From owner-freebsd-current@FreeBSD.ORG  Sun Jun 13 04:45:28 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1AF8616A4CE; Sun, 13 Jun 2004 04:45:28 +0000 (GMT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id A9E2043D2F; Sun, 13 Jun 2004 04:45:27 +0000 (GMT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.11/8.12.11) with ESMTP id i5D4gS0w001677;
	Sun, 13 Jun 2004 00:42:28 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)i5D4gSJM001674;
	Sun, 13 Jun 2004 00:42:28 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Sun, 13 Jun 2004 00:42:27 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Tim Robbins <tjr@freebsd.org>
In-Reply-To: <20040613040646.GB28627@cat.robbins.dropbear.id.au>
Message-ID: <Pine.NEB.3.96L.1040613004127.1617A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: current@freebsd.org
Subject: Re: Fatal trap 12 in kern/kern_descrip.c:2346
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jun 2004 04:45:28 -0000


On Sun, 13 Jun 2004, Tim Robbins wrote:

> > Well, this is certainly a NULL pointer dereference in the sysctl code
> > exporting file descriptor information to user space (perhaps for fstat?). 
> > The question is what is NULL.  It looks like you have a dump -- could you
> > convert sysctl_kern_file+0x105 to a line number?  It's likely that it is
> > line 2346 of kern_descrip.c, which follows the process pointer to its
> > ucred.  If so, could you use gdb on the dump to inspect *p?
> 
> ISTR he included the output of "print *p" on his web page.
> 
> I think the problem here is that we put processes onto the allproc list
> in fork1() before they're properly initialised (or we unlock the allproc
> sx too early.) 

Hmm.  I noticed, though, that p_flag is set to P_CONTROLT and P_WEXIT, so
my initial suspicion was actually exit1().

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Senior Research Scientist, McAfee Research