From owner-freebsd-current@FreeBSD.ORG Tue Sep 2 00:04:38 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1C8CD881 for ; Tue, 2 Sep 2014 00:04:38 +0000 (UTC) Received: from mail-qg0-x22f.google.com (mail-qg0-x22f.google.com [IPv6:2607:f8b0:400d:c04::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CFC501441 for ; Tue, 2 Sep 2014 00:04:37 +0000 (UTC) Received: by mail-qg0-f47.google.com with SMTP id z60so5724065qgd.20 for ; Mon, 01 Sep 2014 17:04:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=sQ1fhIAzeXZbbtuTFalAx98vMWea1Hxq9qX/+/vD65s=; b=W/IP1fzQyX1O6zCYH4i9oK0dViwuCXAOBvgl7Qp9XKWP0zWlk3lgVZPlNXstlVZl21 voJcT/UcVdesfHi8lbNZ4er/RFqI67fiq+hhEZa2bnZiSXIHNIvsq8o/wFCYB11creJn wY0JMUlpWVoZ5XlakQG2zZEfJcNxiRQpON0PANeGJC7F8DLWq4UWMfXyUwjj6dTy1SuO LHH/01XjBKAWs964D+r1mvWGpFpQqk7E3z+r0r4mYdGhv7Vc5RRoHKaX+AkSn07bwS7/ Xo7jYGhPVnGQm6JjICZ1A/5LuOITWe2ZjjlGJp5JmpVc9E6H7bmQsB2JDvz2Q+4TlQE1 Ulwg== MIME-Version: 1.0 X-Received: by 10.229.26.10 with SMTP id b10mr49958759qcc.29.1409616276868; Mon, 01 Sep 2014 17:04:36 -0700 (PDT) Reply-To: hiroo.ono+freebsd@gmail.com Sender: hiroo.ono@gmail.com Received: by 10.140.19.9 with HTTP; Mon, 1 Sep 2014 17:04:36 -0700 (PDT) In-Reply-To: <20140831203419.GU71691@funkthat.com> References: <20140831064718.GT71691@funkthat.com> <20140831203419.GU71691@funkthat.com> Date: Tue, 2 Sep 2014 09:04:36 +0900 X-Google-Sender-Auth: brvZCzlCaevvy7Mn-csFLvzsqJw Message-ID: Subject: Re: Kernel page fault with non-sleepable locks held error with kernel r270837 From: =?UTF-8?B?SGlyb28gT25vICjlsI/ph47lr5vnlJ8p?= To: freebsd-current@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Sep 2014 00:04:38 -0000 Hello, 2014-09-01 5:34 GMT+09:00 John-Mark Gurney : > Can you find out what line the filt_soread is on? This will help figure > out if it's kn or so... If you could get the address of the page fault, > that would also be helpful... > > Ok, a similar fix was committed in r133794, and a quick look at the code > doesn't show any knote's that are allocated on the stack anymore... I finally managed to get a crash dump. The output is as follows: Kernel page fault with the following non-sleepable locks held: exclusive sleep mutex so_rcv (so_rcv) r = 0 (0xc713e5a0) locked @ /usr/local/poudriere/jails/head/usr/src/sys/kern/kern_event.c:2005 KDB: stack backtrace: db_trace_self_wrapper(c11a69af,72656b2f,656b2f6e,655f6e72,746e6576,...) at 0xc05296bd = db_trace_self_wrapper+0x2d/frame 0xe8f16710 kdb_backtrace(c11aaf80,0,c713e5a0,c119a9e8,7d5,...) at 0xc0b4b160 = kdb_backtrace+0x30/frame 0xe8f16778 witness_warn(5,0,c136b0a0,76e2000,c1833d58,...) at 0xc0b68a52 = witness_warn+0x402/frame 0xe8f167c8 trap_pfault(18,3fd,c0dcc2d0,c1f64a80,c75e1000,...) at 0xc102f46b = trap_pfault+0x5b/frame 0xe8f16840 trap(e8f16988) at 0xc102edcf = trap+0x6cf/frame 0xe8f1697c calltrap() at 0xc1017c4c = calltrap+0x6/frame 0xe8f1697c --- trap 0xc, eip = 0xc0b9837d, esp = 0xe8f169c8, ebp = 0xe8f169f0 --- filt_soread(c75d93f0,0,c119a9e8,48d,0,...) at 0xc0b9837d = filt_soread+0x9d/frame 0xe8f169f0 kqueue_register(c6e2d310,1,1,4f5,0,...) at 0xc0ad1457 = kqueue_register+0x807/frame 0xe8f16a68 kern_kevent(c6e2d310,7,1,40,e8f16c10,...) at 0xc0ad1ec2 = kern_kevent+0x1f2/frame 0xe8f16bc0 sys_kevent(c6e2d310,e8f16cc8,c152a610,14,c11a4905,...) at 0xc0ad1bc1 = sys_kevent+0x131/frame 0xe8f16c40 syscall(e8f16d08) at 0xc102fc4c = syscall+0x30c/frame 0xe8f16cfc Xint0x80_syscall() at 0xc1017ce1 = Xint0x80_syscall+0x21/frame 0xe8f16cfc --- syscall (363, FreeBSD ELF32, sys_kevent), eip = 0x2849ad3f, esp = 0xbfbfa224, ebp = 0xbfbfa288 --- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x18 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0b9837d stack pointer = 0x28:0xe8f169c8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 428 (unbound-anchor) fram the back trace, line 3268 of the filt_soread() was where the trap was invoked. ---- 3263 } else { 3264 if (so->so_rcv.sb_cc >= so->so_rcv.sb_lowat) 3265 return 1; 3266 } 3267 3268 if (V_socket_hhh[HHOOK_FILT_SOREAD]->hhh_nhooks > 0) /* <-- HERE */ 3269 /* This hook returning non-zero indicates an event, not error */ 3270 return (hhook_run_socket(so, NULL, HHOOK_FILT_SOREAD)); ---- The kernel is built with VIMAGE option, so this may be related to VIMAGE? And, how can I get the address of the page fault? I found the old sample at http://www.nendai.nagoya-u.ac.jp/~kato/FreeBSD/debug/sample1.html but (kgdb) frame 11 <- the trap() line (kgdb) frame frame->tf_ebp frame->tf_eip do not work.