Fatal trap 12 in kern/kern_descrip.c:2346

Robert Watson rwatson at freebsd.org
Sun Jun 13 04:45:28 GMT 2004

On Sun, 13 Jun 2004, Tim Robbins wrote:

> > Well, this is certainly a NULL pointer dereference in the sysctl code
> > exporting file descriptor information to user space (perhaps for fstat?). 
> > The question is what is NULL.  It looks like you have a dump -- could you
> > convert sysctl_kern_file+0x105 to a line number?  It's likely that it is
> > line 2346 of kern_descrip.c, which follows the process pointer to its
> > ucred.  If so, could you use gdb on the dump to inspect *p?
> ISTR he included the output of "print *p" on his web page.
> I think the problem here is that we put processes onto the allproc list
> in fork1() before they're properly initialised (or we unlock the allproc
> sx too early.) 

Hmm.  I noticed, though, that p_flag is set to P_CONTROLT and P_WEXIT, so
my initial suspicion was actually exit1().

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Senior Research Scientist, McAfee Research

More information about the freebsd-current mailing list