agp.ko panic: vm_fault: fault on nofault entry, addr: deadc000

From: pluknet <pluknet_at_gmail.com>
Date: Sun, 21 Oct 2007 06:30:31 +0400
Hello all.

I could produce panic while kldunload'ing agp.ko.

It's on 7.0-CURRENT from Oct 11 (just before RELENG_7), i386, UP,
Intel 82855GME (855GME GMCH) SVGA controller.
Some debugging below:

panic: vm_fault: fault on nofault entry, addr: deadc000
KDB: enter: panic
...
(kgdb) add-symbol-file /boot/kernel/agp.ko 0xc094de00
add symbol table from file "/boot/kernel/agp.ko" at
        .text_addr = 0xc094de00
(y or n) y
Reading symbols from /boot/kernel/agp.ko...Reading symbols from
/boot/kernel/agp.ko.symbols...done.
done.
(kgdb) where
#0  doadump () at pcpu.h:195
#1  0xc04564c9 in db_fncall (dummy1=-432421024, dummy2=0, dummy3=-432420760,
    dummy4=0xe639c6cc "p\210EĀ") at ../../../ddb/db_command.c:486
#2  0xc0456a75 in db_command_loop () at ../../../ddb/db_command.c:401
#3  0xc0458265 in db_trap (type=3, code=0) at ../../../ddb/db_main.c:222
#4  0xc054e633 in kdb_trap (type=3, code=0, tf=0xe639c868)
    at ../../../kern/subr_kdb.c:502
#5  0xc072fe17 in trap (frame=0xe639c868) at ../../../i386/i386/trap.c:621
#6  0xc0718d6b in calltrap () at ../../../i386/i386/exception.s:139
#7  0xc054e7a2 in kdb_enter (msg=0xc076c796 "panic") at cpufunc.h:60
#8  0xc0526575 in panic (
    fmt=0xc078a69e "vm_fault: fault on nofault entry, addr: %lx")
    at ../../../kern/kern_shutdown.c:547
#9  0xc06e2278 in vm_fault (map=0xc1054000, vaddr=3735928832,
fault_type=Variable "fault_type" is not available.
)
    at ../../../vm/vm_fault.c:275
#10 0xc072f253 in trap_pfault (frame=0xe639cb08, usermode=0, eva=3735929090)
    at ../../../i386/i386/trap.c:774
#11 0xc072fc92 in trap (frame=0xe639cb08) at ../../../i386/i386/trap.c:463
#12 0xc0718d6b in calltrap () at ../../../i386/i386/exception.s:139
#13 0xc05537b8 in rman_get_size (r=0xc3b950c0) at ../../../kern/subr_rman.c:736
#14 0xc094de82 in agp_generic_set_aperture (dev=0xc3b8fd00, aperture=67108864)
    at agp_if.h:26
#15 0xc09506c0 in agp_i810_detach (dev=0xc3b8fd00) at agp_if.h:38
#16 0xc0548f6c in device_detach (dev=0xc3b8fd00) at device_if.h:212
#17 0xc0549311 in devclass_delete_driver (busclass=0xc3afa200,
    driver=0xc095c274) at ../../../kern/subr_bus.c:938
#18 0xc05494a5 in driver_module_handler (mod=0xc3a78c40, what=1,
    arg=0xc095c260) at ../../../kern/subr_bus.c:3823
#19 0xc0518845 in module_unload (mod=0xc3a78c40, flags=0)
    at ../../../kern/kern_module.c:244
#20 0xc05126b5 in linker_file_unload (file=0xc3a9bc00, flags=0)
    at ../../../kern/kern_linker.c:589
#21 0xc05131ad in kern_kldunload (td=0xc418a210, fileid=4, flags=0)
    at ../../../kern/kern_linker.c:937
#22 0xc051321b in kldunloadf (td=0xc418a210, uap=0xe639ccfc)
    at ../../../kern/kern_linker.c:966
#23 0xc072f5e3 in syscall (frame=0xe639cd38) at ../../../i386/i386/trap.c:1008
#24 0xc0718dd0 in Xint0x80_syscall () at ../../../i386/i386/exception.s:196
#25 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) frame 13
#13 0xc05537b8 in rman_get_size (r=0xc3b950c0) at ../../../kern/subr_rman.c:736
736             return (r->__r_i->r_end - r->__r_i->r_start + 1);
(kgdb) p *r
$1 = {__r_i = 0xdeadc0de, r_bustag = -559038242, r_bushandle = 3735929054}
(kgdb) list
731     }
732
733     u_long
734     rman_get_size(struct resource *r)
735     {
736             return (r->__r_i->r_end - r->__r_i->r_start + 1);
737     }
738
739     u_int
740     rman_get_flags(struct resource *r)
(kgdb)

Any thoughts?

wbr,
pluknet
Received on Sun Oct 21 2007 - 16:43:16 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:20 UTC