Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Oct 1995 00:34:08 +0200
From:      Heikki Suonsivu <hsu@clinet.fi>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/782: fchmod, null pointer dereference
Message-ID:  <199510152234.AAA03482@katiska.clinet.fi>
Resent-Message-ID: <199510152240.PAA13186@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         782
>Category:       kern
>Synopsis:       chmod does a null pointer dereference
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 15 15:40:01 PDT 1995
>Last-Modified:
>Originator:     Heikki Suonsivu
>Organization:
Clinet, Espoo, Finland
>Release:        FreeBSD 2.1-STABLE
>Environment:

Oct 15 23:25:22 katiska /kernel: CPU: 90-MHz Pentium 735\90 (Pentium-class CPU)
Oct 15 23:25:22 katiska /kernel:   Origin = "GenuineIntel"  Id = 0x524  Stepping=4
Oct 15 23:25:22 katiska /kernel:   Features=0x1bf<FPU,VME,PSE,MCE,CX8,APIC>
Oct 15 23:25:23 katiska /kernel: real memory  = 67108864 (65536K bytes)
Oct 15 23:25:23 katiska /kernel: avail memory = 62484480 (61020K bytes)
Oct 15 23:25:23 katiska /kernel: Probing for devices on the ISA bus:
Oct 15 23:25:23 katiska /kernel: ed0 at 0x280-0x29f irq 5 maddr 0xd8000 msize 16384 on isa
Oct 15 23:25:23 katiska /kernel: ed0: address 00:00:c0:cd:b9:a3, type WD8013EPC (16 bit) 
Oct 15 23:25:23 katiska /kernel: vt0 at 0x60-0x6f irq 1 on motherboard
Oct 15 23:25:23 katiska /kernel: vt0: unkown s3, 80 col, mono, 8 scr, mf2-kbd, [R3.20-b24]
Oct 15 23:25:23 katiska /kernel: lpt0 at 0x378-0x37f irq 7 on isa
Oct 15 23:25:23 katiska /kernel: lpt0: Interrupt-driven port
Oct 15 23:25:23 katiska /kernel: lp0: TCP/IP capable interface
Oct 15 23:25:23 katiska /kernel: lpt1 not found at 0xffffffff
Oct 15 23:25:23 katiska /kernel: lpt2 not found at 0xffffffff
Oct 15 23:25:23 katiska /kernel: sio0 at 0x3f8-0x3ff irq 4 on isa
Oct 15 23:25:23 katiska /kernel: sio0: type 16550A
Oct 15 23:25:23 katiska /kernel: sio1 at 0x2f8-0x2ff irq 3 on isa
Oct 15 23:25:23 katiska /kernel: sio1: type 16550A
Oct 15 23:25:23 katiska /kernel: sio2 not found at 0x3e8
Oct 15 23:25:23 katiska /kernel: sio3 not found at 0x2e8
Oct 15 23:25:23 katiska /kernel: pca0 on isa
Oct 15 23:25:23 katiska /kernel: pca0: PC speaker audio driver
Oct 15 23:25:23 katiska /kernel: bt0 not found at 0x330
Oct 15 23:25:23 katiska /kernel: aha0 not found at 0x330
Oct 15 23:25:23 katiska /kernel: wdc0 not found at 0x1f0
Oct 15 23:25:23 katiska /kernel: wdc1 not found at 0x170
Oct 15 23:25:23 katiska /kernel: fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
Oct 15 23:25:24 katiska /kernel: fdc0: NEC 72065B
Oct 15 23:25:24 katiska /kernel: fd0: 1.44MB 3.5in
Oct 15 23:25:24 katiska /kernel: mcd0: timeout getting status
Oct 15 23:25:24 katiska /kernel: mcd0 not found at 0x300
Oct 15 23:25:24 katiska /kernel: le0: no board found at 0x300
Oct 15 23:25:24 katiska /kernel: le0 not found at 0x300
Oct 15 23:25:24 katiska /kernel: npx0 on motherboard
Oct 15 23:25:24 katiska /kernel: npx0: INT 16 interface
Oct 15 23:25:24 katiska /kernel: matcdc0 not found at 0xffffffff
Oct 15 23:25:24 katiska /kernel: matcdc1 not found at 0xffffffff
Oct 15 23:25:24 katiska /kernel: matcdc2 not found at 0xffffffff
Oct 15 23:25:24 katiska /kernel: matcdc3 not found at 0xffffffff
Oct 15 23:25:24 katiska /kernel: bio_imask c0000040 tty_imask c00300ba net_imask c00300ba
Oct 15 23:25:24 katiska /kernel: Probing for devices on the PCI bus:
Oct 15 23:25:24 katiska /kernel: chip0 <Intel 82434NX (Neptune) PCI cache memory controller> rev 17 on pci0:0
Oct 15 23:25:24 katiska /kernel: chip1 <Intel 82378IB PCI-ISA bridge> rev 67 on pci0:2
Oct 15 23:25:24 katiska /kernel: vga0 <Display device> rev 0 on pci0:6
Oct 15 23:25:24 katiska /kernel: ncr0 <ncr 53c810 scsi> rev 2 int a irq 9 on pci0:12
Oct 15 23:25:24 katiska /kernel: ncr0 waiting for scsi devices to settle
Oct 15 23:25:24 katiska /kernel: (ncr0:0:0): "SEAGATE ST15230N 0298" type 0 fixed SCSI 2
Oct 15 23:25:25 katiska /kernel: sd0(ncr0:0:0): Direct-Access 
Oct 15 23:25:25 katiska /kernel: sd0(ncr0:0:0): FAST SCSI-2 100ns (10 Mb/sec) offset 8.
Oct 15 23:25:25 katiska /kernel: 4095MB (8386733 512 byte sectors)
Oct 15 23:25:25 katiska /kernel: sd0(ncr0:0:0): with 3992 cyls, 19 heads, and an average 110 sectors/track
Oct 15 23:25:25 katiska /kernel: (ncr0:3:0): "SEAGATE ST31200N 9348" type 0 fixed SCSI 2
Oct 15 23:25:25 katiska /kernel: sd3(ncr0:3:0): Direct-Access 
Oct 15 23:25:25 katiska /kernel: sd3(ncr0:3:0): FAST SCSI-2 100ns (10 Mb/sec) offset 8.
Oct 15 23:25:25 katiska /kernel: 1011MB (2072435 512 byte sectors)
Oct 15 23:25:25 katiska /kernel: sd3(ncr0:3:0): with 2700 cyls, 9 heads, and an average 85 sectors/track
Oct 15 23:25:25 katiska /kernel: (ncr0:4:0): "HP C1533A 9503" type 1 removable SCSI 2
Oct 15 23:25:25 katiska /kernel: st4(ncr0:4:0): Sequential-Access 
Oct 15 23:25:25 katiska /kernel: st4(ncr0:4:0): FAST SCSI-2 100ns (10 Mb/sec) offset 8.
Oct 15 23:25:25 katiska /kernel: density code 0x24, variable blocks, write-enabled
Oct 15 23:25:25 katiska /kernel: ncr1 <ncr 53c810 scsi> rev 1 int a irq 9 on pci0:14
Oct 15 23:25:25 katiska /kernel: ncr1 waiting for scsi devices to settle
Oct 15 23:25:25 katiska /kernel: (ncr1:3:0): "SEAGATE ST15230N 0168" type 0 fixed SCSI 2
Oct 15 23:25:25 katiska /kernel: sd7(ncr1:3:0): Direct-Access 
Oct 15 23:25:25 katiska /kernel: sd7(ncr1:3:0): FAST SCSI-2 100ns (10 Mb/sec) offset 8.
Oct 15 23:25:25 katiska /kernel: 4095MB (8386733 512 byte sectors)
Oct 15 23:25:25 katiska /kernel: sd7(ncr1:3:0): with 3992 cyls, 19 heads, and an average 110 sectors/track
Oct 15 23:25:25 katiska /kernel: changing root device to sd0a
Oct 15 23:25:25 katiska /kernel: WARNING: / was not properly dismounted.
Oct 15 23:25:25 katiska /kernel: sd7: invalid primary partition table: no magic

#
# CLINETSERVER - a bloated kernel for servers, include everything possible
#
#	$Id: LINT,v 1.150 1995/03/04 21:09:21 jkh Exp $
#

#
# This directive is mandatory; it defines the architecture to be
# configured for; in this case, the 386 family.  You must also specify
# at least one CPU (the one you intend to run on); deleting the
# specification for CPUs you don't need to use may make parts of the
# system run faster
#
# clinet: we have got all of these
machine		"i386"
cpu		"I386_CPU"
cpu		"I486_CPU"
cpu		"I586_CPU"		# aka Pentium(tm)

# 
# This is the ``identification'' of the kernel.  Usually this should
# be the same as the name of your kernel.
#
ident		CLINETSERVER

#
# The `maxusers' parameter controls the static sizing of a number of
# internal system tables by a complicated formula defined in param.c.
#
maxusers	256
options "NMBCLUSTERS=2048"
options "TTYHOG=4096"
options "RS_IBUFSIZE=1024"

#
# Under some circumstances it is necessary to make the default max
# number of proccesses per user and open files per user more than the
# defaults on bootup.  (an example is a large news server in which
# the uid, news, can sometimes need > 100 simultaneous processes running)

# clinet: or hoggy administrators with gazillion xterms (yes, I have run out
# of 128 processes :-)
options		"CHILD_MAX=256"
options		"OPEN_MAX=256"

#
# A math emulator is mandatory if you wish to run on hardware which
# does not have a floating-point processor.  Pick either the original,
# bogus (but freely-distributable) math emulator, or a much more
# fully-featured but GPL-licensed emulator taken from Linux.
#
options		MATH_EMULATE		#Support for x87 emulation
#options        GPL_MATH_EMULATE        #Support for x87 emualtion via
                                        #new math emulator 

#
# This directive defines a number of things:
#  - The compiled kernel is to be called `kernel'
#  - The root filesystem might be on partition wd0a
#  - The kernel can swap on wd0b and sd0b, defaulting to the former
#  - Crash dumps will be written to wd0b, if possible
#

# clinet: we use 4 disks per server, swap distributed on all of them (speeds
# up considerably).  Dumps may go to sd0.
config		kernel	root on wd0 swap on wd0 and wd1 and sd0 and sd1 and sd2 and sd3 and vn0 dumps on sd0


#####################################################################
# COMPATIBILITY OPTIONS                                             

#
# Implement system calls compatible with 4.3BSD and older versions of
# FreeBSD.
#
options		"COMPAT_43"

#
# Allow user-mode programs to manipulat their local descriptor tables.
# This option is required for the WINE Windows(tm) emulator, and is
# not used by anything else (that we know of).
#
options		USER_LDT		#allow user-level control of i386 ldt

#
# These three options provide support for System V Interface
# Definition-style interprocess communication, in the form of shared
# memory, semaphores, and message queues, respectively.
#
options		SYSVSHM
options		SYSVSEM
options		SYSVMSG


#####################################################################
# DEBUGGING OPTIONS

#
# Enable the kernel debugger.
#
# options		DDB

#
# Enable dumping of the kernel image to swap for panics.  This is not
# the default because writing to misconfigured swap may wipe out file
# systems.
#
options		DODUMP

# 
# KTRACE enables the system-call tracing facility ktrace(2).
#
options		KTRACE			#kernel tracing

#
# The DIAGNOSTIC option is used in a number of source files to enable
# extra sanity checking of internal structures.  This support is not
# enabled by default because of the extra time it would take to check
# for these conditions, which can only occur as a result of
# programming errors.
#
options		DIAGNOSTIC

#
# Allow ordinary users to take the console - this is useful for X.
options		UCONSOLE


#####################################################################
# NETWORKING OPTIONS

#
# Protocol families:
#  Only the INET (Internet) family is officially supported in FreeBSD.
#  Source code for the NS (Xerox Network Service), ISO (OSI), and
#  CCITT (X.25) families is provided for amusement value, although we
#  try to ensure that it actually compiles.
#
options		INET			#Internet communications protocols
# options		ISO
# options		CCITT			#X.25 network layer
# options		NS			#Xerox NS communications protocols
# options		TPIP			#ISO TP class 4 over IP
# options		TPCONS			#ISO TP class 0 over X.25

#
# Network interfaces:
#  The `loop' pseudo-device is mandatory when networking is enabled.
#  The `ether' pseudo-device provides generic code to handle
#  Ethernets; it is mandatory when a Ethernet device driver is
#  configured.
#  The `sppp' pseudo-device serves a similar role for certain types
#  of synchronous PPP links (like `cx').
#  The `sl' pseudo-device implements the Serial Line IP (SLIP) service.
#  The `ppp' pseudo-device implements the Point-to-Point Protocol.
#  The `bpfilter' pseudo-device enables the Berkeley Packet Filter.  Be
#  aware of the legal and administrative consequences of enabling this
#  option.  The number of devices determines the maximum number of
#  simultaneous BPF clients programs runnable.
#  The `disc' pseudo-device implements a minimal network interface,
#  which throws away all packets sent and never receives any.  It is
#  included for testing purposes.
#  The `tun' pseudo-device implements the User Process PPP (iijppp)
#
pseudo-device	ether			#Generic Ethernet
pseudo-device	sppp			#Generic Synchronous PPP
pseudo-device	loop			#Network loopback device
pseudo-device	sl	16		#Serial Line IP
pseudo-device	ppp	32		#Point-to-point protocol
pseudo-device	bpfilter	4	#Berkeley packet filter
pseudo-device	disc			#Discard device
pseudo-device	tun	1		#Tunnel driver(user process ppp)

#options		NSIP			#XNS over IP
#options		EON			#ISO CLNP over IP
#options		LLC			#X.25 link layer for Ethernets
#options		HDLC			#X.25 link layer for serial lines

#
# Internet family options:
#
# TCP_COMPAT_42 causes the TCP code to emulate certain bugs present in
# 4.2BSD.  This option should not be used unless you have a 4.2BSD
# machine and TCP connections fail.
#
# GATEWAY allows the machine to forward packets, and also configures
# larger static sizes of a number of system tables.
#
# MROUTING enables the kernel multicast packet forwarder, which works
# with mrouted(8).
#
# IPFIREWALL enables support for IP firewall construction, in
# conjunction with the `ipfw' program.  IPFIREWALL_VERBOSE does
# the obvious thing.
#
# ARP_PROXYALL enables global proxy ARP.  Beware!  This can burn
# your house down!  See netinet/if_ether.c for the gory details.
# (Eventually there will be a better management interface.)
#
options		"TCP_COMPAT_42"		#emulate 4.2BSD TCP bugs
options		GATEWAY			#internetwork gateway
options		MROUTING		# Multicast routing
options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #print information about
					# dropped packets
#options		ARP_PROXYALL		# global proxy ARP


#####################################################################
# FILESYSTEM OPTIONS

#
# Only the root, /usr, and /tmp filesystems need be statically
# compiled; everything else will be automatically loaded at mount
# time.  (Exception: the UFS family---FFS, MFS, and LFS---cannot
# currently be demand-loaded.)  Some people still prefer to statically
# compile other filesystems as well.
#
# NB: The LFS, PORTAL, and UNION filesystems are known to be buggy,
# and WILL panic your system if you attempt to do anything with them.
# They are included here as an incentive for some enterprising soul to
# sit down and fix them.
#

# One of these is mandatory:
options		FFS			#Fast filesystem
options		NFS			#Network File System

# The rest are optional:
options		"CD9660"		#ISO 9660 filesystem
options		FDESC			#File descriptor filesystem
options		KERNFS			#Kernel filesystem
options		LFS			#Log filesystem
options		MFS			#Memory File System
options		MSDOSFS			#MS DOS File System
options		NULLFS			#NULL filesystem
options		PORTAL			#Portal filesystem
options		PROCFS			#Process filesystem
options		UMAPFS			#UID map filesystem
options		UNION			#Union filesystem

#
# Disk quotas are supported when this option is enabled.  If you
# change the value of this option, you must do a `make clean' in your
# kernel compile directory in order to get a working kernel.
#
#options		QUOTA			#enable disk quotas


#
# PCI devices:
#
# The main PCI bus device is `pci'.  It provides auto-detection and
# configuration support for all devices on the PCI bus, using either
# configuration mode defined in the PCI specification.
#
# The `ncr' device provides support for the NCR 53C810 and 53C825
# self-contained SCSI host adapters.
#
# The `de' device provides support for the Digital Equipment DC21040
# self-contained Ethernet adapter.
#
# The PROBE_VERBOSE option enables a long listing of chip set registers
# for supported PCI chip sets (currently only intel Saturn and Mercury).
# 
controller	pci0

device		ncr0

device		de0

options		PROBE_VERBOSE
options		"SCSI_DELAY=10"


#####################################################################
# SCSI DEVICE CONFIGURATION

#
# The SCSI subsystem consists of the `base' SCSI code, a number of
# high-level SCSI device `type' drivers, and the low-level host-adapter
# device drivers.  The host adapters are listed in the ISA and PCI
# device configuration sections below.
#
# Beginning with FreeBSD 2.1 you can wire down your SCSI devices so
# that a given bus, target, and LUN always come on line as the same
# device unit.  In earlier versions the unit numbers were assigned
# in the order that the devices were probed on the SCSI bus.  This
# means that if you removed a disk drive, you may have had to rewrite
# your /etc/fstab file, and also that you had to be careful when adding
# a new disk as it may have been probed earlier and moved your device
# configuration around.

# This old behavior is maintained as the default behavior.  The unit
# assignment begins with the first non-wired down unit for a device
# type.  For example, if you wire a disk as "sd3" then the first
# non-wired disk will be assigned sd4.

# The syntax for wiring down devices is:

# disk sd0 at scbus0 target 0 unit 0
# disk sd1 at scbus0 target 1
# disk sd2 at scbus0 target 3
# tape st1 at scbus0 target 6
# device cd0 at scbus?

# "units" (SCSI logical unit number) that are not specified are
# treated as if specified as LUN 0.

# All SCSI devices allocate as many units as are required.

# The "unknown" device (uk? in pre-2.1) is now part of the base SCSI
# configuration and doesn't have to be explicitly configured.

controller	scbus0 	#base SCSI code
device		ch0	#SCSI media changers
device		sd0	#SCSI disks
device		st0	#SCSI tapes
device		cd0	#SCSI CD-ROMs

disk sd0 at scbus0 target 0
disk sd1 at scbus0 target 1
disk sd2 at scbus0 target 2
disk sd3 at scbus0 target 3
disk sd4 at scbus0 target 4
disk sd5 at scbus0 target 5
disk sd6 at scbus0 target 6
tape st0 at scbus0 target 0
tape st1 at scbus0 target 1
tape st2 at scbus0 target 2
tape st3 at scbus0 target 3
tape st4 at scbus0 target 4
tape st5 at scbus0 target 5
tape st6 at scbus0 target 6
device cd0 at scbus0 target 0
device cd1 at scbus0 target 1
device cd2 at scbus0 target 2
device cd3 at scbus0 target 3
device cd4 at scbus0 target 4
device cd5 at scbus0 target 5
device cd6 at scbus0 target 6

# SCSIDEBUG: When defined enables debugging macros
# NO_SCSI_SENSE: When defined disables sense descriptions (about 4k)
# SCSI_REPORT_GEOMETRY: Always report disk geometry at boot up instead
#                       of only when booting verbosely.
#options	SCSIDEBUG
#options	NO_SCSI_SENSE
options		SCSI_REPORT_GEOMETRY


#####################################################################
# MISCELLANEOUS DEVICES AND OPTIONS

#
# Of these, only the `log' device is truly mandatory.  The `pty'
# device usually turns out to be ``effectively mandatory'', as it is
# required for `telnetd', `rlogind', `screen', `emacs', and `xterm',
# among others.
#
pseudo-device	pty	256	#Pseudo ttys - can go as high as 64
pseudo-device	speaker		#Play IBM BASIC-style noises out your speaker
pseudo-device	log		#Kernel syslog interface (/dev/klog)
pseudo-device	gzip		#Exec gzipped a.out's
pseudo-device	vn		#Vnode driver (turns a file into a device)
#pseudo-device	snp	3	#Snoop device - to look at pty/vty/etc..


#####################################################################
# HARDWARE DEVICE CONFIGURATION

# ISA and EISA devices:
# Currently there is no separate support for EISA.  There should be.
# Micro Channel is not supported at all.

#
# Mandatory ISA devices: isa, sc, npx
#
controller	isa0

#
# Options for `isa':
#
# ALLOW_CONFLICT_DRQ suppresses the DMA conflict checks.  This option is
# included so that people with sound cards that support multiple emulations
# can setup different sound drivers on the same DMA channel.  There are no
# other known uses for this option.
#
# ALLOW_CONFLICT_IOADDR suppresses the I/O address conflict checks, so
# that the PS/2 mouse driver doesn't conflict with the console driver.
#
# ALLOW_CONFLICT_IRQ suppresses the interrupt line conflict checks, so
# that multiple devices can share the same IRQ, provided that the
# hardware supports it (it usually doesn't).
#
# ALLOW_CONFLICT_MEMADDR suppresses the memory address conflict checks.
# This option is not known to be good for anything.
#
# AUTO_EOI_1 enables the `automatic EOI' feature for the master 8259A
# interrupt controller.  This saves about 1.25 usec for each interrupt.
# No problems are known to be caused by this option.
#
# AUTO_EOI_2 enables the `automatic EOI' feature for the slave 8259A
# interrupt controller.  This saves about 1.25 usec for each interrupt.
# Automatic EOI is documented not to work for for the slave with the
# original i8259A, but it works for some clones and some integrated
# versions.
#
# BOUNCE_BUFFERS provides support for ISA DMA on machines with more
# than 16 megabytes of memory.  It doesn't hurt on other machines.
# Some broken EISA and VLB hardware may need this, too.
#
# DUMMY_NOPS disables extra delays for some bus operations.  The delays
# are mostly for older systems and aren't used consistently.  Probably
# works OK on most EISA bus machines.
#
# TUNE_1542 enables the automatic ISA bus speed selection for the
# Adaptec 1542 boards. Does not work for all boards, use it with caution.
#
#options	ALLOW_CONFLICT_DRQ
#options	ALLOW_CONFLICT_IOADDR
#options	ALLOW_CONFLICT_IRQ
#options	ALLOW_CONFLICT_MEMADDR
options		"AUTO_EOI_1"
#options	"AUTO_EOI_2"
options		BOUNCE_BUFFERS
#options	DUMMY_NOPS
#options	TUNE_1542

# Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver
device		vt0	at isa? port "IO_KBD" tty irq 1 vector pcrint
options		"PCVT_FREEBSD=210"	# pcvt running on FreeBSD 2.1
options		XSERVER			# include code for XFree86
options		FAT_CURSOR		# start with block cursor

# The syscons console driver (sco color console compatible) - default.
#device		sc0	at isa? port "IO_KBD" tty irq 1 vector scintr
#options		"NCONS=4"

#
# Options for `sc':
#
# HARDFONTS allows the driver to load an ISO-8859-1 font to replace
# the default font in your display adapter's memory.
#
options		HARDFONTS
#
# MAXCONS is maximum number of virtual consoles, no more than 16
# default value: 12
#
options         "MAXCONS=16"

device		npx0	at isa? port "IO_NPX" irq 13 vector npxintr

#
# Optional ISA and EISA devices:
#

#
# SCSI host adapters: `aha', `ahb', `aic', `bt', `nca'
#
# aha: Adaptec 154x
# ahb: Adaptec 174x
# ahc: Adaptec 274x
# aic: Adaptec 152x and sound cards using the Adaptec AIC-6360 (slow!)
# bt: Most Buslogic controllers
# nca: ProAudioSpectrum cards using the NCR 5380 or Trantor T130
# uha: UltraStore 14F and 34F
# sea: Seagate ST01/02 8 bit controller (slow!)
# wds: Western Digital WD7000 controller (no scatter/gather!).
#
# Note that the order is important in order for Buslogic cards to be
# probed correctly.
#

controller	bt0	at isa? port "IO_BT0" bio irq ? vector btintr
#controller	ahc0	at isa? bio irq ? vector ahcintr # port??? iomem?
#controller	ahb0	at isa? bio irq ? vector ahbintr
controller	aha0	at isa? port "IO_AHA0" bio irq ? drq 5 vector ahaintr
#controller	uha0	at isa? port "IO_UHA0" bio irq ? drq 5 vector uhaintr

#controller      aic0    at isa? port 0x340 bio irq 11 vector aicintr
#controller	nca0	at isa? port 0x1f88 bio irq 10 vector ncaintr
#controller	nca1	at isa? port 0x1f84
#controller	nca2	at isa? port 0x1f8c
#controller	nca3	at isa? port 0x1e88
#controller	nca4	at isa? port 0x350 bio irq 5 vector ncaintr

#controller	sea0	at isa? bio irq 5 iomem 0xdc000 iosiz 0x2000 vector seaintr
#controller	wds0	at isa? port 0x350 bio irq 15 drq 6 vector wdsintr

#
# ST-506, ESDI, and IDE hard disks: `wdc' and `wd'
#
# NB: ``Enhanced IDE'' is NOT supported at this time.
#
controller	wdc0	at isa? port "IO_WD1" bio irq 14 vector wdintr
disk		wd0	at wdc0 drive 0
disk		wd1	at wdc0 drive 1
controller	wdc1	at isa? port "IO_WD2" bio irq 15 vector wdintr
disk		wd2	at wdc1 drive 0
disk		wd3	at wdc1 drive 1

#
# Standard floppy disk controllers and floppy tapes: `fdc', `fd', and `ft'
#
controller	fdc0	at isa? port "IO_FD1" bio irq 6 drq 2 vector fdintr
disk		fd0	at fdc0 drive 0
disk		fd1	at fdc0 drive 1
tape		ft0	at fdc0 drive 2

#
# Options for `fd':
#
# FDSEEKWAIT selects a non-default head-settle time (i.e., the time to
# wait after a seek is performed).  The default value (1/32 s) is
# usually sufficient.  The units are inverse seconds, so a value of 16
# here means to wait 1/16th of a second; you should choose a power of
# two.
#
#options	FDSEEKWAIT="16"

#
# Other standard PC hardware: `lpt', `mse', `psm', `sio', etc.
#
# lpt: printer port
# mse: Logitech and ATI InPort bus mouse ports
# psm: PS/2 mouse port (needs ALLOW_CONFLICT_IOADDR, above)
# sio: serial ports (see sio(4))
# cy: Cyclades high-speed serial driver (ALPHA QUALITY!)
# gp:  National Instruments AT-GPIB and AT-GPIB/TNT board
# gsc: Genius GS-4500 hand scanner.
# joy: joystick

device		lpt0	at isa? port? tty irq 7 vector lptintr
device		lpt1	at isa? port? tty
device		lpt2	at isa? port? tty
#device		mse0	at isa? port 0x23c tty irq 5 vector mseintr
#device		psm0	at isa? port "IO_KBD" tty irq 12 vector psmintr
device		sio0	at isa? port "IO_COM1" tty irq 4 vector siointr
device		sio1	at isa? port "IO_COM2" tty irq 3 vector siointr
device		sio2	at isa? port "IO_COM3" tty irq 5 vector siointr
device		sio3	at isa? port "IO_COM4" tty irq 9 vector siointr
#device		gp0	at isa? port 0x2c0 tty
#device		gsc0	at isa? port "IO_GSC1" tty drq 3
#device		joy0	at isa? port "IO_GAME"
#device		cy0	at isa? tty irq 10 iomem 0xd4000 vector cyintr

# Options for sio:
#options	COMCONSOLE		#prefer serial console to video console
options		COM_MULTIPORT		#code for some cards with shared IRQs
#options	DSI_SOFT_MODEM		#code for DSI Softmodems

#
# Network interfaces: `cx', `ed', `el', `ep', `ie', `is', `le', `lnc'
#
# cx: Cronyx/Sigma multiport sync/async (with Cisco or PPP framing)
# ed: Western Digital and SMC 80xx; Novell NE1000 and NE2000; 3Com 3C503
# el: 3Com 3C501 (slow!)
# ep: 3Com 3C509 (buggy)
# ie: AT&T StarLAN 10 and EN100; 3Com 3C507; unknown NI5210
# le: Digital Equipment EtherWorks 2 and EtherWorks 3 (DEPCA, DE100,
#     DE101, DE200, DE201, DE202, DE203, DE204, DE205, DE422)
# lnc: Lance/PCnet cards (Isolan, Novell NE2100, NE32-VL)
# ze: IBM/National Semiconductor PCMCIA ethernet controller.
# zp: 3Com PCMCIA Etherlink III (It does not require shared memory for
#     send/receive operation, but it needs 'iomem' to read/write the
#     attribute memory)
#

#device cx0 at isa? port 0x240 net irq 15 drq 7 vector cxintr
device ed0 at isa? port 0x280 net irq 5 iomem 0xd8000 vector edintr
#device ie0 at isa? port 0x360 net irq 7 iomem 0xd0000 vector ieintr
#device lnc0 at isa? port 0x280 net irq 10 drq 0 vector lncintr
#device ep0 at isa? port 0x300 net irq 10 vector epintr
#device el0 at isa? port 0x300 net irq 9 vector elintr
device le0 at isa? port 0x300 net irq 5 iomem 0xd0000 vector le_intr
#device ze0 at isa? port 0x300 net irq 5 iomem 0xd8000 vector zeintr
#device zp0 at isa? port 0x300 net irq 10 iomem 0xd8000 vector zpintr


# ISDN drivers - `isdn'.
#
# Uncomment one (and only one) of the following 4 drivers for the appropriate
# ISDN device you have.  For more information on what's considered appropriate
# for your given set of circumstances, please read
# /usr/src/gnu/usr.sbin/docs/INSTALL.  It's a bit sparse at present, but it's
# the best we have right now.  The snic driver is also disabled at present,
# waiting for someone to upgrade the driver to 2.0 (it's in /sys/gnu/scsi/).
#
#device nic0 at isa? port "IO_COM3" iomem 0xe0000 tty irq 9 vector nicintr
#device nnic0 at isa? port 0x150 iomem 0xe0000 tty irq 12 vector nnicintr
# This one is also temporarily ill - needs an isa_device structure!!
#controller tel0 at isa? iomem 0xe0000 tty irq 9 vector telintr

# These are non-optional for ISDN
#pseudo-device   isdn
#pseudo-device   ii      4
#pseudo-device   ity     4
#pseudo-device   itel    2       
#pseudo-device   ispy    1       


#
# Audio drivers: `snd', `pca'
#
# snd: Voxware sound drivers for various cards
#      see /usr/src/sys/i386/isa/sound/sound.doc for details
# pca: PCM audio through your PC speaker
#

#options AUDIO_PAS
#options AUDIO_SB
#options AUDIO_ADLIB
#options AUDIO_GUS
#options AUDIO_MPU401
#options AUDIO_UART6850
#options AUDIO_PSS
#options AUDIO_GUS16
#options AUDIO_GUSMAX
#options AUDIO_MSS
#options AUDIO_SBPRO
#options AUDIO_SB16
#options AUDIO_YM3812

#device snd10 at isa? port 0x530 irq 10 drq 1 vector adintr
#device snd5 at isa? port 0x330 irq 6 vector mpuintr
#device snd4 at isa? port 0x220 irq 15 drq 6 vector gusintr
#device snd3 at isa? port 0x388 irq 10 drq 6 vector pasintr
#device snd2 at isa? port 0x220 irq 7 drq 1 vector sbintr
#device snd6 at isa? port 0x220 irq 7 drq 5 vector sbintr
#device snd7 at isa? port 0x300
#device snd1 at isa? port 0x388

device pca0 at isa? tty

#
# Miscellaneous hardware: `mcd', `wt', `ctx', `apm'
#
# mcd: Mitsumi CD-ROM
# scd: Sony CD-ROM
# matcd: Matsushita/Panasonic CD-ROM
# wt: Wangtek and Archive QIC-02/QIC-36 tape drives
# ctx: Cortex-I frame grabber
# apm: Laptop Advanced Power Management (experimental)
# spigot: The Creative Labs Video Spigot video-aquisition board
#
# Notes on the spigot:
#  The video spigot is at 0xad6.  This port address can not be changed.
#  The irq values may only be 10, 11, or 15
#  I/O memory is an 8kb region.  Possible values are:
#    0a0000, 0a2000, ..., 0fffff, f00000, f02000, ..., ffffff
#  Note that the start address must be on an even boundary.

device		mcd0	at isa? port 0x300 bio irq 10 vector mcdintr
# for the Sony CDU31/33A CDROM
#device		scd0	at isa? port 0x230 bio
# for the soundblaster 16 multicd - up to 4 devices
controller      matcd0  at isa? port ?
controller      matcd1  at isa? port ?
controller      matcd2  at isa? port ?
controller      matcd3  at isa? port ?
#device		wt0	at isa? port 0x300 bio irq 5 drq 1 vector wtintr
#device		ctx0	at isa? port 0x230 iomem 0xd0000
#device		spigot0 at isa? port 0xad6 irq 15 iomem 0xee000 vector spigintr
#device		apm0	at isa?

>Description:

fchmod does dereference vp->v_mount, which is NULL here.  As usual the
proc is slirp.

Current directory is /var/crash/
Reading symbol data from /var/crash/kernel.29...done.
IdlePTD 25a000
panic: page fault
current pcb at 20851c
Reading in symbols for ../../i386/i386/machdep.c...done.
(kgdb) directory /usr/src/sys/i386/conf
Source directories searched: /m/katiska/news/crash:/usr/src/sys/i386/conf
(kgdb) up
Reading in symbols for ../../kern/subr_prf.c...done.
#1  0xf0114b43 in panic (fmt=(char *) 0xf01bca7e "page fault") (../../kern/subr_prf.c line 124)
(kgdb) up
Reading in symbols for ../../i386/i386/trap.c...done.
#2  0xf01bd57e in trap_fatal (frame=(struct trapframe *) 0xefbffe80) (../../i386/i386/trap.c line 745)
(kgdb) up
#3  0xf01bd0f0 in trap_pfault (frame=(struct trapframe *) 0xefbffe80, usermode=0) (../../i386/i386/trap.c line 667)
(kgdb) up
#4  0xf01bcd8f in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -272629868, tf_esi = -244656640, tf_ebp = -272629940, tf_isp = -267198779, tf_ebx = 0, tf_edx = -247663616, tf_ecx = 29, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -267198779, tf_cs = 8, tf_eflags = 66178, tf_esp = -272629868, tf_ss = -242884096}) (../../i386/i386/trap.c line 307)
(kgdb) down
#3  0xf01bd0f0 in trap_pfault (frame=(struct trapframe *) 0xefbffe80, usermode=0) (../../i386/i386/trap.c line 667)
(kgdb) print curpcb
$1 = -175075328
(kgdb) print &curpcb
$2 = (int *) 0xf01f8110
(kgdb) up
#4  0xf01bcd8f in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -272629868, tf_esi = -244656640, tf_ebp = -272629940, tf_isp = -267198779, tf_ebx = 0, tf_edx = -247663616, tf_ecx = 29, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -267198779, tf_cs = 8, tf_eflags = 66178, tf_esp = -272629868, tf_ss = -242884096}) (../../i386/i386/trap.c line 307)
(kgdb) print type
$3 = 0
(kgdb) up
#5  0xf01b2b4d in exception:calltrap ()
(kgdb) up
Reading in symbols for ../../kern/vfs_syscalls.c...done.
#6  0xf012dec5 in fchmod (p=(struct proc *) 0xf185e200, uap=(struct fchmod_args *) 0xefbfff94, retval=(int *) 0xefbfff8c) (../../kern/vfs_syscalls.c line 1503)
(kgdb) print vp
$4 = (struct vnode *) 0xf16ad600
(kgdb) print *vp
$5 = {v_flag = 0x00000000, v_usecount = 1, v_writecount = 1, v_holdcnt = 0, v_lastr = 0, v_id = 0x009127ad, v_mount = 0x0, v_op = 0xf13cf400, v_freelist = {tqe_next = 0x0, tqe_prev = 0xf1660d9c}, v_mntvnodes = {le_next = 0xf15b5380, le_prev = 0xf14b41a4}, v_cleanblkhd = {lh_first = 0x0}, v_dirtyblkhd = {lh_first = 0x0}, v_numoutput = 0, v_type = VBAD, v_un = {vu_mountedhere = 0x0, vu_socket = 0x0, vu_specinfo = 0x0, vu_fifoinfo = 0x0}, v_lease = 0x0, v_lastw = 0, v_cstart = 0, v_lasta = 0, v_clen = 0, v_ralen = 0, v_maxra = 0, v_vmdata = 0x0, v_tag = VT_NON, v_data = 0x0}
(kgdb) print vp->v_mount->mnt_flag
Cannot read memory: address 0x14 out of bounds.
(kgdb) print vp->v_mount
$6 = (struct mount *) 0x0
(kgdb) print p->p_fd
$7 = (struct filedesc *) 0xf1dcc180
(kgdb) print *p->p_fd
$8 = {fd_ofiles = 0xf1dcc19c, fd_ofileflags = 0xf1dcc1ec , fd_cdir = 0xf15fdd80, fd_rdir = 0x0, fd_nfiles = 20, fd_lastfile = 0x0004, fd_freefile = 0x0004, fd_cmask = 0x003f, fd_refcnt = 0x0001}
(kgdb) list
1498             if (error)
1499                    return (error);
1500            vp = (struct vnode *)fp->f_data;
1501            LEASE_CHECK(vp, p, p->p_ucred, LEASE_WRITE);
1502            VOP_LOCK(vp);
1503            if (vp->v_mount->mnt_flag & MNT_RDONLY)
1504                    error = EROFS;
1505            else {
1506                    VATTR_NULL(&vattr);
1507                    vattr.va_mode = uap->mode & ALLPERMS;
(kgdb) print vp->v_mount
$9 = (struct mount *) 0x0
(kgdb) print *vp
$10 = {v_flag = 0x00000000, v_usecount = 1, v_writecount = 1, v_holdcnt = 0, v_lastr = 0, v_id = 0x009127ad, v_mount = 0x0, v_op = 0xf13cf400, v_freelist = {tqe_next = 0x0, tqe_prev = 0xf1660d9c}, v_mntvnodes = {le_next = 0xf15b5380, le_prev = 0xf14b41a4}, v_cleanblkhd = {lh_first = 0x0}, v_dirtyblkhd = {lh_first = 0x0}, v_numoutput = 0, v_type = VBAD, v_un = {vu_mountedhere = 0x0, vu_socket = 0x0, vu_specinfo = 0x0, vu_fifoinfo = 0x0}, v_lease = 0x0, v_lastw = 0, v_cstart = 0, v_lasta = 0, v_clen = 0, v_ralen = 0, v_maxra = 0, v_vmdata = 0x0, v_tag = VT_NON, v_data = 0x0}
(kgdb)


>How-To-Repeat:

	Load a P90 heavily with random users, some of them running slirp.

	I will keep the crash dumps for couple of days in case someone
	wants them.

>Fix:
	
	Don't know, but either v_mount should not be NULL, or if it is
	ok to be NULL here, it needs to be checked?

>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510152234.AAA03482>