6.2-RELEASE - Fatal trap 12 - nvidia driver ?
Henri Hennebert
hlh at restart.be
Thu Feb 1 13:42:14 UTC 2007
Kostik Belousov wrote:
> On Thu, Feb 01, 2007 at 11:39:33AM +0100, Henri Hennebert wrote:
>> Hello,
>>
>> I experience Fatal trap 12 when I shutdown if I have run the X server
>> (with nvidia driver 1.0.9746). This crash happen 4/5 of the time. It is
>> in devfs_populate_loop() in devfs.c. I don't have the vmcore anymore :-/.
>>
>> To look futher, I add options INVARIANTS (and INVARIANT_SUPPORT) and now
>> the crash happen when I start the X server (startxfce4) when the splash
>> screen is dispayed.
>>
>> The loaded modules are:
>>
>> [root at morzine ~]# kldstat
>> Id Refs Address Size Name
>> 1 15 0xc0400000 40ccc0 kernel
>> 2 1 0xc080d000 42e8 if_tap.ko
>> 3 1 0xc0812000 2cbc ng_ether.ko
>> 4 2 0xc0815000 c83c netgraph.ko
>> 5 2 0xc0822000 3d604 sound.ko
>> 6 1 0xc0860000 4f7c acpi_video.ko
>> 7 2 0xc0865000 59f5c acpi.ko
>> 8 1 0xc08bf000 6d2b2c nvidia.ko
>> 9 1 0xc0f92000 10340 snd_hda.ko
>> 10 1 0xc6fe7000 2000 accf_http.ko
>> 11 1 0xc703f000 3000 daemon_saver.ko
>>
>>
>> sound.ka and snd_hda.ko are from http://people.freebsd.org/~ariff/.
>>
>> The chash informations:
>>
>> [root at morzine MORZINE_INVARIANTS]# kgdb kernel.debug /backup/crash/vmcore.8
>> [GDB will not be able to debug user-mode threads:
>> /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
>> GNU gdb 6.1.1 [FreeBSD]
>> Copyright 2004 Free Software Foundation, Inc.
>> GDB is free software, covered by the GNU General Public License, and you are
>> welcome to change it and/or distribute copies of it under certain
>> conditions.
>> Type "show copying" to see the conditions.
>> There is absolutely no warranty for GDB. Type "show warranty" for details.
>> This GDB was configured as "i386-marcel-freebsd".
>>
>> Unread portion of the kernel message buffer:
>>
>>
>> Fatal trap 12: page fault while in kernel mode
>> cpuid = 1; apic id = 01
>> fault virtual address = 0xdeadc0de
>> fault code = supervisor read, page not present
>> instruction pointer = 0x20:0xc04c8aa3
>> stack pointer = 0x28:0xe91a783c
>> frame pointer = 0x28:0xe91a7858
>> code segment = base 0x0, limit 0xfffff, type 0x1b
>> = DPL 0, pres 1, def32 1, gran 1
>> processor eflags = interrupt enabled, resume, IOPL = 3
>> current process = 1093 (Xorg)
>> trap number = 12
>> panic: page fault
>> cpuid = 0
>> KDB: stack backtrace:
>> kdb_backtrace(100,c6ec2780,28,e91a77fc,c,...) at kdb_backtrace+0x29
>> panic(c06af91d,c06e7c67,0,fffff,c09b,...) at panic+0x114
>> trap_fatal(e91a77fc,deadc0de,c6ec2780,c1462000,deadc000,...) at
>> trap_fatal+0x2ce
>> trap_pfault(e91a77fc,0,deadc0de) at trap_pfault+0x187
>> trap(8,e91a0028,28,c7245900,c72d6980,...) at trap+0x341
>> calltrap() at calltrap+0x5
>> --- trap 0xc, eip = 0xc04c8aa3, esp = 0xe91a783c, ebp = 0xe91a7858 ---
>> devfs_populate_loop(c6b9a500,0) at devfs_populate_loop+0x7b
>> devfs_populate(c6b9a500,c6bb6b1c,b7,c6ce8005,0,...) at devfs_populate+0x32
>> devfs_lookupx(e91a79c4,e91a795c,c6b9a514,c06bbb19,299) at
>> devfs_lookupx+0x1db
>> devfs_lookup(e91a79c4) at devfs_lookup+0x3b
>> VOP_LOOKUP_APV(c06fc1c0,e91a79c4) at VOP_LOOKUP_APV+0x87
>> lookup(e91a7bcc) at lookup+0x4d9
>> namei(e91a7bcc) at namei+0x3be
>> vn_open_cred(e91a7bcc,e91a7ccc,c0,c6ffb900,e,...) at vn_open_cred+0x277
>> vn_open(e91a7bcc,e91a7ccc,c0,e) at vn_open+0x1e
>> kern_open(c6ec2780,bfbfe2c0,0,3,bfbfe2c0,...) at kern_open+0xe1
>> open(c6ec2780,e91a7d04) at open+0x1a
>> syscall(3b,872003b,bfbf003b,0,8202000,...) at syscall+0x247
>> Xint0x80_syscall() at Xint0x80_syscall+0x1f
>> --- syscall (5, FreeBSD ELF32, open), eip = 0x282ba4b3, esp =
>> 0xbfbfe27c, ebp = 0xbfbfe358 ---
>> Uptime: 2m4s
>> Dumping 2046 MB (2 chunks)
>> chunk 0: 1MB (158 pages) ... ok
>> chunk 1: 2046MB (523760 pages) 2030 2014 1998 1982 1966 1950 1934
>> 1918 1902 1886 1870 1854 1838 1822 1806 1790 1774 1758 1742 1726 1710
>> 1694 1678 1662 1646 1630 1614 1598 1582 1566 1550 1534 1518 1502 1486
>> 1470 1454 1438 1422 1406 1390 1374 1358 1342 1326 1310 1294 1278 1262
>> 1246 1230 1214 1198 1182 1166 1150 1134 1118 1102 1086 1070 1054 1038
>> 1022 1006 990 974 958 942 926 910 894 878 862 846 830 814 798 782 766
>> 750 734 718 702 686 670 654 638 622 606 590 574 558 542 526 510 494 478
>> 462 446 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190
>> 174 158 142 126 110 94 78 62 46 30 14
>>
>> #0 doadump () at pcpu.h:165
>> 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
>> (kgdb) bt
>> #0 doadump () at pcpu.h:165
>> #1 0xc051fbf0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
>> #2 0xc051ff05 in panic (fmt=0xc06af91d "%s") at
>> /usr/src/sys/kern/kern_shutdown.c:565
>> #3 0xc0683ae2 in trap_fatal (frame=0xe91a77fc, eva=3735929054)
>> at /usr/src/sys/i386/i386/trap.c:837
>> #4 0xc06837eb in trap_pfault (frame=0xe91a77fc, usermode=0, eva=3735929054)
>> at /usr/src/sys/i386/i386/trap.c:745
>> #5 0xc0683435 in trap (frame=
>> {tf_fs = 8, tf_es = -384171992, tf_ds = 40, tf_edi = -953919232,
>> tf_esi = -953325184, tf_ebp = -384141224, tf_isp = -384141272, tf_ebx =
>> 0, tf_edx = -559038242, tf_ecx = -1066230976, tf_eax = 0, tf_trapno =
>> 12, tf_err = 0, tf_eip = -1068725597, tf_cs = 32, tf_eflags = 2175511,
>> tf_esp = -1066641139, tf_ss = 353}) at /usr/src/sys/i386/i386/trap.c:435
>> #6 0xc06703ea in calltrap () at /usr/src/sys/i386/i386/exception.s:139
>> #7 0xc04c8aa3 in devfs_populate_loop (dm=0xc6b9a500, cleanup=0)
>> at /usr/src/sys/fs/devfs/devfs_devs.c:370
>> #8 0xc04c8dea in devfs_populate (dm=0xc6b9a500) at
>> /usr/src/sys/fs/devfs/devfs_devs.c:486
>> #9 0xc04cac33 in devfs_lookupx (ap=0x0, dm_unlock=0xe91a795c)
>> at /usr/src/sys/fs/devfs/devfs_vnops.c:586
>> #10 0xc04caff3 in devfs_lookup (ap=0xe91a79c4) at
>> /usr/src/sys/fs/devfs/devfs_vnops.c:666
>> #11 0xc06943a7 in VOP_LOOKUP_APV (vop=0xc06fc1c0, a=0xe91a79c4) at
>> vnode_if.c:99
>> #12 0xc056c70d in lookup (ndp=0xe91a7bcc) at vnode_if.h:56
>> #13 0xc056bfd2 in namei (ndp=0xe91a7bcc) at
>> /usr/src/sys/kern/vfs_lookup.c:211
>> #14 0xc057e3df in vn_open_cred (ndp=0xe91a7bcc, flagp=0xe91a7ccc,
>> cmode=192, cred=0xc6ffb900,
>> fdidx=14) at /usr/src/sys/kern/vfs_vnops.c:183
>> #15 0xc057e166 in vn_open (ndp=0xdeadc0de, flagp=0xe91a7ccc, cmode=192,
>> fdidx=14)
>> at /usr/src/sys/kern/vfs_vnops.c:91
>> #16 0xc0577065 in kern_open (td=0xc6ec2780, path=0x0,
>> pathseg=UIO_USERSPACE, flags=3,
>> mode=-1077943616) at /usr/src/sys/kern/vfs_syscalls.c:1009
>> #17 0xc0576f4e in open (td=0xc6ec2780, uap=0xe91a7d04) at
>> /usr/src/sys/kern/vfs_syscalls.c:973
>> #18 0xc0683daf in syscall (frame=
>> {tf_fs = 59, tf_es = 141688891, tf_ds = -1078001605, tf_edi = 0,
>> tf_esi = 136323072, tf_ebp = -1077943464, tf_isp = -384139932, tf_ebx =
>> 136255232, tf_edx = 12, tf_ecx = 0, tf_eax = 5, tf_trapno = 0, tf_err =
>> 2, tf_eip = 673948851, tf_cs = 51, tf_eflags = 2110102, tf_esp =
>> -1077943684, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:983
>> #19 0xc067043f in Xint0x80_syscall () at
>> /usr/src/sys/i386/i386/exception.s:200
>> #20 0x00000033 in ?? ()
>> Previous frame inner to this frame (corrupt stack?)
>> (kgdb) f 7
>> #7 0xc04c8aa3 in devfs_populate_loop (dm=0xc6b9a500, cleanup=0)
>> at /usr/src/sys/fs/devfs/devfs_devs.c:370
>> 370 if ((cleanup || !(cdp->cdp_flags & CDP_ACTIVE)) &&
>> (kgdb) list
>> 365
>> 366 /*
>> 367 * If we are unmounting, or the device has been
>> destroyed,
>> 368 * clean up our dirent.
>> 369 */
>> 370 if ((cleanup || !(cdp->cdp_flags & CDP_ACTIVE)) &&
>> 371 dm->dm_idx <= cdp->cdp_maxdirent &&
>> 372 cdp->cdp_dirents[dm->dm_idx] != NULL) {
>> 373 de = cdp->cdp_dirents[dm->dm_idx];
>> 374 cdp->cdp_dirents[dm->dm_idx] = NULL;
>> (kgdb)
>>
>> Does the nvidia driver don't play right with devfs ?
>>
>> Thanks for your time,
>
> See PR/108078
In my case hal is not installed. In PR/108078 the nvidia driver is there
too. So nvidia seems more a culprit to me.
Thank for your answer.
henri
More information about the freebsd-stable
mailing list