Re: Kernel page fault with non-sleepable locks held error with kernel r270837

2014-09-02 Thread 小野寛生
Thank you!

The attached patch to sys/kern/uipc_socket.c worked.
I will file a bug report later.

2014-09-02 9:49 GMT+09:00 Garrett Cooper yaneurab...@gmail.com:
 Is bpf built into the kernel, or is it built and loaded as a module. I'm 
 wondering because an issue with vimage and socket hook support was resolved 
 in an earlier revision, but this might not have been caught:
 http://svnweb.freebsd.org/base?view=revisionrevision=270318
 Cheers,
 -Garrett
Index: uipc_socket.c
===
--- uipc_socket.c   (revision 270837)
+++ uipc_socket.c   (working copy)
@@ -3265,9 +3265,11 @@
return 1;
}
 
+   CURVNET_SET(so-so_vnet);
if (V_socket_hhh[HHOOK_FILT_SOREAD]-hhh_nhooks  0)
/* This hook returning non-zero indicates an event, not error */
return (hhook_run_socket(so, NULL, HHOOK_FILT_SOREAD));
+   CURVNET_RESTORE();

return (0);
 }
@@ -3294,8 +3296,10 @@
SOCKBUF_LOCK_ASSERT(so-so_snd);
kn-kn_data = sbspace(so-so_snd);
 
+   CURVNET_SET(so-so_vnet);
if (V_socket_hhh[HHOOK_FILT_SOWRITE]-hhh_nhooks  0)
hhook_run_socket(so, kn, HHOOK_FILT_SOWRITE);
+   CURVNET_RESTORE();
 
if (so-so_snd.sb_state  SBS_CANTSENDMORE) {
kn-kn_flags |= EV_EOF;
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org

Re: Kernel page fault with non-sleepable locks held error with kernel r270837

2014-09-01 Thread 小野寛生
Hello,

2014/09/01 8:31 Julian Elischer jul...@freebsd.org:

 On 8/30/14, 10:01 PM, Hiroo Ono (小野寛生) wrote:

 Hello,

 During upgrading world and kernel from r26939 to r270837, I got the


 r26939 has the wrong number of digits.  what was your correct previous
revision?

r269369 is the correct revision.
Sorry for the mistake.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org

Re: Kernel page fault with non-sleepable locks held error with kernel r270837

2014-09-01 Thread 小野寛生
Hello,

2014-09-01 5:34 GMT+09:00 John-Mark Gurney j...@funkthat.com:
 Can you find out what line the filt_soread is on?  This will help figure
 out if it's kn or so...  If you could get the address of the page fault,
 that would also be helpful...

 Ok, a similar fix was committed in r133794, and a quick look at the code
 doesn't show any knote's that are allocated on the stack anymore...

I finally managed to get a crash dump.
The output is as follows:

Kernel page fault with the following non-sleepable locks held:
exclusive sleep mutex so_rcv (so_rcv) r = 0 (0xc713e5a0) locked @
/usr/local/poudriere/jails/head/usr/src/sys/kern/kern_event.c:2005
KDB: stack backtrace:
db_trace_self_wrapper(c11a69af,72656b2f,656b2f6e,655f6e72,746e6576,...)
at 0xc05296bd = db_trace_self_wrapper+0x2d/frame 0xe8f16710
kdb_backtrace(c11aaf80,0,c713e5a0,c119a9e8,7d5,...) at 0xc0b4b160 =
kdb_backtrace+0x30/frame 0xe8f16778
witness_warn(5,0,c136b0a0,76e2000,c1833d58,...) at 0xc0b68a52 =
witness_warn+0x402/frame 0xe8f167c8
trap_pfault(18,3fd,c0dcc2d0,c1f64a80,c75e1000,...) at 0xc102f46b =
trap_pfault+0x5b/frame 0xe8f16840
trap(e8f16988) at 0xc102edcf = trap+0x6cf/frame 0xe8f1697c
calltrap() at 0xc1017c4c = calltrap+0x6/frame 0xe8f1697c
--- trap 0xc, eip = 0xc0b9837d, esp = 0xe8f169c8, ebp = 0xe8f169f0 ---
filt_soread(c75d93f0,0,c119a9e8,48d,0,...) at 0xc0b9837d =
filt_soread+0x9d/frame 0xe8f169f0
kqueue_register(c6e2d310,1,1,4f5,0,...) at 0xc0ad1457 =
kqueue_register+0x807/frame 0xe8f16a68
kern_kevent(c6e2d310,7,1,40,e8f16c10,...) at 0xc0ad1ec2 =
kern_kevent+0x1f2/frame 0xe8f16bc0
sys_kevent(c6e2d310,e8f16cc8,c152a610,14,c11a4905,...) at 0xc0ad1bc1 =
sys_kevent+0x131/frame 0xe8f16c40
syscall(e8f16d08) at 0xc102fc4c = syscall+0x30c/frame 0xe8f16cfc
Xint0x80_syscall() at 0xc1017ce1 = Xint0x80_syscall+0x21/frame 0xe8f16cfc
--- syscall (363, FreeBSD ELF32, sys_kevent), eip = 0x2849ad3f, esp =
0xbfbfa224, ebp = 0xbfbfa288 ---


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x18
fault code  = supervisor read, page not present
instruction pointer = 0x20:0xc0b9837d
stack pointer   = 0x28:0xe8f169c8
code segment= base 0x0, limit 0xf, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags= interrupt enabled, resume, IOPL = 0
current process = 428 (unbound-anchor)

fram the back trace, line 3268 of the filt_soread() was where the trap
was invoked.


3263} else {
3264if (so-so_rcv.sb_cc = so-so_rcv.sb_lowat)
3265return 1;
3266}
3267
3268if (V_socket_hhh[HHOOK_FILT_SOREAD]-hhh_nhooks  0)
/* -- HERE */
3269/* This hook returning non-zero indicates an
event, not error */
3270return (hhook_run_socket(so, NULL, HHOOK_FILT_SOREAD));


The kernel is built with VIMAGE option, so this may be related to VIMAGE?

And, how can I get the address of the page fault?
I found the old sample at
http://www.nendai.nagoya-u.ac.jp/~kato/FreeBSD/debug/sample1.html
but
(kgdb) frame 11 - the trap() line
(kgdb) frame frame-tf_ebp frame-tf_eip
do not work.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Kernel page fault with non-sleepable locks held error with kernel r270837

2014-09-01 Thread Garrett Cooper

 On Aug 30, 2014, at 22:01, Hiroo Ono (小野寛生) hiroo.ono+free...@gmail.com 
 wrote:
 
 Hello,
 
 During upgrading world and kernel from r26939 to r270837, I got the
 following problem.
 a) the arch is i386
 b) kernel is of r270837, userland is of r26939 (make kernel is done
 and rebooted, make installworld not yet).
 c) booting in single user mode is OK.
 d) during startup of multi-user mode, when dhclient is run, the
 following message appears, and the system freezes:
 
 Starting devd.
 wlan0: link state changed to UP
 Starting webcamd.
 Attached to ugen4.2[0]
 Starting webcready running for ugen4.2.0
 /usr/local/etc/rc.d/webcamd: WARNING: failed to start webcamd
 Starting dhclient.
 DHCPREQUEST on wlan0 to 255.255.255.255 port 67
 DHCPACK from 192.168.8.2
 Kernel page fault with the following non-sleepable locks held:
 exclusive sleep mutex so_rcv (so_rcv) r = 0 (0xc713f078) locked @
 /usr/src/sys/kern/kern_event.c:2005
 KDB stack backtrace:
 rapper+0x2d/frame 0xe8f42710
 kdb_backtrace(c11aaf80,0,c713f078,c119a9e8,7d5,...) at 0xc0b4b160 =
 kdb_backtrace+0x30/frame 0xe8f42778
 witness_warn(5,0,c136b0a0,76fb000,c1833d58,...) at 0xc8b68a52 =
 witness_warn+0x402/frame 0xe8f427c8
 trap_pfault(18,3fd,c0dcc2d0,c1f64a80,c75fa000,...) at 0xc102f46b =
 trap_pfault+0x5b/frame 0xe8f42840
 trap(e8f42988) at 0xc102edcf = trap+0x6cf/frame 0xe8f4297c
 calltrap() at 0xc1017c4c = calltrap+0x6/frame 0xe8f4297c
 filt_soread(c75f7828,0,c119a9e8,48d,0,...) at 0xc0b9837d =
 filt_soread+0x9d/frame 0xe8f429f0
 kqueue_register(c6f59310,1,1,4f5,0,...) at 0xc0ad1457 =
 kqueue_register+0x807/frame 0xe8f42a68
 kern_kevent(c6f59310,7,12c217ce1 = Xint0x80), eip =
 instruction poi = 0x28:0xe8f429f0 fff, type 0x1b
 DHCPREQUEST on wlan0 to 255.255.255.255 port 67
 DHCPACK from 192.168.8.2

Is bpf built into the kernel, or is it built and loaded as a module. I'm 
wondering because an issue with vimage and socket hook support was resolved 
in an earlier revision, but this might not have been caught:
http://svnweb.freebsd.org/base?view=revisionrevision=270318
Cheers,
-Garrett
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Kernel page fault with non-sleepable locks held error with kernel r270837

2014-08-31 Thread John-Mark Gurney
Hiroo Ono () wrote this message on Sun, Aug 31, 2014 at 14:01 +0900:
 During upgrading world and kernel from r26939 to r270837, I got the
 following problem.
 a) the arch is i386
 b) kernel is of r270837, userland is of r26939 (make kernel is done
 and rebooted, make installworld not yet).
 c) booting in single user mode is OK.
 d) during startup of multi-user mode, when dhclient is run, the
 following message appears, and the system freezes:
 
 Starting devd.
 wlan0: link state changed to UP
 Starting webcamd.
 Attached to ugen4.2[0]
 Starting webcready running for ugen4.2.0
 /usr/local/etc/rc.d/webcamd: WARNING: failed to start webcamd
 Starting dhclient.
 DHCPREQUEST on wlan0 to 255.255.255.255 port 67
 DHCPACK from 192.168.8.2
 Kernel page fault with the following non-sleepable locks held:
 exclusive sleep mutex so_rcv (so_rcv) r = 0 (0xc713f078) locked @
 /usr/src/sys/kern/kern_event.c:2005

I'm puzzled by this line number...  This line number doesn't do any
locks, it is in the function knlist_remove_inevent...

 KDB stack backtrace:
  rapper+0x2d/frame 0xe8f42710
 kdb_backtrace(c11aaf80,0,c713f078,c119a9e8,7d5,...) at 0xc0b4b160 =
 kdb_backtrace+0x30/frame 0xe8f42778
 witness_warn(5,0,c136b0a0,76fb000,c1833d58,...) at 0xc8b68a52 =
 witness_warn+0x402/frame 0xe8f427c8
 trap_pfault(18,3fd,c0dcc2d0,c1f64a80,c75fa000,...) at 0xc102f46b =
 trap_pfault+0x5b/frame 0xe8f42840
 trap(e8f42988) at 0xc102edcf = trap+0x6cf/frame 0xe8f4297c
 calltrap() at 0xc1017c4c = calltrap+0x6/frame 0xe8f4297c
 filt_soread(c75f7828,0,c119a9e8,48d,0,...) at 0xc0b9837d =
 filt_soread+0x9d/frame 0xe8f429f0
 kqueue_register(c6f59310,1,1,4f5,0,...) at 0xc0ad1457 =
 kqueue_register+0x807/frame 0xe8f42a68
 kern_kevent(c6f59310,7,12c217ce1 = Xint0x80), eip =

But notice the knlist_remove_inevent doesn't appear in the back
trace...

Can you confirm that your kern_event.c is:
__FBSDID($FreeBSD: head/sys/kern/kern_event.c 268843 2014-07-18 14:27:04Z bapt
$);

 instruction poi = 0x28:0xe8f429f0 fff, type 0x1b
 DHCPREQUEST on wlan0 to 255.255.255.255 port 67
 DHCPACK from 192.168.8.2
 
 e) kernel configuration differs from GENERIC on the following point
 options  VIMAGE
 options  DDB_NUMSYM
 nocpuI486_CPU
 nooptions  VESA
 
 Does the problem come from kernel and userland not in sync? or there
 are other problems?
 Is there any workaround?
 Attached is the dmesg of r270837 on the machine.

 Copyright (c) 1992-2014 The FreeBSD Project.
 Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
   The Regents of the University of California. All rights reserved.
 FreeBSD is a registered trademark of The FreeBSD Foundation.
 FreeBSD 11.0-CURRENT #6 r270837: Sun Aug 31 11:32:20 JST 2014
 
 r...@krokinole.oikumene.ukehi.net:/usr/obj/usr/local/poudriere/jails/head/usr/src/sys/OIKUMENE
  i386
 FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
 WARNING: WITNESS option enabled, expect reduced performance.
 VT: running with driver vga.
 info: [drm] Initialized drm 1.1.0 20060810
 CPU: Intel(R) Atom(TM) CPU N270   @ 1.60GHz (1596.04-MHz 686-class CPU)
   Origin=GenuineIntel  Id=0x106c2  Family=0x6  Model=0x1c  Stepping=2
   
 Features=0xbfe9fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE
   Features2=0x40c39dSSE3,DTES64,MON,DS_CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE
   AMD Features2=0x1LAHF
   TSC: P-state invariant, performance statistics
 real memory  = 1073741824 (1024 MB)
 avail memory = 1013121024 (966 MB)
 Event timer LAPIC quality 400
 ACPI APIC Table: ACRSYS ACRPRDCT
 FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
 FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads
  cpu0 (BSP): APIC ID:  0
  cpu1 (AP/HT): APIC ID:  1
 WARNING: VIMAGE (virtualized network stack) is a highly experimental feature.
 ioapic0: Changing APIC ID to 4
 ioapic0 Version 2.0 irqs 0-23 on motherboard
 Cuse v0.1.34 @ /dev/cuse
 kbd1 at kbdmux0
 random: Software, Yarrow initialized
 acpi0: ACRSYS ACRPRDCT on motherboard
 acpi0: Power Button (fixed)
 cpu0: ACPI CPU on acpi0
 cpu1: ACPI CPU on acpi0
 atrtc0: AT realtime clock port 0x70-0x77 on acpi0
 atrtc0: Warning: Couldn't map I/O.
 Event timer RTC frequency 32768 Hz quality 0
 hpet0: High Precision Event Timer iomem 0xfed0-0xfed003ff irq 0,8 on 
 acpi0
 Timecounter HPET frequency 14318180 Hz quality 950
 Event timer HPET frequency 14318180 Hz quality 450
 Event timer HPET1 frequency 14318180 Hz quality 440
 Event timer HPET2 frequency 14318180 Hz quality 440
 attimer0: AT timer port 0x40-0x43,0x50-0x53 on acpi0
 Timecounter i8254 frequency 1193182 Hz quality 0
 Event timer i8254 frequency 1193182 Hz quality 100
 Timecounter ACPI-fast frequency 3579545 Hz quality 900
 acpi_timer0: 24-bit timer at 3.579545MHz port 0x408-0x40b on acpi0
 acpi_ec0: Embedded Controller: GPE 0x17 port 0x62,0x66 on acpi0
 acpi_button0: Power Button on acpi0
 acpi_lid0: Control Method 

Re: Kernel page fault with non-sleepable locks held error with kernel r270837

2014-08-31 Thread 小野寛生
Thank you for taking a look into this.

2014-08-31 15:47 GMT+09:00 John-Mark Gurney j...@funkthat.com:
 Hiroo Ono () wrote this message on Sun, Aug 31, 2014 at 14:01 
 +0900:
 During upgrading world and kernel from r26939 to r270837, I got the
 following problem.
 a) the arch is i386
 b) kernel is of r270837, userland is of r26939 (make kernel is done
 and rebooted, make installworld not yet).
 c) booting in single user mode is OK.
 d) during startup of multi-user mode, when dhclient is run, the
 following message appears, and the system freezes:

 Starting devd.
 wlan0: link state changed to UP
 Starting webcamd.
 Attached to ugen4.2[0]
 Starting webcready running for ugen4.2.0
 /usr/local/etc/rc.d/webcamd: WARNING: failed to start webcamd
 Starting dhclient.
 DHCPREQUEST on wlan0 to 255.255.255.255 port 67
 DHCPACK from 192.168.8.2
 Kernel page fault with the following non-sleepable locks held:
 exclusive sleep mutex so_rcv (so_rcv) r = 0 (0xc713f078) locked @
 /usr/src/sys/kern/kern_event.c:2005

 I'm puzzled by this line number...  This line number doesn't do any
 locks, it is in the function knlist_remove_inevent...

The line 2005 is mtx_lock((struct mtx *)arg); of knlist_mtx_lock()
https://svnweb.freebsd.org/base/head/sys/kern/kern_event.c?revision=268843view=markup#l2005

this function is assigned to (struct knlist *)-kn_lock in knlist_init()
https://svnweb.freebsd.org/base/head/sys/kern/kern_event.c?revision=268843view=markup#l2058

 KDB stack backtrace:
  rapper+0x2d/frame 0xe8f42710
 kdb_backtrace(c11aaf80,0,c713f078,c119a9e8,7d5,...) at 0xc0b4b160 =
 kdb_backtrace+0x30/frame 0xe8f42778
 witness_warn(5,0,c136b0a0,76fb000,c1833d58,...) at 0xc8b68a52 =
 witness_warn+0x402/frame 0xe8f427c8
 trap_pfault(18,3fd,c0dcc2d0,c1f64a80,c75fa000,...) at 0xc102f46b =
 trap_pfault+0x5b/frame 0xe8f42840
 trap(e8f42988) at 0xc102edcf = trap+0x6cf/frame 0xe8f4297c
 calltrap() at 0xc1017c4c = calltrap+0x6/frame 0xe8f4297c
 filt_soread(c75f7828,0,c119a9e8,48d,0,...) at 0xc0b9837d =
 filt_soread+0x9d/frame 0xe8f429f0
 kqueue_register(c6f59310,1,1,4f5,0,...) at 0xc0ad1457 =
 kqueue_register+0x807/frame 0xe8f42a68
 kern_kevent(c6f59310,7,12c217ce1 = Xint0x80), eip =

calltrap() seems to be invoked by
SOCKBUF_LOCK_ASSERT(so-so_rcv);
of filt_soread() in sys/kern/uipc_socket.c
https://svnweb.freebsd.org/base/head/sys/kern/uipc_socket.c?revision=270664view=markup#l3250

but I do not know where so-so_rcv was previously locked.
knlist_init_mtx (which then calls knlist_init) is called with
so-so_rcv in sys/kern/uipc_socket.c in
line 517:   socreate()
https://svnweb.freebsd.org/base/head/sys/kern/uipc_socket.c?revision=270664view=markup#l517
and
line 606: sonewconn()
https://svnweb.freebsd.org/base/head/sys/kern/uipc_socket.c?revision=270664view=markup#l606

so the problem may be around there.
but, I cannot track any further.  the system freezes, so I cannot deal with ddb.

 But notice the knlist_remove_inevent doesn't appear in the back
 trace...

 Can you confirm that your kern_event.c is:
 __FBSDID($FreeBSD: head/sys/kern/kern_event.c 268843 2014-07-18 14:27:04Z 
 bapt
 $);

I checked that it was this revision.

 instruction poi = 0x28:0xe8f429f0 fff, type 0x1b
 DHCPREQUEST on wlan0 to 255.255.255.255 port 67
 DHCPACK from 192.168.8.2

 e) kernel configuration differs from GENERIC on the following point
 options  VIMAGE
 options  DDB_NUMSYM
 nocpuI486_CPU
 nooptions  VESA

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Kernel page fault with non-sleepable locks held error with kernel r270837

2014-08-31 Thread John-Mark Gurney
Hiroo Ono () wrote this message on Sun, Aug 31, 2014 at 20:43 +0900:
 Thank you for taking a look into this.
 
 2014-08-31 15:47 GMT+09:00 John-Mark Gurney j...@funkthat.com:
  Hiroo Ono () wrote this message on Sun, Aug 31, 2014 at 14:01 
  +0900:
  During upgrading world and kernel from r26939 to r270837, I got the
  following problem.
  a) the arch is i386
  b) kernel is of r270837, userland is of r26939 (make kernel is done
  and rebooted, make installworld not yet).
  c) booting in single user mode is OK.
  d) during startup of multi-user mode, when dhclient is run, the
  following message appears, and the system freezes:
 
  Starting devd.
  wlan0: link state changed to UP
  Starting webcamd.
  Attached to ugen4.2[0]
  Starting webcready running for ugen4.2.0
  /usr/local/etc/rc.d/webcamd: WARNING: failed to start webcamd
  Starting dhclient.
  DHCPREQUEST on wlan0 to 255.255.255.255 port 67
  DHCPACK from 192.168.8.2
  Kernel page fault with the following non-sleepable locks held:
  exclusive sleep mutex so_rcv (so_rcv) r = 0 (0xc713f078) locked @
  /usr/src/sys/kern/kern_event.c:2005
 
  I'm puzzled by this line number...  This line number doesn't do any
  locks, it is in the function knlist_remove_inevent...
 
 The line 2005 is mtx_lock((struct mtx *)arg); of knlist_mtx_lock()
 https://svnweb.freebsd.org/base/head/sys/kern/kern_event.c?revision=268843view=markup#l2005
 
 this function is assigned to (struct knlist *)-kn_lock in knlist_init()
 https://svnweb.freebsd.org/base/head/sys/kern/kern_event.c?revision=268843view=markup#l2058

Sorry, turns out I had a local patch to my kern_event.c...

Can you find out what line the filt_soread is on?  This will help figure
out if it's kn or so...  If you could get the address of the page fault,
that would also be helpful...

Ok, a similar fix was committed in r133794, and a quick look at the code
doesn't show any knote's that are allocated on the stack anymore...

  KDB stack backtrace:
   rapper+0x2d/frame 0xe8f42710
  kdb_backtrace(c11aaf80,0,c713f078,c119a9e8,7d5,...) at 0xc0b4b160 =
  kdb_backtrace+0x30/frame 0xe8f42778
  witness_warn(5,0,c136b0a0,76fb000,c1833d58,...) at 0xc8b68a52 =
  witness_warn+0x402/frame 0xe8f427c8
  trap_pfault(18,3fd,c0dcc2d0,c1f64a80,c75fa000,...) at 0xc102f46b =
  trap_pfault+0x5b/frame 0xe8f42840
  trap(e8f42988) at 0xc102edcf = trap+0x6cf/frame 0xe8f4297c
  calltrap() at 0xc1017c4c = calltrap+0x6/frame 0xe8f4297c
  filt_soread(c75f7828,0,c119a9e8,48d,0,...) at 0xc0b9837d =
  filt_soread+0x9d/frame 0xe8f429f0
  kqueue_register(c6f59310,1,1,4f5,0,...) at 0xc0ad1457 =
  kqueue_register+0x807/frame 0xe8f42a68
  kern_kevent(c6f59310,7,12c217ce1 = Xint0x80), eip =
 
 calltrap() seems to be invoked by
 SOCKBUF_LOCK_ASSERT(so-so_rcv);
 of filt_soread() in sys/kern/uipc_socket.c
 https://svnweb.freebsd.org/base/head/sys/kern/uipc_socket.c?revision=270664view=markup#l3250
 
 but I do not know where so-so_rcv was previously locked.
 knlist_init_mtx (which then calls knlist_init) is called with
 so-so_rcv in sys/kern/uipc_socket.c in
 line 517: socreate()
 https://svnweb.freebsd.org/base/head/sys/kern/uipc_socket.c?revision=270664view=markup#l517
 and
 line 606: sonewconn()
 https://svnweb.freebsd.org/base/head/sys/kern/uipc_socket.c?revision=270664view=markup#l606
 
 so the problem may be around there.
 but, I cannot track any further.  the system freezes, so I cannot deal with 
 ddb.
 
  But notice the knlist_remove_inevent doesn't appear in the back
  trace...
 
  Can you confirm that your kern_event.c is:
  __FBSDID($FreeBSD: head/sys/kern/kern_event.c 268843 2014-07-18 14:27:04Z 
  bapt
  $);
 
 I checked that it was this revision.
 
  instruction poi = 0x28:0xe8f429f0 fff, type 0x1b
  DHCPREQUEST on wlan0 to 255.255.255.255 port 67
  DHCPACK from 192.168.8.2
 
  e) kernel configuration differs from GENERIC on the following point
  options  VIMAGE
  options  DDB_NUMSYM
  nocpuI486_CPU
  nooptions  VESA
 
 ___
 freebsd-current@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-current
 To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org

-- 
  John-Mark Gurney  Voice: +1 415 225 5579

 All that I will do, has been done, All that I have, has not.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org