From owner-freebsd-questions@FreeBSD.ORG  Sun Jul 29 13:20:41 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 91C5D16A41F
	for <freebsd-questions@freebsd.org>;
	Sun, 29 Jul 2007 13:20:41 +0000 (UTC)
	(envelope-from ytriffy@gmail.com)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172])
	by mx1.freebsd.org (Postfix) with ESMTP id E6C6B13C4B0
	for <freebsd-questions@freebsd.org>;
	Sun, 29 Jul 2007 13:20:40 +0000 (UTC)
	(envelope-from ytriffy@gmail.com)
Received: by ug-out-1314.google.com with SMTP id o4so1052836uge
	for <freebsd-questions@freebsd.org>;
	Sun, 29 Jul 2007 06:20:39 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta;
	h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
	b=Vdlckk+RESs/ZIAGf54Uf/CWr50Pkkw1q/vYVwmNJFLcZcefR820Es/nMFxaHj5BzMqwyPTM68zovikwojdIssePXQD8K000isG4CQYPna+SE9nK76FX5mX1Qk0J+xDpbL7Akaf8dD/oR7TpkQNEx+fgfNktV/BuBc9YhQmKDxY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta;
	h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
	b=pSuGc7mpxBBcnRL8mONJoxLXver1Vrbdifh/JmPXYE1jvmxx9pnuPLZKp+JwdvD/ulXb4FPyh0WY3DiK+zCTeBHaByyD51aRjt5xy99auujdtYO9GeQgggd4CpMLa68ANr3nqAE5+yuPtp3vTc8S0j5xye+qgJP5draWA3qO1U8=
Received: by 10.66.219.11 with SMTP id r11mr4438796ugg.1185713659117;
	Sun, 29 Jul 2007 05:54:19 -0700 (PDT)
Received: from freelanc.dubki.ru ( [80.86.254.135])
	by mx.google.com with ESMTPS id c25sm3722780ika.2007.07.29.05.54.17
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Sun, 29 Jul 2007 05:54:18 -0700 (PDT)
Message-ID: <46AC8DEE.4010509@gmail.com>
Date: Sun, 29 Jul 2007 16:54:06 +0400
From: Slava Gonahchan <ytriffy@gmail.com>
User-Agent: Thunderbird 2.0.0.0 (X11/20070722)
MIME-Version: 1.0
To: freebsd-hackers@freebsd.org,  freebsd-questions@freebsd.org
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Mailman-Approved-At: Sun, 29 Jul 2007 14:29:00 +0000
Cc: 
Subject: Fatal trap 12: page fault while in kernel mode.Need help.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jul 2007 13:20:41 -0000

Hello.
Trap 12 occured when I rebooted PC. Sending you backtrace.
My system: amd64 3200+ Venice, MB ECS nForce4 A939,Samsung 250GB and WD 
250 GB, 2 memory banks 512MB each, videocard: Geforce 6600gt 128MB,
NIC on realtek chip, sound card cirrus logic cs4281. It's very unstable, 
crashes happen every day, so I'm hoping you would say why(any hints what 
hardware may cause it).
How to repeat it? I don't know. It happened once during reboot process.

[root@freelanc /var]# uname -a
FreeBSD freelanc.dubki.ru 6.2-STABLE-200706 FreeBSD 6.2-STABLE-200706 
#1: Mon Jul 23 13:34:27 MSD 2007 
root@freelanc.dubki.ru:/usr/obj/usr/src/sys/DEBUGGERKERN i386

[root@freelanc /usr/obj/usr/src/sys/DEBUGGERKERN]# kgdb kernel.debug 
/var/crash/vmcore.3
kgdb: kvm_nlist(_stopped_cpus):
kgdb: kvm_nlist(_stoppcbs):
[GDB will not be able to debug user-mode threads: 
/usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you 
are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:
<118>Jul 25 14:06:32 freelanc syslogd: exiting on signal 15
Waiting (max 60 seconds) for system process `vnlru' to stop...done
Waiting (max 60 seconds) for system process `syncer' to stop...
Syncing disks, vnodes remaining...6 5 3 1 0 0 done
Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
All buffers synced.


Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x4
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc058a4e0
stack pointer = 0x28:0xe9455c48
frame pointer = 0x28:0xe9455c58
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 44922 (reboot)
panic: from debugger
Uptime: 2h45m36s
Dumping 1022 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 1022MB (261600 pages) 1006 990 974 958 942 926 910 894 878 862 
846 830 814 798 782 766 750 734 718 702 686 670 654 638 622 606 590 574 
558 542 526 510 494 478 462 446 430 414 398 382 366 350 334 318 302 286 
270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14

#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0 doadump () at pcpu.h:165
#1 0xc053d916 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2 0xc053dbdc in panic (fmt=0xc06f5278 "from debugger")
at /usr/src/sys/kern/kern_shutdown.c:565
#3 0xc045361d in db_panic (addr=-1067932448, have_addr=0, count=-1,
modif=0xe9455a74 "") at /usr/src/sys/ddb/db_command.c:438
#4 0xc04535b4 in db_command (last_cmdp=0xc0766784, cmd_table=0x0,
aux_cmd_tablep=0xc0728e90, aux_cmd_tablep_end=0xc0728e94)
at /usr/src/sys/ddb/db_command.c:350
#5 0xc045367c in db_command_loop () at /usr/src/sys/ddb/db_command.c:458
#6 0xc0455291 in db_trap (type=12, code=0) at 
/usr/src/sys/ddb/db_main.c:222
#7 0xc0556a2b in kdb_trap (type=12, code=0, tf=0xe9455c08)
at /usr/src/sys/kern/subr_kdb.c:473
#8 0xc06cba6c in trap_fatal (frame=0xe9455c08, eva=4)
at /usr/src/sys/i386/i386/trap.c:828
#9 0xc06cb7d7 in trap_pfault (frame=0xe9455c08, usermode=0, eva=4)
at /usr/src/sys/i386/i386/trap.c:745
#10 0xc06cb3f1 in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -381330360, tf_esi = 
-993547624, tf_ebp = -381330344, tf_isp = -381330380, tf_ebx = 0, tf_edx 
= -992513384, tf_ecx = 4, tf_eax = -950651024, tf_trapno = 12, tf_err = 
0, tf_eip = -1067932448, tf_cs = 32, tf_eflags = 590338, tf_esp = 0, 
tf_ss = -992305712})
at /usr/src/sys/i386/i386/trap.c:435
#11 0xc06b8b1a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#12 0xc058a4e0 in cache_purgevfs (mp=0xc4d77298)
at /usr/src/sys/kern/vfs_cache.c:622
#13 0xc0591f29 in dounmount (mp=0xc4d77298, flags=524288, td=0xc62ce300)
at /usr/src/sys/kern/vfs_mount.c:1214
#14 0xc0597d0a in vfs_unmountall () at /usr/src/sys/kern/vfs_subr.c:2837
#15 0xc053d807 in boot (howto=0) at /usr/src/sys/kern/kern_shutdown.c:391
#16 0xc053d2a2 in reboot (td=0xc62ce300, uap=0xc7563770)
at /usr/src/sys/kern/kern_shutdown.c:169
#17 0xc06cbdbb in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 2, tf_esi = 18, tf_ebp = 
-1077941304, tf_isp = -381330076, tf_ebx = 0, tf_edx = -1, tf_ecx = 
672491264, tf_eax = 55, tf_trapno = 12, tf_err = 2, tf_eip = 671802263, 
tf_cs = 51, tf_eflags = 662, tf_esp = -1077941380, tf_ss = 59}) at 
/usr/src/sys/i386/i386/trap.c:983
#18 0xc06b8b6f in Xint0x80_syscall () at 
/usr/src/sys/i386/i386/exception.s:200
#19 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) up 19
#19 0x00000033 in ?? ()
(kgdb) down 1
#18 0xc06b8b6f in Xint0x80_syscall () at 
/usr/src/sys/i386/i386/exception.s:200
200 call syscall
Current language: auto; currently asm
(kgdb) down 1
#17 0xc06cbdbb in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 2, tf_esi = 18, tf_ebp = 
-1077941304, tf_isp = -381330076, tf_ebx = 0, tf_edx = -1, tf_ecx = 
672491264, tf_eax = 55, tf_trapno = 12, tf_err = 2, tf_eip = 671802263, 
tf_cs = 51, tf_eflags = 662, tf_esp = -1077941380, tf_ss = 59}) at 
/usr/src/sys/i386/i386/trap.c:983
983 error = (*callp->sy_call)(td, args);
Current language: auto; currently c
(kgdb) p *callp
$1 = {sy_narg = 65537, sy_call = 0xc053d258 <reboot>, sy_auevent = 20}
(kgdb) p *callp->sy_call
$2 = {int (struct thread *, void *)} 0xc053d258 <reboot>
(kgdb) p td
$3 = (struct thread *) 0xc62ce300
(kgdb) p args
$4 = {0, 9, -994250272, -1077941388, 0, 0, 3, 0}
(kgdb) down 1
#16 0xc053d2a2 in reboot (td=0xc62ce300, uap=0xc7563770)
at /usr/src/sys/kern/kern_shutdown.c:169
169 boot(uap->opt);
(kgdb) p uap
$5 = (struct reboot_args *) 0xc7563770
(kgdb) p uap->opt
$6 = 2
(kgdb) down 1
#15 0xc053d807 in boot (howto=0) at /usr/src/sys/kern/kern_shutdown.c:391
391 vfs_unmountall();
(kgdb) down 1
#14 0xc0597d0a in vfs_unmountall () at /usr/src/sys/kern/vfs_subr.c:2837
2837 error = dounmount(mp, MNT_FORCE, td);
(kgdb) p mp
$7 = (struct mount *) 0xc4d77298
(kgdb) p td
$8 = (struct thread *) 0xc62ce300
(kgdb) down 1
#13 0xc0591f29 in dounmount (mp=0xc4d77298, flags=524288, td=0xc62ce300)
at /usr/src/sys/kern/vfs_mount.c:1214
1214 cache_purgevfs(mp); /* remove cache entries for this file sys */
(kgdb) down 1
#12 0xc058a4e0 in cache_purgevfs (mp=0xc4d77298)
at /usr/src/sys/kern/vfs_cache.c:622
622 for (ncp = LIST_FIRST(ncpp); ncp != 0; ncp = nnp) {
(kgdb) p ncp
$9 = (struct namecache *) 0x4
(kgdb) p ncpp
$10 = (struct nchashhead *) 0xc4c7aa98
(kgdb) down 1
#11 0xc06b8b1a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
139 call trap
Current language: auto; currently asm
(kgdb) down 1
#10 0xc06cb3f1 in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -381330360, tf_esi = 
-993547624, tf_ebp = -381330344, tf_isp = -381330380, tf_ebx = 0, tf_edx 
= -992513384, tf_ecx = 4, tf_eax = -950651024, tf_trapno = 12, tf_err = 
0, tf_eip = -1067932448, tf_cs = 32, tf_eflags = 590338, tf_esp = 0, 
tf_ss = -992305712})
at /usr/src/sys/i386/i386/trap.c:435
435 (void) trap_pfault(&frame, FALSE, eva);
Current language: auto; currently c
(kgdb) p frame
$11 = {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -381330360,
tf_esi = -993547624, tf_ebp = -381330344, tf_isp = -381330380, tf_ebx = 0,
tf_edx = -992513384, tf_ecx = 4, tf_eax = -950651024, tf_trapno = 12,
tf_err = 0, tf_eip = -1067932448, tf_cs = 32, tf_eflags = 590338,
tf_esp = 0, tf_ss = -992305712}
(kgdb) p eva
$12 = 4
(kgdb) down 1
#9 0xc06cb7d7 in trap_pfault (frame=0xe9455c08, usermode=0, eva=4)
at /usr/src/sys/i386/i386/trap.c:745
745 trap_fatal(frame, eva);
(kgdb) down 1
#8 0xc06cba6c in trap_fatal (frame=0xe9455c08, eva=4)
at /usr/src/sys/i386/i386/trap.c:828
828 if (kdb_trap(type, 0, frame)) {
(kgdb) p type
$13 = 12
(kgdb) down 1
#7 0xc0556a2b in kdb_trap (type=12, code=0, tf=0xe9455c08)
at /usr/src/sys/kern/subr_kdb.c:473
473 handled = kdb_dbbe->dbbe_trap(type, code);
(kgdb) p kdb_dbbe
$14 = (struct kdb_dbbe *) 0xc072f0e0
(kgdb) p kdb_dbbe->dbbe_trap
$15 = (dbbe_trap_f *) 0xc04551ac <db_trap>
(kgdb) p type
$16 = 12
(kgdb) p code
$17 = 0
(kgdb) down 1
#6 0xc0455291 in db_trap (type=12, code=0) at 
/usr/src/sys/ddb/db_main.c:222
222 db_command_loop();
(kgdb) down 1
#5 0xc045367c in db_command_loop () at /usr/src/sys/ddb/db_command.c:458
458 db_command(&db_last_command, db_command_table,
(kgdb) p &db_last_command
$18 = (struct command **) 0xc0766784
(kgdb) p db_command_table
$19 = {{name = 0xc0726d8d "print", fcn = 0xc0453e44 <db_print_cmd>, flag 
= 0,
more = 0x0}, {name = 0xc0707446 "p", fcn = 0xc0453e44 <db_print_cmd>,
flag = 0, more = 0x0}, {name = 0xc06f521d "examine",
fcn = 0xc0453b74 <db_examine_cmd>, flag = 256, more = 0x0}, {
name = 0xc06f3248 "x", fcn = 0xc0453b74 <db_examine_cmd>, flag = 256,
more = 0x0}, {name = 0xc06f5225 "search",
fcn = 0xc0453f44 <db_search_cmd>, flag = 257, more = 0x0}, {
name = 0xc06fc7c7 "set", fcn = 0xc0456d98 <db_set_cmd>, flag = 1,
more = 0x0}, {name = 0xc071c1dc "write", fcn = 0xc045714c <db_write_cmd>,
flag = 258, more = 0x0}, {name = 0xc070470c "w",
fcn = 0xc045714c <db_write_cmd>, flag = 258, more = 0x0}, {
name = 0xc0711df9 "delete", fcn = 0xc045312c <db_delete_cmd>, flag = 0,
more = 0x0}, {name = 0xc06f3296 "d", fcn = 0xc045312c <db_delete_cmd>,
flag = 0, more = 0x0}, {name = 0xc06f522c "break",
fcn = 0xc0453144 <db_breakpoint_cmd>, flag = 0, more = 0x0}, {
name = 0xc06f5232 "dwatch", fcn = 0xc0457014 <db_deletewatch_cmd>,
flag = 0, more = 0x0}, {name = 0xc06f5233 "watch",
fcn = 0xc045702c <db_watchpoint_cmd>, flag = 2, more = 0x0}, {
name = 0xc06f5239 "dhwatch", fcn = 0xc04570e4 <db_deletehwatch_cmd>,
flag = 0, more = 0x0}, {name = 0xc06f523a "hwatch",
fcn = 0xc0457118 <db_hwatchpoint_cmd>, flag = 0, more = 0x0}, {
name = 0xc0721ca0 "step", fcn = 0xc0456438 <db_single_step_cmd>, flag = 0,
more = 0x0}, {name = 0xc06f55e4 "s",
fcn = 0xc0456438 <db_single_step_cmd>, flag = 0, more = 0x0}, {
name = 0xc06f5241 "continue", fcn = 0xc045653c <db_continue_cmd>,
flag = 0, more = 0x0}, {name = 0xc0713305 "c",
fcn = 0xc045653c <db_continue_cmd>, flag = 0, more = 0x0}, {
name = 0xc06f524a "until", fcn = 0xc04564a0 <db_trace_until_call_cmd>,
flag = 0, more = 0x0}, {name = 0xc06f5250 "next",
fcn = 0xc04564e8 <db_trace_until_matching_cmd>, flag = 0, more = 0x0}, {
name = 0xc070d7da "match", fcn = 0xc04564e8 <db_trace_until_matching_cmd>,
flag = 0, more = 0x0}, {name = 0xc070882b "trace",
fcn = 0xc0453a4c <db_stack_trace>, flag = 1, more = 0x0}, {
name = 0xc06f5255 "alltrace", fcn = 0xc0453b20 <db_stack_trace_all>,
flag = 0, more = 0x0}, {name = 0xc07249cf "where",
fcn = 0xc0453a4c <db_stack_trace>, flag = 1, more = 0x0}, {
name = 0xc06f525e "bt", fcn = 0xc0453a4c <db_stack_trace>, flag = 1,
more = 0x0}, {name = 0xc071aa99 "call", fcn = 0xc04536b0 <db_fncall>,
flag = 1, more = 0x0}, {name = 0xc06f5261 "show", fcn = 0, flag = 0,
more = 0xc072edc0}, {name = 0xc07126a2 "ps", fcn = 0xc0455784 <db_ps>,
flag = 0, more = 0x0}, {name = 0xc06f5266 "gdb",
fcn = 0xc0453a18 <db_gdb>, flag = 0, more = 0x0}, {
name = 0xc06fc600 "reset", fcn = 0xc0453920 <db_reset>, flag = 0,
more = 0x0}, {name = 0xc06f526a "kill", fcn = 0xc04537d8 <db_kill>,
flag = 1, more = 0x0}, {name = 0xc06f526f "watchdog",
fcn = 0xc045392c <db_watchdog>, flag = 0, more = 0x0}, {
name = 0xc070887d "thread", fcn = 0xc0456a10 <db_set_thread>, flag = 1,
more = 0x0}, {name = 0x0, fcn = 0, flag = 0, more = 0x0}}
(kgdb) down 1
#4 0xc04535b4 in db_command (last_cmdp=0xc0766784, cmd_table=0x0,
aux_cmd_tablep=0xc0728e90, aux_cmd_tablep_end=0xc0728e94)
at /usr/src/sys/ddb/db_command.c:350
350 (*cmd->fcn)(addr, have_addr, count, modif);
(kgdb) p addr
$20 = -1067932448
(kgdb) p have_addr
$21 = 0
(kgdb) p count
$22 = -1
(kgdb) p modif
$23 = 
"\000ZEИDыjю\214ZEИ\220ZEИ\211\a\000\000═ZEИ\"LJю\000\000\000\000\000╤╙д\2005yю\r\000\000\000\2005yю\r\000\000\000\001\000\000\000лZEИ\213рjюлZEИ╓рjю\000@Ёд@\036wюx\000\000\000\200pvю\f\000\000\000ЛZEИ<VEюЗ╧pю,SEю\f\000\000\000\200pvюнJEю" 

(kgdb) down 1
#3 0xc045361d in db_panic (addr=-1067932448, have_addr=0, count=-1,
modif=0xe9455a74 "") at /usr/src/sys/ddb/db_command.c:438
438 panic("from debugger");
(kgdb) down 1
#2 0xc053dbdc in panic (fmt=0xc06f5278 "from debugger")
at /usr/src/sys/kern/kern_shutdown.c:565
565 boot(bootopt);
(kgdb) p bootopt
$24 = 260
(kgdb) down 1
#1 0xc053d916 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
409 doadump();
(kgdb) down 1
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb)

Some other info orequired - feel free to email me:)
Best regards, Slava.