From owner-freebsd-current@FreeBSD.ORG  Sun Aug  9 20:51:38 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1994B106566B
	for <freebsd-current@freebsd.org>; Sun,  9 Aug 2009 20:51:38 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id E4F678FC33
	for <freebsd-current@freebsd.org>; Sun,  9 Aug 2009 20:51:37 +0000 (UTC)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
	by cyrus.watson.org (Postfix) with ESMTPS id 8F9E146B0D;
	Sun,  9 Aug 2009 16:51:37 -0400 (EDT)
Date: Sun, 9 Aug 2009 21:51:37 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Rick Macklem <rmacklem@uoguelph.ca>
In-Reply-To: <Pine.GSO.4.63.0908091546510.5263@muncher.cs.uoguelph.ca>
Message-ID: <alpine.BSF.2.00.0908092150550.36842@fledge.watson.org>
References: <598778D3-AE7B-47AF-A4F9-0D832BC1A990@exscape.org>
	<Pine.GSO.4.63.0908091421360.18198@muncher.cs.uoguelph.ca>
	<00694EF2-9BBC-4733-91C7-A6AE973D8973@exscape.org>
	<Pine.GSO.4.63.0908091546510.5263@muncher.cs.uoguelph.ca>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: FreeBSD current <freebsd-current@freebsd.org>,
	Thomas Backman <serenity@exscape.org>
Subject: Re: nmap UDP scan against 8.0-CURRENT -> fatal trap 12
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Aug 2009 20:51:38 -0000

On Sun, 9 Aug 2009, Rick Macklem wrote:

>> Initial results are certainly good! :-) Pre-patch, it panicked three times 
>> in a row, as I said within a few seconds. Post-patch I've looped the 
>> simpler scan for a while (10 minutes, or about 8-9 runs) with no crash, and 
>> I also ran the more extensive one (which I doubt makes any difference...) 
>> once. Just for fun, I tried actually using nfsd while looping the scan, 
>> too. No problems.
>> 
> Ok, sounds good. It's already in the re@ queue, so it should make it into 
> 8.0. If it does crap out again, please let the list (and me) know.
>
> Thanks for testing the patch, rick ps: Thanks mostly goes to pho@ for his 
> "wicked" test scripts that found the crash that the above patch fixes + a 
> bunch of others.

It sounds a bit like we would benefit from some directed RPC fuzzing on the 
NFS client and server.  I wonder if an existing fuzzer could easily be adapted 
to generate RPC-like garbage?

Robert N M Watson
Computer Laboratory
University of Cambridge