From kagotani@in.it.okayama-u.ac.jp Wed Mar 24 18:09:42 1999
Return-Path: <kagotani@in.it.okayama-u.ac.jp>
Received: from herring.in.it.okayama-u.ac.jp (herring.in.it.okayama-u.ac.jp [150.46.6.41])
	by hub.freebsd.org (Postfix) with ESMTP id 4446714CF2
	for <freebsd-gnats-submit@freebsd.org>; Wed, 24 Mar 1999 18:09:40 -0800 (PST)
	(envelope-from kagotani@in.it.okayama-u.ac.jp)
Received: from deimos.in.it.okayama-u.ac.jp (deimos.in.it.okayama-u.ac.jp [150.46.6.88])
	by herring.in.it.okayama-u.ac.jp (8.8.8/3.6W) with ESMTP id LAA13209;
	Thu, 25 Mar 1999 11:09:20 +0900 (JST)
Received: (from kagotani@localhost)
	by deimos.in.it.okayama-u.ac.jp (8.9.2/3.6W) id LAA00503;
	Thu, 25 Mar 1999 11:09:55 +0900 (JST)
Message-Id: <199903250209.LAA00503@deimos.in.it.okayama-u.ac.jp>
Date: Thu, 25 Mar 1999 11:09:55 +0900 (JST)
From: Hiroto Kagotani <kagotani@in.it.okayama-u.ac.jp>
Reply-To: kagotani@in.it.okayama-u.ac.jp
To: FreeBSD-gnats-submit@freebsd.org
Cc: kagotani@in.it.okayama-u.ac.jp
Subject: executing gzipped shell scripts panics the kernel
X-Send-Pr-Version: 3.2

>Number:         10780
>Category:       kern
>Synopsis:       executing gzipped shell scripts panics the kernel
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 24 18:10:01 PST 1999
>Closed-Date:    Mon Jun 21 09:47:05 PDT 1999
>Last-Modified:  Mon Jun 21 09:48:05 PDT 1999
>Originator:     Hiroto Kagotani
>Release:        FreeBSD 3.1-RELEASE i386
>Organization:
Okayama University
>Environment:

	GENERIC 3.1-RELEASE kernel and
	perhaps any 3.1 kernel configured with gzip option

>Description:

	When I execute a gzipped shell script from {csh,zsh} as
	{a normal user,root}, the kernel always falls down by a panic
	and show a message:

Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x20
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xf014c524
stack pointer		= 0x10:0xf5245dec
frame pointer		= 0x10:0xf5245df8
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 201 (csh)
interrupt mask		=
trap numer		= 12
panic: page fault

>How-To-Repeat:

	% cat >/tmp/foo
	#!/bin/sh
	echo foo
	^D
	% chmod +x /tmp/foo
	% /tmp/foo
	foo
	% gzip -9n /tmp/foo
	% /tmp/foo.gz
	(and your kernel will fall down)

>Fix:
	
	


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: hoek 
State-Changed-When: Mon Jun 21 09:47:05 PDT 1999 
State-Changed-Why:  
Fixed in src/sys/imgact_gzip.c on -stable and current.  Thanks. 
>Unformatted:
