Date: Sun, 25 Oct 1998 01:25:30 +0930 (CST) From: Kris Kennaway <kkennawa@physics.adelaide.edu.au> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: current@FreeBSD.ORG Subject: Re: nestea v2 against freebsd 3.0-Release (fwd) Message-ID: <Pine.OSF.4.05.9810250123360.658-100000@mercury.physics.adelaide.edu.au> In-Reply-To: <199810240856.BAA23322@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 24 Oct 1998, Don Lewis wrote:
> } rootshell.com has a .tgz containing a linux compiled binary - that's the one I
> } ran [1]. Perhaps it was the linuxulator which crashed me, instead of what the
> } program itself did.
>
> Could be. Can you get a stack trace, either with DDB, or with a crash dump
> and gdb?
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd),
Copyright 1996 Free Software Foundation, Inc...
IdlePTD 2801664
initial pcb at 257b1c
panicstr: from debugger
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x13
fault code = supervisor read, page not present
instruction pointer = 0x8:0xf0180ebc
stack pointer = 0x10:0xf2c7dd3c
frame pointer = 0x10:0xf2c7dd60
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 353 (nestea2)
interrupt mask =
panic: from debugger
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x13
fault code = supervisor read, page not present
instruction pointer = 0x8:0xf0180ebc
stack pointer = 0x10:0xf2c7dd3c
frame pointer = 0x10:0xf2c7dd60
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 353 (nestea2)
interrupt mask =
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x13
fault code = supervisor read, page not present
instruction pointer = 0x8:0xf0180ebc
stack pointer = 0x10:0xf2c7dd3c
frame pointer = 0x10:0xf2c7dd60
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 353 (nestea2)
interrupt mask =
panic: from debugger
dumping to dev 30001, offset 39104
dump 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
---
#0 boot (howto=260) at ../../kern/kern_shutdown.c:268
268 dumppcb.pcb_cr3 = rcr3();
(kgdb) where
#0 boot (howto=260) at ../../kern/kern_shutdown.c:268
#1 0xf012f5e8 in at_shutdown (function=0xf0227772 <db_panic_cmd+22>,
arg=0xf2c7dc34, queue=-267277140) at ../../kern/kern_shutdown.c:430
#2 0xf011acfd in db_panic (addr=-266858820, have_addr=0, count=-1,
modif=0xf2c7dbbc "") at ../../ddb/db_command.c:432
#3 0xf011acac in db_command (last_cmdp=0xf0240c34, cmd_table=0xf0240a94,
aux_cmd_tablep=0xf02550b4) at ../../ddb/db_command.c:332
#4 0xf011ad62 in db_command_loop () at ../../ddb/db_command.c:454
#5 0xf011d4f3 in db_trap (type=12, code=0) at ../../ddb/db_trap.c:71
#6 0xf01e545d in kdb_trap (type=12, code=0, regs=0xf2c7dd00)
at ../../i386/i386/db_interface.c:157
#7 0xf01f13eb in trap_fatal (frame=0xf2c7dd00) at ../../i386/i386/trap.c:874
#8 0xf01f10e4 in trap_pfault (frame=0xf2c7dd00, usermode=0)
at ../../i386/i386/trap.c:772
#9 0xf01f0d27 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -263534592,
tf_esi = -263533804, tf_ebp = -221782688, tf_isp = -221782744,
tf_ebx = 0, tf_edx = 0, tf_ecx = 0, tf_eax = 0, tf_trapno = 12,
tf_err = 0, tf_eip = -266858820, tf_cs = 8, tf_eflags = 66118,
tf_esp = -263533804, tf_ss = -266075918}) at ../../i386/i386/trap.c:396
#10 0xf0180ebc in ip_reass (m=0xf04ac800, fp=0xf04acb14, where=0xf025bfc8)
at ../../netinet/ip_input.c:802
#11 0xf0180c3f in ip_input (m=0xf04ac800) at ../../netinet/ip_input.c:585
#12 0xf0181bdb in ipintr () at ../../netinet/ip_input.c:669
#13 0xf01e72c9 in swi_net_next ()
#14 0xf0148c40 in sendit (p=0xf2c69880, s=3, mp=0xf2c7debc, flags=0)
at ../../kern/uipc_syscalls.c:484
#15 0xf0148e8b in sendmsg (p=0xf2c69880, uap=0xf2c7defc)
at ../../kern/uipc_syscalls.c:632
#16 0xf0222a5b in linux_sendto_hdrincl (p=0xf2c69880, bsd_args=0xf2c7df1c)
at ../../i386/linux/linux_socket.c:245
#17 0xf0223435 in linux_socketcall (p=0xf2c69880, args=0xf2c7df84)
at ../../i386/linux/linux_socket.c:624
#18 0xf01f15f7 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = -272639092,
tf_esi = 0, tf_ebp = 16, tf_isp = -221782060, tf_ebx = 11, tf_edx = 11,
tf_ecx = -272639160, tf_eax = 102, tf_trapno = 12, tf_err = 2,
tf_eip = 671593638, tf_cs = 31, tf_eflags = 534, tf_esp = -272639180,
tf_ss = 39}) at ../../i386/i386/trap.c:1031
#19 0xf01e5dec in Xint0x80_syscall ()
Cannot access memory at address 0x10.
(kgdb) quit
> } [1] This might not have been so bright :-)
>
> Hmn, yes. Running binaries of unknown origin as root. I wonder what
> backdoors it installed ...
Would be interesting if it installed some linux backdoor and the emulator
emulated it enough to work :-) I'm not all that worried in this case, though
Kris
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.05.9810250123360.658-100000>