Date: Thu, 1 Jun 2000 21:05:18 +0200 (CEST) From: Christian Weisgerber <naddy@mips.inka.de> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/18952: fdesc-related panic Message-ID: <200006011905.VAA01256@bigeye.mips.inka.de>
next in thread | raw e-mail | index | archive | help
>Number: 18952 >Category: kern >Synopsis: fdesc-related panic >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jun 01 12:10:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Christian Weisgerber >Release: FreeBSD 5.0-CURRENT i386 >Organization: UUGRN >Environment: fdesc mounted on /dev/fd. fdesc was loaded as a module. Tested for 5.0-CURRENT i386 from May 18 and May 30. >Description: An unpriviledged user can accidentally panic the system with a completely innocuous command. ---------------- #0 boot (howto=256) at ../../kern/kern_shutdown.c:303 #1 0xc0164599 in panic (fmt=0xc0267e4f "page fault") at ../../kern/kern_shutdown.c:553 #2 0xc023333e in trap_fatal (frame=0xc6155d74, eva=52) at ../../i386/i386/trap.c:927 #3 0xc0232ff1 in trap_pfault (frame=0xc6155d74, usermode=0, eva=52) at ../../i386/i386/trap.c:820 #4 0xc0232b7f in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, tf_edi = -976731072, tf_esi = -971678188, tf_ebp = -971678248, tf_isp = -971678304, tf_ebx = -971678208, tf_edx = 0, tf_ecx = 13, tf_eax = -971678268, tf_trapno = 12, tf_err = 0, tf_eip = -1063880518, tf_cs = 8, tf_eflags = 66195, tf_esp = -971678268, tf_ss = -971678208}) at ../../i386/i386/trap.c:426 #5 0xc09678ba in ?? () #6 0xc01995ea in vn_open (ndp=0xc6155ecc, fmode=1026, cmode=420) at vnode_if.h:305 #7 0xc019561d in open (p=0xc5c84440, uap=0xc6155f80) at ../../kern/vfs_syscalls.c:995 #8 0xc02335f1 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 8, tf_esi = 672161560, tf_ebp = -1077937912, tf_isp = -971677740, tf_ebx = 672096100, tf_edx = 672161560, tf_ecx = 15, tf_eax = 5, tf_trapno = 12, tf_err = 2, tf_eip = 672013048, tf_cs = 31, tf_eflags = 643, tf_esp = -1077937956, tf_ss = 47}) at ../../i386/i386/trap.c:1126 #9 0xc02278a8 in Xint0x80_syscall () ---------------- # # BIGEYE -- bigeye.rhein-neckar.de (5.0-CURRENT) # # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246 2000/03/09 16:32:55 jlemon Exp $ # # 2000-03-25 naddy machine i386 cpu I586_CPU ident BIGEYE maxusers 32 makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols options INCLUDE_CONFIG_FILE # Include this file in kernel options AUTO_EOI_1 options AUTO_EOI_2 options INET #InterNETworking options FFS #Berkeley Fast Filesystem options FFS_ROOT #FFS usable as root device [keep this!] options SOFTUPDATES options MFS #Memory Filesystem options NFS #Network Filesystem options CD9660 #ISO 9660 Filesystem options PROCFS #Process filesystem options KERNFS #Kernel filesystem options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options SCSI_DELAY=10000 #Delay (in ms) before probing SCSI options UCONSOLE #Allow users to grab the console options KTRACE #ktrace(1) support options DDB #Enable the kernel debugger options DDB_UNATTENDED #Don't drop into DDB for a panic options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options P1003_1B #Posix P1003_1B real-time extentions options _KPOSIX_PRIORITY_SCHEDULING options ICMP_BANDLIM #Rate limit bad replies device isa device pci # Floppy drives device fdc0 at isa? port IO_FD1 irq 6 drq 2 device fd0 at fdc0 drive 0 # SCSI Controllers device sym # NCR/Symbios Logic (newer chipsets) # SCSI peripherals device scbus # SCSI bus (required) device da # Direct Access (disks) device sa # Sequential Access (tape etc) device cd # CD device pass # Passthrough device (direct SCSI access) # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc0 at isa? port IO_KBD device atkbd0 at atkbdc? irq 1 device psm0 at atkbdc? irq 12 device vga0 at isa? # splash screen/screen saver pseudo-device splash # syscons is the default console driver, resembling an SCO console device sc0 at isa? options SC_ALT_MOUSE_IMAGE # simplified mouse cursor in text mode options SC_DISABLE_REBOOT # disable reboot key sequence # Floating point support - do not disable. device npx0 at nexus? port IO_NPX irq 13 # Serial (COM) ports device sio0 at isa? port IO_COM1 flags 0x10 irq 4 device sio1 at isa? port IO_COM2 irq 3 # Parallel port device ppc0 at isa? irq 7 device ppbus # Parallel port bus (required) device lpt # Printer # PCI Ethernet NICs. device fxp # Intel EtherExpress PRO/100B (82557, 82558) # Sound device pcm # For PnP/PCI sound cards # Pseudo devices - the number indicates how many units to allocated. pseudo-device loop # Network loopback pseudo-device ether # Ethernet support pseudo-device tun # Packet tunnel. pseudo-device pty # Pseudo-ttys (telnet etc) pseudo-device vn #Vnode driver (turns a file into a device) # The `bpf' pseudo-device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! pseudo-device bpf #Berkeley packet filter ---------------- >How-To-Repeat: $ fetch -o - http://sites.inka.de/mips/unix/freebsd/xterm.shar | sh >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006011905.VAA01256>