kern/47217: t_fstatat crashes the kernel

[martin%NetBSD.org@localhost]

>Number:         47217
>Category:       kern
>Synopsis:       t_fstatat crashes the kernel
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Nov 19 14:55:00 +0000 2012
>Originator:     Martin Husemann
>Release:        NetBSD 6.99.15
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD thirdstage.duskware.de 6.99.15 NetBSD 6.99.15 (MODULAR) #17: Mon 
Nov 19 10:50:38 CET 2012 
martin%night-porter.duskware.de@localhost:/usr/src/sys/arch/sparc64/compile/MODULAR
 sparc64
Architecture: sparc64
Machine: sparc64
>Description:

The t_fstatat ATF test reproducably crashes my kernel. It seems to try to
write to an invalid stack address (a userland address confused with kernel
spac?) at:

(gdb) list *(do_sys_statat+0x7c)
0x15468dc is in do_sys_statat (../../../../kern/vfs_syscalls.c:3061).
3056            error = fd_nameiat(l, fdat, &nd);
3057            if (error != 0) {
3058                    pathbuf_destroy(pb);
3059                    return error;
3060            }
3061            error = vn_stat(nd.ni_vp, sb);
3062            vput(nd.ni_vp);
3063            pathbuf_destroy(pb);
3064            return error;
3065    }

Note that you do not need to be root to crash the machine now...

>How-To-Repeat:

        cd /usr/tests/lib/libc/c063 && atf-run t_fstatat 

>Fix:
yes!