Date: Sun, 9 Aug 2009 14:25:28 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> To: Thomas Backman <serenity@exscape.org> Cc: FreeBSD current <freebsd-current@freebsd.org> Subject: Re: nmap UDP scan against 8.0-CURRENT -> fatal trap 12 Message-ID: <Pine.GSO.4.63.0908091421360.18198@muncher.cs.uoguelph.ca> In-Reply-To: <598778D3-AE7B-47AF-A4F9-0D832BC1A990@exscape.org> References: <598778D3-AE7B-47AF-A4F9-0D832BC1A990@exscape.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Aug 2009, Thomas Backman wrote: [stuff snipped] > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0x18 > fault code = supervisor read data, page not present > instruction pointer = 0x20:0xffffffff805d2722 > stack pointer = 0x28:0xffffff803e76f980 > frame pointer = 0x28:0xffffff803e76f990 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 846 (nfsd: service) [NOTE: nfsd was not in use, merely > running] > panic: from debugger > cpuid = 0 > KDB: stack backtrace: > Uptime: 8m48s > Physical memory: 2029 MB > Dumping 1625 MB: ... > > #11 0xffffffff805dba87 in calltrap () at > /usr/src/sys/amd64/amd64/exception.S:224 > #12 0xffffffff805d2722 in xdrmbuf_inline (xdrs=0xffffff803e76fa30, len=4) > at /usr/src/sys/xdr/xdr_mbuf.c:302 > #13 0xffffffff805d2b90 in xdrmbuf_getlong (xdrs=0xffffff803e76fa30, > lp=0xffffff803e76f9e0) at /usr/src/sys/xdr/xdr_mbuf.c:147 > #14 0xffffffff805d1a4d in xdr_int (xdrs=Variable "xdrs" is not available. > ) at /usr/src/sys/xdr/xdr.c:111 > #15 0xffffffff80554ef4 in xdr_callmsg (xdrs=0xffffff803e76fa30, > cmsg=0xffffff803e76fb70) at /usr/src/sys/rpc/rpc_callmsg.c:188 > #16 0xffffffff80559c60 in svc_dg_recv (xprt=Variable "xprt" is not available. > ) at /usr/src/sys/rpc/svc_dg.c:216 > #17 0xffffffff80557910 in svc_run_internal (pool=0xffffff00027acc00, > ismaster=0) at /usr/src/sys/rpc/svc.c:797 > #18 0xffffffff8055811b in svc_thread_start (arg=Variable "arg" is not > available. > ) at /usr/src/sys/rpc/svc.c:1198 > #19 0xffffffff80341008 in fork_exit ( > callout=0xffffffff80558110 <svc_thread_start>, arg=0xffffff00027acc00, > frame=0xffffff803e76fc80) at /usr/src/sys/kern/kern_fork.c:838 > #20 0xffffffff805dbf5e in fork_trampoline () at > /usr/src/sys/amd64/amd64/exception.S:561 > #21 0x0000000000000010 in ?? () > #22 0x00007fffffffe710 in ?? () > ... > #47 0x0000000000000000 in ?? () > #48 0xffffffff808acf00 in affinity () > #49 0xffffff0002d9d390 in ?? () > #50 0xffffff803e76f200 in ?? () > #51 0xffffff803e76f1b8 in ?? () > #52 0xffffff0002336720 in ?? () > #53 0xffffffff80391c2d in sched_switch (td=0xffffffff80558110, > newtd=0xffffff00027acc00, flags=Variable "flags" is not available. > ) at /usr/src/sys/kern/sched_ule.c:1858 > You could try this patch, which is currently in the re@ queue. I'm not sure if it will help, since the above panic didn't seem to happen at the beginning of xdrmbuf_inline() as I would have expected it to. rick --- xdr/xdr_mbuf.c.sav 2009-08-07 15:02:35.000000000 -0400 +++ xdr/xdr_mbuf.c 2009-08-07 15:03:04.000000000 -0400 @@ -282,6 +282,8 @@ size_t available; char *p; + if (!m) + return (0); if (xdrs->x_op == XDR_ENCODE) { available = M_TRAILINGSPACE(m) + (m->m_len - xdrs->x_handy); } else {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.63.0908091421360.18198>