With my sysctl(KERN_PROC2) work, I'm getting panics on i386 like

	uvm_fault(0xc028e4c0, 0xc9c13000, 0, 1) -> 1
	kernel: page fault trap, code=0
	Stopped in ps at        fill_kproc2+0x585:      movl    0xd8(%eax),%eax

and on pmax like

	trap: TLB miss (load or instr. fetch) in kernel mode
	status=0x47c03, cause=0x30000308, epc=0x8006a698, vaddr=0xc6fb0194
	pid=2986 cmd=ps usp=0x7fffd6e0 ksp=0xc6fad990
	Stopped in ps at        fill_eproc+0x850:       lw      v1,216(v0)

when I try to fetch data out of p->p_stats in a zombie process.  I
thought that some part of the process address space must be unmapped,
but what was confusing me was the the normal ps(1) was still showing
fields from p->p_stats (eg start time).  It turns out that the user
struct is getting unmapped in uvm_exit() - is it possible that a read
of an address from /dev/kmem will return valid data even if it has been
unmapped in the kernel?  This would explain why ps(1) still works...

If so, how does the following one line patch look?

Another question - how important is the start time of a zombie?  If
people want it, it needs to be moved inside 'struct proc'.

Simon.
--
Index: uvm_glue.c
===================================================================
RCS file: /cvsroot/syssrc/sys/uvm/uvm_glue.c,v
retrieving revision 1.32
diff -p -u -r1.32 uvm_glue.c
--- uvm_glue.c	2000/03/30 12:31:50	1.32
+++ uvm_glue.c	2000/05/22 13:54:39
@@ -359,6 +359,7 @@ uvm_exit(p)
 
 	uvmspace_free(p->p_vmspace);
 	uvm_km_free(kernel_map, (vaddr_t)p->p_addr, USPACE);
+	p->p_addr = NULL;
 }
 
 /*