Bug 18952

Summary: fdesc-related panic
Product: Base System Reporter: Christian Weisgerber <naddy>
Component: kernAssignee: chris <chris>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   

Description Christian Weisgerber 2000-06-01 20:10:00 UTC 
An unpriviledged user can accidentally panic the system with a
completely innocuous command.

----------------
#0  boot (howto=256) at ../../kern/kern_shutdown.c:303
#1  0xc0164599 in panic (fmt=0xc0267e4f "page fault")
    at ../../kern/kern_shutdown.c:553
#2  0xc023333e in trap_fatal (frame=0xc6155d74, eva=52)
    at ../../i386/i386/trap.c:927
#3  0xc0232ff1 in trap_pfault (frame=0xc6155d74, usermode=0, eva=52)
    at ../../i386/i386/trap.c:820
#4  0xc0232b7f in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
      tf_edi = -976731072, tf_esi = -971678188, tf_ebp = -971678248,
      tf_isp = -971678304, tf_ebx = -971678208, tf_edx = 0, tf_ecx = 13,
      tf_eax = -971678268, tf_trapno = 12, tf_err = 0, tf_eip = -1063880518,
      tf_cs = 8, tf_eflags = 66195, tf_esp = -971678268, tf_ss = -971678208})
    at ../../i386/i386/trap.c:426
#5  0xc09678ba in ?? ()
#6  0xc01995ea in vn_open (ndp=0xc6155ecc, fmode=1026, cmode=420)
    at vnode_if.h:305
#7  0xc019561d in open (p=0xc5c84440, uap=0xc6155f80)
    at ../../kern/vfs_syscalls.c:995
#8  0xc02335f1 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
      tf_edi = 8, tf_esi = 672161560, tf_ebp = -1077937912,
      tf_isp = -971677740, tf_ebx = 672096100, tf_edx = 672161560,
      tf_ecx = 15, tf_eax = 5, tf_trapno = 12, tf_err = 2, tf_eip = 672013048,
      tf_cs = 31, tf_eflags = 643, tf_esp = -1077937956, tf_ss = 47})
    at ../../i386/i386/trap.c:1126
#9  0xc02278a8 in Xint0x80_syscall ()
----------------
#
# BIGEYE -- bigeye.rhein-neckar.de (5.0-CURRENT)
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246 2000/03/09 16:32:55 jlemon Exp $
#
# 2000-03-25 naddy

machine		i386
cpu		I586_CPU
ident		BIGEYE
maxusers	32

makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols

options 	INCLUDE_CONFIG_FILE     # Include this file in kernel

options 	AUTO_EOI_1
options 	AUTO_EOI_2

options 	INET			#InterNETworking
options 	FFS			#Berkeley Fast Filesystem
options 	FFS_ROOT		#FFS usable as root device [keep this!]
options 	SOFTUPDATES
options 	MFS			#Memory Filesystem
options 	NFS			#Network Filesystem
options 	CD9660			#ISO 9660 Filesystem
options 	PROCFS			#Process filesystem
options 	KERNFS			#Kernel filesystem
options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
options 	SCSI_DELAY=10000	#Delay (in ms) before probing SCSI
options 	UCONSOLE		#Allow users to grab the console
options 	KTRACE			#ktrace(1) support
options 	DDB			#Enable the kernel debugger
options 	DDB_UNATTENDED		#Don't drop into DDB for a panic
options 	SYSVSHM			#SYSV-style shared memory
options 	SYSVMSG			#SYSV-style message queues
options 	SYSVSEM			#SYSV-style semaphores
options 	P1003_1B		#Posix P1003_1B real-time extentions
options 	_KPOSIX_PRIORITY_SCHEDULING
options 	ICMP_BANDLIM		#Rate limit bad replies

device		isa
device		pci

# Floppy drives
device		fdc0	at isa? port IO_FD1 irq 6 drq 2
device		fd0	at fdc0 drive 0

# SCSI Controllers
device		sym		# NCR/Symbios Logic (newer chipsets)

# SCSI peripherals
device		scbus		# SCSI bus (required)
device		da		# Direct Access (disks)
device		sa		# Sequential Access (tape etc)
device		cd		# CD
device		pass		# Passthrough device (direct SCSI access)

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc0	at isa? port IO_KBD
device		atkbd0	at atkbdc? irq 1
device		psm0	at atkbdc? irq 12

device		vga0	at isa?

# splash screen/screen saver
pseudo-device	splash

# syscons is the default console driver, resembling an SCO console
device		sc0	at isa?
options 	SC_ALT_MOUSE_IMAGE	# simplified mouse cursor in text mode
options 	SC_DISABLE_REBOOT	# disable reboot key sequence

# Floating point support - do not disable.
device		npx0	at nexus? port IO_NPX irq 13

# Serial (COM) ports
device		sio0	at isa? port IO_COM1 flags 0x10 irq 4
device		sio1	at isa? port IO_COM2 irq 3

# Parallel port
device		ppc0	at isa? irq 7
device		ppbus		# Parallel port bus (required)
device		lpt		# Printer

# PCI Ethernet NICs.
device		fxp		# Intel EtherExpress PRO/100B (82557, 82558)

# Sound
device		pcm		# For PnP/PCI sound cards

# Pseudo devices - the number indicates how many units to allocated.
pseudo-device	loop		# Network loopback
pseudo-device	ether		# Ethernet support
pseudo-device	tun		# Packet tunnel.
pseudo-device	pty		# Pseudo-ttys (telnet etc)
pseudo-device	vn		#Vnode driver (turns a file into a device)

# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device	bpf		#Berkeley packet filter
----------------

How-To-Repeat: 
$ fetch -o - http://sites.inka.de/mips/unix/freebsd/xterm.shar | sh
Comment 1 chris freebsd_committer freebsd_triage 2000-06-02 06:19:11 UTC 
Responsible Changed
From-To: freebsd-bugs->chris

I'm the guilty party.
Comment 2 chris freebsd_committer freebsd_triage 2000-06-02 08:04:57 UTC 
State Changed
From-To: open->closed

Committed a fix for this problem.