From owner-freebsd-bugs Wed Aug 28 11:40:16 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E40237B401 for ; Wed, 28 Aug 2002 11:40:06 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DA1B43E3B for ; Wed, 28 Aug 2002 11:40:06 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7SIe5JU029206 for ; Wed, 28 Aug 2002 11:40:05 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7SIe5Pp029205; Wed, 28 Aug 2002 11:40:05 -0700 (PDT) Date: Wed, 28 Aug 2002 11:40:05 -0700 (PDT) Message-Id: <200208281840.g7SIe5Pp029205@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Arnvid Karstad Subject: Re: i386/42046: System crashes Reply-To: Arnvid Karstad Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR i386/42046; it has been noted by GNATS. From: Arnvid Karstad To: Giorgos Keramidas Cc: bug-followup@FreeBSD.org Subject: Re: i386/42046: System crashes Date: Wed, 28 Aug 2002 20:31:06 +0200 --- Fatal trap 12: page fault while in kernel mode fault virtual address = 0x18 fault code = supervisor write, page not present instruction pointer = 0x8:0xc021d1cd stack pointer = 0x10:0xfefc9c60 frame pointer = 0x10:0xfefc9c64 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 131 (find) interrupt mask = none trap number = 12 --- This kinda got a bit worse now... after a bit of testing .. it seems this local user doable... meaning any user being able to log in can do this as an denial of service attack... no user will even be logged... the crash dump from the latest test #0 0xc015ff86 in dumpsys () #1 0xc015fd50 in boot () #2 0xc016019d in panic () #3 0xc0249b94 in trap_fatal () #4 0xc0249829 in trap_pfault () #5 0xc02493bb in trap () #6 0xc021d1cd in _vm_object_allocate () #7 0xc021d360 in vm_object_allocate () #8 0xc0222eb1 in vnode_pager_alloc () #9 0xc018bc41 in vop_stdcreatevobject () #10 0xc018b8f5 in vop_defaultop () #11 0xc0213acd in ufs_vnoperate () #12 0xc018fbf2 in vfs_object_create () #13 0xc018c769 in namei () #14 0xc0195301 in vn_open () #15 0xc0191314 in open () #16 0xc0249e05 in syscall2 () #17 0xc023d6b5 in Xint0x80_syscall () Help? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message