Date: Sat, 8 Mar 2003 13:35:35 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: current@FreeBSD.ORG, alfred@FreeBSD.org Subject: Re: NULL pointer problem in pid selection ? Message-ID: <20030308213535.GE56020@rot13.obsecurity.org> In-Reply-To: <54592.1047120394@critter.freebsd.dk> References: <54592.1047120394@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
--dFWYt1i2NyOo1oI9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Mar 08, 2003 at 11:46:34AM +0100, Poul-Henning Kamp wrote:
>=20
> Just got this crash on -current, and I belive I have seen similar
> before. addr2line(1) reports the faulting address to be
> ../../../kern/kern_fork.c:395
> which is in the inner loop of pid collision avoidance.
I've been running this patch from Alfred for the past month or so on
bento, which has fixed a similar panic I was seeing regularly.
Kris
Index: kern/kern_fork.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/ncvs/src/sys/kern/kern_fork.c,v
retrieving revision 1.186
diff -u -r1.186 kern_fork.c
--- kern/kern_fork.c 27 Feb 2003 02:05:17 -0000 1.186
+++ kern/kern_fork.c 4 Mar 2003 00:28:09 -0000
@@ -325,6 +325,7 @@
* exceed the limit. The variable nprocs is the current number of
* processes, maxproc is the limit.
*/
+ sx_xlock(&proctree_lock);
sx_xlock(&allproc_lock);
uid =3D td->td_ucred->cr_ruid;
if ((nprocs >=3D maxproc - 10 && uid !=3D 0) || nprocs >=3D maxproc) {
@@ -432,6 +433,7 @@
LIST_INSERT_HEAD(&allproc, p2, p_list);
LIST_INSERT_HEAD(PIDHASH(p2->p_pid), p2, p_hash);
sx_xunlock(&allproc_lock);
+ sx_xunlock(&proctree_lock);
=20
/*
* Malloc things while we don't hold any locks.
@@ -757,6 +759,7 @@
return (0);
fail:
sx_xunlock(&allproc_lock);
+ sx_xunlock(&proctree_lock);
uma_zfree(proc_zone, newproc);
if (p1->p_flag & P_THREADED) {
PROC_LOCK(p1);
>=20
> Poul-Henning
>=20
> Fatal trap 12: page fault while in kernel mode
> cpuid =3D 0; lapic.id =3D 00000000
> fault virtual address =3D 0x14
> fault code =3D supervisor read, page not present
> instruction pointer =3D 0x8:0xc01c3eec
> stack pointer =3D 0x10:0xe74e3c74
> frame pointer =3D 0x10:0xe74e3cbc
> code segment =3D base 0x0, limit 0xfffff, type 0x1b
> =3D DPL 0, pres 1, def32 1, gran 1
> processor eflags =3D interrupt enabled, resume, IOPL =3D 0
> current process =3D 99777 (sh)
> trap number =3D 12
> panic: page fault
> cpuid =3D 0; lapic.id =3D 00000000
> Stack backtrace:
> backtrace(c032ff8e,0,c03394ce,e74e3b68,1) at 0xc01d86a7 =3D backtrace+0x17
> panic(c03394ce,c0342131,cfe5496c,1,1) at 0xc01d87ba =3D panic+0x10a
> trap_fatal(e74e3c34,14,c03422ba,2e3,cfe4fa50) at 0xc02fa672 =3D trap_fata=
l+0x322
> trap_pfault(e74e3c34,0,14,c035a038,14) at 0xc02fa322 =3D trap_pfault+0x1c2
> trap(18,10,10,cf19c3f8,cf76b9ec) at 0xc02f9e9d =3D trap+0x3cd
> calltrap() at 0xc02e2cd8 =3D calltrap+0x5
> --- trap 0xc, eip =3D 0xc01c3eec, esp =3D 0xe74e3c74, ebp =3D 0xe74e3cbc =
---
> fork1(cfe4fa50,14,0,e74e3cd4,cfe54858) at 0xc01c3eec =3D fork1+0x3fc
> fork(cfe4fa50,e74e3d10,c03422ba,404,0) at 0xc01c3852 =3D fork+0x52
> syscall(2f,2f,2f,0,80ff000) at 0xc02fa98e =3D syscall+0x26e
> Xint0x80_syscall() at 0xc02e2d2d =3D Xint0x80_syscall+0x1d
> --- syscall (2), eip =3D 0x807ba9f, esp =3D 0xbfbff6bc, ebp =3D 0xbfbff6e=
8 ---
> boot() called on cpu#0
>=20
> --=20
> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG | TCP/IP since RFC 956
> FreeBSD committer | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetenc=
e.
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
--dFWYt1i2NyOo1oI9
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+amInWry0BWjoQKURAlRGAJwOAAQ/CA5t+U0OMdYGHVaWdOyhYgCgkffG
SrGZFoCS/TPBBaD4AuUP0+c=
=2l59
-----END PGP SIGNATURE-----
--dFWYt1i2NyOo1oI9--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030308213535.GE56020>