Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 8 Feb 2003 16:12:26 +0100
From:      Thomas Moestl <tmoestl@gmx.net>
To:        Morten Rodal <morten@rodal.no>
Cc:        Kris Kennaway <kris@obsecurity.org>, current@FreeBSD.ORG
Subject:   Re: Panic in fork()
Message-ID:  <20030208151226.GB624@crow.dom2ip.de>
In-Reply-To: <20030208141542.GC11725@slurp.rodal.no>
References:  <20030208092406.GA12104@rot13.obsecurity.org> <20030208110512.GB12696@rot13.obsecurity.org> <20030208141542.GC11725@slurp.rodal.no>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Sat, 2003/02/08 at 15:15:44 +0100, Morten Rodal wrote:
> On Sat, Feb 08, 2003 at 03:05:12AM -0800, Kris Kennaway wrote:
> > bento# addr2line -e kernel.debug 0xc01a1e2d
> > ../../../kern/kern_fork.c:388
> > 
> >                 for (; p2 != NULL; p2 = LIST_NEXT(p2, p_list)) {
> >                         PROC_LOCK(p2);
> > 388 -->                 while (p2->p_pid == trypid || 
> > 
> 
> That is the exact same spot I saw my computer (old smp machine) crash.
> I think someone mentioned that it would be more or less impossible to
> crash there since one would not enter the for loop when p2 is NULL.
> 
> Could it be that PROC_LOCK tampers with p2?

addr2line will usually point to the first line of a statement if it
spans multiple lines; in this case, the full guard is:

			while (p2->p_pid == trypid ||
			    p2->p_pgrp->pg_id == trypid ||
			    p2->p_session->s_sid == trypid) {

The fault address indicates, that p2->p_pgrp->p_session (p_session is
a macro that expands to p_pgrp->p_session) is NULL, since the offset
of s_sid in struct session is 0x14.
I haven't yet found out how that could happen though, this field is
never legitimatly NULL and the locking seems to be tight so that it
cannot be freed from under fork1().

	- Thomas

-- 
Thomas Moestl <tmoestl@gmx.net>	http://www.tu-bs.de/~y0015675/
              <tmm@FreeBSD.org>	http://people.FreeBSD.org/~tmm/
PGP fingerprint: 1C97 A604 2BD0 E492 51D0  9C0F 1FE6 4F1D 419C 776C

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030208151226.GB624>