netbsd-bugs: kern/8699: i386 kernel crash (trap) with out of control makes run as root?

Subject: kern/8699: i386 kernel crash (trap) with out of control makes run as root?
To: None <gnats-bugs@gnats.netbsd.org>
From: None <cgd@NetBSD.ORG>
List: netbsd-bugs
Date: 10/29/1999 00:27:40

>Number:         8699
>Category:       kern
>Synopsis:       i386 kernel crashed when make ran out of control as root.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Oct 29 00:27:00 1999
>Last-Modified:
>Originator:     Chris G. Demetriou
>Organization:
Kernel Hackers 'r' Us
>Release:        NetBSD 1.4.x-branch as of 19990921
>Environment:
System: NetBSD speedy.int.demetriou.com 1.4.1 NetBSD 1.4.1 (SPEEDY) #16: Tue Sep 21 23:35:27 PDT 1999     cgd@speedy.int.demetriou.com:/a/src/src-1-4-branch/sys/arch/i386/compile/SPEEDY i386
(but "1.4.1" just means 1.4-branch.)

>Description:
	[filed as a kern bug, rather than port-i386 since the smoking
	gun seems to have been held by tsleep...]

	I ran a 'make' in pkgsrc as root, and it went nuts doing
	an apparent recursive make because of some broken xpkgwedge
	dependency goop.  lots and lots of make processes.

	after running it once and having it croak because the system
	ran out of processes, I made the mistake of running it again.
	After almost maxing out the process table again (ps on the dead
	kernel said 501 processes, kern.maxproc on the rebooted kernel
	is 532) the kernel crashed with:

	fatal page fault in supervisor mode
	trap type 6 code 0 eip f0133b1c cs 8 eflags 10246 cr2 a8 cpl 0
	panic: trap
	syncing disks... 12 12 9 done

	(There are earlier relatively bad things; running out of mbuf
	clusters, out of space in proc table, file system full, etc.,
	but they happened a while before the crash.)

	Unfortunately I don't have a copy of this kernel with debugging
	symbols.  That EIP is:

	0xf0133b0a <tsleep+110>:        je     0xf0133d2b <tsleep+655>
	0xf0133b10 <tsleep+116>:        call   0xf0101d1c <eintrnames>
	0xf0133b15 <tsleep+121>:        jmp    0xf0133d2b <tsleep+655>
	0xf0133b1a <tsleep+126>:        movl   %esi,%esi
	0xf0133b1c <tsleep+128>:        movl   0xa8(%ebx),%eax
	0xf0133b22 <tsleep+134>:        andl   $0x20000040,%eax
	0xf0133b27 <tsleep+139>:        cmpl   $0x40,%eax
	0xf0133b2a <tsleep+142>:        jne    0xf0133b3e <tsleep+162>

	I can provide the kernel and crash dump, at least for a while...

>How-To-Repeat:
	as root, run an out of control recursive make?

>Fix:
	unknown.
>Audit-Trail:
>Unformatted: