From nobody@FreeBSD.org  Mon Sep  9 00:44:32 2002
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1432537B400
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  9 Sep 2002 00:44:32 -0700 (PDT)
Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AA74E43E3B
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  9 Sep 2002 00:44:31 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g897iUOT035236
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 9 Sep 2002 00:44:30 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.4/8.12.4/Submit) id g897iUbb035235;
	Mon, 9 Sep 2002 00:44:30 -0700 (PDT)
Message-Id: <200209090744.g897iUbb035235@www.freebsd.org>
Date: Mon, 9 Sep 2002 00:44:30 -0700 (PDT)
From: Olaf Klein <ok@adimus.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: kernel crash when starting ISC 3.2 X11 binaries under ibcs2
X-Send-Pr-Version: www-1.0

>Number:         42580
>Category:       kern
>Synopsis:       kernel crash when starting ISC 3.2 X11 binaries under ibcs2
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    robert
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 09 00:50:14 PDT 2002
>Closed-Date:    Thu Dec 29 17:01:31 GMT 2005
>Last-Modified:  Thu Dec 29 17:01:31 GMT 2005
>Originator:     Olaf Klein
>Release:        FreeBSD 4.7-PRERELEASE i386
>Organization:
Adimus GmbH
>Environment:
System: FreeBSD n24.adimus.de 4.7-PRERELEASE FreeBSD 4.7-PRERELEASE #1: Fri Sep 6 15:39:36 CEST 2002 root@n24.adimus.de:/usr/src/sys/compile/BBA2 i386
>Description:
I copied a full ISC 3.2 system into /compat/ibcs2 and loaded the ibcs2
kernel-modules. Oracle 6.0 is running fine under the system but the
system crashes when starting an ISC 3.2 binary which is dynamically 
linked with /shlib/libX11_s. Heres a backtrace from vmcore:

IdlePTD at phsyical address 0x00366000
initial pcb at physical address 0x002d2100
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x8966d14f
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc0247bec
stack pointer	        = 0x10:0xcd678d14
frame pointer	        = 0x10:0xcd678d18
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 137 (csh)
interrupt mask		= none
trap number		= 12
panic: page fault

#0  dumpsys () at ../../kern/kern_shutdown.c:487
(kgdb) bt
#0  dumpsys () at ../../kern/kern_shutdown.c:487
#1  0xc015383f in boot (howto=256) at ../../kern/kern_shutdown.c:316
#2  0xc0153c64 in poweroff_wait (junk=0xc02a72ac, howto=-1070961201)
    at ../../kern/kern_shutdown.c:595
#3  0xc026a0ce in trap_fatal (frame=0xcd678cd4, eva=2305216847)
    at ../../i386/i386/trap.c:974
#4  0xc0269da1 in trap_pfault (frame=0xcd678cd4, usermode=0, eva=2305216847)
    at ../../i386/i386/trap.c:867
#5  0xc026995f in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, 
      tf_edi = -1989750449, tf_esi = 0, tf_ebp = -848851688, 
      tf_isp = -848851712, tf_ebx = -1053388787, tf_edx = -1989750449, 
      tf_ecx = -1053388787, tf_eax = -1053388787, tf_trapno = 12, tf_err = 0, 
      tf_eip = -1071350804, tf_cs = 8, tf_eflags = 66178, tf_esp = 134218063, 
      tf_ss = -848851584}) at ../../i386/i386/trap.c:466
#6  0xc0247bec in strcpy (to=0xc136900d "/shlib/libX11_s", 
    from=0x8966d14f <Address 0x8966d14f out of bounds>)
    at ../../libkern/strcpy.c:43
#7  0xc0273820 in exec_coff_imgact (imgp=0xcd678e18)
    at ../../i386/ibcs2/imgact_coff.c:394
#8  0xc014aeac in execve (p=0xcc015700, uap=0xcd678f80)
    at ../../kern/kern_exec.c:208
#9  0xc026a37d in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
      tf_edi = 135512896, tf_esi = 135464320, tf_ebp = -1077954372, 
      tf_isp = -848850988, tf_ebx = 135512944, tf_edx = 135464348, 
      tf_ecx = 135464448, tf_eax = 59, tf_trapno = 22, tf_err = 2, 
      tf_eip = 134974584, tf_cs = 31, tf_eflags = 659, tf_esp = -1077954400, 
      tf_ss = 47}) at ../../i386/i386/trap.c:1175
#10 0xc025b485 in Xint0x80_syscall ()
Cannot access memory at address 0xbfbfb8bc.

>How-To-Repeat:
As any User start a with libX11_s dynamically linked ISC 3.2 binary.
>Fix:

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: robert 
State-Changed-When: Mon Sep 9 08:53:21 PDT 2002 
State-Changed-Why:  
A fix has been committed to -current; 
thank you for reporting the bug! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42580 
Responsible-Changed-From-To: freebsd-bugs->robert 
Responsible-Changed-By: kris 
Responsible-Changed-When: Mon Jul 14 02:55:59 PDT 2003 
Responsible-Changed-Why:  
Assign to robert to determine MFC status 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42580 
State-Changed-From-To: patched->closed 
State-Changed-By: netchild 
State-Changed-When: Thu Dec 29 17:00:23 UTC 2005 
State-Changed-Why:  
I think the fix is available in every supported branch (5.x and 6.x). 
So close this old PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42580 
>Unformatted:
