Date: Sat, 8 Mar 2003 13:35:35 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: current@FreeBSD.ORG, alfred@FreeBSD.org Subject: Re: NULL pointer problem in pid selection ? Message-ID: <20030308213535.GE56020@rot13.obsecurity.org> In-Reply-To: <54592.1047120394@critter.freebsd.dk> References: <54592.1047120394@critter.freebsd.dk>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On Sat, Mar 08, 2003 at 11:46:34AM +0100, Poul-Henning Kamp wrote:
>
> Just got this crash on -current, and I belive I have seen similar
> before. addr2line(1) reports the faulting address to be
> ../../../kern/kern_fork.c:395
> which is in the inner loop of pid collision avoidance.
I've been running this patch from Alfred for the past month or so on
bento, which has fixed a similar panic I was seeing regularly.
Kris
Index: kern/kern_fork.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_fork.c,v
retrieving revision 1.186
diff -u -r1.186 kern_fork.c
--- kern/kern_fork.c 27 Feb 2003 02:05:17 -0000 1.186
+++ kern/kern_fork.c 4 Mar 2003 00:28:09 -0000
@@ -325,6 +325,7 @@
* exceed the limit. The variable nprocs is the current number of
* processes, maxproc is the limit.
*/
+ sx_xlock(&proctree_lock);
sx_xlock(&allproc_lock);
uid = td->td_ucred->cr_ruid;
if ((nprocs >= maxproc - 10 && uid != 0) || nprocs >= maxproc) {
@@ -432,6 +433,7 @@
LIST_INSERT_HEAD(&allproc, p2, p_list);
LIST_INSERT_HEAD(PIDHASH(p2->p_pid), p2, p_hash);
sx_xunlock(&allproc_lock);
+ sx_xunlock(&proctree_lock);
/*
* Malloc things while we don't hold any locks.
@@ -757,6 +759,7 @@
return (0);
fail:
sx_xunlock(&allproc_lock);
+ sx_xunlock(&proctree_lock);
uma_zfree(proc_zone, newproc);
if (p1->p_flag & P_THREADED) {
PROC_LOCK(p1);
>
> Poul-Henning
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; lapic.id = 00000000
> fault virtual address = 0x14
> fault code = supervisor read, page not present
> instruction pointer = 0x8:0xc01c3eec
> stack pointer = 0x10:0xe74e3c74
> frame pointer = 0x10:0xe74e3cbc
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, def32 1, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process = 99777 (sh)
> trap number = 12
> panic: page fault
> cpuid = 0; lapic.id = 00000000
> Stack backtrace:
> backtrace(c032ff8e,0,c03394ce,e74e3b68,1) at 0xc01d86a7 = backtrace+0x17
> panic(c03394ce,c0342131,cfe5496c,1,1) at 0xc01d87ba = panic+0x10a
> trap_fatal(e74e3c34,14,c03422ba,2e3,cfe4fa50) at 0xc02fa672 = trap_fatal+0x322
> trap_pfault(e74e3c34,0,14,c035a038,14) at 0xc02fa322 = trap_pfault+0x1c2
> trap(18,10,10,cf19c3f8,cf76b9ec) at 0xc02f9e9d = trap+0x3cd
> calltrap() at 0xc02e2cd8 = calltrap+0x5
> --- trap 0xc, eip = 0xc01c3eec, esp = 0xe74e3c74, ebp = 0xe74e3cbc ---
> fork1(cfe4fa50,14,0,e74e3cd4,cfe54858) at 0xc01c3eec = fork1+0x3fc
> fork(cfe4fa50,e74e3d10,c03422ba,404,0) at 0xc01c3852 = fork+0x52
> syscall(2f,2f,2f,0,80ff000) at 0xc02fa98e = syscall+0x26e
> Xint0x80_syscall() at 0xc02e2d2d = Xint0x80_syscall+0x1d
> --- syscall (2), eip = 0x807ba9f, esp = 0xbfbff6bc, ebp = 0xbfbff6e8 ---
> boot() called on cpu#0
>
> --
> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG | TCP/IP since RFC 956
> FreeBSD committer | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+amInWry0BWjoQKURAlRGAJwOAAQ/CA5t+U0OMdYGHVaWdOyhYgCgkffG
SrGZFoCS/TPBBaD4AuUP0+c=
=2l59
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030308213535.GE56020>