netbsd-bugs: kern/26163: firefox 0.9.1 causes kernel trap in kern

Subject: kern/26163: firefox 0.9.1 causes kernel trap in kern_sa.c
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <rumble@ephemeral.org>
List: netbsd-bugs
Date: 07/04/2004 14:21:30
>Number:         26163
>Category:       kern
>Synopsis:       firefox 0.9.1 causes kernel trap in kern_sa.c
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 04 18:23:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Steve Rumble
>Release:        NetBSD 2.0_BETA
>Organization:
	
>Environment:
	
	
System: NetBSD t23.ephemeral.org 2.0_BETA NetBSD 2.0_BETA (T23) #0: Sat Jul 3 21:02:42 EDT 2004 rumble@t23.ephemeral.org:/usr/src/sys/arch/i386/compile/T23 i386
Architecture: i386
Machine: i386
>Description:
pkgsrc/www/firefox (presently 0.9.1) appears to lock on poll when
it doesn't have proper access to the installed location.
pkgsrc/www/firefox/MESSAGE suggests that it enters a restart
loop, but it appears to simply hang for me.

The process will not respond to SIGTERM and SIGKILL causes a page
fault trap. This is perfectly reproducible. 

The problem is a null pointer dereference in kern_sa.c:1146
(sa_getcachelwp()) as called from kern_sig.c:1273.c (kpsignal2()).

(gdb) bt
#0  0x00000001 in ?? ()
#1  0xc03fedaf in cpu_reboot (howto=45461504, bootstr=0x0)
    at ../../../../arch/i386/i386/machdep.c:743
#2  0xc03363a4 in db_sync_cmd (addr=1, have_addr=0, count=-1068562306, 
    modif=0xcbf03bd0 "喟}犁;鹚\001") at ../../../../ddb/db_command.c:750
#3  0xc0335df3 in db_command (last_cmdp=0xc074d504, cmd_table=0xcbf03bc8)
    at ../../../../ddb/db_command.c:464
#4  0xc0335b06 in db_command_loop () at ../../../../ddb/db_command.c:255
#5  0xc0338bd0 in db_trap (type=0, code=0) at ../../../../ddb/db_trap.c:101
#6  0xc03fc52e in kdb_trap (type=6, code=0, regs=0x0)
    at ../../../../arch/i386/i386/db_interface.c:225
#7  0xc040929f in trap (frame=0xcbf03e24)
    at ../../../../arch/i386/i386/trap.c:284
#8  0xc0102ebb in calltrap ()
#9  0xc03634aa in kpsignal2 (p=0xcc81fb38, ksi=0xcbf03ef4, dolock=1)
    at ../../../../kern/kern_sig.c:1273
#10 0xc0362af3 in sys_kill (l=0xcbf03bd0, v=0xcbf03f64, retval=0xcbf03f5c)
    at ../../../../kern/kern_sig.c:791
#11 0xc0408c8e in syscall_plain (frame=0xcbf03fa8)
    at ../../../../arch/i386/i386/syscall.c:156

USER    PID %CPU %MEM   VSZ RSS TT STAT STARTED    TIME COMMAND USER    PID       PPID PGID   SESS JOBC STAT TT    TIME COMMAND
rumble  171  0.0  0.0  1384   0 p1 RWs+ 11:44PM 0:00.00 (tcsh)  rumble  171 1208619266  171 d20d80    0 RWs+ p1 0:00.00 (tcsh)
rumble  174  0.0  0.0  1384   0 p2 RWs  11:44PM 0:00.00 (tcsh)  rumble  174 1208619266  174 d5c880    0 RWs  p2 0:00.00 (tcsh)
rumble 1013  0.0  0.0 31036   0 p2 RWa+ 11:45PM 0:10.00 (firefo rumble 1013 1208619266 1013 d5c880    1 RWa+ p2 0:10.00 (firefox-bi

 UID  PID       PPID CPU LID NLWP PRI NI   VSZ RSS WCHAN STAT TT    TIME COMMAND
1000  171 1208619266   0   1    1   3  0  1384   0 ttyin U    p1 0:00.00 (tcsh)
1000  174 1208619266   0   1    1  18  0  1384   0 pause U    p2 0:00.00 (tcsh)
1000 1013 1208619266  10   1    1   2  0 31036   0 poll  U    p2 0:10.00 (firefox-bin)

>How-To-Repeat:
	Install firefox 0.9.1 from pkgsrc cleanly (without ~/.mozilla)
and run as an unprivileged user. Should it hang, try to SIGKILL it.

>Fix:
unknown
>Release-Note:
>Audit-Trail:
>Unformatted: