syscons joy: reproduceable panic on resolution change
Andre Guibert de Bruet
andy at siliconlandmark.com
Fri Apr 15 05:27:50 PDT 2005
Hi,
While attempting to change from 90x60 to VESA_132x60...
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc051d257
stack pointer = 0x28:0xe900ca18
frame pointer = 0x28:0xe900ca38
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 85 (swi4: clock sio)
[thread pid 85 tid 100076 ]
Stopped at _mtx_lock_flags+0x47: cmpl $0xc0708208,0(%ebx)
db> tr
Tracing pid 85 tid 100076 td 0xc5014d80
_mtx_lock_flags(0,0,c06e611e,127,e900cac4) at _mtx_lock_flags+0x47
vm_fault(c1059000,c0100000,2,0,c5014d80) at vm_fault+0x28e
trap_pfault(e900cb9c,0,c0100000,2,c0100000) at trap_pfault+0x166
trap(c5010008,28,c0530028,c0100000,c7084000) at trap+0x350
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc06919b6, esp = 0xe900cbdc, ebp = 0xe900cc00 ---
generic_bcopy(c537c828,0,c537c80c,0,c0000,c06d240e,18a) at generic_bcopy+0x1a
vga_txtdraw(c537c800,0,c0000,0,5cbf1d40) at vga_txtdraw+0xee
scrn_update(c537c800,1,c0730120,8,c06d4127) at scrn_update+0x2b2
scrn_timer(c50d7000,0,c06d4127,107,c067317d) at scrn_timer+0x239
softclock(0,0,c06d0909,256,c07300e0) at softclock+0x242
ithread_loop(c5018400,e900cd38,c06d06f4,30c,c5018400) at ithread_loop+0x159
fork_exit(c0510b8f,c5018400,e900cd38) at fork_exit+0xc2
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xe900cd6c, ebp = 0 ---
db> ps
-- snip--
85 c50367f0 0 0 0 000020c [CPU 0] swi4: clock sio
-- snip --
I have both the debug kernel and a 3.5GB memory dump on hand, in case
there is additional information that I haven't listed in this email that
may aid in fixing this issue.
The EIP points to:
(gdb) l *0xc051d257
0xc051d257 is in _mtx_lock_flags (/usr/src/sys/kern/kern_mutex.c:268).
263 void
264 _mtx_lock_flags(struct mtx *m, int opts, const char *file, int line)
265 {
266
267 MPASS(curthread != NULL);
268 KASSERT(m->mtx_object.lo_class == &lock_class_mtx_sleep,
269 ("mtx_lock() of spin mutex %s @ %s:%d", m->mtx_object.lo_name,
270 file, line));
271 WITNESS_CHECKORDER(&m->mtx_object, opts | LOP_NEWORDER | LOP_EXCLUSIVE,
272 file, line);
(kgdb) bt
#0 doadump () at pcpu.h:165
#1 0xc0526951 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:397
#2 0xc0526cdd in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:553
#3 0xc045026d in db_fncall (dummy1=1016, dummy2=0, dummy3=3,
dummy4=0xe900c820 "\f") at /usr/src/sys/ddb/db_command.c:531
#4 0xc045001c in db_command (last_cmdp=0xc0728064, cmd_table=0x0,
aux_cmd_tablep=0xc06f2678, aux_cmd_tablep_end=0xc06f267c)
at /usr/src/sys/ddb/db_command.c:349
#5 0xc045010d in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
#6 0xc0451f9d in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221
#7 0xc05432f5 in kdb_trap (type=0, code=0, tf=0xe900c9d8)
at /usr/src/sys/kern/subr_kdb.c:421
#8 0xc0693d09 in trap_fatal (frame=0xe900c9d8, eva=0)
at /usr/src/sys/i386/i386/trap.c:801
#9 0xc0693a18 in trap_pfault (frame=0xe900c9d8, usermode=0, eva=0)
at /usr/src/sys/i386/i386/trap.c:724
#10 0xc06935f8 in trap (frame=
{tf_fs = -1068433400, tf_es = -1056636888, tf_ds = 40, tf_edi =
-1066508002, tf_esi = 295, tf_ebp = -385824200, tf_isp = -385824252,
tf_ebx = 0, tf_edx = 7, tf_ecx = -385824056, tf_eax = -989770368,
tf_trapno = 12, tf_err = 0, tf_eip = -1068379561, tf_cs = 32, tf_eflags =
66178, tf_esp = -1067131464, tf_ss = -1056600064}) at
/usr/src/sys/i386/i386/trap.c:414
#11 0xc067f91a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#12 0xc0510008 in idle_setup (dummy=0x0) at
/usr/src/sys/kern/kern_idle.c:89
#13 0xc0645d6e in vm_fault (map=0xc1059000, vaddr=3222274048,
fault_type=2 '\002', fault_flags=0) at /usr/src/sys/vm/vm_fault.c:295
#14 0xc06939c4 in trap_pfault (frame=0xe900cb9c, usermode=0, eva=3222274048)
at /usr/src/sys/i386/i386/trap.c:713
#15 0xc06935f8 in trap (frame=
{tf_fs = -989790200, tf_es = 40, tf_ds = -1068302296, tf_edi =
-1072693248, tf_esi = -955760640, tf_ebp = -385823744, tf_isp =
-385823800, tf_ebx = -1072988160, tf_edx = 1572864, tf_ecx = 319488,
tf_eax = -116932608, tf_trapno = 12, tf_err = 3, tf_eip = -1066853962,
tf_cs = 32, tf_eflags = 66054, tf_esp = 0, tf_ss = -986200024}) at
/usr/src/sys/i386/i386/trap.c:414
#16 0xc067f91a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#17 0xc5010008 in ?? ()
#18 0x00000028 in ?? ()
#19 0xc0530028 in ogetkerninfo (td=0xc537c828, uap=0xc0100000)
at /usr/src/sys/kern/kern_sysctl.c:1440
#20 0xc066da8c in vga_txtdraw (scp=0xc537c800, from=0, count=786432,
flip=0)
at /usr/src/sys/dev/syscons/scvgarndr.c:196
#21 0xc0673723 in scrn_update (scp=0xc537c800, show_cursor=1)
at /usr/src/sys/dev/syscons/syscons.c:1803
#22 0xc06733b6 in scrn_timer (arg=0x0)
at /usr/src/sys/dev/syscons/syscons.c:1708
#23 0xc053449e in softclock (dummy=0x0) at /usr/src/sys/kern/kern_timeout.c:295
#24 0xc0510ce8 in ithread_loop (arg=0xc5018400)
at /usr/src/sys/kern/kern_intr.c:546
#25 0xc050fd7e in fork_exit (callout=0xc0510b8f <ithread_loop>, arg=0x0,
frame=0x0) at /usr/src/sys/kern/kern_fork.c:788
#26 0xc067f97c in fork_trampoline () at
/usr/src/sys/i386/i386/exception.s:208
It would appear that either frame 17 or 18 is the call to generic_bcopy.
All sorts of miscellaneous information about the system, including kernel
config file and bzip2-compressed kernel.debug, is available online at:
http://bling.properkernel.com/freebsd/
The onboard VGA presents itself as follows:
none6 at pci8:12:0: class=0x030000 card=0x34398086 chip=0x47521002
rev=0x27 hdr=0x00
vendor = 'ATI Technologies Inc.'
device = 'Rage XL PCI'
class = display
subclass = VGA
Any ideas?
Cheers,
Andy
| Andre Guibert de Bruet | Enterprise Software Consultant >
| Silicon Landmark, LLC. | http://siliconlandmark.com/ >
More information about the freebsd-current
mailing list