From owner-svn-src-all@FreeBSD.ORG  Thu Sep  5 10:31:51 2013
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id B00B5670;
 Thu,  5 Sep 2013 10:31:51 +0000 (UTC)
 (envelope-from tijl@freebsd.org)
Received: from mailrelay009.isp.belgacom.be (mailrelay009.isp.belgacom.be
 [195.238.6.176])
 by mx1.freebsd.org (Postfix) with ESMTP id C0F4822B4;
 Thu,  5 Sep 2013 10:31:50 +0000 (UTC)
X-Belgacom-Dynamic: yes
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AoEGAElcKFJbsUGw/2dsb2JhbABbgwc1wheBJxd0giQBAQVWIxALDgYECRoLDyoeBgGIGAi6TY4igS0RB4QdA5Ajh1GBMJA3gWOBPzqBLQ
Received: from 176.65-177-91.adsl-dyn.isp.belgacom.be (HELO
 kalimero.tijl.coosemans.org) ([91.177.65.176])
 by relay.skynet.be with ESMTP; 05 Sep 2013 12:31:40 +0200
Received: from kalimero.tijl.coosemans.org (kalimero.tijl.coosemans.org
 [127.0.0.1])
 by kalimero.tijl.coosemans.org (8.14.7/8.14.7) with ESMTP id r85AVdgO011456;
 Thu, 5 Sep 2013 12:31:39 +0200 (CEST)
 (envelope-from tijl@FreeBSD.org)
Date: Thu, 5 Sep 2013 12:31:34 +0200
From: Tijl Coosemans <tijl@FreeBSD.org>
To: Konstantin Belousov <kostikbel@gmail.com>, Pawel Jakub Dawidek
 <pjd@FreeBSD.org>
Subject: Re: svn commit: r255219 - in head: contrib/tcpdump lib/libc
 lib/libc/capability lib/libc/include lib/libc/sys lib/libprocstat
 sbin/dhclient sbin/hastd sys/amd64/linux32 sys/bsm
 sys/cddl/compat/opensola...
Message-ID: <20130905123134.4bf15908@kalimero.tijl.coosemans.org>
In-Reply-To: <20130905095733.GP41229@kib.kiev.ua>
References: <201309050009.r8509vsE061271@svn.freebsd.org>
 <20130905024448.GO41229@kib.kiev.ua>
 <20130905061429.GD1388@garage.freebsd.pl>
 <20130905061923.GA5011@garage.freebsd.pl>
 <20130905095733.GP41229@kib.kiev.ua>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=PGP-SHA256;
 boundary="Sig_/Uk7Di_aRkw4iU_3tuxwBG9W"; protocol="application/pgp-signature"
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
 src-committers@freebsd.org
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Sep 2013 10:31:51 -0000

--Sig_/Uk7Di_aRkw4iU_3tuxwBG9W
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Thu, 5 Sep 2013 12:57:33 +0300 Konstantin Belousov wrote:
> On Thu, Sep 05, 2013 at 08:19:24AM +0200, Pawel Jakub Dawidek wrote:
> > On Thu, Sep 05, 2013 at 08:14:29AM +0200, Pawel Jakub Dawidek wrote:
> > > On Thu, Sep 05, 2013 at 05:44:48AM +0300, Konstantin Belousov wrote:
> > > > On Thu, Sep 05, 2013 at 12:09:57AM +0000, Pawel Jakub Dawidek wrote:
> > > > > Author: pjd
> > > > > Date: Thu Sep  5 00:09:56 2013
> > > > > New Revision: 255219
> > > > > URL: http://svnweb.freebsd.org/changeset/base/255219
> > > >=20
> > > > Shortly after the boot of the updated kernel, I get:
> > > >=20
> > > > Fatal trap 12: page fault while in kernel mode
> > > > cpuid =3D 7; apic id =3D 07
> > > > fault virtual address	=3D 0x0
> > > > fault code		=3D supervisor read data, page not present
> > > > instruction pointer	=3D 0x20:0xffffffff802f685a
> > > > stack pointer	        =3D 0x28:0xfffffe0235d50460
> > > > frame pointer	        =3D 0x28:0xfffffe0235d504b0
> > > > code segment		=3D base 0x0, limit 0xfffff, type 0x1b
> > > > 			=3D DPL 0, pres 1, long 1, def32 0, gran 1
> > > > processor eflags	=3D interrupt enabled, resume, IOPL =3D 0
> > > > current process		=3D 199 (ip6addrctl)
> > > > [ thread pid 199 tid 100086 ]
> > > > Stopped at      0xffffffff802f685a =3D fget+0x2a: movq    (%rdx),%r=
ax
> > > > db> bt
> > > > Tracing pid 199 tid 100086 td 0xfffff80005351980
> > > > fget() at 0xffffffff802f685a =3D fget+0x2a/frame 0xfffffe0235d504b0
> > > > fdesc_lookup() at 0xffffffff80e6d88d =3D fdesc_lookup+0xed/frame 0x=
fffffe0235d50510
> > > > VOP_LOOKUP_APV() at 0xffffffff8057b54e =3D VOP_LOOKUP_APV+0x12e/fra=
me 0xfffffe0235d50560
> > > > lookup() at 0xffffffff803d31b0 =3D lookup+0x5a0/frame 0xfffffe0235d=
505f0
> > > > namei() at 0xffffffff803d2934 =3D namei+0x464/frame 0xfffffe0235d50=
6c0
> > > > vn_open_cred() at 0xffffffff803ee78f =3D vn_open_cred+0x27f/frame 0=
xfffffe0235d50810
> > > > kern_openat() at 0xffffffff803e7bfd =3D kern_openat+0x22d/frame 0xf=
ffffe0235d50980
> > > > amd64_syscall() at 0xffffffff805387dd =3D amd64_syscall+0x28d/frame=
 0xfffffe0235d50ab0
> > > > Xfast_syscall() at 0xffffffff8051f21b =3D Xfast_syscall+0xfb/frame =
0xfffffe0235d50ab0
> > > > --- syscall (5, FreeBSD ELF64, sys_open), rip =3D 0x800942d6a, rsp =
=3D 0x7fffffffcff8, rbp =3D 0x7fffffffd030 ---
> > > >=20
> > > > (gdb) list *fget+0x2a
> > > > 0xffffffff802f685a is in fget (/usr/home/kostik/work/build/bsd/DEV/=
src/sys/kern/kern_descrip.c:2385).
> > > >=20
> > > > I do not have any capsicum-related options in the kernel config.
> > >=20
> > > Do you have some local changes? Could you try to do full buildkernel?
> > > There were two compilation issues when CAPABILITIES option was absent=
 in
> > > kernel configuration, so something isn't right is you were able to
> > > compile your kernel.
> I have local changes, but nothing in kern_descrip.c or VFS, for this bran=
ch.
> The trace above is from the clean kernel build.  I do able to build the
> kernel without CAPABILITIES.
>=20
> >=20
> > Forgot to mention that my test machine can boot fine with kernel
> > compiled without the CAPABILITIES option.
>=20
> If taking a time and actually looking at the backtrace I posted, you would
> see that fdescfs is broken.  The _fget() assumes that needrightsp is
> always non-NULL, but fget() call from fdesc_lookup() passes NULL spelled
> as 0.
>=20
> Quick look over the sys/ catched at least
> sys/kern/vfs_aio.c:2053
> sys/cddl/compat/opensolaris/sys/file.h:57
> sys/compat/linux/linux_stats.c:148
> sys/dev/aacraid/aacraid_linux.c:84
> with the same problem.

There are also fget_unlocked calls where the needrightsp argument is 0.

--Sig_/Uk7Di_aRkw4iU_3tuxwBG9W
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (FreeBSD)

iF4EAREIAAYFAlIoXYsACgkQfoCS2CCgtit36AD/SlVAWUue2nlwErH4A561Pc2D
l6j1vAs5zW3TPDwuagQA/iTsSprfbD4rOIuHoHq9n1uThPJBAtV5//Qs7txjnsmV
=mWIc
-----END PGP SIGNATURE-----

--Sig_/Uk7Di_aRkw4iU_3tuxwBG9W--