Date: Tue, 2 Sep 2014 09:04:36 +0900 From: =?UTF-8?B?SGlyb28gT25vICjlsI/ph47lr5vnlJ8p?= <hiroo.ono+freebsd@gmail.com> To: freebsd-current@freebsd.org Subject: Re: Kernel page fault with non-sleepable locks held error with kernel r270837 Message-ID: <CANtk6SjuUw=NdHJR5eFQ5Q%2BA3yNB_ewZ-bqdfffF3HVxfknpcA@mail.gmail.com> In-Reply-To: <20140831203419.GU71691@funkthat.com> References: <CANtk6SjbySdLt6m2zmkDSSeU3Hhisd-mzGKVaSSMOZJfUtnFXA@mail.gmail.com> <20140831064718.GT71691@funkthat.com> <CANtk6Siqth%2BT_GGiW5OaE=cMJSNoBGToRx2QmcaiTNuLhmJ7Zg@mail.gmail.com> <20140831203419.GU71691@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
2014-09-01 5:34 GMT+09:00 John-Mark Gurney <jmg@funkthat.com>:
> Can you find out what line the filt_soread is on? This will help figure
> out if it's kn or so... If you could get the address of the page fault,
> that would also be helpful...
>
> Ok, a similar fix was committed in r133794, and a quick look at the code
> doesn't show any knote's that are allocated on the stack anymore...
I finally managed to get a crash dump.
The output is as follows:
Kernel page fault with the following non-sleepable locks held:
exclusive sleep mutex so_rcv (so_rcv) r = 0 (0xc713e5a0) locked @
/usr/local/poudriere/jails/head/usr/src/sys/kern/kern_event.c:2005
KDB: stack backtrace:
db_trace_self_wrapper(c11a69af,72656b2f,656b2f6e,655f6e72,746e6576,...)
at 0xc05296bd = db_trace_self_wrapper+0x2d/frame 0xe8f16710
kdb_backtrace(c11aaf80,0,c713e5a0,c119a9e8,7d5,...) at 0xc0b4b160 =
kdb_backtrace+0x30/frame 0xe8f16778
witness_warn(5,0,c136b0a0,76e2000,c1833d58,...) at 0xc0b68a52 =
witness_warn+0x402/frame 0xe8f167c8
trap_pfault(18,3fd,c0dcc2d0,c1f64a80,c75e1000,...) at 0xc102f46b =
trap_pfault+0x5b/frame 0xe8f16840
trap(e8f16988) at 0xc102edcf = trap+0x6cf/frame 0xe8f1697c
calltrap() at 0xc1017c4c = calltrap+0x6/frame 0xe8f1697c
--- trap 0xc, eip = 0xc0b9837d, esp = 0xe8f169c8, ebp = 0xe8f169f0 ---
filt_soread(c75d93f0,0,c119a9e8,48d,0,...) at 0xc0b9837d =
filt_soread+0x9d/frame 0xe8f169f0
kqueue_register(c6e2d310,1,1,4f5,0,...) at 0xc0ad1457 =
kqueue_register+0x807/frame 0xe8f16a68
kern_kevent(c6e2d310,7,1,40,e8f16c10,...) at 0xc0ad1ec2 =
kern_kevent+0x1f2/frame 0xe8f16bc0
sys_kevent(c6e2d310,e8f16cc8,c152a610,14,c11a4905,...) at 0xc0ad1bc1 =
sys_kevent+0x131/frame 0xe8f16c40
syscall(e8f16d08) at 0xc102fc4c = syscall+0x30c/frame 0xe8f16cfc
Xint0x80_syscall() at 0xc1017ce1 = Xint0x80_syscall+0x21/frame 0xe8f16cfc
--- syscall (363, FreeBSD ELF32, sys_kevent), eip = 0x2849ad3f, esp =
0xbfbfa224, ebp = 0xbfbfa288 ---
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x18
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc0b9837d
stack pointer = 0x28:0xe8f169c8
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 428 (unbound-anchor)
fram the back trace, line 3268 of the filt_soread() was where the trap
was invoked.
----
3263 } else {
3264 if (so->so_rcv.sb_cc >= so->so_rcv.sb_lowat)
3265 return 1;
3266 }
3267
3268 if (V_socket_hhh[HHOOK_FILT_SOREAD]->hhh_nhooks > 0)
/* <-- HERE */
3269 /* This hook returning non-zero indicates an
event, not error */
3270 return (hhook_run_socket(so, NULL, HHOOK_FILT_SOREAD));
----
The kernel is built with VIMAGE option, so this may be related to VIMAGE?
And, how can I get the address of the page fault?
I found the old sample at
http://www.nendai.nagoya-u.ac.jp/~kato/FreeBSD/debug/sample1.html
but
(kgdb) frame 11 <- the trap() line
(kgdb) frame frame->tf_ebp frame->tf_eip
do not work.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANtk6SjuUw=NdHJR5eFQ5Q%2BA3yNB_ewZ-bqdfffF3HVxfknpcA>