From owner-freebsd-current@freebsd.org  Thu Feb 14 20:26:04 2019
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D5FAB14E0361
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Thu, 14 Feb 2019 20:26:03 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7C2E989FE5;
 Thu, 14 Feb 2019 20:26:03 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from John-Baldwins-MacBook-Pro-3.local (ralph.baldwin.cx
 [66.234.199.215])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate) (Authenticated sender: jhb)
 by smtp.freebsd.org (Postfix) with ESMTPSA id F2892857B;
 Thu, 14 Feb 2019 20:26:02 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Subject: Re: Panic in sys_fstatat()
To: sgk@troutmask.apl.washington.edu, freebsd-current@freebsd.org
References: <20190214024703.GA51003@troutmask.apl.washington.edu>
From: John Baldwin <jhb@FreeBSD.org>
Openpgp: preference=signencrypt
Autocrypt: addr=jhb@FreeBSD.org; keydata=
 mQGiBETQ+XcRBADMFybiq69u+fJRy/0wzqTNS8jFfWaBTs5/OfcV7wWezVmf9sgwn8TW0Dk0
 c9MBl0pz+H01dA2ZSGZ5fXlmFIsee1WEzqeJzpiwd/pejPgSzXB9ijbLHZ2/E0jhGBcVy5Yo
 /Tw5+U/+laeYKu2xb0XPvM0zMNls1ah5OnP9a6Ql6wCgupaoMySb7DXm2LHD1Z9jTsHcAQMD
 /1jzh2BoHriy/Q2s4KzzjVp/mQO5DSm2z14BvbQRcXU48oAosHA1u3Wrov6LfPY+0U1tG47X
 1BGfnQH+rNAaH0livoSBQ0IPI/8WfIW7ub4qV6HYwWKVqkDkqwcpmGNDbz3gfaDht6nsie5Z
 pcuCcul4M9CW7Md6zzyvktjnbz61BADGDCopfZC4of0Z3Ka0u8Wik6UJOuqShBt1WcFS8ya1
 oB4rc4tXfSHyMF63aPUBMxHR5DXeH+EO2edoSwViDMqWk1jTnYza51rbGY+pebLQOVOxAY7k
 do5Ordl3wklBPMVEPWoZ61SdbcjhHVwaC5zfiskcxj5wwXd2E9qYlBqRg7QeSm9obiBCYWxk
 d2luIDxqaGJARnJlZUJTRC5vcmc+iGAEExECACAFAkTQ+awCGwMGCwkIBwMCBBUCCAMEFgID
 AQIeAQIXgAAKCRBy3lIGd+N/BI6RAJ9S97fvbME+3hxzE3JUyUZ6vTewDACdE1stFuSfqMvM
 jomvZdYxIYyTUpC5Ag0ERND5ghAIAPwsO0B7BL+bz8sLlLoQktGxXwXQfS5cInvL17Dsgnr3
 1AKa94j9EnXQyPEj7u0d+LmEe6CGEGDh1OcGFTMVrof2ZzkSy4+FkZwMKJpTiqeaShMh+Goj
 XlwIMDxyADYvBIg3eN5YdFKaPQpfgSqhT+7El7w+wSZZD8pPQuLAnie5iz9C8iKy4/cMSOrH
 YUK/tO+Nhw8Jjlw94Ik0T80iEhI2t+XBVjwdfjbq3HrJ0ehqdBwukyeJRYKmbn298KOFQVHO
 EVbHA4rF/37jzaMadK43FgJ0SAhPPF5l4l89z5oPu0b/+5e2inA3b8J3iGZxywjM+Csq1tqz
 hltEc7Q+E08AAwUIAL+15XH8bPbjNJdVyg2CMl10JNW2wWg2Q6qdljeaRqeR6zFus7EZTwtX
 sNzs5bP8y51PSUDJbeiy2RNCNKWFMndM22TZnk3GNG45nQd4OwYK0RZVrikalmJY5Q6m7Z16
 4yrZgIXFdKj2t8F+x613/SJW1lIr9/bDp4U9tw0V1g3l2dFtD3p3ZrQ3hpoDtoK70ioIAjjH
 aIXIAcm3FGZFXy503DOA0KaTWwvOVdYCFLm3zWuSOmrX/GsEc7ovasOWwjPn878qVjbUKWwx
 Q4QkF4OhUV9zPtf9tDSAZ3x7QSwoKbCoRCZ/xbyTUPyQ1VvNy/mYrBcYlzHodsaqUDjHuW+I
 SQQYEQIACQUCRND5ggIbDAAKCRBy3lIGd+N/BCO8AJ9j1dWVQWxw/YdTbEyrRKOY8YZNwwCf
 afMAg8QvmOWnHx3wl8WslCaXaE8=
Message-ID: <786f8034-b3ef-54cb-043b-e189e752b18b@FreeBSD.org>
Date: Thu, 14 Feb 2019 12:26:01 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:60.0)
 Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <20190214024703.GA51003@troutmask.apl.washington.edu>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 7C2E989FE5
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.94 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-0.99)[-0.993,0];
 NEURAL_HAM_SHORT(-0.95)[-0.949,0];
 NEURAL_HAM_LONG(-1.00)[-0.999,0];
 ASN(0.00)[asn:11403, ipnet:96.47.64.0/20, country:US]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 20:26:04 -0000

On 2/13/19 6:47 PM, Steve Kargl wrote:
> I have the core file and kernel.debug, if someone 
> wnat additional information.
> 
> mobile dumped core - see /var/crash/vmcore.0
> 
> Wed Feb 13 18:37:44 PST 2019
> 
> FreeBSD mobile 13.0-CURRENT FreeBSD 13.0-CURRENT #0 r344034M: Tue Feb 12 08:14:16 PST 2019     root@mobile:/usr/obj/usr/src/i386.i386/sys/MOBILE  i386
> 
> panic: vm_fault_hold: fault on nofault entry, addr: 0x202000
> 
> GNU gdb (GDB) 8.2.1 [GDB v8.2.1 for FreeBSD]
> Reading symbols from /boot/kernel/kernel...Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...done.
> done.
> 
> Unread portion of the kernel message buffer:
> panic: vm_fault_hold: fault on nofault entry, addr: 0x202000
> cpuid = 1
> time = 1550111772
> KDB: stack backtrace:
> db_trace_self_wrapper(10b42f3,8c96000,1,9341bd0,2e7b6590,...) at db_trace_self_wrapper+0x2a/frame 0x2e7b6560
> kdb_backtrace(109973a,5c64d41c,0,2e7b661c,1,...) at kdb_backtrace+0x2d/frame 0x2e7b65c8
> vpanic(108d309,2e7b661c,2e7b661c,2e7b6700,f734a9,...) at vpanic+0x141/frame 0x2e7b65fc
> panic(108d309,103dfa3,202000,2e7b6664,2e7b6654,...) at panic+0x1b/frame 0x2e7b6610
> vm_fault_hold(1ea5000,202000,1,0,0,...) at vm_fault_hold+0x29e9/frame 0x2e7b6700
> vm_fault(1ea5000,202000,1,0,0,...) at vm_fault+0x5e/frame 0x2e7b6728
> trap_pfault(202462,40,109e2f2,316d3480,2e7b67c0,...) at trap_pfault+0xb2/frame 0x2e7b6770
> trap(2e7b6880,8,28,28,1836a120,...) at trap+0x3cb/frame 0x2e7b6874
> calltrap() at PTDpde+0x4165/frame 0x2e7b6874
> --- trap 0xc, eip = 0x1027fb8, esp = 0x2e7b68c0, ebp = 0x2e7b68f8 ---
> VOP_LOCK1_APV(1836a120,202400,1099cc5,2c8,2e7b6ab0,...) at VOP_LOCK1_APV+0x8/frame 0x2e7b68f8
> lookup(2e7b6a50,0,400,2e7b6aa0,2e7b6a18,...) at lookup+0xc4/frame 0x2e7b6960
> namei(2e7b6a50,0,4000144,0,2cced08e,...) at namei+0x4f3/frame 0x2e7b6a20
> kern_statat(3c5dc700,0,ffffff9c,2cced08e,0,...) at kern_statat+0x85/frame 0x2e7b6af0
> sys_fstatat(3c5dc700,3c5dc988,1384bb0,3c5dc700,0,...) at sys_fstatat+0x49/frame 0x2e7b6c00
> syscall(2e7b6ce8,3b,3b,3b,fbafbbc8,...) at syscall+0x3ea/frame 0x2e7b6cdc
> Xint0x80_syscall() at PTDpde+0x43af/frame 0x2e7b6cdc
> --- syscall (552, FreeBSD ELF32, sys_fstatat), eip = 0x21321d5f, esp = 0xfbafbb2c, ebp = 0xfbafbbb8 ---
> _DYNAMIC() at 0x21321d5f
> KDB: enter: panic
> 
> __curthread () at ./machine/pcpu.h:226
> 226		__asm("movl %%fs:%1,%0" : "=r" (td)
> (kgdb) #0  __curthread () at ./machine/pcpu.h:226
> #1  doadump (textdump=<optimized out>)
>     at /usr/src/sys/kern/kern_shutdown.c:371
> #2  0x009c023d in db_fncall_generic (addr=<optimized out>, 
>     rv=<optimized out>, nargs=<optimized out>, args=<optimized out>)
>     at /usr/src/sys/ddb/db_command.c:609
> #3  db_fncall (dummy1=20441604, dummy2=false, dummy3=10607414, 
>     dummy4=0x2e7b6344 "") at /usr/src/sys/ddb/db_command.c:657
> #4  0x009bfd74 in db_command (last_cmdp=<optimized out>, 
>     cmd_table=<optimized out>, dopager=1) at /usr/src/sys/ddb/db_command.c:481
> #5  0x009bfae0 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534
> #6  0x009c2d6b in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:252
> #7  0x00ca66d4 in kdb_trap (type=3, code=0, tf=0x2e7b657c)
>     at /usr/src/sys/kern/subr_kdb.c:692
> #8  0x00ff58a4 in trap (frame=0x2e7b657c) at /usr/src/sys/i386/i386/trap.c:712
> #9  0xffc0315d in ?? ()
> #10 0x2e7b657c in ?? ()
> #11 0x00c5bede in vpanic (
>     fmt=0x108d309 "%s: fault on nofault entry, addr: %#lx", 
>     ap=0x2e7b661c "\243\337\003\001") at /usr/src/sys/kern/kern_shutdown.c:866
> #12 0x00c5bd7b in panic (
>     fmt=0x108d309 "%s: fault on nofault entry, addr: %#lx")
>     at /usr/src/sys/kern/kern_shutdown.c:804
> #13 0x00f734a9 in vm_fault_hold (map=0x1ea5000, vaddr=2105344, 
>     fault_type=1 '\001', fault_flags=0, m_hold=0x0)
>     at /usr/src/sys/vm/vm_fault.c:586
> #14 0x00f70a6e in vm_fault (map=0x1ea5000, vaddr=2105344, 
>     fault_type=1 '\001', fault_flags=0) at /usr/src/sys/vm/vm_fault.c:536
> #15 0x00ff62b2 in trap_pfault (frame=0x2e7b6880, usermode=0, eva=2106466)
>     at /usr/src/sys/i386/i386/trap.c:882
> #16 0x00ff58bb in trap (frame=0x2e7b6880) at /usr/src/sys/i386/i386/trap.c:519
> #17 0xffc0315d in ?? ()
> #18 0x2e7b6880 in ?? ()
> #19 0x00d1de64 in lookup (ndp=0x2e7b6a50)
>     at /usr/src/sys/kern/vfs_lookup.c:710
> #20 0x00d1d763 in namei (ndp=0x2e7b6a50) at /usr/src/sys/kern/vfs_lookup.c:487
> #21 0x00d372c5 in kern_statat (td=0x3c5dc700, flag=0, fd=-100, 
>     path=0x2cced08e <error: Cannot access memory at address 0x2cced08e>, 
>     pathseg=UIO_USERSPACE, sbp=0x2e7b6b18, hook=0x0)
>     at /usr/src/sys/kern/vfs_syscalls.c:2307
> #22 0x00d37c99 in sys_fstatat (td=0x3c5dc700, uap=0x3c5dc988)
>     at /usr/src/sys/kern/vfs_syscalls.c:2284
> #23 0x00ff69fa in syscallenter (td=<optimized out>)
>     at /usr/src/sys/i386/i386/../../kern/subr_syscall.c:135
> #24 syscall (frame=0x2e7b6ce8) at /usr/src/sys/i386/i386/trap.c:1144
> #25 0xffc033a7 in ?? ()
> #26 0x2e7b6ce8 in ?? ()
> Backtrace stopped: Cannot access memory at address 0xfbafbbbc
> (kgdb) 

Frame 18 is probably the root problem, though it doesn't look like kgdb is
able to unwind it correctly.  Looking at frame 19 might help though.  It
seems like a NULL pointer dereference when invoking VOP_LOCK.

-- 
John Baldwin