Re: page fault in unionfs code

[Edgar Fuß <ef%math.uni-bonn.de@localhost>]

So I'm trying to analyze my panic:

> uvm_fault(0xffff8497fe928050, 0x0, 1) -> e
> fatal page fault in supervisor mode
> trap type 6 code 0 rip 0xffffffff80a165f3 cs 0x8 rflags 0x10282 cr2 0x80 ilevel 0 rsp 0xffffa384c28b4cd0
> curlwp 0xffff84980a57f240 pid 11740.11740 lowest kstack 0xffffa384c28b02c0
> kernel: page fault trap, code=0
> Stopped in pid 11740.11740 (python3.10) at	netbsd: VOP_LOCK+0x26: movl	80(%rdi),%r13d
> db{3}> bt
> VOP LOCK() at netbsd:VOP_LOCK+0x26
> vn_lock() at netbsd:vn_lock+0x22
> ufs_link() at netbsd:ufs_link+0x3c
> VOP_LINK() at netbsd:VOP_LINK+0x46
> union_link() at netbsd:union_link+0x53
[...]
> db{3}> show reg
[...]
> rdi	0
[...]

So the panic is VOP_LOCK() called with a null argument, meaning vn_lock() 
called with a null argument, meaning ufs_link() called with a null a->a_vp,
meaning VOP_LINK() called with a null vp, meaning union_link() calling it 
with a null vp.

union_link() looks like this:

int
union_link(void *v)
{
	struct vop_link_v2_args /* {
		struct vnode *a_dvp;
		struct vnode *a_vp;
		struct componentname *a_cnp;
	} */ *ap = v;
[...]
	struct vnode *vp;
[...]
	if (ap->a_dvp->v_op != ap->a_vp->v_op) {
		vp = ap->a_vp;
	} else {
		struct union_node *un = VTOUNION(ap->a_vp);
		if (un->un_uppervp == NULLVP) {
			[MAGIC CODE]
		}
		vp = un->un_uppervp;
	}
[...]
	return VOP_LINK(dvp, vp, cnp);
}

and I'm at loss how [MAGIC CODE], which dosn't seem to touch un or 
un->unuppervp, can turn a NULLVP un->un_uppervp into a non-NULLVP one.