sporadic core dumps in 12.0-RELEASE

Chuck Tuffli ctuffli at gmail.com
Tue Dec 18 15:34:46 UTC 2018 

Hi

When running 12.0-RELEASE in bhyve, nvmecontrol will core dump sporadically
in rtld. This is repeatable, but doesn't happen every time. Peeking at
rlock_acquire(), the function checks for a NULL lockstate and then
dereferences the lock. The backtrace (below) suggests the lock is NULL but
the lockstate pointer is not. Does anyone know if this is expected, weird,
etc.?

root at freebsd:~ # uname -a
FreeBSD freebsd 12.0-RELEASE FreeBSD 12.0-RELEASE r341666 GENERIC  amd64
root at freebsd:~ # /usr/libexec/gdb -q /sbin/nvmecontrol nvmecontrol.core
Core was generated by `nvmecontrol identify nvme0'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.7...Reading symbols from
/usr/lib/debug//lib/libc.so.7.debug...done.
done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /libexec/ld-elf.so.1...Reading symbols from
/usr/lib/debug//libexec/ld-e
lf.so.1.debug...done.
done.
Loaded symbols for /libexec/ld-elf.so.1
#0  rlock_acquire (lock=0x0, lockstate=0x7fffffffd9b8)
    at /usr/src/libexec/rtld-elf/rtld_lock.c:203
203     /usr/src/libexec/rtld-elf/rtld_lock.c: No such file or directory.
        in /usr/src/libexec/rtld-elf/rtld_lock.c
(gdb) bt
#0  rlock_acquire (lock=0x0, lockstate=0x7fffffffd9b8)
    at /usr/src/libexec/rtld-elf/rtld_lock.c:203
#1  0x000000080021a2fd in _rtld_bind (obj=0x800236000, reloff=528)
    at /usr/src/libexec/rtld-elf/rtld.c:790
#2  0x000000080021704d in _rtld_bind_start ()
    at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:121
#3  0x00000000002087de in identify_ctrlr (argc=2, argv=0x7fffffffebd0)
    at /usr/src/sbin/nvmecontrol/identify.c:183
#4  0x00000000002086e0 in identify (argc=2, argv=0x7fffffffebd0)
    at /usr/src/sbin/nvmecontrol/identify.c:292
#5  0x0000000000207935 in main (argc=<value optimized out>, argv=<value
optimized out>)
    at /usr/src/sbin/nvmecontrol/nvmecontrol.c:89
#6  0x000000000020711b in _start (ap=<value optimized out>, cleanup=<value
optimized out>)
    at /usr/src/lib/csu/amd64/crt1.c:76
#7  0x0000000800236000 in ?? ()
#8  0x0000000000000000 in ?? ()
Current language:  auto; currently minimal
(gdb) p *lockstate
$1 = {lockstate = 0, env = 0x7fffffffd9c0}
(gdb)

--chuck

More information about the freebsd-stable mailing list