Date: Mon, 16 Oct 1995 00:34:08 +0200 From: Heikki Suonsivu <hsu@clinet.fi> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/782: fchmod, null pointer dereference Message-ID: <199510152234.AAA03482@katiska.clinet.fi> Resent-Message-ID: <199510152240.PAA13186@freefall.freebsd.org>
index | next in thread | raw e-mail
>Number: 782
>Category: kern
>Synopsis: chmod does a null pointer dereference
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Oct 15 15:40:01 PDT 1995
>Last-Modified:
>Originator: Heikki Suonsivu
>Organization:
Clinet, Espoo, Finland
>Release: FreeBSD 2.1-STABLE
>Environment:
Oct 15 23:25:22 katiska /kernel: CPU: 90-MHz Pentium 735\90 (Pentium-class CPU)
Oct 15 23:25:22 katiska /kernel: Origin = "GenuineIntel" Id = 0x524 Stepping=4
Oct 15 23:25:22 katiska /kernel: Features=0x1bf<FPU,VME,PSE,MCE,CX8,APIC>
Oct 15 23:25:23 katiska /kernel: real memory = 67108864 (65536K bytes)
Oct 15 23:25:23 katiska /kernel: avail memory = 62484480 (61020K bytes)
Oct 15 23:25:23 katiska /kernel: Probing for devices on the ISA bus:
Oct 15 23:25:23 katiska /kernel: ed0 at 0x280-0x29f irq 5 maddr 0xd8000 msize 16384 on isa
Oct 15 23:25:23 katiska /kernel: ed0: address 00:00:c0:cd:b9:a3, type WD8013EPC (16 bit)
Oct 15 23:25:23 katiska /kernel: vt0 at 0x60-0x6f irq 1 on motherboard
Oct 15 23:25:23 katiska /kernel: vt0: unkown s3, 80 col, mono, 8 scr, mf2-kbd, [R3.20-b24]
Oct 15 23:25:23 katiska /kernel: lpt0 at 0x378-0x37f irq 7 on isa
Oct 15 23:25:23 katiska /kernel: lpt0: Interrupt-driven port
Oct 15 23:25:23 katiska /kernel: lp0: TCP/IP capable interface
Oct 15 23:25:23 katiska /kernel: lpt1 not found at 0xffffffff
Oct 15 23:25:23 katiska /kernel: lpt2 not found at 0xffffffff
Oct 15 23:25:23 katiska /kernel: sio0 at 0x3f8-0x3ff irq 4 on isa
Oct 15 23:25:23 katiska /kernel: sio0: type 16550A
Oct 15 23:25:23 katiska /kernel: sio1 at 0x2f8-0x2ff irq 3 on isa
Oct 15 23:25:23 katiska /kernel: sio1: type 16550A
Oct 15 23:25:23 katiska /kernel: sio2 not found at 0x3e8
Oct 15 23:25:23 katiska /kernel: sio3 not found at 0x2e8
Oct 15 23:25:23 katiska /kernel: pca0 on isa
Oct 15 23:25:23 katiska /kernel: pca0: PC speaker audio driver
Oct 15 23:25:23 katiska /kernel: bt0 not found at 0x330
Oct 15 23:25:23 katiska /kernel: aha0 not found at 0x330
Oct 15 23:25:23 katiska /kernel: wdc0 not found at 0x1f0
Oct 15 23:25:23 katiska /kernel: wdc1 not found at 0x170
Oct 15 23:25:23 katiska /kernel: fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
Oct 15 23:25:24 katiska /kernel: fdc0: NEC 72065B
Oct 15 23:25:24 katiska /kernel: fd0: 1.44MB 3.5in
Oct 15 23:25:24 katiska /kernel: mcd0: timeout getting status
Oct 15 23:25:24 katiska /kernel: mcd0 not found at 0x300
Oct 15 23:25:24 katiska /kernel: le0: no board found at 0x300
Oct 15 23:25:24 katiska /kernel: le0 not found at 0x300
Oct 15 23:25:24 katiska /kernel: npx0 on motherboard
Oct 15 23:25:24 katiska /kernel: npx0: INT 16 interface
Oct 15 23:25:24 katiska /kernel: matcdc0 not found at 0xffffffff
Oct 15 23:25:24 katiska /kernel: matcdc1 not found at 0xffffffff
Oct 15 23:25:24 katiska /kernel: matcdc2 not found at 0xffffffff
Oct 15 23:25:24 katiska /kernel: matcdc3 not found at 0xffffffff
Oct 15 23:25:24 katiska /kernel: bio_imask c0000040 tty_imask c00300ba net_imask c00300ba
Oct 15 23:25:24 katiska /kernel: Probing for devices on the PCI bus:
Oct 15 23:25:24 katiska /kernel: chip0 <Intel 82434NX (Neptune) PCI cache memory controller> rev 17 on pci0:0
Oct 15 23:25:24 katiska /kernel: chip1 <Intel 82378IB PCI-ISA bridge> rev 67 on pci0:2
Oct 15 23:25:24 katiska /kernel: vga0 <Display device> rev 0 on pci0:6
Oct 15 23:25:24 katiska /kernel: ncr0 <ncr 53c810 scsi> rev 2 int a irq 9 on pci0:12
Oct 15 23:25:24 katiska /kernel: ncr0 waiting for scsi devices to settle
Oct 15 23:25:24 katiska /kernel: (ncr0:0:0): "SEAGATE ST15230N 0298" type 0 fixed SCSI 2
Oct 15 23:25:25 katiska /kernel: sd0(ncr0:0:0): Direct-Access
Oct 15 23:25:25 katiska /kernel: sd0(ncr0:0:0): FAST SCSI-2 100ns (10 Mb/sec) offset 8.
Oct 15 23:25:25 katiska /kernel: 4095MB (8386733 512 byte sectors)
Oct 15 23:25:25 katiska /kernel: sd0(ncr0:0:0): with 3992 cyls, 19 heads, and an average 110 sectors/track
Oct 15 23:25:25 katiska /kernel: (ncr0:3:0): "SEAGATE ST31200N 9348" type 0 fixed SCSI 2
Oct 15 23:25:25 katiska /kernel: sd3(ncr0:3:0): Direct-Access
Oct 15 23:25:25 katiska /kernel: sd3(ncr0:3:0): FAST SCSI-2 100ns (10 Mb/sec) offset 8.
Oct 15 23:25:25 katiska /kernel: 1011MB (2072435 512 byte sectors)
Oct 15 23:25:25 katiska /kernel: sd3(ncr0:3:0): with 2700 cyls, 9 heads, and an average 85 sectors/track
Oct 15 23:25:25 katiska /kernel: (ncr0:4:0): "HP C1533A 9503" type 1 removable SCSI 2
Oct 15 23:25:25 katiska /kernel: st4(ncr0:4:0): Sequential-Access
Oct 15 23:25:25 katiska /kernel: st4(ncr0:4:0): FAST SCSI-2 100ns (10 Mb/sec) offset 8.
Oct 15 23:25:25 katiska /kernel: density code 0x24, variable blocks, write-enabled
Oct 15 23:25:25 katiska /kernel: ncr1 <ncr 53c810 scsi> rev 1 int a irq 9 on pci0:14
Oct 15 23:25:25 katiska /kernel: ncr1 waiting for scsi devices to settle
Oct 15 23:25:25 katiska /kernel: (ncr1:3:0): "SEAGATE ST15230N 0168" type 0 fixed SCSI 2
Oct 15 23:25:25 katiska /kernel: sd7(ncr1:3:0): Direct-Access
Oct 15 23:25:25 katiska /kernel: sd7(ncr1:3:0): FAST SCSI-2 100ns (10 Mb/sec) offset 8.
Oct 15 23:25:25 katiska /kernel: 4095MB (8386733 512 byte sectors)
Oct 15 23:25:25 katiska /kernel: sd7(ncr1:3:0): with 3992 cyls, 19 heads, and an average 110 sectors/track
Oct 15 23:25:25 katiska /kernel: changing root device to sd0a
Oct 15 23:25:25 katiska /kernel: WARNING: / was not properly dismounted.
Oct 15 23:25:25 katiska /kernel: sd7: invalid primary partition table: no magic
#
# CLINETSERVER - a bloated kernel for servers, include everything possible
#
# $Id: LINT,v 1.150 1995/03/04 21:09:21 jkh Exp $
#
#
# This directive is mandatory; it defines the architecture to be
# configured for; in this case, the 386 family. You must also specify
# at least one CPU (the one you intend to run on); deleting the
# specification for CPUs you don't need to use may make parts of the
# system run faster
#
# clinet: we have got all of these
machine "i386"
cpu "I386_CPU"
cpu "I486_CPU"
cpu "I586_CPU" # aka Pentium(tm)
#
# This is the ``identification'' of the kernel. Usually this should
# be the same as the name of your kernel.
#
ident CLINETSERVER
#
# The `maxusers' parameter controls the static sizing of a number of
# internal system tables by a complicated formula defined in param.c.
#
maxusers 256
options "NMBCLUSTERS=2048"
options "TTYHOG=4096"
options "RS_IBUFSIZE=1024"
#
# Under some circumstances it is necessary to make the default max
# number of proccesses per user and open files per user more than the
# defaults on bootup. (an example is a large news server in which
# the uid, news, can sometimes need > 100 simultaneous processes running)
# clinet: or hoggy administrators with gazillion xterms (yes, I have run out
# of 128 processes :-)
options "CHILD_MAX=256"
options "OPEN_MAX=256"
#
# A math emulator is mandatory if you wish to run on hardware which
# does not have a floating-point processor. Pick either the original,
# bogus (but freely-distributable) math emulator, or a much more
# fully-featured but GPL-licensed emulator taken from Linux.
#
options MATH_EMULATE #Support for x87 emulation
#options GPL_MATH_EMULATE #Support for x87 emualtion via
#new math emulator
#
# This directive defines a number of things:
# - The compiled kernel is to be called `kernel'
# - The root filesystem might be on partition wd0a
# - The kernel can swap on wd0b and sd0b, defaulting to the former
# - Crash dumps will be written to wd0b, if possible
#
# clinet: we use 4 disks per server, swap distributed on all of them (speeds
# up considerably). Dumps may go to sd0.
config kernel root on wd0 swap on wd0 and wd1 and sd0 and sd1 and sd2 and sd3 and vn0 dumps on sd0
#####################################################################
# COMPATIBILITY OPTIONS
#
# Implement system calls compatible with 4.3BSD and older versions of
# FreeBSD.
#
options "COMPAT_43"
#
# Allow user-mode programs to manipulat their local descriptor tables.
# This option is required for the WINE Windows(tm) emulator, and is
# not used by anything else (that we know of).
#
options USER_LDT #allow user-level control of i386 ldt
#
# These three options provide support for System V Interface
# Definition-style interprocess communication, in the form of shared
# memory, semaphores, and message queues, respectively.
#
options SYSVSHM
options SYSVSEM
options SYSVMSG
#####################################################################
# DEBUGGING OPTIONS
#
# Enable the kernel debugger.
#
# options DDB
#
# Enable dumping of the kernel image to swap for panics. This is not
# the default because writing to misconfigured swap may wipe out file
# systems.
#
options DODUMP
#
# KTRACE enables the system-call tracing facility ktrace(2).
#
options KTRACE #kernel tracing
#
# The DIAGNOSTIC option is used in a number of source files to enable
# extra sanity checking of internal structures. This support is not
# enabled by default because of the extra time it would take to check
# for these conditions, which can only occur as a result of
# programming errors.
#
options DIAGNOSTIC
#
# Allow ordinary users to take the console - this is useful for X.
options UCONSOLE
#####################################################################
# NETWORKING OPTIONS
#
# Protocol families:
# Only the INET (Internet) family is officially supported in FreeBSD.
# Source code for the NS (Xerox Network Service), ISO (OSI), and
# CCITT (X.25) families is provided for amusement value, although we
# try to ensure that it actually compiles.
#
options INET #Internet communications protocols
# options ISO
# options CCITT #X.25 network layer
# options NS #Xerox NS communications protocols
# options TPIP #ISO TP class 4 over IP
# options TPCONS #ISO TP class 0 over X.25
#
# Network interfaces:
# The `loop' pseudo-device is mandatory when networking is enabled.
# The `ether' pseudo-device provides generic code to handle
# Ethernets; it is mandatory when a Ethernet device driver is
# configured.
# The `sppp' pseudo-device serves a similar role for certain types
# of synchronous PPP links (like `cx').
# The `sl' pseudo-device implements the Serial Line IP (SLIP) service.
# The `ppp' pseudo-device implements the Point-to-Point Protocol.
# The `bpfilter' pseudo-device enables the Berkeley Packet Filter. Be
# aware of the legal and administrative consequences of enabling this
# option. The number of devices determines the maximum number of
# simultaneous BPF clients programs runnable.
# The `disc' pseudo-device implements a minimal network interface,
# which throws away all packets sent and never receives any. It is
# included for testing purposes.
# The `tun' pseudo-device implements the User Process PPP (iijppp)
#
pseudo-device ether #Generic Ethernet
pseudo-device sppp #Generic Synchronous PPP
pseudo-device loop #Network loopback device
pseudo-device sl 16 #Serial Line IP
pseudo-device ppp 32 #Point-to-point protocol
pseudo-device bpfilter 4 #Berkeley packet filter
pseudo-device disc #Discard device
pseudo-device tun 1 #Tunnel driver(user process ppp)
#options NSIP #XNS over IP
#options EON #ISO CLNP over IP
#options LLC #X.25 link layer for Ethernets
#options HDLC #X.25 link layer for serial lines
#
# Internet family options:
#
# TCP_COMPAT_42 causes the TCP code to emulate certain bugs present in
# 4.2BSD. This option should not be used unless you have a 4.2BSD
# machine and TCP connections fail.
#
# GATEWAY allows the machine to forward packets, and also configures
# larger static sizes of a number of system tables.
#
# MROUTING enables the kernel multicast packet forwarder, which works
# with mrouted(8).
#
# IPFIREWALL enables support for IP firewall construction, in
# conjunction with the `ipfw' program. IPFIREWALL_VERBOSE does
# the obvious thing.
#
# ARP_PROXYALL enables global proxy ARP. Beware! This can burn
# your house down! See netinet/if_ether.c for the gory details.
# (Eventually there will be a better management interface.)
#
options "TCP_COMPAT_42" #emulate 4.2BSD TCP bugs
options GATEWAY #internetwork gateway
options MROUTING # Multicast routing
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #print information about
# dropped packets
#options ARP_PROXYALL # global proxy ARP
#####################################################################
# FILESYSTEM OPTIONS
#
# Only the root, /usr, and /tmp filesystems need be statically
# compiled; everything else will be automatically loaded at mount
# time. (Exception: the UFS family---FFS, MFS, and LFS---cannot
# currently be demand-loaded.) Some people still prefer to statically
# compile other filesystems as well.
#
# NB: The LFS, PORTAL, and UNION filesystems are known to be buggy,
# and WILL panic your system if you attempt to do anything with them.
# They are included here as an incentive for some enterprising soul to
# sit down and fix them.
#
# One of these is mandatory:
options FFS #Fast filesystem
options NFS #Network File System
# The rest are optional:
options "CD9660" #ISO 9660 filesystem
options FDESC #File descriptor filesystem
options KERNFS #Kernel filesystem
options LFS #Log filesystem
options MFS #Memory File System
options MSDOSFS #MS DOS File System
options NULLFS #NULL filesystem
options PORTAL #Portal filesystem
options PROCFS #Process filesystem
options UMAPFS #UID map filesystem
options UNION #Union filesystem
#
# Disk quotas are supported when this option is enabled. If you
# change the value of this option, you must do a `make clean' in your
# kernel compile directory in order to get a working kernel.
#
#options QUOTA #enable disk quotas
#
# PCI devices:
#
# The main PCI bus device is `pci'. It provides auto-detection and
# configuration support for all devices on the PCI bus, using either
# configuration mode defined in the PCI specification.
#
# The `ncr' device provides support for the NCR 53C810 and 53C825
# self-contained SCSI host adapters.
#
# The `de' device provides support for the Digital Equipment DC21040
# self-contained Ethernet adapter.
#
# The PROBE_VERBOSE option enables a long listing of chip set registers
# for supported PCI chip sets (currently only intel Saturn and Mercury).
#
controller pci0
device ncr0
device de0
options PROBE_VERBOSE
options "SCSI_DELAY=10"
#####################################################################
# SCSI DEVICE CONFIGURATION
#
# The SCSI subsystem consists of the `base' SCSI code, a number of
# high-level SCSI device `type' drivers, and the low-level host-adapter
# device drivers. The host adapters are listed in the ISA and PCI
# device configuration sections below.
#
# Beginning with FreeBSD 2.1 you can wire down your SCSI devices so
# that a given bus, target, and LUN always come on line as the same
# device unit. In earlier versions the unit numbers were assigned
# in the order that the devices were probed on the SCSI bus. This
# means that if you removed a disk drive, you may have had to rewrite
# your /etc/fstab file, and also that you had to be careful when adding
# a new disk as it may have been probed earlier and moved your device
# configuration around.
# This old behavior is maintained as the default behavior. The unit
# assignment begins with the first non-wired down unit for a device
# type. For example, if you wire a disk as "sd3" then the first
# non-wired disk will be assigned sd4.
# The syntax for wiring down devices is:
# disk sd0 at scbus0 target 0 unit 0
# disk sd1 at scbus0 target 1
# disk sd2 at scbus0 target 3
# tape st1 at scbus0 target 6
# device cd0 at scbus?
# "units" (SCSI logical unit number) that are not specified are
# treated as if specified as LUN 0.
# All SCSI devices allocate as many units as are required.
# The "unknown" device (uk? in pre-2.1) is now part of the base SCSI
# configuration and doesn't have to be explicitly configured.
controller scbus0 #base SCSI code
device ch0 #SCSI media changers
device sd0 #SCSI disks
device st0 #SCSI tapes
device cd0 #SCSI CD-ROMs
disk sd0 at scbus0 target 0
disk sd1 at scbus0 target 1
disk sd2 at scbus0 target 2
disk sd3 at scbus0 target 3
disk sd4 at scbus0 target 4
disk sd5 at scbus0 target 5
disk sd6 at scbus0 target 6
tape st0 at scbus0 target 0
tape st1 at scbus0 target 1
tape st2 at scbus0 target 2
tape st3 at scbus0 target 3
tape st4 at scbus0 target 4
tape st5 at scbus0 target 5
tape st6 at scbus0 target 6
device cd0 at scbus0 target 0
device cd1 at scbus0 target 1
device cd2 at scbus0 target 2
device cd3 at scbus0 target 3
device cd4 at scbus0 target 4
device cd5 at scbus0 target 5
device cd6 at scbus0 target 6
# SCSIDEBUG: When defined enables debugging macros
# NO_SCSI_SENSE: When defined disables sense descriptions (about 4k)
# SCSI_REPORT_GEOMETRY: Always report disk geometry at boot up instead
# of only when booting verbosely.
#options SCSIDEBUG
#options NO_SCSI_SENSE
options SCSI_REPORT_GEOMETRY
#####################################################################
# MISCELLANEOUS DEVICES AND OPTIONS
#
# Of these, only the `log' device is truly mandatory. The `pty'
# device usually turns out to be ``effectively mandatory'', as it is
# required for `telnetd', `rlogind', `screen', `emacs', and `xterm',
# among others.
#
pseudo-device pty 256 #Pseudo ttys - can go as high as 64
pseudo-device speaker #Play IBM BASIC-style noises out your speaker
pseudo-device log #Kernel syslog interface (/dev/klog)
pseudo-device gzip #Exec gzipped a.out's
pseudo-device vn #Vnode driver (turns a file into a device)
#pseudo-device snp 3 #Snoop device - to look at pty/vty/etc..
#####################################################################
# HARDWARE DEVICE CONFIGURATION
# ISA and EISA devices:
# Currently there is no separate support for EISA. There should be.
# Micro Channel is not supported at all.
#
# Mandatory ISA devices: isa, sc, npx
#
controller isa0
#
# Options for `isa':
#
# ALLOW_CONFLICT_DRQ suppresses the DMA conflict checks. This option is
# included so that people with sound cards that support multiple emulations
# can setup different sound drivers on the same DMA channel. There are no
# other known uses for this option.
#
# ALLOW_CONFLICT_IOADDR suppresses the I/O address conflict checks, so
# that the PS/2 mouse driver doesn't conflict with the console driver.
#
# ALLOW_CONFLICT_IRQ suppresses the interrupt line conflict checks, so
# that multiple devices can share the same IRQ, provided that the
# hardware supports it (it usually doesn't).
#
# ALLOW_CONFLICT_MEMADDR suppresses the memory address conflict checks.
# This option is not known to be good for anything.
#
# AUTO_EOI_1 enables the `automatic EOI' feature for the master 8259A
# interrupt controller. This saves about 1.25 usec for each interrupt.
# No problems are known to be caused by this option.
#
# AUTO_EOI_2 enables the `automatic EOI' feature for the slave 8259A
# interrupt controller. This saves about 1.25 usec for each interrupt.
# Automatic EOI is documented not to work for for the slave with the
# original i8259A, but it works for some clones and some integrated
# versions.
#
# BOUNCE_BUFFERS provides support for ISA DMA on machines with more
# than 16 megabytes of memory. It doesn't hurt on other machines.
# Some broken EISA and VLB hardware may need this, too.
#
# DUMMY_NOPS disables extra delays for some bus operations. The delays
# are mostly for older systems and aren't used consistently. Probably
# works OK on most EISA bus machines.
#
# TUNE_1542 enables the automatic ISA bus speed selection for the
# Adaptec 1542 boards. Does not work for all boards, use it with caution.
#
#options ALLOW_CONFLICT_DRQ
#options ALLOW_CONFLICT_IOADDR
#options ALLOW_CONFLICT_IRQ
#options ALLOW_CONFLICT_MEMADDR
options "AUTO_EOI_1"
#options "AUTO_EOI_2"
options BOUNCE_BUFFERS
#options DUMMY_NOPS
#options TUNE_1542
# Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver
device vt0 at isa? port "IO_KBD" tty irq 1 vector pcrint
options "PCVT_FREEBSD=210" # pcvt running on FreeBSD 2.1
options XSERVER # include code for XFree86
options FAT_CURSOR # start with block cursor
# The syscons console driver (sco color console compatible) - default.
#device sc0 at isa? port "IO_KBD" tty irq 1 vector scintr
#options "NCONS=4"
#
# Options for `sc':
#
# HARDFONTS allows the driver to load an ISO-8859-1 font to replace
# the default font in your display adapter's memory.
#
options HARDFONTS
#
# MAXCONS is maximum number of virtual consoles, no more than 16
# default value: 12
#
options "MAXCONS=16"
device npx0 at isa? port "IO_NPX" irq 13 vector npxintr
#
# Optional ISA and EISA devices:
#
#
# SCSI host adapters: `aha', `ahb', `aic', `bt', `nca'
#
# aha: Adaptec 154x
# ahb: Adaptec 174x
# ahc: Adaptec 274x
# aic: Adaptec 152x and sound cards using the Adaptec AIC-6360 (slow!)
# bt: Most Buslogic controllers
# nca: ProAudioSpectrum cards using the NCR 5380 or Trantor T130
# uha: UltraStore 14F and 34F
# sea: Seagate ST01/02 8 bit controller (slow!)
# wds: Western Digital WD7000 controller (no scatter/gather!).
#
# Note that the order is important in order for Buslogic cards to be
# probed correctly.
#
controller bt0 at isa? port "IO_BT0" bio irq ? vector btintr
#controller ahc0 at isa? bio irq ? vector ahcintr # port??? iomem?
#controller ahb0 at isa? bio irq ? vector ahbintr
controller aha0 at isa? port "IO_AHA0" bio irq ? drq 5 vector ahaintr
#controller uha0 at isa? port "IO_UHA0" bio irq ? drq 5 vector uhaintr
#controller aic0 at isa? port 0x340 bio irq 11 vector aicintr
#controller nca0 at isa? port 0x1f88 bio irq 10 vector ncaintr
#controller nca1 at isa? port 0x1f84
#controller nca2 at isa? port 0x1f8c
#controller nca3 at isa? port 0x1e88
#controller nca4 at isa? port 0x350 bio irq 5 vector ncaintr
#controller sea0 at isa? bio irq 5 iomem 0xdc000 iosiz 0x2000 vector seaintr
#controller wds0 at isa? port 0x350 bio irq 15 drq 6 vector wdsintr
#
# ST-506, ESDI, and IDE hard disks: `wdc' and `wd'
#
# NB: ``Enhanced IDE'' is NOT supported at this time.
#
controller wdc0 at isa? port "IO_WD1" bio irq 14 vector wdintr
disk wd0 at wdc0 drive 0
disk wd1 at wdc0 drive 1
controller wdc1 at isa? port "IO_WD2" bio irq 15 vector wdintr
disk wd2 at wdc1 drive 0
disk wd3 at wdc1 drive 1
#
# Standard floppy disk controllers and floppy tapes: `fdc', `fd', and `ft'
#
controller fdc0 at isa? port "IO_FD1" bio irq 6 drq 2 vector fdintr
disk fd0 at fdc0 drive 0
disk fd1 at fdc0 drive 1
tape ft0 at fdc0 drive 2
#
# Options for `fd':
#
# FDSEEKWAIT selects a non-default head-settle time (i.e., the time to
# wait after a seek is performed). The default value (1/32 s) is
# usually sufficient. The units are inverse seconds, so a value of 16
# here means to wait 1/16th of a second; you should choose a power of
# two.
#
#options FDSEEKWAIT="16"
#
# Other standard PC hardware: `lpt', `mse', `psm', `sio', etc.
#
# lpt: printer port
# mse: Logitech and ATI InPort bus mouse ports
# psm: PS/2 mouse port (needs ALLOW_CONFLICT_IOADDR, above)
# sio: serial ports (see sio(4))
# cy: Cyclades high-speed serial driver (ALPHA QUALITY!)
# gp: National Instruments AT-GPIB and AT-GPIB/TNT board
# gsc: Genius GS-4500 hand scanner.
# joy: joystick
device lpt0 at isa? port? tty irq 7 vector lptintr
device lpt1 at isa? port? tty
device lpt2 at isa? port? tty
#device mse0 at isa? port 0x23c tty irq 5 vector mseintr
#device psm0 at isa? port "IO_KBD" tty irq 12 vector psmintr
device sio0 at isa? port "IO_COM1" tty irq 4 vector siointr
device sio1 at isa? port "IO_COM2" tty irq 3 vector siointr
device sio2 at isa? port "IO_COM3" tty irq 5 vector siointr
device sio3 at isa? port "IO_COM4" tty irq 9 vector siointr
#device gp0 at isa? port 0x2c0 tty
#device gsc0 at isa? port "IO_GSC1" tty drq 3
#device joy0 at isa? port "IO_GAME"
#device cy0 at isa? tty irq 10 iomem 0xd4000 vector cyintr
# Options for sio:
#options COMCONSOLE #prefer serial console to video console
options COM_MULTIPORT #code for some cards with shared IRQs
#options DSI_SOFT_MODEM #code for DSI Softmodems
#
# Network interfaces: `cx', `ed', `el', `ep', `ie', `is', `le', `lnc'
#
# cx: Cronyx/Sigma multiport sync/async (with Cisco or PPP framing)
# ed: Western Digital and SMC 80xx; Novell NE1000 and NE2000; 3Com 3C503
# el: 3Com 3C501 (slow!)
# ep: 3Com 3C509 (buggy)
# ie: AT&T StarLAN 10 and EN100; 3Com 3C507; unknown NI5210
# le: Digital Equipment EtherWorks 2 and EtherWorks 3 (DEPCA, DE100,
# DE101, DE200, DE201, DE202, DE203, DE204, DE205, DE422)
# lnc: Lance/PCnet cards (Isolan, Novell NE2100, NE32-VL)
# ze: IBM/National Semiconductor PCMCIA ethernet controller.
# zp: 3Com PCMCIA Etherlink III (It does not require shared memory for
# send/receive operation, but it needs 'iomem' to read/write the
# attribute memory)
#
#device cx0 at isa? port 0x240 net irq 15 drq 7 vector cxintr
device ed0 at isa? port 0x280 net irq 5 iomem 0xd8000 vector edintr
#device ie0 at isa? port 0x360 net irq 7 iomem 0xd0000 vector ieintr
#device lnc0 at isa? port 0x280 net irq 10 drq 0 vector lncintr
#device ep0 at isa? port 0x300 net irq 10 vector epintr
#device el0 at isa? port 0x300 net irq 9 vector elintr
device le0 at isa? port 0x300 net irq 5 iomem 0xd0000 vector le_intr
#device ze0 at isa? port 0x300 net irq 5 iomem 0xd8000 vector zeintr
#device zp0 at isa? port 0x300 net irq 10 iomem 0xd8000 vector zpintr
# ISDN drivers - `isdn'.
#
# Uncomment one (and only one) of the following 4 drivers for the appropriate
# ISDN device you have. For more information on what's considered appropriate
# for your given set of circumstances, please read
# /usr/src/gnu/usr.sbin/docs/INSTALL. It's a bit sparse at present, but it's
# the best we have right now. The snic driver is also disabled at present,
# waiting for someone to upgrade the driver to 2.0 (it's in /sys/gnu/scsi/).
#
#device nic0 at isa? port "IO_COM3" iomem 0xe0000 tty irq 9 vector nicintr
#device nnic0 at isa? port 0x150 iomem 0xe0000 tty irq 12 vector nnicintr
# This one is also temporarily ill - needs an isa_device structure!!
#controller tel0 at isa? iomem 0xe0000 tty irq 9 vector telintr
# These are non-optional for ISDN
#pseudo-device isdn
#pseudo-device ii 4
#pseudo-device ity 4
#pseudo-device itel 2
#pseudo-device ispy 1
#
# Audio drivers: `snd', `pca'
#
# snd: Voxware sound drivers for various cards
# see /usr/src/sys/i386/isa/sound/sound.doc for details
# pca: PCM audio through your PC speaker
#
#options AUDIO_PAS
#options AUDIO_SB
#options AUDIO_ADLIB
#options AUDIO_GUS
#options AUDIO_MPU401
#options AUDIO_UART6850
#options AUDIO_PSS
#options AUDIO_GUS16
#options AUDIO_GUSMAX
#options AUDIO_MSS
#options AUDIO_SBPRO
#options AUDIO_SB16
#options AUDIO_YM3812
#device snd10 at isa? port 0x530 irq 10 drq 1 vector adintr
#device snd5 at isa? port 0x330 irq 6 vector mpuintr
#device snd4 at isa? port 0x220 irq 15 drq 6 vector gusintr
#device snd3 at isa? port 0x388 irq 10 drq 6 vector pasintr
#device snd2 at isa? port 0x220 irq 7 drq 1 vector sbintr
#device snd6 at isa? port 0x220 irq 7 drq 5 vector sbintr
#device snd7 at isa? port 0x300
#device snd1 at isa? port 0x388
device pca0 at isa? tty
#
# Miscellaneous hardware: `mcd', `wt', `ctx', `apm'
#
# mcd: Mitsumi CD-ROM
# scd: Sony CD-ROM
# matcd: Matsushita/Panasonic CD-ROM
# wt: Wangtek and Archive QIC-02/QIC-36 tape drives
# ctx: Cortex-I frame grabber
# apm: Laptop Advanced Power Management (experimental)
# spigot: The Creative Labs Video Spigot video-aquisition board
#
# Notes on the spigot:
# The video spigot is at 0xad6. This port address can not be changed.
# The irq values may only be 10, 11, or 15
# I/O memory is an 8kb region. Possible values are:
# 0a0000, 0a2000, ..., 0fffff, f00000, f02000, ..., ffffff
# Note that the start address must be on an even boundary.
device mcd0 at isa? port 0x300 bio irq 10 vector mcdintr
# for the Sony CDU31/33A CDROM
#device scd0 at isa? port 0x230 bio
# for the soundblaster 16 multicd - up to 4 devices
controller matcd0 at isa? port ?
controller matcd1 at isa? port ?
controller matcd2 at isa? port ?
controller matcd3 at isa? port ?
#device wt0 at isa? port 0x300 bio irq 5 drq 1 vector wtintr
#device ctx0 at isa? port 0x230 iomem 0xd0000
#device spigot0 at isa? port 0xad6 irq 15 iomem 0xee000 vector spigintr
#device apm0 at isa?
>Description:
fchmod does dereference vp->v_mount, which is NULL here. As usual the
proc is slirp.
Current directory is /var/crash/
Reading symbol data from /var/crash/kernel.29...done.
IdlePTD 25a000
panic: page fault
current pcb at 20851c
Reading in symbols for ../../i386/i386/machdep.c...done.
(kgdb) directory /usr/src/sys/i386/conf
Source directories searched: /m/katiska/news/crash:/usr/src/sys/i386/conf
(kgdb) up
Reading in symbols for ../../kern/subr_prf.c...done.
#1 0xf0114b43 in panic (fmt=(char *) 0xf01bca7e "page fault") (../../kern/subr_prf.c line 124)
(kgdb) up
Reading in symbols for ../../i386/i386/trap.c...done.
#2 0xf01bd57e in trap_fatal (frame=(struct trapframe *) 0xefbffe80) (../../i386/i386/trap.c line 745)
(kgdb) up
#3 0xf01bd0f0 in trap_pfault (frame=(struct trapframe *) 0xefbffe80, usermode=0) (../../i386/i386/trap.c line 667)
(kgdb) up
#4 0xf01bcd8f in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -272629868, tf_esi = -244656640, tf_ebp = -272629940, tf_isp = -267198779, tf_ebx = 0, tf_edx = -247663616, tf_ecx = 29, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -267198779, tf_cs = 8, tf_eflags = 66178, tf_esp = -272629868, tf_ss = -242884096}) (../../i386/i386/trap.c line 307)
(kgdb) down
#3 0xf01bd0f0 in trap_pfault (frame=(struct trapframe *) 0xefbffe80, usermode=0) (../../i386/i386/trap.c line 667)
(kgdb) print curpcb
$1 = -175075328
(kgdb) print &curpcb
$2 = (int *) 0xf01f8110
(kgdb) up
#4 0xf01bcd8f in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -272629868, tf_esi = -244656640, tf_ebp = -272629940, tf_isp = -267198779, tf_ebx = 0, tf_edx = -247663616, tf_ecx = 29, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -267198779, tf_cs = 8, tf_eflags = 66178, tf_esp = -272629868, tf_ss = -242884096}) (../../i386/i386/trap.c line 307)
(kgdb) print type
$3 = 0
(kgdb) up
#5 0xf01b2b4d in exception:calltrap ()
(kgdb) up
Reading in symbols for ../../kern/vfs_syscalls.c...done.
#6 0xf012dec5 in fchmod (p=(struct proc *) 0xf185e200, uap=(struct fchmod_args *) 0xefbfff94, retval=(int *) 0xefbfff8c) (../../kern/vfs_syscalls.c line 1503)
(kgdb) print vp
$4 = (struct vnode *) 0xf16ad600
(kgdb) print *vp
$5 = {v_flag = 0x00000000, v_usecount = 1, v_writecount = 1, v_holdcnt = 0, v_lastr = 0, v_id = 0x009127ad, v_mount = 0x0, v_op = 0xf13cf400, v_freelist = {tqe_next = 0x0, tqe_prev = 0xf1660d9c}, v_mntvnodes = {le_next = 0xf15b5380, le_prev = 0xf14b41a4}, v_cleanblkhd = {lh_first = 0x0}, v_dirtyblkhd = {lh_first = 0x0}, v_numoutput = 0, v_type = VBAD, v_un = {vu_mountedhere = 0x0, vu_socket = 0x0, vu_specinfo = 0x0, vu_fifoinfo = 0x0}, v_lease = 0x0, v_lastw = 0, v_cstart = 0, v_lasta = 0, v_clen = 0, v_ralen = 0, v_maxra = 0, v_vmdata = 0x0, v_tag = VT_NON, v_data = 0x0}
(kgdb) print vp->v_mount->mnt_flag
Cannot read memory: address 0x14 out of bounds.
(kgdb) print vp->v_mount
$6 = (struct mount *) 0x0
(kgdb) print p->p_fd
$7 = (struct filedesc *) 0xf1dcc180
(kgdb) print *p->p_fd
$8 = {fd_ofiles = 0xf1dcc19c, fd_ofileflags = 0xf1dcc1ec , fd_cdir = 0xf15fdd80, fd_rdir = 0x0, fd_nfiles = 20, fd_lastfile = 0x0004, fd_freefile = 0x0004, fd_cmask = 0x003f, fd_refcnt = 0x0001}
(kgdb) list
1498 if (error)
1499 return (error);
1500 vp = (struct vnode *)fp->f_data;
1501 LEASE_CHECK(vp, p, p->p_ucred, LEASE_WRITE);
1502 VOP_LOCK(vp);
1503 if (vp->v_mount->mnt_flag & MNT_RDONLY)
1504 error = EROFS;
1505 else {
1506 VATTR_NULL(&vattr);
1507 vattr.va_mode = uap->mode & ALLPERMS;
(kgdb) print vp->v_mount
$9 = (struct mount *) 0x0
(kgdb) print *vp
$10 = {v_flag = 0x00000000, v_usecount = 1, v_writecount = 1, v_holdcnt = 0, v_lastr = 0, v_id = 0x009127ad, v_mount = 0x0, v_op = 0xf13cf400, v_freelist = {tqe_next = 0x0, tqe_prev = 0xf1660d9c}, v_mntvnodes = {le_next = 0xf15b5380, le_prev = 0xf14b41a4}, v_cleanblkhd = {lh_first = 0x0}, v_dirtyblkhd = {lh_first = 0x0}, v_numoutput = 0, v_type = VBAD, v_un = {vu_mountedhere = 0x0, vu_socket = 0x0, vu_specinfo = 0x0, vu_fifoinfo = 0x0}, v_lease = 0x0, v_lastw = 0, v_cstart = 0, v_lasta = 0, v_clen = 0, v_ralen = 0, v_maxra = 0, v_vmdata = 0x0, v_tag = VT_NON, v_data = 0x0}
(kgdb)
>How-To-Repeat:
Load a P90 heavily with random users, some of them running slirp.
I will keep the crash dumps for couple of days in case someone
wants them.
>Fix:
Don't know, but either v_mount should not be NULL, or if it is
ok to be NULL here, it needs to be checked?
>Audit-Trail:
>Unformatted:
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510152234.AAA03482>