From owner-freebsd-stable@FreeBSD.ORG  Thu Aug 10 08:01:56 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 95BDF16A4DF
	for <freebsd-stable@freebsd.org>; Thu, 10 Aug 2006 08:01:56 +0000 (UTC)
	(envelope-from m.ehinger@ltur.de)
Received: from postx.gateway-inter.net (postx.gateway-inter.net
	[213.144.19.80])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3D2AF43D45
	for <freebsd-stable@freebsd.org>; Thu, 10 Aug 2006 08:01:56 +0000 (GMT)
	(envelope-from m.ehinger@ltur.de)
In-Reply-To: <44D92774.8030204@mawer.org>
To: Antony Mawer <fbsd-stable@mawer.org>
From: m.ehinger@ltur.de
MIME-Version: 1.0
Message-ID: <OF887CFFCA.93C95699-ONC12571C6.002B598B-C12571C6.002C1C72@gateway-inter.net>
Date: Thu, 10 Aug 2006 10:01:59 +0200
Content-transfer-encoding: quoted-printable
Content-type: text/plain; charset=ISO-8859-1
Cc: freebsd-stable@freebsd.org
Subject: Re: ncplogin panic
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Aug 2006 08:01:56 -0000

Antony Mawer <fbsd-stable@mawer.org> schrieb am 09.08.2006 02:08:20:


> Okay. What version of Netware are you using? What are the step-by-ste=
p
> procedures you are following in order to reproduce this (from step 1 =
as
> logging in to Netware or mounting the volume)?


We're using Netware Verion 6.5 over TCP/IP only.

Step 1. load ncp.ko, mount volume (mount_nwfs -A ... )
Step 2. cp /netwarefile /localfolder

Here is what strace gives me:

Script started on Thu Aug 10 10:02:46 2006
execve(0xbfbfe828, [0xbfbfed0c], [/* 0 vars */]) =3D 0
mmap(0, 3904, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0) =3D 0x28074000
munmap(0x28074000, 3904)                =3D 0
__sysctl([...], 0x28070b98, 0xbfbfeab4, NULL, 0) =3D 0
mmap(0, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) =3D 0=
x28074000
issetugid(0)                            =3D 0
open("/etc/libmap.conf", O_RDONLY)      =3D -1 ENOENT (No such file or =
directory)
open("/var/run/ld-elf.so.hints", O_RDONLY) =3D 3
read(3, "_ALL\0%s:\n\0\t%o =3D> %p (%x)\n\0\t%o (%"..., 128) =3D 128
lseek(3, 128, SEEK_SET)                 =3D 128
read(3, "/lib:/usr/lib:/usr/lib/compat:/u"..., 188) =3D 188
close(3)                                =3D 0
access("/lib/libc.so.6", F_OK)          =3D 0
open("/lib/libc.so.6", O_RDONLY)        =3D 3
fstat(3, {st_mode=3D0, st_size=3D0, ...})   =3D 0
read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\352"..., 4=
096) =3D 4096
mmap(0, 937984, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_NOCORE, 3, 0) =3D =
0x2807c000
mprotect(0x28144000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) =3D 0
mprotect(0x28144000, 4096, PROT_READ|PROT_EXEC) =3D 0
mmap(0x28145000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,=
 0xc9000) =3D 0x28145000
mmap(0x2814b000, 90112, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP=
_ANON, -1, 0) =3D 0x2814b000
close(3)                                =3D 0
sysarch(0xa, 0xbfbfeb30)                =3D 0
mmap(0, 584, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0) =3D 0x28161000
munmap(0x28161000, 584)                 =3D 0
mmap(0, 22792, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0) =3D 0x28161000
munmap(0x28161000, 22792)               =3D 0
sigprocmask(SIG_BLOCK, ~[ILL TRAP ABRT EMT FPE BUS SEGV SYS], []) =3D 0=

sigprocmask(SIG_SETMASK, [], NULL)      =3D 0
syscall_416(0x1d, 0xbfbfeaf0, 0xbfbfead0) =3D 0
stat("/root", {st_mode=3D0, st_size=3D4294967297, ...}) =3D 0
umask(0777)                             =3D 022
umask(022)                              =3D 0777
readlink("/etc/malloc.conf", "=B0=CB", 63)  =3D 2
issetugid(0x2806f598)                   =3D 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) =3D 0x=
28161000
break(0x805d000)                        =3D 0
break(0x805e000)                        =3D 0
break(0x805f000)                        =3D 0
break(0x8060000)                        =3D 0
stat("file", {st_mode=3DS_IFREG|0755, st_size=3D12, ...}) =3D 0
stat("/root/file", {st_mode=3D0, st_size=3D4294967297, ...}) =3D 0
open("file", O_RDONLY)                  =3D 3
open("/root/file", O_WRONLY|O_TRUNC)    =3D 4
mmap(0, 12, PROT_READ, MAP_SHARED, 3, 0) =3D -1 EINVAL (Invalid argumen=
t)
write(2, "\0\0\0\0", 4cp: )                 =3D 4
write(2, "\0\0\0\0", 4file)                 =3D 4
write(2, ": ", 2: )                       =3D 2
write(2, "\0: path too long\n", 17Invalid argument
)     =3D 17
close(3)                                =3D 0
close(4)                                =3D 0
exit(1)                                 =3D ?

Script done on Thu Aug 10 10:02:46 2006=