From owner-freebsd-current@FreeBSD.ORG  Sat Jun 12 15:33:39 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 88FFA16A4CE
	for <current@freebsd.org>; Sat, 12 Jun 2004 15:33:39 +0000 (GMT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 197EA43D2F
	for <current@freebsd.org>; Sat, 12 Jun 2004 15:33:39 +0000 (GMT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.11/8.12.11) with ESMTP id i5CFUSBi090567;
	Sat, 12 Jun 2004 11:30:28 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)i5CFUSde090564;
	Sat, 12 Jun 2004 11:30:28 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Sat, 12 Jun 2004 11:30:28 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Peter Holm <peter@holm.cc>
In-Reply-To: <20040612140758.GA44899@peter.osted.lan>
Message-ID: <Pine.NEB.3.96L.1040612111520.90086B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: current@freebsd.org
Subject: Re: Fatal trap 12 in kern/kern_descrip.c:2346
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jun 2004 15:33:39 -0000


On Sat, 12 Jun 2004, Peter Holm wrote:

> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0x4
> fault code              = supervisor read, page not present
> instruction pointer     = 0x8:0xc062ec65
> stack pointer           = 0x10:0xd126ab88
> frame pointer           = 0x10:0xd126abc8
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 28142 (sysctl)
> kernel: type 12 trap, code=0
> Stopped at      sysctl_kern_file+0x105: movl    0x4(%eax),%eax
> db> t
> sysctl_kern_file(c08d9320,0,0,d126ac10,d126ac10) at sysctl_kern_file+0x105
> sysctl_root(0,d126ac7c,2,d126ac10,c1a252c0) at sysctl_root+0x156
> userland_sysctl(c1a252c0,d126ac7c,2,bfbf26c0,bfbfe338) at userland_sysctl+0x12c
> __sysctl(c1a252c0,d126ad14,18,434,6) at __sysctl+0xb3
> syscall(2f,2f,2f,2,bfbf26c0) at syscall+0x2a0
> Xint0x80_syscall() at Xint0x80_syscall+0x1f
> --- syscall (202, FreeBSD ELF32, __sysctl), eip = 0x280bb05b, esp = 0xbfbf265c

Well, this is certainly a NULL pointer dereference in the sysctl code
exporting file descriptor information to user space (perhaps for fstat?). 
The question is what is NULL.  It looks like you have a dump -- could you
convert sysctl_kern_file+0x105 to a line number?  It's likely that it is
line 2346 of kern_descrip.c, which follows the process pointer to its
ucred.  If so, could you use gdb on the dump to inspect *p?

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Senior Research Scientist, McAfee Research