Am 11/05/15 um 17:56 schrieb Theo de Raadt:
To isolate it, can you try changing your shell to something from ports
and see if it does the same?
panic: ni_pledge
running process is sh
trace:
panic
pledge_namei
namei
emul_find
linux_elf_probe
exec_elf32_makecmds
check_exec
sys_execve
syscall
This diff might help. That specific panic was put into pledge for
the specific purpose of finding such missing initializations as we
transition towards tighter namei handling in pledge.
Index: compat/common/compat_util.c
===================================================================
RCS file: /cvs/src/sys/compat/common/compat_util.c,v
retrieving revision 1.16
diff -u -p -u -r1.16 compat_util.c
--- compat/common/compat_util.c 14 Mar 2015 03:38:46 -0000 1.16
+++ compat/common/compat_util.c 5 Nov 2015 16:54:54 -0000
@@ -105,6 +105,7 @@ emul_find(struct proc *p, caddr_t *sgp,
*cp = '\0';
NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, buf, p);
+ nid.ni_pledge = PLEDGE_EXEC;
if ((error = namei(&nd)) != 0)
goto bad;
@@ -112,6 +113,7 @@ emul_find(struct proc *p, caddr_t *sgp,
*cp = '/';
} else {
NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, buf, p);
+ nid.ni_pledge = PLEDGE_EXEC;
if ((error = namei(&nd)) != 0)
goto bad;
@@ -126,6 +128,7 @@ emul_find(struct proc *p, caddr_t *sgp,
*/
/* XXX: prototype should have const here for NDINIT */
NDINIT(&ndroot, LOOKUP, FOLLOW, UIO_SYSSPACE, prefix, p);
+ nid.ni_pledge = PLEDGE_EXEC;
if ((error = namei(&ndroot)) != 0)
goto bad2;
With the patch I was able to use ktrace / kdump. The program crashes the
system reliably. Here is the result:
30829 EMUL "native"
30829 ktrace RET ktrace 0
30829 ktrace CALL execve(0xcf7f0830,0xcf7f0780,0xcf7f0788)
30829 ktrace NAMI "/usr/local/bin/textmaker12"
30829 ktrace NAMI "/bin/sh"
30829 ktrace ARGS
[0] = "/bin/sh"
[1] = "/usr/local/bin/textmaker12"
30829 EMUL "native"
30829 sh RET execve 0
30829 sh CALL mprotect(0x340f3000,0x2000,0x1<PROT_READ>)
30829 sh RET mprotect 0
30829 sh CALL kbind(0,0,0,0x140eec8b)
30829 sh RET kbind 0
30829 sh CALL sysctl(6.7<hw.pagesize>,0x34101584,0xcf7d7c2c,0,0)
30829 sh RET sysctl 0
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2045644800/0x79ee1000
30829 sh CALL mprotect(0x79ee1000,0x1000,0x1<PROT_READ>)
30829 sh RET mprotect 0
30829 sh CALL pledge(0x340edebc,0)
30829 sh STRU pledge request="stdio rpath wpath cpath fattr
flock getpw proc exec tty"
30829 sh RET pledge 0
30829 sh CALL readlink(0x340f0301,0xcf7d7a88,63)
30829 sh NAMI "/etc/malloc.conf"
30829 sh RET readlink -1 errno 2 No such file or directory
30829 sh CALL issetugid()
30829 sh RET issetugid 0
30829 sh CALL getentropy(0xcf7d79d0,40)
30829 sh RET getentropy 0
30829 sh CALL
mmap(0,0x448,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2114609152/0x81f5a000
30829 sh CALL minherit(0x81f5a000,0x448,MAP_INHERIT_ZERO)
30829 sh RET minherit 0
30829 sh CALL
mmap(0,0x3000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2144292864/0x7fcf5000
30829 sh CALL mprotect(0x7fcf5000,0x1000,0<PROT_NONE>)
30829 sh RET mprotect 0
30829 sh CALL mprotect(0x7fcf7000,0x1000,0<PROT_NONE>)
30829 sh RET mprotect 0
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2111733760/0x7dde8000
30829 sh CALL mprotect(0x340fe000,0x1000,0x1<PROT_READ>)
30829 sh RET mprotect 0
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 1969307648/0x75614000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2114015232/0x81feb000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2126782464/0x813be000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2116661248/0x7e29b000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2060804096/0x7ad56000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 1994530816/0x76e22000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2084450304/0x83c1d000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2046881792/0x7a00f000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 1963028480/0x75017000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2132033536/0x80ebc000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2104254464/0x8293a000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2067447808/0x7b3ac000
30829 sh CALL sigaction(SIGINT,0x340f8290,0xcf7d7b1c)
30829 sh STRU struct sigaction { handler=SIG_IGN, mask=0<>,
flags=0<> }
30829 sh STRU struct sigaction { handler=SIG_DFL, mask=0<>,
flags=0<> }
30829 sh RET sigaction 0
30829 sh CALL sigaction(SIGINT,0xcf7d7b1c,0)
30829 sh STRU struct sigaction { handler=0x14116b80, mask=0<>,
flags=0<> }
30829 sh RET sigaction 0
30829 sh CALL sigaction(SIGQUIT,0x340f8290,0xcf7d7b1c)
30829 sh STRU struct sigaction { handler=SIG_IGN, mask=0<>,
flags=0<> }
30829 sh STRU struct sigaction { handler=SIG_DFL, mask=0<>,
flags=0<> }
30829 sh RET sigaction 0
30829 sh CALL sigaction(SIGQUIT,0xcf7d7b1c,0)
30829 sh STRU struct sigaction { handler=0x14116b80, mask=0<>,
flags=0<> }
30829 sh RET sigaction 0
30829 sh CALL sigaction(SIGTERM,0x340f8290,0xcf7d7b1c)
30829 sh STRU struct sigaction { handler=SIG_IGN, mask=0<>,
flags=0<> }
30829 sh STRU struct sigaction { handler=SIG_DFL, mask=0<>,
flags=0<> }
30829 sh RET sigaction 0
30829 sh CALL sigaction(SIGTERM,0xcf7d7b1c,0)
30829 sh STRU struct sigaction { handler=0x14116b80, mask=0<>,
flags=0<> }
30829 sh RET sigaction 0
30829 sh CALL sigaction(SIGHUP,0x340f8290,0xcf7d7b1c)
30829 sh STRU struct sigaction { handler=SIG_IGN, mask=0<>,
flags=0<> }
30829 sh STRU struct sigaction { handler=SIG_DFL, mask=0<>,
flags=0<> }
30829 sh RET sigaction 0
30829 sh CALL sigaction(SIGHUP,0xcf7d7b1c,0)
30829 sh STRU struct sigaction { handler=0x14116b80, mask=0<>,
flags=0<> }
30829 sh RET sigaction 0
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2065858560/0x7b228000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2067103744/0x7b358000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2144948224/0x7fd95000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2115592192/0x81e6a000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2106769408/0x826d4000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2128248832/0x81258000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2073444352/0x7b964000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 1985314816/0x76558000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2090287104/0x7c974000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 1979621376/0x75fea000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2114502656/0x7e08c000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 1962278912/0x74f60000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2005983232/0x7790e000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2129375232/0x81145000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2134364160/0x80c83000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2069700608/0x7b5d2000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2130268160/0x8106b000
30829 sh CALL stat(0x81145bad,0xcf7d798c)
30829 sh NAMI "/var/mail/sw"
30829 sh STRU struct stat { dev=1028, ino=649602,
mode=-rw------- , nlink=1, uid=1000<"sw">, gid=1000<"sw">, rdev=2593256,
atime=1444914614<"Oct 15 15:10:14 2015">, mtime=1446816774<"Nov 6
14:32:54 2015">, ctime=1446816833<"Nov 6 14:33:53 2015">.424053819,
size=27983, blocks=56, blksize=16384, flags=0x0, gen=0x0 }
30829 sh RET stat 0
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap -2084413440/0x83c26000
30829 sh CALL getpid()
30829 sh RET getpid 30829/0x786d
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2128293888/0x7edb3000
30829 sh CALL __getcwd(0x7b5d2808,1024)
30829 sh RET __getcwd 9
30829 sh CALL getppid()
30829 sh RET getppid 28735/0x703f
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2050895872/0x7a3e3000
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 1951875072/0x74574000
30829 sh CALL gettimeofday(0xcf7d7650,0)
30829 sh STRU struct timeval { 1446816871<"Nov 6 14:34:31
2015">.613393 }
30829 sh RET gettimeofday 0
30829 sh CALL gettimeofday(0xcf7d76c0,0)
30829 sh STRU struct timeval { 1446816871<"Nov 6 14:34:31
2015">.613406 }
30829 sh RET gettimeofday 0
30829 sh CALL geteuid()
30829 sh RET geteuid 1000<"sw">
30829 sh CALL getuid()
30829 sh RET getuid 1000<"sw">
30829 sh CALL getgid()
30829 sh RET getgid 1000<"sw">
30829 sh CALL getegid()
30829 sh RET getegid 1000<"sw">
30829 sh CALL open(0xcf7d7e14,0<O_RDONLY>)
30829 sh NAMI "/usr/local/bin/textmaker12"
30829 sh RET open 3
30829 sh CALL fcntl(3,F_DUPFD,0xa)
30829 sh RET fcntl 10/0xa
30829 sh CALL close(3)
30829 sh RET close 0
30829 sh CALL fcntl(10,F_SETFD,FD_CLOEXEC)
30829 sh RET fcntl 0
30829 sh CALL fstat(0,0xcf7d7ba8)
30829 sh STRU struct stat { dev=1024, ino=494197,
mode=crw--w---- , nlink=1, uid=1000<"sw">, gid=4<"tty">, rdev=1280,
atime=1446816871<"Nov 6 14:34:31 2015">.611633214,
mtime=1446816871<"Nov 6 14:34:31 2015">.611633214,
ctime=1446816871<"Nov 6 14:34:31 2015">.611633214, size=0, blocks=0,
blksize=65536, flags=0x0, gen=0x0 }
30829 sh RET fstat 0
30829 sh CALL sigprocmask(SIG_SETMASK,0<>)
30829 sh RET sigprocmask 0<>
30829 sh CALL sigaction(SIGCHLD,0x340f8290,0xcf7d7b0c)
30829 sh STRU struct sigaction { handler=SIG_IGN, mask=0<>,
flags=0<> }
30829 sh STRU struct sigaction { handler=SIG_DFL, mask=0<>,
flags=0<> }
30829 sh RET sigaction 0
30829 sh CALL sigaction(SIGCHLD,0xcf7d7b0c,0)
30829 sh STRU struct sigaction { handler=0x14116b80, mask=0<>,
flags=0<> }
30829 sh RET sigaction 0
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 1977139200/0x75d8c000
30829 sh CALL read(10,0x813be838,0x200)
30829 sh GIO fd 10 read 82 bytes
"#!/bin/sh
# A script to run TextMaker.
/usr/local/share/office2012/textmaker "$@"
"
30829 sh RET read 82/0x52
30829 sh CALL
mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
30829 sh RET mmap 2012594176/0x77f5c000
30829 sh CALL stat(0x7b3ac288,0xcf7d784c)
30829 sh NAMI "/usr/local/share/office2012/textmaker"
30829 sh STRU struct stat { dev=1029, ino=735390,
mode=-rwxr-xr-x , nlink=1, uid=0<"root">, gid=0<"wheel">, rdev=2987496,
atime=1446046872<"Oct 28 16:41:12 2015">.696320992,
mtime=1440403722<"Aug 24 10:08:42 2015">, ctime=1444936032<"Oct 15
21:07:12 2015">.455290691, size=13214020, blocks=25856, blksize=16384,
flags=0x0, gen=0x0 }
30829 sh RET stat 0
30829 sh CALL access(0x7b3ac288,0x1<X_OK>)
30829 sh NAMI "/usr/local/share/office2012/textmaker"
30829 sh RET access 0
30829 sh CALL sigprocmask(SIG_BLOCK,0x80000<SIGCHLD>)
30829 sh RET sigprocmask 0<>
30829 sh CALL fork()
30829 sh RET fork 23850/0x5d2a
30829 sh CALL sigsuspend(0<>)