Page fault from dmu_read_pages()

[phoatfreebsd]

System information

Type	Version/Name
Distribution Name	FreeBSD
Distribution Version
Kernel Version	FreeBSD 15.0-CURRENT #0 main-06a98fefd3d3f
Architecture	AMD64
OpenZFS Version	zfs-2.3.99-64-FreeBSD_g1c9a4c8cb zfs-kmod-2.3.99-92-FreeBSD_gd0a91b9f8

Describe the problem you're observing

20241128 01:02:12 all (17/20): zfs18.sh
ZFS filesystem version: 5
ZFS storage pool version: features support (5000)


Fatal trap 12: page fault while in kernel mode
cpuid = 10; apic id = 0a
fault virtual address   = 0x0
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff8108dfb6
stack pointer           = 0x28:0xfffffe0170880790
frame pointer           = 0x28:0xfffffe0170880790
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 98415 (zfs18)
rdi: fffff80826600000 rsi: 0000000000000000 rdx: 0000000000001000
rcx: 0000000000001000  r8: 0000000000000000  r9: 0000000000000000
rax: fffff80826600000 rbx: fffffe0034f96980 rbp: fffffe0170880790
r10: fffffe0034f96980 r11: 0000000000000000 r12: 0000000000000000
r13: 0000000000000000 r14: fffff80826600000 r15: 0000000000001000
trap number             = 12
panic: page fault
cpuid = 10
time = 1732752148
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0170880460
vpanic() at vpanic+0x136/frame 0xfffffe0170880590
panic() at panic+0x43/frame 0xfffffe01708805f0
trap_fatal() at trap_fatal+0x40b/frame 0xfffffe0170880650
trap_pfault() at trap_pfault+0xa0/frame 0xfffffe01708806c0
calltrap() at calltrap+0x8/frame 0xfffffe01708806c0
--- trap 0xc, rip = 0xffffffff8108dfb6, rsp = 0xfffffe0170880790, rbp = 0xfffffe0170880790 ---
memcpy_erms() at memcpy_erms+0x106/frame 0xfffffe0170880790
dmu_read_pages() at dmu_read_pages+0x555/frame 0xfffffe0170880830
zfs_freebsd_getpages() at zfs_freebsd_getpages+0x44b/frame 0xfffffe0170880910
VOP_GETPAGES_APV() at VOP_GETPAGES_APV+0x5d/frame 0xfffffe0170880940
vnode_pager_getpages() at vnode_pager_getpages+0x37/frame 0xfffffe0170880980
vm_pager_get_pages() at vm_pager_get_pages+0x5f/frame 0xfffffe01708809d0
vm_fault() at vm_fault+0x6de/frame 0xfffffe0170880b00
vm_fault_quick_hold_pages() at vm_fault_quick_hold_pages+0x17f/frame 0xfffffe0170880b70
vn_io_fault1() at vn_io_fault1+0x282/frame 0xfffffe0170880cb0
vn_io_fault() at vn_io_fault+0x150/frame 0xfffffe0170880d40
dofilewrite() at dofilewrite+0x81/frame 0xfffffe0170880d90
sys_write() at sys_write+0xb7/frame 0xfffffe0170880e00
amd64_syscall() at amd64_syscall+0x158/frame 0xfffffe0170880f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0170880f30
--- syscall (4, FreeBSD ELF64, write), rip = 0x822bcac6a, rsp = 0x8203b8768, rbp= 0x8203b8890 ---

Details @ https://people.freebsd.org/~pho/stress/log/log0562.txt

Describe how to reproduce the problem

cd src/tools/test/stress2/misc/; ./all.sh zfs18.sh

Include any warning/errors/backtraces from the system logs

[amotin]

I wonder if this might somehow be related: #16829 , though I am not sure how, one fixes somewhat alike NULL-dereference case during write.

PS: In this

(kgdb) p *db
$1 = {db_object = 0x180, db_offset = 0x0, db_size = 0x20000, db_data = 0x0}

it would be more helpful to convert the pointer to struct dmu_buf_impl * to see more about the buffer state, not just that db_data is NULL.