>Number: 6443
>Category: system
>Synopsis: ypserv segfaults on 4.7 amd64
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Aug 09 15:40:02 GMT 2010
>Closed-Date:
>Last-Modified:
>Originator:
>Release:
>Organization:
>Environment:
System : OpenBSD 4.7
Details : OpenBSD 4.7 (GENERIC.MP) #130: Wed Mar 17 20:48:50 MDT
2010 [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
ypserv segmentation fault in a bcopy.
>How-To-Repeat:
run a production ypserv machine for a while with a lot of users.
>Fix:
details below, ypserv.core also in ~beck/on cvs. and yes I'll be checking
current/4.8 so if this has been fixed we can close it.
OpenBSD 4.7 (GENERIC.MP) #130: Wed Mar 17 20:48:50 MDT 2010
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3755810816 (3581MB)
avail mem = 3649376256 (3480MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xdffbc000 (49 entries)
bios0: vendor Dell Inc. version "1.3.4" date 10/10/2007
bios0: Dell Inc. PowerEdge SC1435
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC SPCR HPET MCFG SLIC ERST HEST BERT EINJ SRAT SSDT
acpi0: wakeup devices RTC_(S5) PXB_(S5) EXB1(S5) EXB2(S5) EXB3(S5)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Dual-Core AMD Opteron(tm) Processor 2210, 1800.30 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Dual-Core AMD Opteron(tm) Processor 2210, 1800.07 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line
16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 11, 16 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
ioapic1 at mainbus0: apid 3 pa 0xfec01000, version 11, 16 pins
ioapic1: misconfigured as apic 0, remapped to apid 3
ioapic2 at mainbus0: apid 4 pa 0xfec02000, version 11, 16 pins
ioapic2: misconfigured as apic 0, remapped to apid 4
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 3 (PXB_)
acpiprt2 at acpi0: bus 4 (PPBX)
acpiprt3 at acpi0: bus 5 (EXB0)
acpiprt4 at acpi0: bus 1 (EXB1)
acpiprt5 at acpi0: bus 2 (EXB2)
acpiprt6 at acpi0: bus 6 (EXB3)
acpiprt7 at acpi0: bus 7 (EXB4)
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
ipmi at mainbus0 not configured
cpu0: PowerNow! K8 1800 MHz: speeds: 1800 1000 MHz
pci0 at mainbus0 bus 0
ppb0 at pci0 dev 1 function 0 "ServerWorks HT-1000 PCI" rev 0x00
pci1 at ppb0 bus 3
ppb1 at pci1 dev 13 function 0 "ServerWorks HT-1000 PCIX" rev 0xc0
pci2 at ppb1 bus 4
pciide0 at pci1 dev 14 function 0 "ServerWorks HT-1000 SATA" rev 0x00: DMA
pciide0: using apic 2 int 6 (irq 6) for native-PCI interrupt
pciide0: port 0: device present, speed: 1.5Gb/s
wd0 at pciide0 channel 0 drive 0: <WDC WD800JD-75MSA3>
wd0: 16-sector PIO, LBA48, 76293MB, 156250000 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
pciide0: port 1: PHY offline
pciide0: port 2: PHY offline
pciide0: port 3: PHY offline
piixpm0 at pci0 dev 2 function 0 "ServerWorks HT-1000" rev 0x00: polling
iic0 at piixpm0
pciide1 at pci0 dev 2 function 1 "ServerWorks HT-1000 IDE" rev 0x00: DMA
atapiscsi0 at pciide1 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <HL-DT-ST, CD-ROM GCR-8240N, 1.10> ATAPI 5/cdrom
removable
cd0(pciide1:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 0
pcib0 at pci0 dev 2 function 2 "ServerWorks HT-1000 LPC" rev 0x00
ohci0 at pci0 dev 3 function 0 "ServerWorks HT-1000 USB" rev 0x01: apic 2 int
11 (irq 11), version 1.0, legacy support
ohci1 at pci0 dev 3 function 1 "ServerWorks HT-1000 USB" rev 0x01: apic 2 int
11 (irq 11), version 1.0, legacy support
ehci0 at pci0 dev 3 function 2 "ServerWorks HT-1000 USB" rev 0x01: apic 2 int
11 (irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "ServerWorks EHCI root hub" rev 2.00/1.00 addr 1
vga1 at pci0 dev 4 function 0 "ATI ES1000" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: apic 3 int 12 (irq 10)
drm0 at radeondrm0
ppb2 at pci0 dev 7 function 0 "ServerWorks HT-2100 PCIE" rev 0xa2
pci3 at ppb2 bus 5
ppb3 at pci0 dev 8 function 0 "ServerWorks HT-2100 PCIE" rev 0xa2
pci4 at ppb3 bus 1
bge0 at pci4 dev 0 function 0 "Broadcom BCM5721" rev 0x21, BCM5750 C1 (0x4201):
apic 3 int 1 (irq 5), address 00:1d:09:17:dd:9b
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb4 at pci0 dev 9 function 0 "ServerWorks HT-2100 PCIE" rev 0xa2
pci5 at ppb4 bus 2
bge1 at pci5 dev 0 function 0 "Broadcom BCM5721" rev 0x21, BCM5750 C1 (0x4201):
apic 3 int 5 (irq 10), address 00:1d:09:17:dd:9c
brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb5 at pci0 dev 10 function 0 "ServerWorks HT-2100 PCIE" rev 0xa2: apic 3 int
3 (irq 6)
pci6 at ppb5 bus 6
ppb6 at pci0 dev 11 function 0 "ServerWorks HT-2100 PCIE" rev 0xa2
pci7 at ppb6 bus 7
pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00
pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00
pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00
kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00: core rev
JH-F3
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "ServerWorks OHCI root hub" rev 1.00/1.00 addr 1
usb2 at ohci1: USB revision 1.0
uhub2 at usb2 "ServerWorks OHCI root hub" rev 1.00/1.00 addr 1
mtrr: Pentium Pro MTRR support
uhub3 at uhub0 port 3 "Dell product 0xa001" rev 2.00/0.00 addr 2
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
# p� �gdb /usr/sbin/ypserv ypser����� �����
# gdb /usr/sbin/ypserv ypserv.core
���������������������������������������������
# gdb /usr/sbin/ypserv ypserv.core �
�[?1034hGNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd4.7"...
(no debugging symbols found)
Core was generated by `ypserv'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libutil.so.11.0...done.
Loaded symbols for /usr/lib/libutil.so.11.0
Reading symbols from /usr/lib/librpcsvc.so.1.2...done.
Loaded symbols for /usr/lib/librpcsvc.so.1.2
Reading symbols from /usr/lib/libc.so.53.1...done.
Loaded symbols for /usr/lib/libc.so.53.1
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0 memcpy (dst0=0x2020e8020, src0=0x20f26dff2, length=0)
at /usr/src/lib/libc/string/bcopy.c:91
91 /usr/src/lib/libc/string/bcopy.c: No such file or directory.
in /usr/src/lib/libc/string/bcopy.c
(gdb) tr� �� �bt
#0 memcpy (dst0=0x2020e8020, src0=0x20f26dff2, length=0)
at /usr/src/lib/libc/string/bcopy.c:91
#1 0x0000000207251ed3 in xdrmem_putbytes (xdrs=0x204ca5010,
addr=0x20f26dff2 <Address 0x20f26dff2 out of bounds>, len=0)
at /usr/src/lib/libc/rpc/xdr_mem.c:177
#2 0x0000000207253ffb in xdr_opaque (xdrs=0x204ca5010,
cp=0x20f26dff2 <Address 0x20f26dff2 out of bounds>, cnt=0)
at /usr/src/lib/libc/rpc/xdr.c:467
#3 0x00000002072540f8 in xdr_bytes (xdrs=0x204ca5010, cpp=0x80aeb0,
sizep=0x3d, maxsize=1024) at /usr/src/lib/libc/rpc/xdr.c:523
#4 0x00000002009f64a8 in xdr_valdat (xdrs=0x2020e8020, objp=0xd285fd2)
at yp.c:68
#5 0x00000002009f66dc in xdr_ypresp_key_val (xdrs=0x204ca5010, objp=0x80aea0)
at yp.c:152
#6 0x0000000207251a73 in xdr_accepted_reply (xdrs=0x204ca5010,
ar=0x7f7ffffbd190) at /usr/src/lib/libc/rpc/rpc_prot.c:92
#7 0x0000000207254200 in xdr_union (xdrs=0x204ca5010, dscmp=0x7f7ffffbd188,
unp=0x7f7ffffbd190 "", choices=0x20747d480, dfault=0)
at /usr/src/lib/libc/rpc/xdr.c:579
#8 0x0000000207251b5e in xdr_replymsg (xdrs=0x204ca5010, rmsg=0x7f7ffffbd180)
at /usr/src/lib/libc/rpc/rpc_prot.c:138
#9 0x00000002072177d5 in svcudp_reply (xprt=0x204ca6380, msg=0x7f7ffffbd180)
at /usr/src/lib/libc/rpc/svc_udp.c:227
#10 0x00000002072183eb in svc_sendreply (xprt=0x2020e8020,
xdr_results=0x20f26dff2, xdr_location=0x0)
at /usr/src/lib/libc/rpc/svc.c:376
#11 0x0000000000402be6 in ?? ()
#12 0x0000000207218897 in svc_getreq_common (fd=34504736)
at /usr/src/lib/libc/rpc/svc.c:589
#13 0x0000000207218705 in svc_getreq_poll (pfd=0x20c3e3000, nready=254205938)
at /usr/src/lib/libc/rpc/svc.c:540
#14 0x0000000000402e13 in ?? ()
#15 0x00000000004030da in ?? ()
#16 0x00000000004025ac in ?? ()
#17 0x0000000000000001 in ?? ()
#18 0x00007f7ffffbdcc8 in ?? ()
#19 0x0000000000000000 in ?? ()
(gdb) quit
# uname -a
OpenBSD authgw.srv.ualberta.ca 4.7 GENERIC.MP#130 amd64
>Release-Note:
>Audit-Trail:
>Unformatted:
