GENERIC HEAD from Feb 5 09:19 UTC + FULL_PREEMPTION + mpsafe_vfs = 1 , vmcore.167
Deadlock.

GDB: no debug ports present
KDB: debugger backends: ddb
KDB: current backend: ddb
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD 6.0-CURRENT #0: Sat Feb  5 17:54:46 CET 2005
    pho@current.osted.lan:/usr/src/sys/i386/compile/PHO
WARNING: WITNESS option enabled, expect reduced performance.
ACPI APIC Table: <A M I  OEMAPIC >
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU 1.80GHz (1799.14-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0xf13  Stepping = 3
  Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM>
real memory  = 267583488 (255 MB)
avail memory = 252379136 (240 MB)
:
mount root from ufs:/dev/ad0s1a
rl0: link state changed to DOWN
~KDB: enter: Line break on console
[thread pid 10348 tid 100184 ]
Stopped at      kdb_enter+0x2b: nop
db> where
Tracing pid 10348 tid 100184 td 0xc20395c0
kdb_enter(c0843801) at kdb_enter+0x2b
siointr1(c1696400,c095e3e0,0,c0843611,56f) at siointr1+0xce
siointr(c1696400) at siointr+0x21
intr_execute_handlers(c1510090,cf282d44,4,bfbfe9b8,c07ad0c3) at intr_execute_handlers+0x9d
lapic_handle_intr(34) at lapic_handle_intr+0x2e
Xapic_isr1() at Xapic_isr1+0x33
--- interrupt, eip = 0x8048f2a, esp = 0xbfbfe9a0, ebp = 0xbfbfe9b8 ---
db> show pcpu
cpuid        = 0
curthread    = 0xc20395c0: pid 10348 "swap"
curpcb       = 0xcf282da0
fpcurthread  = none
idlethread   = 0xc151f5c0: pid 11 "idle: cpu0"
APIC ID      = 0
currentldt   = 0x30
spin locks held:
db> show alllocks
Process 10385 (sh) thread 0xc2413170 (100301)
exclusive sleep mutex process lock r = 0 (0xc1f51068) locked @ kern/kern_fork.c:300
exclusive sx allproc r = 0 (0xc08f6360) locked @ kern/kern_fork.c:287
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10372 (tcp) thread 0xc2095730 (100255)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10370 (tcp) thread 0xc189d730 (100115)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10369 (tcp) thread 0xc2725730 (100451)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10368 (tcp) thread 0xc2726a10 (100479)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10367 (tcp) thread 0xc1f2a170 (100141)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10366 (tcp) thread 0xc27268a0 (100478)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10365 (tcp) thread 0xc2413b80 (100308)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10346 (sysctl) thread 0xc2729cf0 (100549)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 551 (top) thread 0xc189d000 (100110)
exclusive sx sysctl lock r = 0 (0xc08f6920) locked @ kern/kern_sysctl.c:1335
Process 448 (cron) thread 0xc162b8a0 (100066)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
db> call print_uptime
Uptime: 2h12m2s
0x3
db> c
~KDB: enter: Line break on console
[thread pid 10348 tid 100184 ]
Stopped at      kdb_enter+0x2b: nop
db> call print_uptime
Uptime: 3h1m53s
0x4
db> where
Tracing pid 10348 tid 100184 td 0xc20395c0
kdb_enter(c0843801) at kdb_enter+0x2b
siointr1(c1696400,c095e3e0,0,c0843611,56f) at siointr1+0xce
siointr(c1696400) at siointr+0x21
intr_execute_handlers(c1510090,cf282d44,4,bfbfe9b8,c07ad0c3) at intr_execute_handlers+0x9d
lapic_handle_intr(34) at lapic_handle_intr+0x2e
Xapic_isr1() at Xapic_isr1+0x33
--- interrupt, eip = 0x8048f30, esp = 0xbfbfe9a0, ebp = 0xbfbfe9b8 ---
db> show alllocks
Process 10385 (sh) thread 0xc2413170 (100301)
exclusive sleep mutex process lock r = 0 (0xc1f51068) locked @ kern/kern_fork.c:300
exclusive sx allproc r = 0 (0xc08f6360) locked @ kern/kern_fork.c:287
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10372 (tcp) thread 0xc2095730 (100255)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10370 (tcp) thread 0xc189d730 (100115)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10369 (tcp) thread 0xc2725730 (100451)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10368 (tcp) thread 0xc2726a10 (100479)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10367 (tcp) thread 0xc1f2a170 (100141)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10366 (tcp) thread 0xc27268a0 (100478)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10365 (tcp) thread 0xc2413b80 (100308)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 10346 (sysctl) thread 0xc2729cf0 (100549)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
Process 551 (top) thread 0xc189d000 (100110)
exclusive sx sysctl lock r = 0 (0xc08f6920) locked @ kern/kern_sysctl.c:1335
Process 448 (cron) thread 0xc162b8a0 (100066)
shared sx proctree r = 0 (0xc08f63a0) locked @ kern/kern_fork.c:278
db> where 10385
Tracing pid 10385 tid 100301 td 0xc2413170
sched_switch(c2413170,0,2) at sched_switch+0x17f
mi_switch(2,0,c08f62a0,0,c0826d29) at mi_switch+0x264
critical_exit(c08cb1a0) at critical_exit+0x86
intr_execute_handlers(c08cb1a0,cf43fc08,cf43fc6c,c1f51000,7) at intr_execute_handlers+0xba
atpic_handle_intr(0) at atpic_handle_intr+0x92
Xatpic_intr0() at Xatpic_intr0+0x20
--- interrupt, eip = 0xc0613637, esp = 0xcf43fc4c, ebp = 0xcf43fc58 ---
lim_rlimit(c1f51000,7,cf43fc6c,8,c0822ad4) at lim_rlimit+0x3b
lim_cur(c1f51000,7) at lim_cur+0x15
fork1(c2413170,14,0,cf43fce4,c1f51068) at fork1+0x19c
fork(c2413170,cf43fd14,0,3,246) at fork+0x18
syscall(2f,2f,2f,806824c,806a000) at syscall+0x213
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (2, FreeBSD ELF32, fork), eip = 0x281279b3, esp = 0xbfbfe90c, ebp = 0xbfbfe928 ---
db> show pcpu
cpuid        = 0
curthread    = 0xc20395c0: pid 10348 "swap"
curpcb       = 0xcf282da0
fpcurthread  = none
idlethread   = 0xc151f5c0: pid 11 "idle: cpu0"
APIC ID      = 0
currentldt   = 0x30
spin locks held:
db> call doadump
Dumping 255 MB
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240
Dump complete
0xf
db> reset

(kgdb) p *(struct sx *)0xc08f63a0
$1 = {sx_object = {lo_class = 0xc088774c, lo_name = 0xc0824d21 "proctree", lo_type = 0xc0824d21 "proctree", lo_flags = 0x3b0000, lo_list = {
      tqe_next = 0xc08f63e0, tqe_prev = 0xc08f6370}, lo_witness = 0xc0907618}, sx_lock = 0xc08f51f8, sx_cnt = 0xa, sx_shrd_cv = {
    cv_description = 0xc0824d21 "proctree", cv_waiters = 0x0}, sx_shrd_wcnt = 0x0, sx_excl_cv = {cv_description = 0xc0824d21 "proctree",
    cv_waiters = 0x0}, sx_excl_wcnt = 0x0, sx_xholder = 0x0}
(kgdb) btp 10385
 frame 0 at 0xcf43fb50: ebp cf43fba0, eip 0xc061a718 <mi_switch+612>:   add    $0xc,%esp
 frame 1 at 0xcf43fba0: ebp cf43fbc4, eip 0xc0625926 <critical_exit+134>:       push   $0x254
 frame 2 at 0xcf43fbc4: ebp cf43fbe4, eip 0xc07b0a5a <intr_execute_handlers+186>:       add    $0x4,%esp
 frame 3 at 0xcf43fbe4: ebp cf43fc00, eip 0xc07c15ae <atpic_handle_intr+146>:   lea    0xfffffff4(%ebp),%esp
 frame 4 at 0xcf43fc00: ebp cf43fc58, eip 0xc07acda0 <Xatpic_intr0+32>: add    $0x4,%esp
 frame 5 at 0xcf43fc58: ebp cf43fc7c, eip 0xc06135f1 <lim_cur+21>:      mov    0xfffffff0(%ebp),%eax
 frame 6 at 0xcf43fc7c: ebp cf43fccc, eip 0xc0600640 <fork1+412>:       add    $0x8,%esp
 frame 7 at 0xcf43fccc: ebp cf43fcec, eip 0xc060032c <fork+24>: mov    %eax,%edx
 frame 8 at 0xcf43fcec: ebp cf43fd40, eip 0xc07bf223 <syscall+531>:     mov    %eax,%ebx
(kgdb) btp 10372
 frame 0 at 0xcf361bbc: ebp cf361c0c, eip 0xc061a718 <mi_switch+612>:   add    $0xc,%esp
 frame 1 at 0xcf361c0c: ebp cf361c24, eip 0xc0631c4c <sleepq_switch+224>:       add    $0x8,%esp
 frame 2 at 0xcf361c24: ebp cf361c30, eip 0xc0631e2c <sleepq_wait+48>:  push   $0x220
 frame 3 at 0xcf361c30: ebp cf361c58, eip 0xc05f12fd <cv_wait+377>:     mov    (%ebx),%eax
 frame 4 at 0xcf361c58: ebp cf361c74, eip 0xc0619b0c <_sx_xlock+104>:   decl   0x38(%ebx)
 frame 5 at 0xcf361c74: ebp cf361ccc, eip 0xc06005d7 <fork1+307>:       mov    0x8(%ebp),%eax
 frame 6 at 0xcf361ccc: ebp cf361cec, eip 0xc060032c <fork+24>: mov    %eax,%edx
 frame 7 at 0xcf361cec: ebp cf361d40, eip 0xc07bf223 <syscall+531>:     mov    %eax,%ebx
(kgdb) btp 10370
 frame 0 at 0xcf0d2bbc: ebp cf0d2c0c, eip 0xc061a718 <mi_switch+612>:   add    $0xc,%esp
 frame 1 at 0xcf0d2c0c: ebp cf0d2c24, eip 0xc0631c4c <sleepq_switch+224>:       add    $0x8,%esp
 frame 2 at 0xcf0d2c24: ebp cf0d2c30, eip 0xc0631e2c <sleepq_wait+48>:  push   $0x220
 frame 3 at 0xcf0d2c30: ebp cf0d2c58, eip 0xc05f12fd <cv_wait+377>:     mov    (%ebx),%eax
 frame 4 at 0xcf0d2c58: ebp cf0d2c74, eip 0xc0619b0c <_sx_xlock+104>:   decl   0x38(%ebx)
 frame 5 at 0xcf0d2c74: ebp cf0d2ccc, eip 0xc06005d7 <fork1+307>:       mov    0x8(%ebp),%eax
 frame 6 at 0xcf0d2ccc: ebp cf0d2cec, eip 0xc060032c <fork+24>: mov    %eax,%edx
 frame 7 at 0xcf0d2cec: ebp cf0d2d40, eip 0xc07bf223 <syscall+531>:     mov    %eax,%ebx
(kgdb) btp 10369
 frame 0 at 0xcf698bbc: ebp cf698c0c, eip 0xc061a718 <mi_switch+612>:   add    $0xc,%esp
 frame 1 at 0xcf698c0c: ebp cf698c24, eip 0xc0631c4c <sleepq_switch+224>:       add    $0x8,%esp
 frame 2 at 0xcf698c24: ebp cf698c30, eip 0xc0631e2c <sleepq_wait+48>:  push   $0x220
 frame 3 at 0xcf698c30: ebp cf698c58, eip 0xc05f12fd <cv_wait+377>:     mov    (%ebx),%eax
 frame 4 at 0xcf698c58: ebp cf698c74, eip 0xc0619b0c <_sx_xlock+104>:   decl   0x38(%ebx)
 frame 5 at 0xcf698c74: ebp cf698ccc, eip 0xc06005d7 <fork1+307>:       mov    0x8(%ebp),%eax
 frame 6 at 0xcf698ccc: ebp cf698cec, eip 0xc060032c <fork+24>: mov    %eax,%edx
 frame 7 at 0xcf698cec: ebp cf698d40, eip 0xc07bf223 <syscall+531>:     mov    %eax,%ebx
(kgdb) btp 10368
 frame 0 at 0xcf6dabbc: ebp cf6dac0c, eip 0xc061a718 <mi_switch+612>:   add    $0xc,%esp
 frame 1 at 0xcf6dac0c: ebp cf6dac24, eip 0xc0631c4c <sleepq_switch+224>:       add    $0x8,%esp
 frame 2 at 0xcf6dac24: ebp cf6dac30, eip 0xc0631e2c <sleepq_wait+48>:  push   $0x220
 frame 3 at 0xcf6dac30: ebp cf6dac58, eip 0xc05f12fd <cv_wait+377>:     mov    (%ebx),%eax
 frame 4 at 0xcf6dac58: ebp cf6dac74, eip 0xc0619b0c <_sx_xlock+104>:   decl   0x38(%ebx)
 frame 5 at 0xcf6dac74: ebp cf6daccc, eip 0xc06005d7 <fork1+307>:       mov    0x8(%ebp),%eax
 frame 6 at 0xcf6daccc: ebp cf6dacec, eip 0xc060032c <fork+24>: mov    %eax,%edx
 frame 7 at 0xcf6dacec: ebp cf6dad40, eip 0xc07bf223 <syscall+531>:     mov    %eax,%ebx
(kgdb) btp 10367
 frame 0 at 0xcf171bbc: ebp cf171c0c, eip 0xc061a718 <mi_switch+612>:   add    $0xc,%esp
 frame 1 at 0xcf171c0c: ebp cf171c24, eip 0xc0631c4c <sleepq_switch+224>:       add    $0x8,%esp
 frame 2 at 0xcf171c24: ebp cf171c30, eip 0xc0631e2c <sleepq_wait+48>:  push   $0x220
 frame 3 at 0xcf171c30: ebp cf171c58, eip 0xc05f12fd <cv_wait+377>:     mov    (%ebx),%eax
 frame 4 at 0xcf171c58: ebp cf171c74, eip 0xc0619b0c <_sx_xlock+104>:   decl   0x38(%ebx)
 frame 5 at 0xcf171c74: ebp cf171ccc, eip 0xc06005d7 <fork1+307>:       mov    0x8(%ebp),%eax
 frame 6 at 0xcf171ccc: ebp cf171cec, eip 0xc060032c <fork+24>: mov    %eax,%edx
 frame 7 at 0xcf171cec: ebp cf171d40, eip 0xc07bf223 <syscall+531>:     mov    %eax,%ebx
(kgdb) btp 10366
 frame 0 at 0xcf6d7bbc: ebp cf6d7c0c, eip 0xc061a718 <mi_switch+612>:   add    $0xc,%esp
 frame 1 at 0xcf6d7c0c: ebp cf6d7c24, eip 0xc0631c4c <sleepq_switch+224>:       add    $0x8,%esp
 frame 2 at 0xcf6d7c24: ebp cf6d7c30, eip 0xc0631e2c <sleepq_wait+48>:  push   $0x220
 frame 3 at 0xcf6d7c30: ebp cf6d7c58, eip 0xc05f12fd <cv_wait+377>:     mov    (%ebx),%eax
 frame 4 at 0xcf6d7c58: ebp cf6d7c74, eip 0xc0619b0c <_sx_xlock+104>:   decl   0x38(%ebx)
 frame 5 at 0xcf6d7c74: ebp cf6d7ccc, eip 0xc06005d7 <fork1+307>:       mov    0x8(%ebp),%eax
 frame 6 at 0xcf6d7ccc: ebp cf6d7cec, eip 0xc060032c <fork+24>: mov    %eax,%edx
 frame 7 at 0xcf6d7cec: ebp cf6d7d40, eip 0xc07bf223 <syscall+531>:     mov    %eax,%ebx
(kgdb) btp 10365
 frame 0 at 0xcf454bbc: ebp cf454c0c, eip 0xc061a718 <mi_switch+612>:   add    $0xc,%esp
 frame 1 at 0xcf454c0c: ebp cf454c24, eip 0xc0631c4c <sleepq_switch+224>:       add    $0x8,%esp
 frame 2 at 0xcf454c24: ebp cf454c30, eip 0xc0631e2c <sleepq_wait+48>:  push   $0x220
 frame 3 at 0xcf454c30: ebp cf454c58, eip 0xc05f12fd <cv_wait+377>:     mov    (%ebx),%eax
 frame 4 at 0xcf454c58: ebp cf454c74, eip 0xc0619b0c <_sx_xlock+104>:   decl   0x38(%ebx)
 frame 5 at 0xcf454c74: ebp cf454ccc, eip 0xc06005d7 <fork1+307>:       mov    0x8(%ebp),%eax
 frame 6 at 0xcf454ccc: ebp cf454cec, eip 0xc060032c <fork+24>: mov    %eax,%edx
 frame 7 at 0xcf454cec: ebp cf454d40, eip 0xc07bf223 <syscall+531>:     mov    %eax,%ebx
(kgdb) btp 10346
 frame 0 at 0xcf764bbc: ebp cf764c0c, eip 0xc061a718 <mi_switch+612>:   add    $0xc,%esp
 frame 1 at 0xcf764c0c: ebp cf764c24, eip 0xc0631c4c <sleepq_switch+224>:       add    $0x8,%esp
 frame 2 at 0xcf764c24: ebp cf764c30, eip 0xc0631e2c <sleepq_wait+48>:  push   $0x220
 frame 3 at 0xcf764c30: ebp cf764c58, eip 0xc05f12fd <cv_wait+377>:     mov    (%ebx),%eax
 frame 4 at 0xcf764c58: ebp cf764c74, eip 0xc0619b0c <_sx_xlock+104>:   decl   0x38(%ebx)
 frame 5 at 0xcf764c74: ebp cf764ccc, eip 0xc06005d7 <fork1+307>:       mov    0x8(%ebp),%eax
 frame 6 at 0xcf764ccc: ebp cf764cec, eip 0xc060032c <fork+24>: mov    %eax,%edx
 frame 7 at 0xcf764cec: ebp cf764d40, eip 0xc07bf223 <syscall+531>:     mov    %eax,%ebx
 (kgdb) btp 551
 frame 0 at 0xcf0c3adc: ebp cf0c3b2c, eip 0xc061a718 <mi_switch+612>:   add    $0xc,%esp
 frame 1 at 0xcf0c3b2c: ebp cf0c3b44, eip 0xc0631c4c <sleepq_switch+224>:       add    $0x8,%esp
 frame 2 at 0xcf0c3b44: ebp cf0c3b50, eip 0xc0631e2c <sleepq_wait+48>:  push   $0x220
 frame 3 at 0xcf0c3b50: ebp cf0c3b78, eip 0xc05f12fd <cv_wait+377>:     mov    (%ebx),%eax
 frame 4 at 0xcf0c3b78: ebp cf0c3b94, eip 0xc0619968 <_sx_slock+104>:   decl   0x2c(%ebx)
 frame 5 at 0xcf0c3b94: ebp cf0c3bc0, eip 0xc060f7f0 <sysctl_kern_proc+332>:    movl   $0x0,0xffffffe8(%ebp)
 frame 6 at 0xcf0c3bc0: ebp cf0c3bec, eip 0xc061bd53 <sysctl_root+283>: mov    %eax,%edx
 frame 7 at 0xcf0c3bec: ebp cf0c3c40, eip 0xc061bf24 <userland_sysctl+244>:     mov    %eax,%ebx
 frame 8 at 0xcf0c3c40: ebp cf0c3cec, eip 0xc061bddb <__sysctl+119>:    mov    %eax,%ebx
 frame 9 at 0xcf0c3cec: ebp cf0c3d40, eip 0xc07bf223 <syscall+531>:     mov    %eax,%ebx
(kgdb) btp 448
 frame 0 at 0xcc706bbc: ebp cc706c0c, eip 0xc061a718 <mi_switch+612>:   add    $0xc,%esp
 frame 1 at 0xcc706c0c: ebp cc706c24, eip 0xc0631c4c <sleepq_switch+224>:       add    $0x8,%esp
 frame 2 at 0xcc706c24: ebp cc706c30, eip 0xc0631e2c <sleepq_wait+48>:  push   $0x220
 frame 3 at 0xcc706c30: ebp cc706c58, eip 0xc05f12fd <cv_wait+377>:     mov    (%ebx),%eax
 frame 4 at 0xcc706c58: ebp cc706c74, eip 0xc0619b0c <_sx_xlock+104>:   decl   0x38(%ebx)
 frame 5 at 0xcc706c74: ebp cc706ccc, eip 0xc06005d7 <fork1+307>:       mov    0x8(%ebp),%eax
 frame 6 at 0xcc706ccc: ebp cc706cec, eip 0xc060032c <fork+24>: mov    %eax,%edx
 frame 7 at 0xcc706cec: ebp cc706d40, eip 0xc07bf223 <syscall+531>:     mov    %eax,%ebx
(kgdb) p *(struct thread *)0xc2413170
$3 = {td_proc = 0xc1f51000, td_ksegrp = 0xc184b8a0, td_plist = {tqe_next = 0x0, tqe_prev = 0xc1f51010}, td_kglist = {tqe_next = 0x0,
    tqe_prev = 0xc184b8ac}, td_slpq = {tqe_next = 0x0, tqe_prev = 0xcc70fc4c}, td_lockq = {tqe_next = 0x0, tqe_prev = 0xcf416c28},
  td_runq = {tqe_next = 0x0, tqe_prev = 0xc184b8b4}, td_selq = {tqh_first = 0x0, tqh_last = 0x0}, td_sleepqueue = 0xc1e68580,
  td_turnstile = 0xc2042800, td_tid = 0x187cd, td_flags = 0x1000000, td_inhibitors = 0x0, td_pflags = 0x0, td_dupfd = 0x0, td_wchan = 0x0,
  td_wmesg = 0x0, td_lastcpu = 0x0, td_oncpu = 0xff, td_locks = 0x0, td_blocked = 0x0, td_ithd = 0x0, td_lockname = 0x0, td_contested = {
    lh_first = 0x0}, td_sleeplocks = 0xc0943528, td_intr_nesting_level = 0x1, td_pinned = 0x0, td_mailbox = 0x0, td_ucred = 0xc1ab7900,
  td_standin = 0x0, td_upcall = 0x0, td_sticks = 0x3, td_uuticks = 0x0, td_usticks = 0x0, td_intrval = 0x0, td_oldsigmask = {__bits = {0x0,
      0x0, 0x0, 0x0}}, td_sigmask = {__bits = {0x0, 0x0, 0x0, 0x0}}, td_siglist = {__bits = {0x0, 0x0, 0x0, 0x0}}, td_waitset = 0x0,
  td_umtxq = 0x0, td_generation = 0x7, td_sigstk = {ss_sp = 0x0, ss_size = 0x0, ss_flags = 0x4}, td_kflags = 0x0, td_xsig = 0x0,
  td_profil_addr = 0x0, td_profil_ticks = 0x0, td_base_pri = 0xd8, td_priority = 0xd8, td_pcb = 0xcf43fda0, td_state = TDS_RUNQ,
  td_retval = {0x0, 0x0}, td_slpcallout = {c_links = {sle = {sle_next = 0xc156d83c}, tqe = {tqe_next = 0xc156d83c, tqe_prev = 0xc65bc710}},
    c_time = 0x5056ce, c_arg = 0xc2413170, c_func = 0xc0632284 <sleepq_timeout>, c_flags = 0xa}, td_frame = 0xcf43fd48,
  td_kstack_obj = 0xc1e969cc, td_kstack = 0xcf43e000, td_kstack_pages = 0x2, td_altkstack_obj = 0x0, td_altkstack = 0x0,
  td_altkstack_pages = 0x0, td_critnest = 0x2, td_md = {md_savecrit = 0x46}, td_sched = 0xc24132bc}
(kgdb) l *fork1+412
0xc0600640 is in fork1 (../../../kern/kern_fork.c:301).
(kgdb) l kern_fork.c:280
277             /* We have to lock the process tree while we look for a pid. */
278             sx_slock(&proctree_lock);
279
280             /*
281              * Although process entries are dynamically created, we still keep
282              * a global limit on the maximum number we will create.  Don't allow
283              * a nonprivileged user to use the last ten processes; don't let root
284              * exceed the limit. The variable nprocs is the current number of
285              * processes, maxproc is the limit.
286              */
287             sx_xlock(&allproc_lock);
288             uid = td->td_ucred->cr_ruid;
289             if ((nprocs >= maxproc - 10 &&
290                 suser_cred(td->td_ucred, SUSER_RUID) != 0) ||
291                 nprocs >= maxproc) {
292                   error = EAGAIN;
293                   goto fail;
294             }
295
296             /*
297              * Increment the count of procs running with this uid. Don't allow
298              * a nonprivileged user to exceed their current limit.
299              */
300             PROC_LOCK(p1);
301             ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1,
302                   (uid != 0) ? lim_cur(p1, RLIMIT_NPROC) : 0);
303             PROC_UNLOCK(p1);
304             if (!ok) {
305                   error = EAGAIN;
306                   goto fail;
307             }
308
309             /*
310              * Increment the nprocs resource before blocking can occur.  There
311              * are hard-limits as to the number of processes that can run.
312              */
313             nprocs++;
(kgdb) l *sysctl_kern_proc+332
0xc060f7f0 is in sysctl_kern_proc (../../../kern/kern_proc.c:960).
955             }
956             error = sysctl_wire_old_buffer(req, 0);
957             if (error != 0)
958                   return (error);
959             sx_slock(&allproc_lock);
960             for (doingzomb=0 ; doingzomb < 2 ; doingzomb++) {
961                   if (!doingzomb)
962                     p = LIST_FIRST(&allproc);
963                   else
964                     p = LIST_FIRST(&zombproc);
(kgdb) p allproc_lock
$4 = {sx_object = {lo_class = 0xc088774c, lo_name = 0xc0824d19 "allproc", lo_type = 0xc0824d19 "allproc", lo_flags = 0x3b0000, lo_list = {
      tqe_next = 0xc08f63a0, tqe_prev = 0xc0952250}, lo_witness = 0xc09075f0}, sx_lock = 0xc08f59fc, sx_cnt = 0xffffffff, sx_shrd_cv = {
    cv_description = 0xc0824d19 "allproc", cv_waiters = 0x9}, sx_shrd_wcnt = 0x9, sx_excl_cv = {cv_description = 0xc0824d19 "allproc",
    cv_waiters = 0x9}, sx_excl_wcnt = 0x9, sx_xholder = 0xc2413170}
(kgdb) p/d (*(struct proc *)0xc1f51000).p_pid
$6 = 10385