From owner-freebsd-current@freebsd.org Thu Jul 23 22:25:48 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7DD149A91EA for ; Thu, 23 Jul 2015 22:25:48 +0000 (UTC) (envelope-from truckman@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 6AC1B2000 for ; Thu, 23 Jul 2015 22:25:48 +0000 (UTC) (envelope-from truckman@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 698629A91E9; Thu, 23 Jul 2015 22:25:48 +0000 (UTC) Delivered-To: current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 691AF9A91E8 for ; Thu, 23 Jul 2015 22:25:48 +0000 (UTC) (envelope-from truckman@FreeBSD.org) Received: from gw.catspoiler.org (gw.catspoiler.org [75.1.14.242]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 33F651FFF for ; Thu, 23 Jul 2015 22:25:47 +0000 (UTC) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.13.3/8.13.3) with ESMTP id t6NMOPuX010901 for ; Thu, 23 Jul 2015 15:24:29 -0700 (PDT) (envelope-from truckman@FreeBSD.org) Message-Id: <201507232224.t6NMOPuX010901@gw.catspoiler.org> Date: Thu, 23 Jul 2015 15:24:25 -0700 (PDT) From: Don Lewis Subject: null pointer dereference panic in cap_rights_contains() on 11.0-CURRENT r285785 amd64 To: current@FreeBSD.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jul 2015 22:25:48 -0000 I just got this panic while using poudriere to build packages for FreeBSD 8.4 i386. This is hand transcribed because I was not able to get a core file. Fatal trap 12: page fault while in kernel mode cpuid = 6; apic id = 16 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80a51e14 stack pointer = 0x20:0xfffffe005acc77a0 frame pointer = 0x20:0xfffffe005acc77d0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 78211 (initial thread) [ thread pid 78211 tid 101405 ] Stopped at cap_rights_contains+0x24: movq (%r14),%rcx) db> bt Tracing pid 78211 tid 101405 td 0xfffff80139td29a0 cap_rights_contains() at cap_rights_contains+0x24/frame 0xfffffe005acc772d0 cap_check() at cap_check+0x15/frame 0xfffffe005acc7800 fget_unlocked() at fget_unlocked+0xca/frame 0xfffffe005acc7870 fget() at fget+0x2b/frame 0xfffffe005acc78a0 ksem_get at ksem_get+0x1e/frame 0xfffffe05acc78e0 sys_ksem_close() at sys_ksem_close+0x23/frame 0xfffffe005acc7920 ia32_syscall() at ia32_syscall+0x2a5/frame 0xfffffe005acc7a30 Xint0x00_syscall() at Xint0x00_syscall+0x95/frame 0xfffffe00acc7a30 --- syscall (400, FreeBSD ELF32, sys_ksem_close), rip = 0x2828676b, rsp = 0xffffc60c, rbp = 0xffffc628 --- # kgdb /boot/kernel/kernel /dev/kmem GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Failed to open vmcore: cannot mmap corefile (kgdb) list cap_rights_contains+0x24 Junk at end of line specification. (kgdb) list *cap_rights_contains+0x24 0xffffffff80a51e14 is in cap_rights_contains (/usr/src/sys/kern/subr_capability.c:294). 289 cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little) 290 { 291 unsigned int i, n; 292 293 assert(CAPVER(big) == CAP_RIGHTS_VERSION_00); 294 assert(CAPVER(little) == CAP_RIGHTS_VERSION_00); 295 assert(CAPVER(big) == CAPVER(little)); 296 297 n = CAPARSIZE(big); 298 assert(n >= CAPARSIZE_MIN && n <= CAPARSIZE_MAX); (kgdb) This machine has mirrored swap and dumpdev=AUTO. Calling doadump in ddb seemed to dump memory contents somewhere, but savecore wasn't able to find it.