242, tf_ecx = -1066230976, tf_eax = 0, tf_trapno = > 12, tf_err = 0, tf_eip = -1068725597, tf_cs = 32, tf_eflags = 2175511, > tf_esp = -1066641139, tf_ss = 353}) at /usr/src/sys/i386/i386/trap.c:435 > #6 0xc06703ea in calltrap () at /usr/src/sys/i386/i386/exception.s:139 > #7 0xc04c8aa3 in devfs_populate_loop (dm=0xc6b9a500, cleanup=0) > at /usr/src/sys/fs/devfs/devfs_devs.c:370 > #8 0xc04c8dea in devfs_populate (dm=0xc6b9a500) at > /usr/src/sys/fs/devfs/devfs_devs.c:486 > #9 0xc04cac33 in devfs_lookupx (ap=0x0, dm_unlock=0xe91a795c) > at /usr/src/sys/fs/devfs/devfs_vnops.c:586 > #10 0xc04caff3 in devfs_lookup (ap=0xe91a79c4) at > /usr/src/sys/fs/devfs/devfs_vnops.c:666 > #11 0xc06943a7 in VOP_LOOKUP_APV (vop=0xc06fc1c0, a=0xe91a79c4) at > vnode_if.c:99 > #12 0xc056c70d in lookup (ndp=0xe91a7bcc) at vnode_if.h:56 > #13 0xc056bfd2 in namei (ndp=0xe91a7bcc) at > /usr/src/sys/kern/vfs_lookup.c:211 > #14 0xc057e3df in vn_open_cred (ndp=0xe91a7bcc, flagp=0xe91a7ccc, > cmode=192, cred=0xc6ffb900, > fdidx=14) at /usr/src/sys/kern/vfs_vnops.c:183 > #15 0xc057e166 in vn_open (ndp=0xdeadc0de, flagp=0xe91a7ccc, cmode=192, > fdidx=14) > at /usr/src/sys/kern/vfs_vnops.c:91 > #16 0xc0577065 in kern_open (td=0xc6ec2780, path=0x0, > pathseg=UIO_USERSPACE, flags=3, > mode=-1077943616) at /usr/src/sys/kern/vfs_syscalls.c:1009 > #17 0xc0576f4e in open (td=0xc6ec2780, uap=0xe91a7d04) at > /usr/src/sys/kern/vfs_syscalls.c:973 > #18 0xc0683daf in syscall (frame> {tf_fs = 59, tf_es = 141688891, tf_ds = -1078001605, tf_edi = 0, > tf_esi = 136323072, tf_ebp = -1077943464, tf_isp = -384139932, tf_ebx = > 136255232, tf_edx = 12, tf_ecx = 0, tf_eax = 5, tf_trapno = 0, tf_err = > 2, tf_eip = 673948851, tf_cs = 51, tf_eflags = 2110102, tf_esp = > -1077943684, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:983 > #19 0xc067043f in Xint0x80_syscall () at > /usr/src/sys/i386/i386/exception.s:200 > #20 0x00000033 in ?? () > Previous frame inner to this frame (corrupt stack?) > (kgdb) f 7 > #7 0xc04c8aa3 in devfs_populate_loop (dm=0xc6b9a500, cleanup=0) > at /usr/src/sys/fs/devfs/devfs_devs.c:370 > 370 if ((cleanup || !(cdp->cdp_flags & CDP_ACTIVE)) && > (kgdb) list > 365 > 366 /* > 367 * If we are unmounting, or the device has been > destroyed, > 368 * clean up our dirent. > 369 */ > 370 if ((cleanup || !(cdp->cdp_flags & CDP_ACTIVE)) && > 371 dm->dm_idx <= cdp->cdp_maxdirent && > 372 cdp->cdp_dirents[dm->dm_idx] != NULL) { > 373 de = cdp->cdp_dirents[dm->dm_idx]; > 374 cdp->cdp_dirents[dm->dm_idx] = NULL; > (kgdb) > > Does the nvidia driver don't play right with devfs ? > > Thanks for your time,See PR/108078 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070201/e9249f42/attachment.pgp
On Thu, Feb 01, 2007 at 11:39:33AM +0100, Henri Hennebert wrote:> I experience Fatal trap 12 when I shutdown if I have run the X server > (with nvidia driver 1.0.9746). This crash happen 4/5 of the time. It is > in devfs_populate_loop() in devfs.c. I don't have the vmcore anymore :-/.Hi, Can you try to the patch to the 9746 driver available at: http://www.nvnews.net/vbulletin/showpost.php?p=1143321&postcount=27 The full thread is here: http://www.nvnews.net/vbulletin/showthread.php?p=1143321#post1143321 I received this information from freebsd-gfx-bugs@nvidia.com which is the e-mail address for reporting FreeBSD nVidia graphics driver bugs back to nVidia. -- Craig Rodrigues rodrigc@crodrigues.org