6.4-PRELEASE sporadically panicking with fatal trap 12

John L. Templer green_tiger at comcast.net
Sat Oct 11 18:26:21 PDT 2008 

barbara wrote:
> Hello,
> I'm running 6.4-PRELEASE, last built on 2008-10-05 with /usr/src updated on the same day.
> I had a panic that looks to me very similiar to the one described here (hence the subject): 
> http://lists.freebsd.org/pipermail/freebsd-stable/2008-September/045405.html
>
> What caught my curiosity is the message:
> 	
> 	Unread portion of the kernel message buffer:
>
> 	acd0: WARNING - TEST_UNIT_READY read data overrun 18>0
>
> 	kernel trap 12 with interrupts disabled
>
> I don't have atapicam built in the kernel and it wasn't loaded, and I'm pretty sure no media was inserted in my dvdrw unit since the last boot.
> The other report has a similar message too (acd1: WARNING - READ_TOC read data overrun 18>12)
>
>
> Here's the backtrace:
>
> # kgdb kernel.debug /var/crash/vmcore.2
> GNU gdb 6.1.1 [FreeBSD]
>
> Copyright 2004 Free Software Foundation, Inc.
>
> GDB is free software, covered by the GNU General Public License, and you are
>
> welcome to change it and/or distribute copies of it under certain conditions.
>
> Type "show copying" to see the conditions.
>
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
>
> This GDB was configured as "i386-marcel-freebsd"...
>
>
>
> Unread portion of the kernel message buffer:
>
> acd0: WARNING - TEST_UNIT_READY read data overrun 18>0
>
> kernel trap 12 with interrupts disabled
>
>
>
>
>
> Fatal trap 12: page fault while in kernel mode
>
> cpuid = 0; apic id = 00
>
> fault virtual address	= 0x104
>
> fault code		= supervisor read, page not present
>
> instruction pointer	= 0x20:0xc05419e5
>
> stack pointer	        = 0x28:0xe5928c00
>
> frame pointer	        = 0x28:0xe5928c18
>
> code segment		= base 0x0, limit 0xfffff, type 0x1b
>
> 			= DPL 0, pres 1, def32 1, gran 1
>
> processor eflags	= resume, IOPL = 0
>
> current process		= 17 (swi6: task queue)
>
> trap number		= 12
>
> panic: page fault
>
> cpuid = 0
>
> Uptime: 22h2m3s
>
> Physical memory: 2031 MB
>
> Dumping 287 MB: 272 256 240 224 208 192 176 160 144 128 112 96 80 64 48 32 16
>
>
>
> Reading symbols from /boot/kernel/linux.ko...done.
>
> Loaded symbols for /boot/kernel/linux.ko
>
> Reading symbols from /boot/modules/nvidia.ko...done.
>
> Loaded symbols for /boot/modules/nvidia.ko
>
> Reading symbols from /boot/kernel/acpi.ko...done.
>
> Loaded symbols for /boot/kernel/acpi.ko
>
> Reading symbols from /boot/kernel/linprocfs.ko...done.
>
> Loaded symbols for /boot/kernel/linprocfs.ko
>
> Reading symbols from /boot/kernel/logo_saver.ko...done.
>
> Loaded symbols for /boot/kernel/logo_saver.ko
>
> Reading symbols from /boot/kernel/smbfs.ko...done.
>
> Loaded symbols for /boot/kernel/smbfs.ko
>
> Reading symbols from /boot/kernel/libiconv.ko...done.
>
> Loaded symbols for /boot/kernel/libiconv.ko
>
> Reading symbols from /boot/kernel/libmchain.ko...done.
>
> Loaded symbols for /boot/kernel/libmchain.ko
>
> #0  doadump () at pcpu.h:165
>
> 165		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
>
> (kgdb) list *0xc05419e5
>
> 0xc05419e5 is in _mtx_lock_sleep (/usr/src/sys/kern/kern_mutex.c:548).
>
> 543			 * If the current owner of the lock is executing on another
>
> 544			 * CPU, spin instead of blocking.
>
> 545			 */
>
> 546			owner = (struct thread *)(v & MTX_FLAGMASK);
>
> 547	#ifdef ADAPTIVE_GIANT
>
> 548			if (TD_IS_RUNNING(owner)) {
>
> 549	#else
>
> 550			if (m != &Giant && TD_IS_RUNNING(owner)) {
>
> 551	#endif
>
> 552				turnstile_release(&m->mtx_object);
> (kgdb)
>
> (kgdb) bt full
>
> #0  doadump () at pcpu.h:165
>
> No locals.
>
> #1  0xc054d419 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:410
>
> 	first_buf_printf = 1
>
> #2  0xc054d7e6 in panic (fmt=0xc0736da9 "%s") at /usr/src/sys/kern/kern_shutdown.c:566
>
> 	td = (struct thread *) 0xc6bf0300
>
> 	bootopt = 260
>
> 	newpanic = 0
>
> 	ap = 0xc6bf0300 "`øŸÆàÚŸÆ"
>
> 	buf = "page fault", '\0' <repeats 245 times>
>
> #3  0xc071822c in trap_fatal (frame=0xe5928bc0, eva=0) at /usr/src/sys/i386/i386/trap.c:838
>
> 	code = 40
>
> 	ss = 40
>
> 	esp = 0
>
> 	type = 12
>
> 	softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 0, ssd_xx1 = 0, ssd_def32 = 1, ssd_gran = 1}
>
> 	msg = 0x0
>
> #4  0xc07178e4 in trap (frame=
>
>       {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -960560384, tf_esi = 4, tf_ebp = -443380712, tf_isp = -443380756, tf_ebx = -937328156, tf_edx = 6, tf_ecx = 4, tf_eax = 1, tf_trapno = 12, tf_err = 0, tf_eip = -1068230171, tf_cs = 32, tf_eflags = 65538, tf_esp = -937328156, tf_ss = 0})
>
>     at /usr/src/sys/i386/i386/trap.c:270
>
> 	td = (struct thread *) 0xc6bf0300
>
> 	p = (struct proc *) 0xc6bef860
>
> 	sticks = 4999
>
> 	type = 12
>
> 	i = 0
>
> 	ucode = 0
>
> 	code = 0
>
> 	eva = 260
>
> #5  0xc06ffaaa in calltrap () at /usr/src/sys/i386/i386/exception.s:139
>
> No locals.
>
> #6  0xc05419e5 in _mtx_lock_sleep (m=0xc82181e4, tid=3334406912, opts=0, file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:546
>
> 	owner = (volatile struct thread *) 0x4
>
> 	v = 6
>
> #7  0xc054c6b9 in _sema_post (sema=0xc82181e4, file=0x0, line=0) at /usr/src/sys/kern/kern_sema.c:79
>
> No locals.
>
> #8  0xc04705e3 in ata_completed (context=0xc8218198, dummy=1) at /usr/src/sys/dev/ata/ata-queue.c:481
>
> 	request = (struct ata_request *) 0xc8218198
>
> 	ch = (struct ata_channel *) 0xc6cd6a00
>
> 	atadev = (struct ata_device *) 0xc6ddcc00
>
> 	composite = (struct ata_composite *) 0x0
>
> #9  0xc05757dd in taskqueue_run (queue=0xc6c8a000) at /usr/src/sys/kern/subr_taskqueue.c:257
>
> 	task = (struct task *) 0xc821823c
>
> 	owned = 0
>
> 	pending = 1
>
> #10 0xc0575af3 in taskqueue_swi_run (dummy=0x0) at /usr/src/sys/kern/subr_taskqueue.c:299
>
> No locals.
>
> #11 0xc052fbcb in ithread_execute_handlers (p=0xc6bef860, ie=0xc6c44e80) at /usr/src/sys/kern/kern_intr.c:682
>
> 	ih = (struct intr_handler *) 0xc6cc5080
>
> 	ihn = (struct intr_handler *) 0x0
>
> #12 0xc052fd27 in ithread_loop (arg=0xc6c62550) at /usr/src/sys/kern/kern_intr.c:766
>
> 	intr_event = (struct intr_thread *) 0xc6c62550
>
> 	ie = (struct intr_event *) 0xc6c44e80
>
> 	td = (struct thread *) 0xc6bf0300
>
> 	p = (struct proc *) 0xc6bef860
>
> #13 0xc052e4b0 in fork_exit (callout=0xc052fcc0 <ithread_loop>, arg=0x1, frame=0x1) at /usr/src/sys/kern/kern_fork.c:788
>
> 	p = (struct proc *) 0xc6bef860
>
> 	td = (struct thread *) 0x6
>
> #14 0xc06ffb0c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
>
> No locals.
> (kgdb)
> (kgdb) thread apply all bt
>
>
>
> Thread 175 (Thread 100290):
>
> #0  sched_switch (td=0xc7172000, newtd=0xc6bea780, flags=1) at /usr/src/sys/kern/sched_4bsd.c:959
>
> #1  0xc0555eef in mi_switch (flags=1, newtd=0x0) at /usr/src/sys/kern/kern_synch.c:420
>
> #2  0xc0573ff9 in sleepq_switch (wchan=0x0) at /usr/src/sys/kern/subr_sleepqueue.c:464
>
> #3  0xc05741a1 in sleepq_wait_sig (wchan=0xc6d20010) at /usr/src/sys/kern/subr_sleepqueue.c:560
>
> #4  0xc055592e in msleep (ident=0xc6d20010, mtx=0x0, priority=345, wmesg=0x0, timo=0) at /usr/src/sys/kern/kern_synch.c:209
>
> #5  0xc058aeb9 in ttysleep (tp=0xc6d20000, chan=0x0, pri=0, wmesg=0x0, timo=0) at /usr/src/sys/kern/tty.c:2786
>
> #6  0xc0589348 in ttread (tp=0xc6d20000, uio=0xec85fcb0, flag=0) at /usr/src/sys/kern/tty.c:1888
>
> #7  0xc058e55e in ptsread (dev=0x0, uio=0x0, flag=0) at linedisc.h:100
>
> #8  0xc05155ef in giant_read (dev=0xc7c74200, uio=0x0, ioflag=0) at /usr/src/sys/kern/kern_conf.c:346
>
> #9  0xc04ea669 in devfs_read_f (fp=0xc7d70d80, uio=0xec85fcb0, cred=0xc85fd200, flags=0, td=0xc7172000) at /usr/src/sys/fs/devfs/devfs_vnops.c:872
>
> #10 0xc0578f0c in dofileread (td=0xc7172000, fd=0, fp=0xc7d70d80, auio=0xec85fcb0, offset=Unhandled dwarf expression opcode 0x93
>
> ) at file.h:241
>
> #11 0xc0578d20 in kern_readv (td=0xc7172000, fd=16, auio=0x0) at /usr/src/sys/kern/sys_generic.c:192
>
> #12 0xc0578bdf in read (td=0x0, uap=0x0) at /usr/src/sys/kern/sys_generic.c:116
>
> #13 0xc0718633 in syscall (frame=
>
>       {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = -1077942016, tf_esi = 1, tf_ebp = -1077942056, tf_isp = -326763164, tf_ebx = -1077941876, tf_edx = 0, tf_ecx = 0, tf_eax = 3, tf_trapno = 0, tf_err = 2, tf_eip = 673128727, tf_cs = 51, tf_eflags = 582, tf_esp = -1077942084, tf_ss = 59})
>
>     at /usr/src/sys/i386/i386/trap.c:984
>
> #14 0xc06ffaff in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
>
> #15 0x00000033 in ?? ()
>
> Previous frame inner to this frame (corrupt stack?)
>
> 165		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
>
>
> (kgdb) quit
>
>
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>
>   
Interesting.  I ran 6.3 for a bit before I changed over to 7.0.  Neither
6.3 or 7.0 exhibited this problem.

I'm at 7.1 prerelease #4 now, and I'm using Fluxbox instead of Gnome. 
The system has been up six days with no problems.  I'll probably try
using Gnome again after 7.1 release is out.  There's also a patch to ATA
that I might try.  Or possibly I'll just wait for 7.1. :-)

More information about the freebsd-stable mailing list