kern/96981: reproducible instant reboot by unprivileged user
Lodewijk Vöge
lvoege at gmail.com
Sat Apr 28 17:30:10 UTC 2007
The following reply was made to PR kern/96981; it has been noted by GNATS.
From: =?ISO-8859-1?Q?Lodewijk_V=F6ge?= <lvoege at gmail.com>
To: Gavin Atkinson <gavin.atkinson at ury.york.ac.uk>
Cc: bug-followup at FreeBSD.org
Subject: Re: kern/96981: reproducible instant reboot by unprivileged user
Date: Sat, 28 Apr 2007 13:20:59 -0400
hello,
please disregard the previous stack trace. while it's the same
process and a much fuller stracktrace, the problem really seems to be
the thread that's hitting doreti_iret with the uninteresting trace of
"doreti_iret() at doreti_iret"
I've been sprinkling printf()s around in sys/amd64/amd64/trap.c, and
as far as I can tell:
- it passes through the block that printf()s "kernel trap 9 with
interrupts disabled"
- then to the block with /* kernel trap */ at the top
- to the T_PROTFLT clause in the switch, as type is 9
- it enters the block that points the frame's tf_rip field to
doreti_iret_fault. that block goto's to the end of trap(), which does
a return
- lockup
so my layman's suspicion is that it's a problem with doreti_iret_fault.
Lodewijk
More information about the freebsd-bugs
mailing list