Date: Mon, 31 Dec 2001 16:58:28 +0100 From: Stefan Esser <se@freebsd.org> To: Michael Scheidell <scheidell@secnap.net> Cc: hackers@FreeBSD.ORG, Stefan Esser <se@freebsd.org> Subject: Re: Re: userland program panics freebsd 4.3 Message-ID: <20011231165828.D2301@StefanEsser.FreeBSD.org> In-Reply-To: <200112311529.fBVFTo844679@scanner.secnap.net> References: <20011231161100.C2301@StefanEsser.FreeBSD.org> <200112311529.fBVFTo844679@scanner.secnap.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2001-12-31 10:29 -0500, Michael Scheidell <scheidell@secnap.net> wrote: > as for hanging processes, this is probaly due to the bug in the FBSD > distributer libpcap, hanging on pcap_next(). IIRC, most processes were sleeping in select(). But truss revealed, that some processes were running in a loop executing signal mask functions and not responding to a kill -TERM ... > I got those also in nessus 1.09 > this was fixed in nessusd 1.1x, which uses its one libpcap. Then I must have a different problem, since I'm currently using 1.1.10 (will try 1.1.11 when I'm back in the office on January 8th). > I would be interested in seeing if nessus 1.10 or 1.11x panics freebsd at > your site. Sure it does ;-) http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32681 And it is the same problem you observed (and even the stack trace looks quite similar). The problem occurs on -stable and -current and with SMP and non-SMP kernels. The cause is a NULL pointer dereference in that fstatfs system call, where some pointer hanging off a vnode is cleared. Nessusd tries to read from /proc/PID (for PID = process IDs of plugins spawned) in order to see whether some plugin is still running. (The second method, used only if there is no PROCFS, is to call kill(PID, 0), which will check if a signal could be delivered. That method should probably be prefered to the reading of procfs anyway, since the latter takes 5 system calls instead of a single one in the case of kill() ...) Regards, STefan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011231165828.D2301>