Date: Sat, 26 Dec 1998 00:22:00 -0500 (EST) From: Jason Garman <jgarman@Glue.umd.edu> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: kern/9195: daemons die with sig11 due to VM problems Message-ID: <Pine.GSO.3.95q.981226002120.28317A-100000@y.glue.umd.edu>
next in thread | raw e-mail | index | archive | help
>Number: 9195
>Category: kern
>Synopsis: daemons die with sig11 due to VM problems
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Dec 25 21:30:01 PST 1998
>Last-Modified:
>Originator: Jason Garman
>Organization:
individual
>Release: FreeBSD 3.0-CURRENT i386
>Environment:
FreeBSD jason.garman.net 3.0-CURRENT FreeBSD 3.0-CURRENT #5: Wed Dec 23
22:01:40 EST 1998 root@jason.garman.net:/usr/src/sys/compile/JASON
i386
on a PII/300 with 96MB of real memory, 150MB of swap
>Description:
When a "significant" amount of swap is used on this system ("significant"
can be any number from 50% on up) then daemons that fork die with
sigsegv's due to null pointer accesses. ie. it seems that particular
portions of the child processes' memory has been cleared.
>How-To-Repeat:
Make the machine swap. Try and get the daemon you want to segfault to
swap out of memory... then make it fork a few times. It'll start
segfaulting. It seems to correlate with the following message in syslog:
swap_pager: suggest more swap space: 189 MB
yet my swap usage is only half. Daemons which exhibit this behavior
include the Internet junkbuster (since it forks on every http connection),
samba, and secure shell.
A sample traceback from internet junkbuster follows:
bash$ gdb junkbuster junkbuster.core
....
Core was generated by `junkbuster'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/libexec/ld.so...done.
Reading symbols from /usr/lib/aout/libc.so.3.1...done.
#0 0x40e1 in block_url (http=0x26620, csp=0x26600) at filters.c:84
84 if((b->url->domain[0] == '\0') ||
(domaincmp(b->
url, url) == 0)) {
(gdb) x b->url
0x23cc0 <end+65108>: 0x00000000
(gdb) <enter> (several times... until...)
0x23cfc <end+65168>: 0x00000000
(gdb)
0x23d00 <end+65172>: 0x4e524157
>Fix:
The inetd "fix" simply appears to keep critical parts of inetd in memory
at all times. This seems to prevent this problem from manifesting itself
in inetd but still affects any other daemon which forks.
So no fix is known for this problem.
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.95q.981226002120.28317A-100000>