From owner-freebsd-current Thu Oct 3 7:52:37 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 40FDB37B401 for ; Thu, 3 Oct 2002 07:52:33 -0700 (PDT) Received: from smtp-send.myrealbox.com (smtp-send.myrealbox.com [192.108.102.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D11D43E7B for ; Thu, 3 Oct 2002 07:52:32 -0700 (PDT) (envelope-from qhwt@myrealbox.com) Received: from localhost qhwt@smtp-send.myrealbox.com [61.214.225.193] by smtp-send.myrealbox.com with NetMail SMTP Agent $Revision: 3.12 $ on Novell NetWare; Thu, 03 Oct 2002 08:52:35 -0600 Date: Thu, 3 Oct 2002 23:52:36 +0900 From: qhwt@myrealbox.com To: current@freebsd.org Subject: panic trying to chroot(2) on a script(?) Message-ID: <20021003145236.GA633.qhwt@myrealbox.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="vtzGhvizbBRQ85DL" Content-Disposition: inline User-Agent: Mutt/1.5.1i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello. Last night I was trying to start an anonymous ftp server on my -current box for my local network. I made a mistake in vipw: ftp:*:44444:44444:Unprivileged user:/sbin/nologin:/home/mp3 i.e., wrote a path to a script where directory is needed, and directory where path to shell is needed. Without noticing, I started ftpd in standalone mode, and logged in as user ftp, when the box panicked: # /usr/libexec/ftpd -AD # ftp -4 localhost On 4.7-RC1 box, this just spewed an error message in /var/log/messages and didn't panic, and man 2 chroot doesn't state it should. If there's something other than the backtrace(attached), let me know it. Regards. --vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=panic Content-Transfer-Encoding: quoted-printable Script started on Thu Oct 3 23:27:19 2002 qhwt@gzl$ gdb -k /usr/obj/kernel/kernel.debug vmcore.14=0D=0D GNU gdb 5.2.0 (FreeBSD) 20020627=0D Copyright 2002 Free Software Foundation, Inc.=0D GDB is free software, covered by the GNU General Public License, and you ar= e=0D welcome to change it and/or distribute copies of it under certain condition= s.=0D Type "show copying" to see the conditions.=0D There is absolutely no warranty for GDB. Type "show warranty" for details.= =0D This GDB was configured as "i386-undermydesk-freebsd"...=0D panic: bdwrite: buffer is not busy=0D panic messages:=0D ---=0D panic: vrele: negative ref cnt=0D =0D syncing disks... panic: bdwrite: buffer is not busy=0D Uptime: 5m31s=0D Dumping 63 MB=0D ata0: resetting devices ..=0D ata0: mask=3D03 ostat0=3D50 ostat2=3D00=0D ad0: ATAPI 00 00=0D ata0-slave: ATAPI 00 00=0D ata0: mask=3D03 stat0=3D50 stat1=3D00=0D ad0: ATA 01 a5=0D ata0: devices=3D01=0D ad0: success setting PIO4 on generic chip=0D done=0D 16 32 48=0D ---=0D #0 doadump () at /home/usr.src/sys/kern/kern_shutdown.c:223=0D 223 dumping++;=0D (kgdb) bt=0D #0 doadump () at /home/usr.src/sys/kern/kern_shutdown.c:223=0D #1 0xc0198625 in boot (howto=3D260)=0D at /home/usr.src/sys/kern/kern_shutdown.c:355=0D #2 0xc0198873 in panic () at /home/usr.src/sys/kern/kern_shutdown.c:508=0D #3 0xc01d725d in bdwrite (bp=3D0xc223edd0)=0D at /home/usr.src/sys/kern/vfs_bio.c:952=0D #4 0xc0273d4b in ffs_update (vp=3D0xc13cb6f0, waitfor=3D0)=0D at /home/usr.src/sys/ufs/ffs/ffs_inode.c:125=0D #5 0xc028702f in ffs_fsync (ap=3D0xc73a1ab0)=0D at /home/usr.src/sys/ufs/ffs/ffs_vnops.c:309=0D #6 0xc0286b89 in VOP_FSYNC (vp=3D0x0, cred=3D0x0, waitfor=3D0, td=3D0x0)=0D at vnode_if.h:612=0D #7 0xc0286014 in ffs_sync (mp=3D0xc0f9f800, waitfor=3D2, cred=3D0xc0726d80= , =0D td=3D0xc033e460) at /home/usr.src/sys/ufs/ffs/ffs_vfsops.c:1127=0D #8 0xc01ebd38 in sync (td=3D0xc033e460, uap=3D0x0)=0D at /home/usr.src/sys/kern/vfs_syscalls.c:130=0D #9 0xc019820c in boot (howto=3D256)=0D at /home/usr.src/sys/kern/kern_shutdown.c:264=0D #10 0xc0198873 in panic () at /home/usr.src/sys/kern/kern_shutdown.c:508=0D #11 0xc01e8618 in vrele (vp=3D0xc0fce4a0)=0D at /home/usr.src/sys/kern/vfs_subr.c:2163=0D #12 0xc01eb7a9 in NDFREE (ndp=3D0xc73a1c78, flags=3D0)=0D at /home/usr.src/sys/kern/vfs_subr.c:3590=0D ---Type to continue, or q to quit---=0D #13 0xc01ec8d3 in chroot (td=3D0xc142f0c0, uap=3D0x0)=0D at /home/usr.src/sys/kern/vfs_syscalls.c:564=0D #14 0xc02de39a in syscall (frame=3D=0D {tf_fs =3D 47, tf_es =3D 47, tf_ds =3D 47, tf_edi =3D 126, tf_esi =3D= -1077936868, tf_ebp =3D -1077939528, tf_isp =3D -952492684, tf_ebx =3D 0, = tf_edx =3D -1, tf_ecx =3D 2, tf_eax =3D 61, tf_trapno =3D 0, tf_err =3D 2, = tf_eip =3D 672269963, tf_cs =3D 31, tf_eflags =3D 514, tf_esp =3D -10779419= 08, tf_ss =3D 47})=0D at /home/usr.src/sys/i386/i386/trap.c:1050=0D #15 0xc02ce9bd in Xint0x80_syscall () at {standard input}:140=0D ---Can't read userspace from dump, or kernel process---=0D =0D (kgdb) frame 11=0D #11 0xc01e8618 in vrele (vp=3D0xc0fce4a0)=0D at /home/usr.src/sys/kern/vfs_subr.c:2163=0D 2163 panic("vrele: negative ref cnt");=0D (kgdb) print vp->v_usecount=0D $1 =3D 0=0D (kgdb) print *vp=0D $2 =3D {v_interlock =3D {mtx_object =3D {lo_class =3D 0xc0342920, =0D lo_name =3D 0xc030b67b "vnode interlock", =0D lo_type =3D 0xc030b67b "vnode interlock", lo_flags =3D 196608, lo_lis= t =3D {=0D tqe_next =3D 0x0, tqe_prev =3D 0x0}, lo_witness =3D 0x0}, mtx_lock = =3D 4, =0D mtx_recurse =3D 0, mtx_blocked =3D {tqh_first =3D 0x0, tqh_last =3D 0xc= 0fce4c4}, =0D mtx_contested =3D {le_next =3D 0x0, le_prev =3D 0x0}, mtx_acqtime =3D 0= , =0D mtx_filename =3D 0x0, mtx_lineno =3D 0}, v_iflag =3D 256, v_usecount = =3D 0, =0D v_numoutput =3D 0, v_vxproc =3D 0x0, v_holdcnt =3D 0, v_cleanblkhd =3D {= =0D tqh_first =3D 0x0, tqh_last =3D 0xc0fce4f8}, v_cleanblkroot =3D 0x0, =0D v_dirtyblkhd =3D {tqh_first =3D 0x0, tqh_last =3D 0xc0fce504}, =0D v_dirtyblkroot =3D 0x0, v_vflag =3D 8, v_writecount =3D 0, v_object =3D 0= xc14522bc, =0D v_lastw =3D 0, v_cstart =3D 0, v_lasta =3D 0, v_clen =3D 0, v_un =3D {=0D vu_mountedhere =3D 0x0, vu_socket =3D 0x0, vu_spec =3D {vu_specinfo =3D= 0x0, =0D vu_specnext =3D {sle_next =3D 0x0}}, vu_fifoinfo =3D 0x0}, v_freelist= =3D {=0D tqe_next =3D 0x0, tqe_prev =3D 0xc13ca2f0}, v_nmntvnodes =3D {tqe_next = =3D 0x0, =0D tqe_prev =3D 0xc0fd2b10}, v_synclist =3D {le_next =3D 0x0, =0D le_prev =3D 0xc0f6912c}, v_type =3D VREG, v_tag =3D 0xc0321a29 "ufs", = =0D v_data =3D 0xc14b9800, v_lock =3D {lk_interlock =3D 0xc036f728, lk_flags = =3D 64, =0D lk_sharecount =3D 0, lk_waitcount =3D 0, lk_exclusivecount =3D 0, lk_pr= io =3D 72, =0D lk_wmesg =3D 0xc0321c77 "inode", lk_timo =3D 6, lk_lockholder =3D -1}, = =0D v_vnlock =3D 0xc0fce564, v_op =3D 0xc0f7ca00, v_mount =3D 0xc0fa4a00, =0D v_cache_src =3D {lh_first =3D 0x0}, v_cache_dst =3D {tqh_first =3D 0xc13d= 68c0, =0D tqh_last =3D 0xc13d68d0}, v_id =3D 2506, v_dd =3D 0xc0fce4a0, v_ddid = =3D 0, =0D ---Type to continue, or q to quit---=0D v_pollinfo =3D 0x0, v_label =3D {l_flags =3D 0, l_perpolicy =3D {{l_ptr = =3D 0x0, =0D l_long =3D 0}, {l_ptr =3D 0x0, l_long =3D 0}, {l_ptr =3D 0x0, l_lon= g =3D 0}, {=0D l_ptr =3D 0x0, l_long =3D 0}}}, v_cachedfs =3D 29696, =0D v_cachedid =3D 4294967295}=0D (kgdb) qhwt@gzl$ ^D=08=08 Script done on Thu Oct 3 23:28:34 2002 --vtzGhvizbBRQ85DL-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message