Panic with X/radeon/glx (vm_fault: fault on nofault entry)

From: Karol Kwiatkowski <karol.kwiat_at_gmail.com>
Date: Wed, 30 May 2007 12:27:26 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi all,

My system panics if glx is enabled in xorg.conf. It happens with both
xorg 6.9 and 7.2 on CURRENT, it didn't happen on 6.2-STABLE some months
ago. Everything works if I remove 'Load  "glx"' form xorg.conf

System panic is:
panic: vm_fault: fault on nofault entry, addr: e41a1000

Full panic with backtrace attached. System configuration at the bottom,
full config files, Xorg log and panic message can be found here:
	http://www.orchid.homeunix.org/freebsd/persephone/

Any help appreciated. Thanks,

Karol


hardware: i386, Radeon 9000Pro/AGP/Nvidia nForce2

$ uname -a
FreeBSD persephone.orchid.homeunix.org 7.0-CURRENT FreeBSD 7.0-CURRENT
#0: Tue May 29 10:58:33 CEST 2007
root_at_persephone.orchid.homeunix.org:/mnt/big/FreeBSD/obj/usr/src/sys/PERSEPHONE
 i386

sources:
cvs started: Tue May 29 09:02:17 CEST 2007
cvs ended  : Tue May 29 09:02:53 CEST 2007

in custom kernel:
device	agp
device	drm
device	radeondrm

working xorg.conf:
Section "Module"
        Load  "extmod"
#       Load  "glx"
        Load  "dri"
        Load  "dbe"
        Load  "record"
        Load  "xtrap"
        Load  "type1"
        Load  "freetype"
EndSection

- --
Karol Kwiatkowski   <karol.kwiat at gmail dot com>
OpenPGP 0x06E09309
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGXVGOezeoPAwGIYsRCEgmAJ94siih9RrN0Lm9/wn+GrpyCOPF9ACeLo8o
EbIvGPXVQA895oofflk4qfE=
=Mbpv
-----END PGP SIGNATURE-----

persephone: Yes, Master? kgdb kernel.debug /var/crash/vmcore.0
kgdb: kvm_nlist(_stopped_cpus): 
kgdb: kvm_nlist(_stoppcbs): 
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:
panic: vm_fault: fault on nofault entry, addr: e41a1000
KDB: stack backtrace:
db_trace_self_wrapper(c070f54f,e6b60834,c055b371,c070d9e7,c07792a0,...) at db_trace_self_wrapper+0x26
kdb_backtrace(c070d9e7,c07792a0,c071c304,e6b60840,e6b60840,...) at kdb_backtrace+0x29
panic(c071c304,e41a1000,1,e6b60924,e6b60914,...) at panic+0xb1
vm_fault(c1054000,e41a1000,1,0,369e99,...) at vm_fault+0x178
trap_pfault(e6b609d8,3046,0,e6b609ec,c41d5480,...) at trap_pfault+0x1f4
trap(e6b60a60) at trap+0x392
calltrap() at calltrap+0x6
--- trap 0xc, eip = 0xc06d8447, esp = 0xe6b60aa0, ebp = 0xe6b60acc ---
agp_nvidia_flush_tlb(c3b9d700,c3b0a8b0,c074d1e0,e0,c073d940,...) at agp_nvidia_flush_tlb+0x197
agp_generic_bind_memory(c3b9d700,c40e7800,0) at agp_generic_bind_memory+0x41f
agp_bind_memory(c3b9d700,c40e7800,0,c3ccb000,e6b60b7c,...) at agp_bind_memory+0x51
drm_agp_bind_memory(c40e7800,0,0,40,0,...) at drm_agp_bind_memory+0x3f
drm_agp_bind(c3ccb000,e6b60b7c,e,c07318d0,e6b60b8c,...) at drm_agp_bind+0xe6
drm_agp_bind_ioctl(c3cc8d00,80086436,c3e767d0,3,c3f37a20,...) at drm_agp_bind_ioctl+0x6f
drm_ioctl(c3cc8d00,80086436,c3e767d0,3,c3f37a20,...) at drm_ioctl+0x39b
giant_ioctl(c3cc8d00,80086436,c3e767d0,3,c3f37a20,...) at giant_ioctl+0x7a
devfs_ioctl_f(c3e97750,80086436,c3e767d0,c41b9a00,c3f37a20,...) at devfs_ioctl_f+0xcb
kern_ioctl(c3f37a20,7,80086436,c3e767d0,c3e767d0,...) at kern_ioctl+0x322
ioctl(c3f37a20,e6b60cfc,c,c3f37a20,c,...) at ioctl+0x12f
syscall(e6b60d38) at syscall+0x325
Xint0x80_syscall() at Xint0x80_syscall+0x20
--- syscall (54, FreeBSD ELF32, ioctl), eip = 0x283d2c6b, esp = 0xbfbfeafc, ebp = 0xbfbfeb28 ---
Uptime: 2m9s
Physical memory: 1015 MB
Dumping 74 MB: 59 43 27 11

#0  doadump () at pcpu.h:172
172             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:172
#1  0xc055b174 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc055b3f7 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:563
#3  0xc0678a18 in vm_fault (map=0xc1054000, vaddr=3826913280, fault_type=1 '\001', fault_flags=0) at /usr/src/sys/vm/vm_fault.c:275
#4  0xc06c4ee4 in trap_pfault (frame=0xe6b60a60, usermode=0, eva=3826913280) at /usr/src/sys/i386/i386/trap.c:773
#5  0xc06c5902 in trap (frame=0xe6b60a60) at /usr/src/sys/i386/i386/trap.c:462
#6  0xc06aefbb in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc06d8447 in agp_nvidia_flush_tlb (dev=0xc3b9d700, offset=-1011832656) at /usr/src/sys/pci/agp_nvidia.c:379
#8  0xc0629fff in agp_generic_bind_memory (dev=0xc3b9d700, mem=0xc40e7800, offset=0) at agp_if.h:76
#9  0xc0629641 in agp_bind_memory (dev=0xc3b9d700, handle=0xc40e7800, offset=0) at agp_if.h:128
#10 0xc04b935f in drm_agp_bind_memory (handle=0xc40e7800, start=0) at /usr/src/sys/dev/drm/drm_agpsupport.c:456
#11 0xc04b95c6 in drm_agp_bind (dev=0xc3ccb000, request=0xe6b60b7c) at /usr/src/sys/dev/drm/drm_agpsupport.c:331
#12 0xc04b9f5f in drm_agp_bind_ioctl (kdev=0xc3cc8d00, cmd=2148033590, data=0xc3e767d0 "", flags=3, p=0xc3f37a20, filp=0x17e6)
    at /usr/src/sys/dev/drm/drm_agpsupport.c:348
#13 0xc04befbb in drm_ioctl (kdev=0xc3cc8d00, cmd=2148033590, data=0xc3e767d0 "", flags=3, p=0xc3f37a20)
    at /usr/src/sys/dev/drm/drm_drv.c:908
#14 0xc052ae2a in giant_ioctl (dev=0xc3cc8d00, cmd=2148033590, data=0xc3e767d0 "", fflag=3, td=0xc3f37a20)
    at /usr/src/sys/kern/kern_conf.c:306
#15 0xc04f14eb in devfs_ioctl_f (fp=0xc3e97750, com=2148033590, data=0xc3e767d0, cred=0xc41b9a00, td=0xc3f37a20)
    at /usr/src/sys/fs/devfs/devfs_vnops.c:491
#16 0xc058cc22 in kern_ioctl (td=0xc3f37a20, fd=7, com=2148033590, data=0xc3e767d0 "") at file.h:266
#17 0xc058cd7f in ioctl (td=0xc3f37a20, uap=0xe6b60cfc) at /usr/src/sys/kern/sys_generic.c:542
#18 0xc06c52b5 in syscall (frame=0xe6b60d38) at /usr/src/sys/i386/i386/trap.c:1013
#19 0xc06af020 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
#20 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
Received on Wed May 30 2007 - 08:53:37 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:11 UTC