kern/56314: show mount in ddb with a LOCKDEBUG kernel might jump through a NULL pointer

[martin%NetBSD.org@localhost]

>Number:         56314
>Category:       kern
>Synopsis:       show mount in ddb with a LOCKDEBUG kernel might jump through a NULL pointer
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 17 17:45:00 +0000 2021
>Originator:     Martin Husemann
>Release:        NetBSD 9.99.86
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD gethsemane.aprisoft.de 9.99.86 NetBSD 9.99.86 (GETHSEMANE) #118: Sat Jul 17 17:02:51 CEST 2021 martin%seven-days-to-the-wolves.aprisoft.de@localhost:/work/src/sys/arch/macppc/compile/GETHSEMANE macppc
Architecture: powerpc
Machine: macppc
>Description:

Trying to show mount the root file system crashes in ddb reproducably
for me:

db{0}> show mount 0x5fb0f000
vnodecovered = 0x0 data = 0x1027f500
fs_bshift 13 dev_bshift = 9
flag = 0x2005000<MNT_LOG,MNT_ROOTFS,MNT_LOCAL>
iflag = 0x7e0<IMNT_ONWORKLIST,IMNT_CAN_RWTORO,IMNT_MPSAFE,IMNT_SHRLOOKUP,IMNT_DT
YPE,IMNT_NCLOOKUP>
refcnt = 2062 updating @ 0x5fbcc9c0
statvfs cache:
        bsize = 8192
        frsize = 1024
        iosize = 8192
        blocks = 18856513
        bfree = 16691657
        bavail = 15748832
        bresvd = 942825
        files = 4735102
        ffree = 4715901
        favail = 4715901
        fresvd = 0
        f_fsidx = { 0xa04, 0x78b }
        owner = 0
        namemax = 255
        flag = 0
        syncwrites = 2
        asyncwrites = 246
        syncreads = 13528
        asyncreads = 0
        fstypename = ffs
        mntonname = /
        mntfromname = /dev/wd0e
locked vnodes =Skipping crash dump on recursive panic
[  64.4434238] panic: call to null-ptr from 0x834370
[  64.4434238] cpu0: Begin traceback...
[  64.4434238] 0x105c56a0: at vpanic+0x12c
[  64.4434238] 0x105c56d0: at panic+0x50
[  64.4434238] 0x105c5710: at trap0+0x18
[  64.4434238] 0x105c5720: at VOP_ISLOCKED+0x7c
[  64.4434238] 0x105c5740: at vfs_mount_print+0x340
[  64.4434238] 0x105c5870: at vfs_mount_print_all+0x3c
[  64.4434238] 0x105c5890: at db_command+0x138
[  64.4434238] 0x105c5930: at db_command_loop+0xd0
[  64.4434238] 0x105c5a00: at db_trap+0xdc
[  64.4434238] 0x105c5a30: at kdb_trap+0x128
[  64.4434238] 0x105c5a70: at trapstart+0x95c
[  64.4434238] 0x105c5b40: at vpanic+0x12c
[  64.4434238] 0x105c5b70: at kern_assert+0x60
[  64.4434238] 0x105c5bb0: at spec_node_revoke+0x10c
[  64.4434238] 0x105c5bd0: at vcache_reclaim+0x6a4
[  64.4434238] 0x105c5c60: at vgone+0x114
[  64.4434238] 0x105c5c80: at vrevoke+0x114
[  64.4434238] 0x105c5cb0: at genfs_revoke+0x1c
[  64.4434238] 0x105c5cc0: at VOP_REVOKE+0x48
[  64.4434238] 0x105c5ce0: at exit1+0x794
[  64.4434238] 0x105c5d90: at sigexit+0x1f4
[  64.4434238] 0x105c5dc0: at postsig+0x288
[  64.4434238] 0x105c5e70: at lwp_userret+0x204
[  64.4434238] 0x105c5eb0: at syscall+0x528
[  64.4434238] 0x105c5f20: user SC trap #449 by 0xfdc208d4: srr1=0xd032
[  64.4434238]             r1=0xffffe450 cr=0x42082222 xer=0x20000000 ctr=0xfdc208d0


(gdb) list *(0x834370)
0x834370 is in VOP_ISLOCKED (../../../../kern/vnode_if.c:1516).
1511            error = vop_pre(vp, &mp, &mpsafe, FST_NO);
1512            if (error)
1513                    return error;
1514            error = (VCALL(vp, VOFFSET(vop_islocked), &a));
1515            vop_post(vp, mp, mpsafe, FST_NO);
1516            return error;
1517    }
1518    
1519    const int vop_pathconf_vp_offsets[] = {
1520            VOPARG_OFFSETOF(struct vop_pathconf_args,a_vp),



>How-To-Repeat:
s/a

>Fix:
n/a