netbsd-bugs: kern/12511: vnd + msdosfs + unzip = lose

Subject: kern/12511: vnd + msdosfs + unzip = lose
To: None <gnats-bugs@gnats.netbsd.org>
From: None <groo@old-ones.com>
List: netbsd-bugs
Date: 03/31/2001 00:15:40
>Number:         12511
>Category:       kern
>Synopsis:       vnd + msdosfs + unzip = lose
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 30 21:17:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Bill Squier
>Release:        NetBSD-1.5
>Organization:
Bill Squier (groo@old-ones.com)                          http://www.netbsd.org

        I know I don't deserve a second chance, but this _is_ America,
        and as an American, aren't I entitled to one?  --Sideshow Bob.
>Environment:
	
System: NetBSD yog-sothoth.old-ones.com 1.5 NetBSD 1.5 (YOG) #5: Sun Mar 4 23:07:22 EST 2001 groo@yog-sothoth.old-ones.com:/usr/src/sys/arch/i386/compile/YOG i386


>Description:
In an attempt to trick the Java clone of Dungeon Master into working on NetBSD,
I performed the following steps:

	dd if=/dev/zero of=dmj.msdos bs=1m count=30
	mformat -t 1024 -h 1 -s 60 g:
	# here, g: is defined to be the file created by dd
	vnconfig -c vnd0 dmj.msdos
	mount_msdos /dev/vnd0a /mnt
	cd /mnt
	unzip $SOMEWHERE/dmj.zip

	.
	.
	.

	receive lots of complaints about being unable to set times
	and create long filenames.

	realize how msdosfs works, and then...

	.
	.
	.

	rm -rf *
	cd /
	umount /mnt
	mount_msdos -l /dev/vnd0a /mnt
	cd /mnt
	unzip $SOMEWHERE/dmj.zip

	.
	.
	.

	note mouse freezes.  figure you've dropped to ddb.

	reboot 0x100


-------
(root, 4) /tmp/foo>gdb netbsd.0
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386--netbsd"...(no debugging symbols found)...
(gdb) target kcore netbsd.0.core
#0  0xc02d3588 in db_last_command ()
(gdb) bt
#0  0xc02d3588 in db_last_command ()
#1  0x6349000 in ?? ()
#2  0xc02393f7 in cpu_reboot ()
#3  0xc011ede0 in db_sifting_cmd ()
#4  0xc011eab8 in db_command ()
#5  0xc011ec5a in db_command_loop ()
#6  0xc01219ee in db_trap ()
#7  0xc023709a in kdb_trap ()
#8  0xc0240964 in trap ()
#9  0xc0100ec5 in calltrap ()
#10 0xc017776f in uniqdosname ()
#11 0xc0178d09 in msdosfs_create ()
#12 0xc0165aac in vn_open ()
#13 0xc0161ec2 in sys_open ()
#14 0xc0241054 in syscall ()
#15 0xc0100f7d in syscall1 ()
can not access 0xbfbfd38c, invalid translation (invalid PDE)
can not access 0xbfbfd38c, invalid translation (invalid PDE)
Cannot access memory at address 0xbfbfd38c.
--------

Something went wrong in uniqdosname().


Simultaneously, Greg Oster was performing nearly identical steps on his
box (but hadn't used the -l switch to mount_msdos).  It also hung, but
he didn't manage to get a crash dump.  Greg reports that he's running
1.5.1_ALPHA (circa Feb 16th)

>How-To-Repeat:
	Try to be "clever" like Greg and I.
>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted: