From owner-freebsd-current@FreeBSD.ORG Sun Aug 9 19:33:18 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 42C7D1065688 for ; Sun, 9 Aug 2009 19:33:18 +0000 (UTC) (envelope-from serenity@exscape.org) Received: from ch-smtp01.sth.basefarm.net (ch-smtp01.sth.basefarm.net [80.76.149.212]) by mx1.freebsd.org (Postfix) with ESMTP id 8380C8FC32 for ; Sun, 9 Aug 2009 19:33:17 +0000 (UTC) Received: from c83-253-252-234.bredband.comhem.se ([83.253.252.234]:53921 helo=mx.exscape.org) by ch-smtp01.sth.basefarm.net with esmtp (Exim 4.68) (envelope-from ) id 1MaE8W-0002Cp-58; Sun, 09 Aug 2009 21:32:58 +0200 Received: from [192.168.1.5] (macbookpro [192.168.1.5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx.exscape.org (Postfix) with ESMTPSA id 8CBA61914A1; Sun, 9 Aug 2009 21:32:55 +0200 (CEST) Message-Id: <00694EF2-9BBC-4733-91C7-A6AE973D8973@exscape.org> From: Thomas Backman To: Rick Macklem In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v936) Date: Sun, 9 Aug 2009 21:32:52 +0200 References: <598778D3-AE7B-47AF-A4F9-0D832BC1A990@exscape.org> X-Mailer: Apple Mail (2.936) X-Originating-IP: 83.253.252.234 X-Scan-Result: No virus found in message 1MaE8W-0002Cp-58. X-Scan-Signature: ch-smtp01.sth.basefarm.net 1MaE8W-0002Cp-58 7c5ed1776d2fea1585c5986d306de6da Cc: FreeBSD current Subject: Re: nmap UDP scan against 8.0-CURRENT -> fatal trap 12 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Aug 2009 19:33:18 -0000 On Aug 9, 2009, at 20:25, Rick Macklem wrote: > > > On Sun, 9 Aug 2009, Thomas Backman wrote: > > [stuff snipped] >> Fatal trap 12: page fault while in kernel mode >> cpuid = 0; apic id = 00 >> fault virtual address = 0x18 >> fault code = supervisor read data, page not present >> instruction pointer = 0x20:0xffffffff805d2722 >> stack pointer = 0x28:0xffffff803e76f980 >> frame pointer = 0x28:0xffffff803e76f990 >> code segment = base 0x0, limit 0xfffff, type 0x1b >> = DPL 0, pres 1, long 1, def32 0, gran 1 >> processor eflags = interrupt enabled, resume, IOPL = 0 >> current process = 846 (nfsd: service) [NOTE: nfsd was not in >> use, merely running] >> panic: from debugger >> cpuid = 0 >> KDB: stack backtrace: >> Uptime: 8m48s >> Physical memory: 2029 MB >> Dumping 1625 MB: ... >> >> #11 0xffffffff805dba87 in calltrap () at /usr/src/sys/amd64/ >> amd64/exception.S:224 >> #12 0xffffffff805d2722 in xdrmbuf_inline (xdrs=0xffffff803e76fa30, >> len=4) >> at /usr/src/sys/xdr/xdr_mbuf.c:302 >> #13 0xffffffff805d2b90 in xdrmbuf_getlong (xdrs=0xffffff803e76fa30, >> lp=0xffffff803e76f9e0) at /usr/src/sys/xdr/xdr_mbuf.c:147 >> #14 0xffffffff805d1a4d in xdr_int (xdrs=Variable "xdrs" is not >> available. >> ) at /usr/src/sys/xdr/xdr.c:111 >> #15 0xffffffff80554ef4 in xdr_callmsg (xdrs=0xffffff803e76fa30, >> cmsg=0xffffff803e76fb70) at /usr/src/sys/rpc/rpc_callmsg.c:188 >> #16 0xffffffff80559c60 in svc_dg_recv (xprt=Variable "xprt" is not >> available. >> ) at /usr/src/sys/rpc/svc_dg.c:216 >> #17 0xffffffff80557910 in svc_run_internal (pool=0xffffff00027acc00, >> ismaster=0) at /usr/src/sys/rpc/svc.c:797 >> #18 0xffffffff8055811b in svc_thread_start (arg=Variable "arg" is >> not available. >> ) at /usr/src/sys/rpc/svc.c:1198 >> #19 0xffffffff80341008 in fork_exit ( >> callout=0xffffffff80558110 , >> arg=0xffffff00027acc00, >> frame=0xffffff803e76fc80) at /usr/src/sys/kern/kern_fork.c:838 >> #20 0xffffffff805dbf5e in fork_trampoline () at /usr/src/sys/ >> amd64/amd64/exception.S:561 >> #21 0x0000000000000010 in ?? () >> #22 0x00007fffffffe710 in ?? () >> ... >> #47 0x0000000000000000 in ?? () >> #48 0xffffffff808acf00 in affinity () >> #49 0xffffff0002d9d390 in ?? () >> #50 0xffffff803e76f200 in ?? () >> #51 0xffffff803e76f1b8 in ?? () >> #52 0xffffff0002336720 in ?? () >> #53 0xffffffff80391c2d in sched_switch (td=0xffffffff80558110, >> newtd=0xffffff00027acc00, flags=Variable "flags" is not available. >> ) at /usr/src/sys/kern/sched_ule.c:1858 >> > You could try this patch, which is currently in the re@ queue. I'm not > sure if it will help, since the above panic didn't seem to happen at > the beginning of xdrmbuf_inline() as I would have expected it to. > > rick > --- xdr/xdr_mbuf.c.sav 2009-08-07 15:02:35.000000000 -0400 > +++ xdr/xdr_mbuf.c 2009-08-07 15:03:04.000000000 -0400 > @@ -282,6 +282,8 @@ > size_t available; > char *p; > > + if (!m) > + return (0); > if (xdrs->x_op == XDR_ENCODE) { > available = M_TRAILINGSPACE(m) + (m->m_len - xdrs->x_handy); > } else { > Initial results are certainly good! :-) Pre-patch, it panicked three times in a row, as I said within a few seconds. Post-patch I've looped the simpler scan for a while (10 minutes, or about 8-9 runs) with no crash, and I also ran the more extensive one (which I doubt makes any difference...) once. Just for fun, I tried actually using nfsd while looping the scan, too. No problems. Regards/thanks, Thomas