From owner-freebsd-stable@freebsd.org  Tue Dec 18 15:34:46 2018
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84BD9133438A
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Tue, 18 Dec 2018 15:34:46 +0000 (UTC)
 (envelope-from ctuffli@gmail.com)
Received: from mail-ot1-x329.google.com (mail-ot1-x329.google.com
 [IPv6:2607:f8b0:4864:20::329])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id C570271F9E
 for <freebsd-stable@freebsd.org>; Tue, 18 Dec 2018 15:34:45 +0000 (UTC)
 (envelope-from ctuffli@gmail.com)
Received: by mail-ot1-x329.google.com with SMTP id s5so16015550oth.7
 for <freebsd-stable@freebsd.org>; Tue, 18 Dec 2018 07:34:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=YvKHn8VIxrBGaFn9t8BzqIeJel0H08WQq75MW1vRdlc=;
 b=MMTq9odSMmgT6+tkncS08iZgu5rnXyddoltajQ3Jf6bPQT974qHzaD7twHMHKCklza
 sYYFCV1DWt3BOwFMJuEyiDeaLLDSpyP79zT4hoYhf5iw5rpMcauak4A53Uk4z3cSJ1Sw
 JDDyzjEfwAtUQWR7TYpN2xtbHsprWfcS0dlDPStkPsRq0iLVtuMDacsWK30IxjnX89ZA
 8G4GdkSQW9ZEmPYzJR/W5NmPDlNiBeewnjjATA2oFdCLob+zpgYpg7Hn1XxF/ooXEPUw
 16oHMT67F6CBmSK0MxI9y4ImHVN9YfHYC2JKDlARtY5pHIy+S4TRwvk6ejPvsr4VnvwE
 CvkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=YvKHn8VIxrBGaFn9t8BzqIeJel0H08WQq75MW1vRdlc=;
 b=Hsw/3au8hrhXyc+i2PjHVWjIUSSipVo/DyiTuCppolo/NG88JPXBZE2utfxzf6H2G1
 EBKPXIsw9HuyhRiQCmR/GBNt3yioYbmPWLepkT2boF6uRZPShKu+lvwGiUwJ2FyF/Imi
 I/JOb/33QDuBzUygb1Vuh+c9R68Dv179/alXuizBZ0NFSBwCFe/YFrXuENrIbFG3Vmsn
 OfJvkeAjDDKpwrCkhlDb/Bfa7PNpZsdYFg83yUZ8ki+Tc2+0Ki0tk0hYkwsjSjKuNniD
 LYUsGimHUEaAHTexefSTRZYP/MnJbcCOOF1Twgr/G6Xke3uDPqR3eZKm3tCNGHTrLbuC
 rRtw==
X-Gm-Message-State: AA+aEWbua3TY+qazwGLxgQQFFSU/tbtYkXlhhJxq9VkNncATz+ZchkXf
 4ifZGoKijBNlW8w/ll7qHnopc+3it3Y+aD2KSnr1i+a3
X-Google-Smtp-Source: AFSGD/VA97wXq77VZqLcr69Dww2/CKa0Btk7ApQIxy95KHeF0l6Ch4cYwdjufblt5DCSVvQJr0YX+wMFQuGPQ0ei+GQ=
X-Received: by 2002:a9d:2aea:: with SMTP id e97mr13054676otb.206.1545147284472; 
 Tue, 18 Dec 2018 07:34:44 -0800 (PST)
MIME-Version: 1.0
From: Chuck Tuffli <ctuffli@gmail.com>
Date: Tue, 18 Dec 2018 07:34:33 -0800
Message-ID: <CAKAYmMJzWv6_zWrUPEuETzC29Uhhmudsa-RjG2=vu0ebE3CMYw@mail.gmail.com>
Subject: sporadic core dumps in 12.0-RELEASE
To: freebsd-stable@freebsd.org
X-Rspamd-Queue-Id: C570271F9E
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=MMTq9odS;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of ctuffli@gmail.com designates
 2607:f8b0:4864:20::329 as permitted sender) smtp.mailfrom=ctuffli@gmail.com
X-Spamd-Result: default: False [-3.74 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_HAM_LONG(-1.00)[-0.999,0]; RCVD_TLS_LAST(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[];
 MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com];
 DKIM_TRACE(0.00)[gmail.com:+];
 RCVD_IN_DNSWL_NONE(0.00)[9.2.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; NEURAL_HAM_SHORT(-0.10)[-0.101,0];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 IP_SCORE(-0.63)[ipnet: 2607:f8b0::/32(-1.71), asn: 15169(-1.37), country:
 US(-0.08)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 RCVD_COUNT_TWO(0.00)[2];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 15:34:46 -0000

Hi

When running 12.0-RELEASE in bhyve, nvmecontrol will core dump sporadically
in rtld. This is repeatable, but doesn't happen every time. Peeking at
rlock_acquire(), the function checks for a NULL lockstate and then
dereferences the lock. The backtrace (below) suggests the lock is NULL but
the lockstate pointer is not. Does anyone know if this is expected, weird,
etc.?

root@freebsd:~ # uname -a
FreeBSD freebsd 12.0-RELEASE FreeBSD 12.0-RELEASE r341666 GENERIC  amd64
root@freebsd:~ # /usr/libexec/gdb -q /sbin/nvmecontrol nvmecontrol.core
Core was generated by `nvmecontrol identify nvme0'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.7...Reading symbols from
/usr/lib/debug//lib/libc.so.7.debug...done.
done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /libexec/ld-elf.so.1...Reading symbols from
/usr/lib/debug//libexec/ld-e
lf.so.1.debug...done.
done.
Loaded symbols for /libexec/ld-elf.so.1
#0  rlock_acquire (lock=0x0, lockstate=0x7fffffffd9b8)
    at /usr/src/libexec/rtld-elf/rtld_lock.c:203
203     /usr/src/libexec/rtld-elf/rtld_lock.c: No such file or directory.
        in /usr/src/libexec/rtld-elf/rtld_lock.c
(gdb) bt
#0  rlock_acquire (lock=0x0, lockstate=0x7fffffffd9b8)
    at /usr/src/libexec/rtld-elf/rtld_lock.c:203
#1  0x000000080021a2fd in _rtld_bind (obj=0x800236000, reloff=528)
    at /usr/src/libexec/rtld-elf/rtld.c:790
#2  0x000000080021704d in _rtld_bind_start ()
    at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:121
#3  0x00000000002087de in identify_ctrlr (argc=2, argv=0x7fffffffebd0)
    at /usr/src/sbin/nvmecontrol/identify.c:183
#4  0x00000000002086e0 in identify (argc=2, argv=0x7fffffffebd0)
    at /usr/src/sbin/nvmecontrol/identify.c:292
#5  0x0000000000207935 in main (argc=<value optimized out>, argv=<value
optimized out>)
    at /usr/src/sbin/nvmecontrol/nvmecontrol.c:89
#6  0x000000000020711b in _start (ap=<value optimized out>, cleanup=<value
optimized out>)
    at /usr/src/lib/csu/amd64/crt1.c:76
#7  0x0000000800236000 in ?? ()
#8  0x0000000000000000 in ?? ()
Current language:  auto; currently minimal
(gdb) p *lockstate
$1 = {lockstate = 0, env = 0x7fffffffd9c0}
(gdb)

--chuck