Panic with X/radeon/glx (vm_fault: fault on nofault entry)

Karol Kwiatkowski
Wed May 30 10:53:37 UTC 2007

Hi all,

My system panics if glx is enabled in xorg.conf. It happens with both
xorg 6.9 and 7.2 on CURRENT, it didn't happen on 6.2-STABLE some months
ago. Everything works if I remove 'Load  "glx"' form xorg.conf

System panic is:
panic: vm_fault: fault on nofault entry, addr: e41a1000

Full panic with backtrace attached. System configuration at the bottom,
full config files, Xorg log and panic message can be found here:

Any help appreciated. Thanks,


hardware: i386, Radeon 9000Pro/AGP/Nvidia nForce2

$ uname -a
#0: Tue May 29 10:58:33 CEST 2007
root at

cvs started: Tue May 29 09:02:17 CEST 2007
cvs ended  : Tue May 29 09:02:53 CEST 2007

in custom kernel:
device	agp
device	drm
device	radeondrm

working xorg.conf:
Section "Module"
        Load  "extmod"
#       Load  "glx"
        Load  "dri"
        Load  "dbe"
        Load  "record"
        Load  "xtrap"
        Load  "type1"
        Load  "freetype"


persephone: Yes, Master? kgdb kernel.debug /var/crash/vmcore.0
kgdb: kvm_nlist(_stopped_cpus): 
kgdb: kvm_nlist(_stoppcbs): 
[GDB will not be able to debug user-mode threads: /usr/lib/ Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Unread portion of the kernel message buffer:
panic: vm_fault: fault on nofault entry, addr: e41a1000
KDB: stack backtrace:
db_trace_self_wrapper(c070f54f,e6b60834,c055b371,c070d9e7,c07792a0,...) at db_trace_self_wrapper+0x26
kdb_backtrace(c070d9e7,c07792a0,c071c304,e6b60840,e6b60840,...) at kdb_backtrace+0x29
panic(c071c304,e41a1000,1,e6b60924,e6b60914,...) at panic+0xb1
vm_fault(c1054000,e41a1000,1,0,369e99,...) at vm_fault+0x178
trap_pfault(e6b609d8,3046,0,e6b609ec,c41d5480,...) at trap_pfault+0x1f4
trap(e6b60a60) at trap+0x392
calltrap() at calltrap+0x6
--- trap 0xc, eip = 0xc06d8447, esp = 0xe6b60aa0, ebp = 0xe6b60acc ---
agp_nvidia_flush_tlb(c3b9d700,c3b0a8b0,c074d1e0,e0,c073d940,...) at agp_nvidia_flush_tlb+0x197
agp_generic_bind_memory(c3b9d700,c40e7800,0) at agp_generic_bind_memory+0x41f
agp_bind_memory(c3b9d700,c40e7800,0,c3ccb000,e6b60b7c,...) at agp_bind_memory+0x51
drm_agp_bind_memory(c40e7800,0,0,40,0,...) at drm_agp_bind_memory+0x3f
drm_agp_bind(c3ccb000,e6b60b7c,e,c07318d0,e6b60b8c,...) at drm_agp_bind+0xe6
drm_agp_bind_ioctl(c3cc8d00,80086436,c3e767d0,3,c3f37a20,...) at drm_agp_bind_ioctl+0x6f
drm_ioctl(c3cc8d00,80086436,c3e767d0,3,c3f37a20,...) at drm_ioctl+0x39b
giant_ioctl(c3cc8d00,80086436,c3e767d0,3,c3f37a20,...) at giant_ioctl+0x7a
devfs_ioctl_f(c3e97750,80086436,c3e767d0,c41b9a00,c3f37a20,...) at devfs_ioctl_f+0xcb
kern_ioctl(c3f37a20,7,80086436,c3e767d0,c3e767d0,...) at kern_ioctl+0x322
ioctl(c3f37a20,e6b60cfc,c,c3f37a20,c,...) at ioctl+0x12f
syscall(e6b60d38) at syscall+0x325
Xint0x80_syscall() at Xint0x80_syscall+0x20
--- syscall (54, FreeBSD ELF32, ioctl), eip = 0x283d2c6b, esp = 0xbfbfeafc, ebp = 0xbfbfeb28 ---
Uptime: 2m9s
Physical memory: 1015 MB
Dumping 74 MB: 59 43 27 11

#0  doadump () at pcpu.h:172
172             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:172
#1  0xc055b174 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc055b3f7 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:563
#3  0xc0678a18 in vm_fault (map=0xc1054000, vaddr=3826913280, fault_type=1 '\001', fault_flags=0) at /usr/src/sys/vm/vm_fault.c:275
#4  0xc06c4ee4 in trap_pfault (frame=0xe6b60a60, usermode=0, eva=3826913280) at /usr/src/sys/i386/i386/trap.c:773
#5  0xc06c5902 in trap (frame=0xe6b60a60) at /usr/src/sys/i386/i386/trap.c:462
#6  0xc06aefbb in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc06d8447 in agp_nvidia_flush_tlb (dev=0xc3b9d700, offset=-1011832656) at /usr/src/sys/pci/agp_nvidia.c:379
#8  0xc0629fff in agp_generic_bind_memory (dev=0xc3b9d700, mem=0xc40e7800, offset=0) at agp_if.h:76
#9  0xc0629641 in agp_bind_memory (dev=0xc3b9d700, handle=0xc40e7800, offset=0) at agp_if.h:128
#10 0xc04b935f in drm_agp_bind_memory (handle=0xc40e7800, start=0) at /usr/src/sys/dev/drm/drm_agpsupport.c:456
#11 0xc04b95c6 in drm_agp_bind (dev=0xc3ccb000, request=0xe6b60b7c) at /usr/src/sys/dev/drm/drm_agpsupport.c:331
#12 0xc04b9f5f in drm_agp_bind_ioctl (kdev=0xc3cc8d00, cmd=2148033590, data=0xc3e767d0 "", flags=3, p=0xc3f37a20, filp=0x17e6)
    at /usr/src/sys/dev/drm/drm_agpsupport.c:348
#13 0xc04befbb in drm_ioctl (kdev=0xc3cc8d00, cmd=2148033590, data=0xc3e767d0 "", flags=3, p=0xc3f37a20)
    at /usr/src/sys/dev/drm/drm_drv.c:908
#14 0xc052ae2a in giant_ioctl (dev=0xc3cc8d00, cmd=2148033590, data=0xc3e767d0 "", fflag=3, td=0xc3f37a20)
    at /usr/src/sys/kern/kern_conf.c:306
#15 0xc04f14eb in devfs_ioctl_f (fp=0xc3e97750, com=2148033590, data=0xc3e767d0, cred=0xc41b9a00, td=0xc3f37a20)
    at /usr/src/sys/fs/devfs/devfs_vnops.c:491
#16 0xc058cc22 in kern_ioctl (td=0xc3f37a20, fd=7, com=2148033590, data=0xc3e767d0 "") at file.h:266
#17 0xc058cd7f in ioctl (td=0xc3f37a20, uap=0xe6b60cfc) at /usr/src/sys/kern/sys_generic.c:542
#18 0xc06c52b5 in syscall (frame=0xe6b60d38) at /usr/src/sys/i386/i386/trap.c:1013
#19 0xc06af020 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
#20 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)

