From owner-freebsd-current@FreeBSD.ORG Sun Jun 13 04:04:54 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D92516A4D3; Sun, 13 Jun 2004 04:04:52 +0000 (GMT) Received: from smtp01.syd.iprimus.net.au (smtp01.syd.iprimus.net.au [210.50.30.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id D144843D31; Sun, 13 Jun 2004 04:04:51 +0000 (GMT) (envelope-from tim@robbins.dropbear.id.au) Received: from robbins.dropbear.id.au (210.50.40.74) by smtp01.syd.iprimus.net.au (7.0.024) id 40B7A0DA00452181; Sun, 13 Jun 2004 14:04:50 +1000 Received: by robbins.dropbear.id.au (Postfix, from userid 1000) id 74DF841F5; Sun, 13 Jun 2004 14:06:46 +1000 (EST) Date: Sun, 13 Jun 2004 14:06:46 +1000 From: Tim Robbins To: Robert Watson Message-ID: <20040613040646.GB28627@cat.robbins.dropbear.id.au> References: <20040612140758.GA44899@peter.osted.lan> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i cc: current@freebsd.org Subject: Re: Fatal trap 12 in kern/kern_descrip.c:2346 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jun 2004 04:04:55 -0000 On Sat, Jun 12, 2004 at 11:30:28AM -0400, Robert Watson wrote: > > On Sat, 12 Jun 2004, Peter Holm wrote: > > > Fatal trap 12: page fault while in kernel mode > > cpuid = 0; apic id = 00 > > fault virtual address = 0x4 > > fault code = supervisor read, page not present > > instruction pointer = 0x8:0xc062ec65 > > stack pointer = 0x10:0xd126ab88 > > frame pointer = 0x10:0xd126abc8 > > code segment = base 0x0, limit 0xfffff, type 0x1b > > = DPL 0, pres 1, def32 1, gran 1 > > processor eflags = interrupt enabled, resume, IOPL = 0 > > current process = 28142 (sysctl) > > kernel: type 12 trap, code=0 > > Stopped at sysctl_kern_file+0x105: movl 0x4(%eax),%eax > > db> t > > sysctl_kern_file(c08d9320,0,0,d126ac10,d126ac10) at sysctl_kern_file+0x105 > > sysctl_root(0,d126ac7c,2,d126ac10,c1a252c0) at sysctl_root+0x156 > > userland_sysctl(c1a252c0,d126ac7c,2,bfbf26c0,bfbfe338) at userland_sysctl+0x12c > > __sysctl(c1a252c0,d126ad14,18,434,6) at __sysctl+0xb3 > > syscall(2f,2f,2f,2,bfbf26c0) at syscall+0x2a0 > > Xint0x80_syscall() at Xint0x80_syscall+0x1f > > --- syscall (202, FreeBSD ELF32, __sysctl), eip = 0x280bb05b, esp = 0xbfbf265c > > Well, this is certainly a NULL pointer dereference in the sysctl code > exporting file descriptor information to user space (perhaps for fstat?). > The question is what is NULL. It looks like you have a dump -- could you > convert sysctl_kern_file+0x105 to a line number? It's likely that it is > line 2346 of kern_descrip.c, which follows the process pointer to its > ucred. If so, could you use gdb on the dump to inspect *p? ISTR he included the output of "print *p" on his web page. I think the problem here is that we put processes onto the allproc list in fork1() before they're properly initialised (or we unlock the allproc sx too early.) Tim