From owner-freebsd-bugs Sun Mar 4 2:50: 7 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id DBA1537B71A for ; Sun, 4 Mar 2001 02:50:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f24Ao1C81682; Sun, 4 Mar 2001 02:50:01 -0800 (PST) (envelope-from gnats) Received: from uffdaonline.net (host34.uffdaonline.net [207.109.235.34]) by hub.freebsd.org (Postfix) with ESMTP id 8A71E37B718 for ; Sun, 4 Mar 2001 02:47:40 -0800 (PST) (envelope-from zach@uffdaonline.net) Received: by uffdaonline.net (Postfix, from userid 1000) id 3F65AA7B; Sun, 4 Mar 2001 04:47:42 -0600 (CST) Message-Id: <20010304104742.3F65AA7B@uffdaonline.net> Date: Sun, 4 Mar 2001 04:47:42 -0600 (CST) From: zach@uffdaonline.net Reply-To: zach@uffdaonline.net To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/25519: -STABLE crash from ordinary user (newpcm related) Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 25519 >Category: kern >Synopsis: -STABLE crash from ordinary user (newpcm related) >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 04 02:50:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Zach N. Heilig >Release: FreeBSD 4.2-STABLE i386 >Organization: none >Environment: >Description: simply: panic: page fault (that's the only message after the current time from /etc/rc and before 'synching disks...') >How-To-Repeat: compile and run this code (as any user that has read/write access to the sound driver): --- snip --- #include #include #include #include #include #include void fast_writer(void); void slow_reader(void); void wakeup(int s) { } int main(void) { sigset_t none; int child; child = fork(); if (child == 0) fast_writer(); /* let the writer set up the channel properly... */ signal(SIGUSR1, wakeup); sigemptyset(&none); sigsuspend(&none); /* and let it get a bit ahead... */ sleep(5); slow_reader(); return 0; } void fast_writer(void) { int parent; int fd; int format = AFMT_S16_LE; int speed = 44100; int bits = 16; int stereo = 1; char out[17640]; parent = getppid(); memset(out, 0, sizeof out); fprintf(stderr, "pid %d\n", getpid()); fd = open("/dev/dsp", O_WRONLY); if (fd == -1) { perror("fast_writer: unable to open /dev/dsp"); kill(parent, SIGUSR1); exit(1); } ioctl(fd, SNDCTL_DSP_SETFMT, &format); ioctl(fd, SNDCTL_DSP_SPEED, &speed); ioctl(fd, SNDCTL_DSP_SAMPLESIZE, &bits); ioctl(fd, SNDCTL_DSP_STEREO, &stereo); fprintf(stderr, "fast_writer: starting loop\n"); kill(parent, SIGUSR1); while (1) { write(fd, out, sizeof out); write(STDOUT_FILENO, ">", 1); } } void slow_reader(void) { int cnt; int fd; int in[1600]; fprintf(stderr, "pid %d\n", getpid()); open("/dev/dspW", O_WRONLY); fd = open("/dev/dspW", O_RDONLY); if (fd == -1) { perror("slow_reader: unable to open /dev/dsp"); exit(1); } fprintf(stderr, "slow_reader: starting loop\n"); for (cnt = 0; cnt < 10; ++cnt) { read(fd, in, sizeof in); write(STDOUT_FILENO, "<", 1); } exit(0); } --- snip --- >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message