From owner-freebsd-current@FreeBSD.ORG  Sun Jan  5 17:35:42 2014
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id CCC57DA9
 for <freebsd-current@freebsd.org>; Sun,  5 Jan 2014 17:35:42 +0000 (UTC)
Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id AB4741476
 for <freebsd-current@freebsd.org>; Sun,  5 Jan 2014 17:35:42 +0000 (UTC)
Received: from h2.funkthat.com (localhost [127.0.0.1])
 by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id s05HZfBF076963
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Sun, 5 Jan 2014 09:35:41 -0800 (PST)
 (envelope-from jmg@h2.funkthat.com)
Received: (from jmg@localhost)
 by h2.funkthat.com (8.14.3/8.14.3/Submit) id s05HZfTR076962;
 Sun, 5 Jan 2014 09:35:41 -0800 (PST) (envelope-from jmg)
Date: Sun, 5 Jan 2014 09:35:41 -0800
From: John-Mark Gurney <jmg@funkthat.com>
To: Markiyan Kushnir <markiyan.kushnir@gmail.com>
Subject: Re: 11.0-CURRENT panic (nfsd?)
Message-ID: <20140105173541.GT99167@funkthat.com>
Mail-Followup-To: Markiyan Kushnir <markiyan.kushnir@gmail.com>,
 freebsd-current@freebsd.org
References: <CACvtUJe0UJ+eKayG+ThtVY_mZe4hYR=utJdJt4j_x2M06dgYXA@mail.gmail.com>
 <20140105090211.GS99167@funkthat.com>
 <CACvtUJf1mgNWPqJ4i1j_W8FZO3FELWskCYqrXkYz8BbypdcdUg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CACvtUJf1mgNWPqJ4i1j_W8FZO3FELWskCYqrXkYz8BbypdcdUg@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
X-Operating-System: FreeBSD 7.2-RELEASE i386
X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88  9322 9CB1 8F74 6D3F A396
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html
X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger?
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2
 (h2.funkthat.com [127.0.0.1]); Sun, 05 Jan 2014 09:35:41 -0800 (PST)
Cc: freebsd-current@freebsd.org
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jan 2014 17:35:43 -0000

Markiyan Kushnir wrote this message on Sun, Jan 05, 2014 at 11:06 +0200:
> 2014/1/5 John-Mark Gurney <jmg@funkthat.com>:
> > Markiyan Kushnir wrote this message on Sun, Jan 05, 2014 at 10:57 +0200:
> >> I started to see a reliable panic on a recent CURRENT:
> >>
> >> $ uname -a
> >> FreeBSD mkushnir.mooo.com 11.0-CURRENT FreeBSD 11.0-CURRENT #0
> >> r260296: Sun Jan  5 07:14:50 EET 2014
> >> root@vm.mkushnir.mooo.com:/usr/obj/usr/src.svnup/sys/MAREK  amd64
> >>
> >> The panic is always triggered by the first request to the nfs service
> >> (this machine runs a PXE server).
> >>
> >> The core.txt is attached. Please let me know if I can help more.
> >
> > Apparently the mime-type on the attachment was bad and got scrubbed...
> >
> > Maybe include it inline if it isn't too long?
> >
> 
> It's 144KB long. I will share it via Google Drive:
> 
> https://drive.google.com/file/d/0B9Q-zpUXxqCnNVhBY0M5ZzU4d1k/edit?usp=sharing

Looks like a NULL function pointer was called:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x0
fault code              = supervisor read instruction, page not present
instruction pointer     = 0x20:0x0
stack pointer           = 0x28:0xfffffe00d9a2bea0
frame pointer           = 0x28:0xfffffe00d9a2c010
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 1323 (nfsd: master)
trap number             = 12
panic: page fault

--- trap 0xc, rip = 0, rsp = 0xfffffe00d9a2bea0, rbp = 0xfffffe00d9a2c010 ---
uart_sab82532_class() at 0/frame 0xfffffe00d9a2c010
svc_run_internal() at svc_run_internal+0x9c9/frame 0xfffffe00d9a2c1b0
svc_run() at svc_run+0xed/frame 0xfffffe00d9a2c1f0
nfsrvd_nfsd() at nfsrvd_nfsd+0x19a/frame 0xfffffe00d9a2c350
nfssvc_nfsd() at nfssvc_nfsd+0x11a/frame 0xfffffe00d9a2c970
sys_nfssvc() at sys_nfssvc+0xd2/frame 0xfffffe00d9a2c9a0
amd64_syscall() at amd64_syscall+0x265/frame 0xfffffe00d9a2cab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe00d9a2cab0
--- syscall (155, FreeBSD ELF64, sys_nfssvc), rip = 0x80088c13a, rsp = 0x7fffffffd438, rbp = 0x7fffffffd6e0 ---

The uart_sab82532_class is just the closest symbol to 0, so it's in
svc_run_internal that's the problem...  Could you run:
nm /boot/kernel/kernel | grep svc_run_internal

This should return a line w/ a large hex number at the front, then run:
addr2line -e /boot/kernel/kernel $( expr 0x<largehexnumber>+0x9c9)

This will give you a file name and line number, and can you copy/paste
the lines around and including that line number?  This will help make
sure we get the correct code...

Thanks.

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."