From owner-freebsd-hackers Mon Dec 31 7:56: 4 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from mailout09.sul.t-online.com (mailout09.sul.t-online.com [194.25.134.84]) by hub.freebsd.org (Postfix) with ESMTP id E52A537B42C; Mon, 31 Dec 2001 07:55:59 -0800 (PST) Received: from fwd00.sul.t-online.de by mailout09.sul.t-online.de with smtp id 16L4n8-0007Ln-02; Mon, 31 Dec 2001 16:55:58 +0100 Received: from Gatekeeper.FreeBSD.org (520047440004-0001@[80.132.237.19]) by fmrl00.sul.t-online.com with esmtp id 16L4mu-1SzGKmC; Mon, 31 Dec 2001 16:55:44 +0100 Received: from StefanEsser.FreeBSD.org (StefanEsser [10.0.0.1]) by Gatekeeper.FreeBSD.org (Postfix) with ESMTP id 17C545F14; Mon, 31 Dec 2001 16:56:08 +0100 (CET) Received: by StefanEsser.FreeBSD.org (Postfix, from userid 200) id BB6692809; Mon, 31 Dec 2001 16:58:28 +0100 (CET) Date: Mon, 31 Dec 2001 16:58:28 +0100 From: Stefan Esser To: Michael Scheidell Cc: hackers@FreeBSD.ORG, Stefan Esser Subject: Re: Re: userland program panics freebsd 4.3 Message-ID: <20011231165828.D2301@StefanEsser.FreeBSD.org> Reply-To: Stefan Esser Mail-Followup-To: Stefan Esser , Michael Scheidell , hackers@FreeBSD.ORG References: <20011231161100.C2301@StefanEsser.FreeBSD.org> <200112311529.fBVFTo844679@scanner.secnap.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200112311529.fBVFTo844679@scanner.secnap.net> User-Agent: Mutt/1.3.21i X-Sender: 520047440004-0001@t-dialin.net Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2001-12-31 10:29 -0500, Michael Scheidell wrote: > as for hanging processes, this is probaly due to the bug in the FBSD > distributer libpcap, hanging on pcap_next(). IIRC, most processes were sleeping in select(). But truss revealed, that some processes were running in a loop executing signal mask functions and not responding to a kill -TERM ... > I got those also in nessus 1.09 > this was fixed in nessusd 1.1x, which uses its one libpcap. Then I must have a different problem, since I'm currently using 1.1.10 (will try 1.1.11 when I'm back in the office on January 8th). > I would be interested in seeing if nessus 1.10 or 1.11x panics freebsd at > your site. Sure it does ;-) http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32681 And it is the same problem you observed (and even the stack trace looks quite similar). The problem occurs on -stable and -current and with SMP and non-SMP kernels. The cause is a NULL pointer dereference in that fstatfs system call, where some pointer hanging off a vnode is cleared. Nessusd tries to read from /proc/PID (for PID = process IDs of plugins spawned) in order to see whether some plugin is still running. (The second method, used only if there is no PROCFS, is to call kill(PID, 0), which will check if a signal could be delivered. That method should probably be prefered to the reading of procfs anyway, since the latter takes 5 system calls instead of a single one in the case of kill() ...) Regards, STefan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message