sharity-light => uvm_fault

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

sharity-light => uvm_fault

Markus Wawersich
Hi,

I have used sendbug to send this bugreport, but I don't got any message from
You.
And the Bug Tracking system on http://www.openbsd.org/query-pr.html don't
work
(klick on "Query" => The requested URL /cgi-bin/query-pr-wrapper was not found
on this server

So I send this report as email (again ?):

hope this is ok.

=============================================================================
=====
>Synopsis:      sharity-light => uvm_fault
>Category:      kernel
>Environment:
        System      : OpenBSD 5.0
        Details     : OpenBSD 5.0 (GENERIC) #43: Wed Aug 17 10:10:52 MDT 2011
                         [hidden email]:/usr/src/sys/arch/i386/comp
ile/GENERIC

        Architecture: OpenBSD.i386
        Machine     : i386
>Description:

I have tested this issue with 3 different computers with OpenBSD 5.0.
I keep getting the same crash.
I have tested the bsd Kernel from 5.0 and this one:
http://openbsd.cs.fau.de/pub/OpenBSD/snapshots/i386/bsd
Always the same result.

I want to synchronize a samba share (mounted with shlight) with rsync.
But it crashes again and again. So I have reduced the issu to this simple
steps:
- mount a share with shlight
- chown a folder of the share
- ls the folder


>How-To-Repeat:
You need:
- OpenBSD 5.0
- the package "sharity-light-1.3p0.tgz"
- a linux server with samba (I think an ObenBSD or Windows server is also OK)

Then mount the samba-share

mkdir /tmp/server
shlight //<server-ip>/<name of the share> /tmp/server -n
mkdir /tmp/server/new-folder
chown nobody /tmp/server/new-folder
ls /tmp/server/new-folder

then You see :
___________________________________________________________________________
uvm_fault(0xd09fa3c0, 0xefffa000, 0, 3) -> d
kernel: page fault trap, code=0
Stopped at      cache_zap+0x23: movl    %eax,0x4(%edx)
ddb>
___________________________________________________________________________

Instead of "ls /tmp/server/new-folder" you can also take "unshlight -a" to get
this uvm_fault.

Once I received this error (after "boot sync") :
___________________________________________________________________________
uvm_fault(0xd09fa3c0, 0xefffa000, 0, 3) -> d
kernel: page fault trap, code=0
Stopped at      cache_zap+0x23: movl    %eax,0x4(%edx)
ddb> boor sync
No such command
ddb> boot sync
syncing disks... panic: rw_enter: vfslock locking against myself
Stopped at      Debugger+0x4:   popl    %ebp
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> trace
Debugger(d08cee78,d506ca24,d08ac338,d506ca24,d09b3a3c) at Debugger+0x4
panic(d08ac338,d08b0da7,d506ca2c,d0202146,d0a4852c) at panic+0x5d
rw_enter(d109801c,41,d506cb3c,11,d1098000) at rw_enter+0x211
vfs_busy(d1098000,5,0,0,d506cac4) at vfs_busy+0x35
sys_sync(d0a1bf40,0,0,0,0) at sys_sync+0x3d
vfs_shutdown(d506cafc,14,d506cb08,d03a8f95,d) at vfs_shutdown+0x7a
boot(4800,d506cb3c,d506cbc8,d03a6e64,d040e903) at boot+0x18a
db_boot_sync_cmd(d040e903,0,ffffffff,d506cb40,0) at db_boot_sync_cmd+0x12
db_command(d09b1780,d09b15a0,0,d040e903,d506ccc4) at db_command+0x124
db_command_loop(d040e903,d506cc30,d506cc38,d03b300d,800) at
db_command_loop+0x7
1
db_trap(6,0,58,d506ccc4,efffa000) at db_trap+0xc0
kdb_trap(6,0,d506ccc4,3,d) at kdb_trap+0xc7
trap() at trap+0x27a
--- trap (number -721114120) ---
Bad frame pointer: 0xd5032254
0xd5060002:
ddb> ps
   PID   PPID   PGRP    UID  S       FLAGS  WAIT          COMMAND
* 8256  25408   8256      0  7           0                unshlight
 13421      1  29620      0  3        0x80  select        shlight
 25408  20232  25408      0  3        0x80  wait          bash
 20232   5071  20232      0  3        0x80  select        sshd
 32573      1  32573      0  3        0x80  ttyin         getty
 14066      1  14066      0  3        0x80  select        cron
 27934      1  27934      0  3        0x80  htplev        hotplugd
 24527      0      0      0  3    0x100280  nfsidl        nfsio
 21322      0      0      0  3    0x100280  nfsidl        nfsio
 18191      0      0      0  3    0x100280  nfsidl        nfsio
 16231      0      0      0  3    0x100280  nfsidl        nfsio
 26925   4691   4691     70  3        0x80  select        named
  4691      1   4691      0  3        0x80  netio         named
 28854      1  28854      0  3        0x80  select        nmbd
 17452  19216  19216      0  3        0x80  select        smbd
 19216      1  19216      0  3        0x80  select        smbd
   561      1  22916    585  3        0x80  kqread        lighttpd
 32289      1  32289      0  3        0x80  select        inetd
 19298      1  19298     77  3        0x80  poll          dhcpd
  5071      1   5071      0  3        0x80  select        sshd
 18266  22418  22498     83  3        0x80  poll          ntpd
 22418  22498  22498     83  3        0x80  poll          ntpd
 22498      1  22498      0  3        0x80  poll          ntpd
 28023   8065   8065     70  2       0x480                named
  8065      1   8065      0  3        0x80  netio         named
  2506  19806  19806     74  3        0x80  bpf           pflogd
 19806      1  19806      0  3        0x80  netio         pflogd
  2985   8538   8538     73  2        0x80                syslogd
  8538      1   8538      0  3        0x80  netio         syslogd
 25769      1  25769     77  3        0x80  poll          dhclient
 26694      1  11114      0  3        0x80  poll          dhclient
    13      0      0      0  3    0x100200  aiodoned      aiodoned
    12      0      0      0  3    0x100200  syncer        update
    11      0      0      0  3    0x100200  cleaner       cleaner
    10      0      0      0  3    0x100200  reaper        reaper
     9      0      0      0  3    0x100200  pgdaemon      pagedaemon
     8      0      0      0  3    0x100200  bored         crypto
     7      0      0      0  3    0x100200  pftm          pfpurge
     6      0      0      0  3    0x100200  usbtsk        usbtask
     5      0      0      0  3    0x100200  usbatsk       usbatsk
     4      0      0      0  3    0x100200  bored         syswq
     3      0      0      0  3  0x40100200                idle0
     2      0      0      0  3    0x100200  kmalloc       kmthread
     1      0      1      0  3        0x80  wait          init
     0     -1      0      0  3       0x200  scheduler     swapper
ddb>
___________________________________________________________________________



Thank you!

>Fix:



dmesg:
OpenBSD 5.0 (GENERIC) #43: Wed Aug 17 10:10:52 MDT 2011
    [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC"
586-class) 234 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
real mem  = 133754880 (127MB)
avail mem = 121581568 (115MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 20/80/03, BIOS32 rev. 0 @ 0xf7840
pcibios0 at bios0: rev 2.0 @ 0xf0000/0x10000
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0x9000
cpu0 at mainbus0: (uniprocessor)
cpu0: TSC disabled
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Cyrix GXm PCI" rev 0x00
sis0 at pci0 dev 6 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 10,
address 00:00:24:cd:cc:4c
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 7 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 10,
address 00:00:24:cd:cc:4d
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 8 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 10,
address 00:00:24:cd:cc:4e
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
gscpcib0 at pci0 dev 18 function 0 "NS SC1100 ISA" rev 0x00
gpio0 at gscpcib0: 64 pins
"NS SC1100 SMI" rev 0x00 at pci0 dev 18 function 1 not configured
pciide0 at pci0 dev 18 function 2 "NS SCx200 IDE" rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 1: <TS4GCF133>
wd0: 1-sector PIO, LBA, 3823MB, 7831152 sectors
wd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
geodesc0 at pci0 dev 18 function 5 "NS SC1100 X-Bus" rev 0x00: iid 6 revision
3 wdstatus 0
ohci0 at pci0 dev 19 function 0 "Compaq USB OpenHost" rev 0x08: irq 11,
version 1.0, legacy support
isa0 at gscpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS
gpio1 at nsclpcsio0: 29 pins
gscsio0 at isa0 port 0x15c/2: SC1100 SIO rev 1:
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb0 at ohci0: USB revision 1.0
uhub0 at usb0 "Compaq OHCI root hub" rev 1.00/1.00 addr 1
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a (f23e5355ea76db01.a) swap on wd0b dump on wd0b
WARNING: / was not properly unmounted

usbdevs:
Controller /dev/usb0:
addr 1: full speed, self powered, config 1, OHCI root hub(0x0000),
Compaq(0x0e11), rev 1.00
 port 1 powered
 port 2 powered
 port 3 powered

pcidump:
Domain /dev/pci0:
 0:0:0: Cyrix GXm PCI
        0x0000: Vendor ID: 1078 Product ID: 0001
        0x0004: Command: 0107 Status ID: 0280
        0x0008: Class: 06 Subclass: 00 Interface: 00 Revision: 00
        0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size:
00
        0x0010: BAR empty (00000000)
        0x0014: BAR empty (00000000)
        0x0018: BAR empty (00000000)
        0x001c: BAR empty (00000000)
        0x0020: BAR empty (00000000)
        0x0024: BAR empty (00000000)
        0x0028: Cardbus CIS: 00000000
        0x002c: Subsystem Vendor ID: 0000 Product ID: 0000
        0x0030: Expansion ROM Base Address: 00000000
        0x0038: 00000000
        0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00
        0x0000: 00011078 02800107 06000000 00000000
        0x0010: 00000000 00000000 00000000 00000000
        0x0020: 00000000 00000000 00000000 00000000
        0x0030: 00000000 00000000 00000000 00000000
        0x0040: 41001c0e 00000000 00000000 00000000
        0x0050: 00000000 00000000 00000000 00000000
        0x0060: 00000000 00000000 00000000 00000000
        0x0070: 00000000 00000000 00000000 00000000
        0x0080: 00000000 00000000 00000000 00000000
        0x0090: 00000000 00000000 00000000 00000000
        0x00a0: 00000000 00000000 00000000 00000000
        0x00b0: 00000000 00000000 00000000 00000000
        0x00c0: 00000000 00000000 00000000 00000000
        0x00d0: 00000000 00000000 00000000 00000000
        0x00e0: 00000000 00000000 00000000 00000000
        0x00f0: 00000000 00000000 00000000 00000000
 0:6:0: NS DP83815 10/100
        0x0000: Vendor ID: 100b Product ID: 0020
        0x0004: Command: 0107 Status ID: 0290
        0x0008: Class: 02 Subclass: 00 Interface: 00 Revision: 00
        0x000c: BIST: 00 Header Type: 00 Latency Timer: 3f Cache Line Size:
00
        0x0010: BAR io addr: 0x0000e100/0x0100
        0x0014: BAR mem 32bit addr: 0xa0000000/0x00001000
        0x0018: BAR empty (00000000)
        0x001c: BAR empty (00000000)
        0x0020: BAR empty (00000000)
        0x0024: BAR empty (00000000)
        0x0028: Cardbus CIS: 00000000
        0x002c: Subsystem Vendor ID: 100b Product ID: 0020
        0x0030: Expansion ROM Base Address: 3f000000
        0x0038: 00000000
        0x003c: Interrupt Pin: 01 Line: 0a Min Gnt: 0b Max Lat: 34
        0x0040: Capability 0x01: Power Management
        0x0000: 0020100b 02900107 02000000 00003f00
        0x0010: 0000e101 a0000000 00000000 00000000
        0x0020: 00000000 00000000 00000000 0020100b
        0x0030: 3f000000 00000040 00000000 340b010a
        0x0040: ff820001 00000000 00000000 00000000
        0x0050: 00000000 00000000 00000000 00000000
        0x0060: 00000000 00000000 00000000 00000000
        0x0070: 00000000 00000000 00000000 00000000
        0x0080: 00000000 00000000 00000000 00000000
        0x0090: 00000000 00000000 00000000 00000000
        0x00a0: 00000000 00000000 00000000 00000000
        0x00b0: 00000000 00000000 00000000 00000000
        0x00c0: 00000000 00000000 00000000 00000000
        0x00d0: 00000000 00000000 00000000 00000000
        0x00e0: 00000000 00000000 00000000 00000000
        0x00f0: 00000000 00000000 00000000 00000000
 0:7:0: NS DP83815 10/100
        0x0000: Vendor ID: 100b Product ID: 0020
        0x0004: Command: 0107 Status ID: 0290
        0x0008: Class: 02 Subclass: 00 Interface: 00 Revision: 00
        0x000c: BIST: 00 Header Type: 00 Latency Timer: 3f Cache Line Size:
00
        0x0010: BAR io addr: 0x0000e200/0x0100
        0x0014: BAR mem 32bit addr: 0xa0001000/0x00001000
        0x0018: BAR empty (00000000)
        0x001c: BAR empty (00000000)
        0x0020: BAR empty (00000000)
        0x0024: BAR empty (00000000)
        0x0028: Cardbus CIS: 00000000
        0x002c: Subsystem Vendor ID: 100b Product ID: 0020
        0x0030: Expansion ROM Base Address: 3f000000
        0x0038: 00000000
        0x003c: Interrupt Pin: 01 Line: 0a Min Gnt: 0b Max Lat: 34
        0x0040: Capability 0x01: Power Management
        0x0000: 0020100b 02900107 02000000 00003f00
        0x0010: 0000e201 a0001000 00000000 00000000
        0x0020: 00000000 00000000 00000000 0020100b
        0x0030: 3f000000 00000040 00000000 340b010a
        0x0040: ff820001 00000000 00000000 00000000
        0x0050: 00000000 00000000 00000000 00000000
        0x0060: 00000000 00000000 00000000 00000000
        0x0070: 00000000 00000000 00000000 00000000
        0x0080: 00000000 00000000 00000000 00000000
        0x0090: 00000000 00000000 00000000 00000000
        0x00a0: 00000000 00000000 00000000 00000000
        0x00b0: 00000000 00000000 00000000 00000000
        0x00c0: 00000000 00000000 00000000 00000000
        0x00d0: 00000000 00000000 00000000 00000000
        0x00e0: 00000000 00000000 00000000 00000000
        0x00f0: 00000000 00000000 00000000 00000000
 0:8:0: NS DP83815 10/100
        0x0000: Vendor ID: 100b Product ID: 0020
        0x0004: Command: 0107 Status ID: 0290
        0x0008: Class: 02 Subclass: 00 Interface: 00 Revision: 00
        0x000c: BIST: 00 Header Type: 00 Latency Timer: 3f Cache Line Size:
00
        0x0010: BAR io addr: 0x0000e300/0x0100
        0x0014: BAR mem 32bit addr: 0xa0002000/0x00001000
        0x0018: BAR empty (00000000)
        0x001c: BAR empty (00000000)
        0x0020: BAR empty (00000000)
        0x0024: BAR empty (00000000)
        0x0028: Cardbus CIS: 00000000
        0x002c: Subsystem Vendor ID: 100b Product ID: 0020
        0x0030: Expansion ROM Base Address: 3f000000
        0x0038: 00000000
        0x003c: Interrupt Pin: 01 Line: 0a Min Gnt: 0b Max Lat: 34
        0x0040: Capability 0x01: Power Management
        0x0000: 0020100b 02900107 02000000 00003f00
        0x0010: 0000e301 a0002000 00000000 00000000
        0x0020: 00000000 00000000 00000000 0020100b
        0x0030: 3f000000 00000040 00000000 340b010a
        0x0040: ff820001 00000000 00000000 00000000
        0x0050: 00000000 00000000 00000000 00000000
        0x0060: 00000000 00000000 00000000 00000000
        0x0070: 00000000 00000000 00000000 00000000
        0x0080: 00000000 00000000 00000000 00000000
        0x0090: 00000000 00000000 00000000 00000000
        0x00a0: 00000000 00000000 00000000 00000000
        0x00b0: 00000000 00000000 00000000 00000000
        0x00c0: 00000000 00000000 00000000 00000000
        0x00d0: 00000000 00000000 00000000 00000000
        0x00e0: 00000000 00000000 00000000 00000000
        0x00f0: 00000000 00000000 00000000 00000000
 0:18:0: NS SC1100 ISA
        0x0000: Vendor ID: 100b Product ID: 0510
        0x0004: Command: 001f Status ID: 0280
        0x0008: Class: 06 Subclass: 01 Interface: 00 Revision: 00
        0x000c: BIST: 00 Header Type: 80 Latency Timer: 3f Cache Line Size:
08
        0x0010: BAR io addr: 0x00006100/0x0040
        0x0014: BAR io addr: 0x00006200/0x0040
        0x0018: BAR empty (00000000)
        0x001c: BAR empty (00000000)
        0x0020: BAR empty (00000000)
        0x0024: BAR empty (00000000)
        0x0028: Cardbus CIS: 00000000
        0x002c: Subsystem Vendor ID: 100b Product ID: 0500
        0x0030: Expansion ROM Base Address: 00000000
        0x0038: 00000000
        0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00
        0x0000: 0510100b 0280001f 06010000 00803f08
        0x0010: 00006101 00006201 00000000 00000000
        0x0020: 00000000 00000000 00000000 0500100b
        0x0030: 00000000 00000000 00000000 00000000
        0x0040: 3e4d0019 06e60001 00000000 ffffffff
        0x0050: 039e407b 00000000 28010000 0000b00a
        0x0060: 00000000 00000000 00000000 ff000000
        0x0070: 00000000 00000000 00000000 00000000
        0x0080: 00080005 00000000 00000000 00000000
        0x0090: c0000000 00000000 00000000 00000000
        0x00a0: 00000000 00000000 00000000 00000000
        0x00b0: 00000000 b5aca704 0c9c1140 00000000
        0x00c0: 00000000 00000000 00000000 00000000
        0x00d0: 00000000 00000000 00000000 00000000
        0x00e0: 00000000 00000000 00000000 00000000
        0x00f0: 00000000 00000000 00000000 00000000
 0:18:1: NS SC1100 SMI
        0x0000: Vendor ID: 100b Product ID: 0511
        0x0004: Command: 0001 Status ID: 0280
        0x0008: Class: 06 Subclass: 80 Interface: 00 Revision: 00
        0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size:
00
        0x0010: BAR io addr: 0x00006300/0x0100
        0x0014: BAR empty (00000000)
        0x0018: BAR empty (00000000)
        0x001c: BAR empty (00000000)
        0x0020: BAR empty (00000000)
        0x0024: BAR empty (00000000)
        0x0028: Cardbus CIS: 00000000
        0x002c: Subsystem Vendor ID: 100b Product ID: 0501
        0x0030: Expansion ROM Base Address: 00000000
        0x0038: 00000000
        0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00
        0x0000: 0511100b 02800001 06800000 00000000
        0x0010: 00006301 00000000 00000000 00000000
        0x0020: 00000000 00000000 00000000 0501100b
        0x0030: 00000000 00000000 00000000 00000000
        0x0040: 00006401 00000000 00000000 00000000
        0x0050: 00000000 00000000 00000000 00000000
        0x0060: 00000000 00000000 00000000 00000000
        0x0070: 00000000 00000000 00000000 00000000
        0x0080: 00000000 00000000 00000000 00000000
        0x0090: 00000000 00000000 00000000 00000000
        0x00a0: 00000000 00000000 00000000 00000000
        0x00b0: 00000000 00000000 00000000 00000000
        0x00c0: 00000000 00000000 00000000 00000000
        0x00d0: 00000000 00000000 00000000 00000000
        0x00e0: 00000000 00000000 00000000 00000000
        0x00f0: 00000000 00000000 00000000 00000000
 0:18:2: NS SCx200 IDE
        0x0000: Vendor ID: 100b Product ID: 0502
        0x0004: Command: 0005 Status ID: 0280
        0x0008: Class: 01 Subclass: 01 Interface: 80 Revision: 01
        0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size:
00
        0x0010: BAR empty (00000000)
        0x0014: BAR empty (00000000)
        0x0018: BAR empty (00000000)
        0x001c: BAR empty (00000000)
        0x0020: BAR io addr: 0x0000e000/0x0010
        0x0024: BAR empty (00000000)
        0x0028: Cardbus CIS: 00000000
        0x002c: Subsystem Vendor ID: 100b Product ID: 0502
        0x0030: Expansion ROM Base Address: 00000000
        0x0038: 00000000
        0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00
        0x0000: 0502100b 02800005 01018001 00000000
        0x0010: 00000000 00000000 00000000 00000000
        0x0020: 0000e001 00000000 00000000 0502100b
        0x0030: 00000000 00000000 00000000 00000000
        0x0040: 00009172 00077771 00040010 00911030
        0x0050: 00009172 00077771 00009172 00077771
        0x0060: 00000000 00000000 00000000 00000000
        0x0070: 00000000 00000000 00000000 00000000
        0x0080: 00000000 00000000 00000000 00000000
        0x0090: 00000000 00000000 00000000 00000000
        0x00a0: 00000000 00000000 00000000 00000000
        0x00b0: 00000000 00000000 00000000 00000000
        0x00c0: 00000000 00000000 00000000 00000000
        0x00d0: 00000000 00000000 00000000 00000000
        0x00e0: 00000000 00000000 00000000 00000000
        0x00f0: 00000000 00000000 00000000 00000000
 0:18:5: NS SC1100 X-Bus
        0x0000: Vendor ID: 100b Product ID: 0515
        0x0004: Command: 0003 Status ID: 0280
        0x0008: Class: 06 Subclass: 80 Interface: 00 Revision: 00
        0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size:
00
        0x0010: BAR io addr: 0x00006500/0x0040
        0x0014: BAR empty (00000000)
        0x0018: BAR empty (00000000)
        0x001c: BAR empty (00000000)
        0x0020: BAR empty (00000000)
        0x0024: BAR empty (00000000)
        0x0028: Cardbus CIS: 00000000
        0x002c: Subsystem Vendor ID: 100b Product ID: 0505
        0x0030: Expansion ROM Base Address: 00000000
        0x0038: 00000000
        0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00
        0x0000: 0515100b 02800003 06800000 00000000
        0x0010: 00006501 00000000 00000000 00000000
        0x0020: 00000000 00000000 00000000 0505100b
        0x0030: 00000000 00000000 00000000 00000000
        0x0040: ffffffc1 00000000 00000000 00000000
        0x0050: 00000000 00000000 0000003f 00000000
        0x0060: 00001100 00006000 00000000 00000000
        0x0070: 00000000 00000000 00000000 00000000
        0x0080: 00000000 00000000 00000000 00000000
        0x0090: 00000000 00000000 00000000 00000000
        0x00a0: 00000000 00000000 00000000 00000000
        0x00b0: 00000000 00000000 00000000 00000000
        0x00c0: 00000000 00000000 00000000 00000000
        0x00d0: 00000000 00000000 00000000 00000000
        0x00e0: 00000000 00000000 00000000 00000000
        0x00f0: 00000000 00000000 00000000 00000000
 0:19:0: Compaq USB OpenHost
        0x0000: Vendor ID: 0e11 Product ID: a0f8
        0x0004: Command: 0117 Status ID: 0280
        0x0008: Class: 0c Subclass: 03 Interface: 10 Revision: 08
        0x000c: BIST: 00 Header Type: 00 Latency Timer: 38 Cache Line Size:
08
        0x0010: BAR mem 32bit addr: 0xa0003000/0x00001000
        0x0014: BAR empty (00000000)
        0x0018: BAR empty (00000000)
        0x001c: BAR empty (00000000)
        0x0020: BAR empty (00000000)
        0x0024: BAR empty (00000000)
        0x0028: Cardbus CIS: 00000000
        0x002c: Subsystem Vendor ID: 0e11 Product ID: a0f8
        0x0030: Expansion ROM Base Address: 00000000
        0x0038: 00000000
        0x003c: Interrupt Pin: 04 Line: 0b Min Gnt: 00 Max Lat: 50
        0x0000: a0f80e11 02800117 0c031008 00003808
        0x0010: a0003000 00000000 00000000 00000000
        0x0020: 00000000 00000000 00000000 a0f80e11
        0x0030: 00000000 00000000 00000000 5000040b
        0x0040: 000f0000 00000000 00000000 00000000
        0x0050: 00000000 00000000 00000000 00000000
        0x0060: 00000000 00000000 00000000 00000000
        0x0070: 00000000 00000000 00000000 00000000
        0x0080: 00000000 00000000 00000000 00000000
        0x0090: 00000000 00000000 00000000 00000000
        0x00a0: 00000000 00000000 00000000 00000000
        0x00b0: 00000000 00000000 00000000 00000000
        0x00c0: 00000000 00000000 00000000 00000000
        0x00d0: 00000000 00000000 00000000 00000000
        0x00e0: 00000000 00000000 00000000 00000000
        0x00f0: 00000000 00000000 00000000 00000000

acpidump:

Reply | Threaded
Open this post in threaded view
|

Re: sharity-light => uvm_fault

Mike Belopuhov
On Wed, Nov 16, 2011 at 1:04 PM, Dipl.-Ing. Markus Wawersich
<[hidden email]> wrote:
> Hi,
>
> I have used sendbug to send this bugreport, but I don't got any message
from
> You.
> And the Bug Tracking system on http://www.openbsd.org/query-pr.html don't
> work
> (klick on "Query" => The requested URL /cgi-bin/query-pr-wrapper was not
found
> on this server
>
> So I send this report as email (again ?):
>
> hope this is ok.
>

it's the only way it works currently, so yes, it's ok.

>
=============================================================================
> =====
>>Synopsis:      sharity-light => uvm_fault
>>Category:      kernel
>>Environment:
>        System      : OpenBSD 5.0
>        Details     : OpenBSD 5.0 (GENERIC) #43: Wed Aug 17 10:10:52 MDT
2011
>                        
[hidden email]:/usr/src/sys/arch/i386/comp

> ile/GENERIC
>
>        Architecture: OpenBSD.i386
>        Machine     : i386
>>Description:
>
> I have tested this issue with 3 different computers with OpenBSD 5.0.
> I keep getting the same crash.
> I have tested the bsd Kernel from 5.0 and this one:
> http://openbsd.cs.fau.de/pub/OpenBSD/snapshots/i386/bsd
> Always the same result.
>
> I want to synchronize a samba share (mounted with shlight) with rsync.
> But it crashes again and again. So I have reduced the issu to this simple
> steps:
> - mount a share with shlight
> - chown a folder of the share
> - ls the folder
>
>
>>How-To-Repeat:
> You need:
> - OpenBSD 5.0
> - the package "sharity-light-1.3p0.tgz"
> - a linux server with samba (I think an ObenBSD or Windows server is also
OK)

>
> Then mount the samba-share
>
> mkdir /tmp/server
> shlight //<server-ip>/<name of the share> /tmp/server -n
> mkdir /tmp/server/new-folder
> chown nobody /tmp/server/new-folder
> ls /tmp/server/new-folder
>
> then You see :
> ___________________________________________________________________________
> uvm_fault(0xd09fa3c0, 0xefffa000, 0, 3) -> d
> kernel: page fault trap, code=0
> Stopped at      cache_zap+0x23: movl    %eax,0x4(%edx)
> ddb>

this is where you should run `trace', `ps', `show registers', etc.

> ddb> boot sync
> syncing disks... panic: rw_enter: vfslock locking against myself
> Stopped at      Debugger+0x4:   popl    %ebp
> RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
> DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
> ddb> trace

not here.

cheers!

Reply | Threaded
Open this post in threaded view
|

Re: sharity-light => uvm_fault

Markus Wawersich
...

>> So I send this report as email (again ?):
>>
>> hope this is ok.
>>

> it's the only way it works currently, so yes, it's ok.

OK.

>> then You see :
>> ___________________________________________________________________
>> ________
>> uvm_fault(0xd09fa3c0, 0xefffa000, 0, 3) -> d
>> kernel: page fault trap, code=0
>> Stopped at      cache_zap+0x23: movl    %eax,0x4(%edx)
>> ddb>

> this is where you should run `trace', `ps', `show registers', etc.

OK.

here is it:

uvm_fault(0xd09fa3c0, 0xefffa000, 0, 3) -> d
kernel: page fault trap, code=0
Stopped at      cache_zap+0x23: movl    %eax,0x4(%edx)
ddb> trace
cache_zap(d50c3a04,d10a8200,d50bed4c,d04c0911,d50c49c4) at cache_zap+0x23
cache_purge(d50c49c4,d50634e0,d50bed6c,d50c49c4,d2fec2b0) at cache_purge+0x1c
nfs_reclaim(d50bed64,1006000,0,d50c49c4,d50c49c4) at nfs_reclaim+0xa1
VOP_RECLAIM(d50c49c4,d2fec2b0,d2fec2b0,d2fec2b0,0) at VOP_RECLAIM+0x29
vclean(d50c49c4,8,d2fec2b0,d0412fae,0) at vclean+0x8a
vgonel(d50c49c4,d2fec2b0,d50bee2c,d0413fdb,d50c426c) at vgonel+0x64
vflush_vnode(d50c49c4,d50bee40,d50bee18,d10a8200,d10d0800) at
vflush_vnode+0x62

vfs_mount_foreach_vnode(d10d0800,d04143c0,d50bee40,d041417a,50) at
vfs_mount_fo
reach_vnode+0x2a
vflush(d10d0800,0,0,10,0) at vflush+0x33
nfs_unmount(d10d0800,0,d2fec2b0,d2fec2b0,d10d081c) at nfs_unmount+0x37
dounmount(d10d0800,0,d2fec2b0,d50c4274,7d6cbbc0) at dounmount+0x84
sys_unmount(d2fec2b0,d50bef64,d50bef84,d50befa8,d2fec2b0) at sys_unmount+0xf0
syscall() at syscall+0x2d8
--- syscall (number 0) ---
0x2:
ddb> ps
   PID   PPID   PGRP    UID  S       FLAGS  WAIT          COMMAND
* 4897   9519   4897      0  7           0                unshlight
 17780      1  32705      0  3        0x80  select        shlight
  9223  13325   9223      0  3        0x80  ttyin         bash
 13325  17099  13325      0  3        0x80  select        sshd
  9519  28720   9519      0  3        0x80  wait          bash
 28720  17099  28720      0  3        0x80  select        sshd
  7778      1   7778      0  3        0x80  ttyin         getty
 23207      1  23207      0  3        0x80  select        cron
  7042      1   7042      0  3        0x80  htplev        hotplugd
 10686      0      0      0  3    0x100280  nfsidl        nfsio
 21872      0      0      0  3    0x100280  nfsidl        nfsio
  7643      0      0      0  3    0x100280  nfsidl        nfsio
 16710      0      0      0  3    0x100280  nfsidl        nfsio
  3978  11206  11206     70  3        0x80  select        named
 11206      1  11206      0  3        0x80  netio         named
   769      1    769      0  3        0x80  select        nmbd
 23876  30194  30194      0  3        0x80  select        smbd
 30194      1  30194      0  3        0x80  select        smbd
 10218      1  22734    585  3        0x80  kqread        lighttpd
   533      1    533      0  3        0x80  select        inetd
    29      1     29     77  3        0x80  poll          dhcpd
 17099      1  17099      0  3        0x80  select        sshd
  2581   7244   2258     83  3        0x80  poll          ntpd
  7244   2258   2258     83  3        0x80  poll          ntpd
  2258      1   2258      0  3        0x80  poll          ntpd
 27217  16445  16445     70  3        0x80  select        named
 16445      1  16445      0  3        0x80  netio         named
 22963  16673  16673     74  3        0x80  bpf           pflogd
 16673      1  16673      0  3        0x80  netio         pflogd
   444  12625  12625     73  2        0x80                syslogd
 12625      1  12625      0  3        0x80  netio         syslogd
 29140      1  29140     77  3        0x80  poll          dhclient
  6742      1  15626      0  3        0x80  poll          dhclient
    13      0      0      0  3    0x100200  aiodoned      aiodoned
    12      0      0      0  3    0x100200  syncer        update
    11      0      0      0  3    0x100200  cleaner       cleaner
    10      0      0      0  3    0x100200  reaper        reaper
     9      0      0      0  3    0x100200  pgdaemon      pagedaemon
     8      0      0      0  3    0x100200  bored         crypto
     7      0      0      0  3    0x100200  pftm          pfpurge
     6      0      0      0  3    0x100200  usbtsk        usbtask
     5      0      0      0  3    0x100200  usbatsk       usbatsk
     4      0      0      0  3    0x100200  bored         syswq
     3      0      0      0  3  0x40100200                idle0
     2      0      0      0  3    0x100200  kmalloc       kmthread
     1      0      1      0  3        0x80  wait          init
     0     -1      0      0  3       0x200  scheduler     swapper
ddb> show registers
ds                  0x10
es                  0x10
fs                  0x20
gs                     0
edi           0xd50634e0        end+0x458933c
esi           0xd50c49c4        end+0x45ea820
ebp           0xd50bed1c        end+0x45e4b78
ebx           0xd50c3a04        end+0x45e9860
edx           0xefffaabb
ecx           0xd09b61b8        nfs_hashlock
eax           0xd50c3bbc        end+0x45e9a18
eip           0xd040e903        cache_zap+0x23
cs                   0x8
eflags           0x10286
esp           0xd50bed04        end+0x45e4b60
ss                  0x10
cache_zap+0x23: movl    %eax,0x4(%edx)
ddb>


But I think You should be able to reproduce the issue.
I can reproduce it on all my computers.

If You need more information please let me know

Thanx


>> ddb> boot sync
>> syncing disks... panic: rw_enter: vfslock locking against myself
>> Stopped at      Debugger+0x4:   popl    %ebp
>> RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING
>> THIS PANIC!
>> DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT
>> INFORMATION!
>> ddb> trace

> not here.

> cheers!



_______________________________________________________
________________________WWW-Pool_______________________
Hostmaster Dipl.-Ing. Markus Wawersich Tel:07273/919713
Dammstr. 45                            Fax: 07273/92049
76776 Neuburg                  E-Mail: [hidden email]
Homepage:                            http://www-pool.de

Reply | Threaded
Open this post in threaded view
|

Re: sharity-light => uvm_fault

Markus Wawersich
In reply to this post by Mike Belopuhov
> On Wed, Nov 16, 2011 at 3:47 PM, Dipl.-Ing. Markus Wawersich
> <[hidden email]> wrote:
>>
>> But I think You should be able to reproduce the issue.
>> I can reproduce it on all my computers.
>>

> you should send it to bugs, not to me,

I have send it to "bugs" to.

> i'm barely pointing out that your report
> is incomplete/incorrect, not trying to
> fix the bug (sorry, absolutely not my
> bailiwick).

So can You (or "bugs" or someone else) please tell me which informations You need yet ?
I haven't heared anything from "bugs" or someone else.

This seems to be a serious bug !

every user can crash OpenBSD if shlight is mounted.


as user root (i.e. at boot time):

  shlight //10.0.0.112/test /tmp/server -n


as user "nobody" you can crash OpenBSD:

  mkdir /tmp/server/new-folder
  chown nobody /tmp/server/new-folder
  ls /tmp/server/new-folder


Thank you



_______________________________________________________
________________________WWW-Pool_______________________
Hostmaster Dipl.-Ing. Markus Wawersich Tel:07273/919713
Dammstr. 45                            Fax: 07273/92049
76776 Neuburg                  E-Mail: [hidden email]
Homepage:                            http://www-pool.de

Reply | Threaded
Open this post in threaded view
|

Re: sharity-light => uvm_fault

Bob Beck-4
Build a kernel with the attached patch. Does it fix your problem?

[demime 1.01d removed an attachment of type application/octet-stream which had a name of patch]

Reply | Threaded
Open this post in threaded view
|

Re: sharity-light => uvm_fault

Bob Beck-4
On 18 November 2011 08:50, Bob Beck <[hidden email]> wrote:
> Build a kernel with the attached patch. Does it fix your problem?
>

oops. damn mime, sorry.
http://bofh.ucs.ualberta.ca/beck/vfs_cache.diff

Reply | Threaded
Open this post in threaded view
|

Re: sharity-light => uvm_fault

Markus Wawersich
Hi,

> On 18 November 2011 08:50, Bob Beck <[hidden email]> wrote:
>> Build a kernel with the attached patch. Does it fix your problem?
>>

> oops. damn mime, sorry.
> http://bofh.ucs.ualberta.ca/beck/vfs_cache.diff

Thank You for this patch.
But it don't work.

Same result:


uvm_fault(0xd09fa3c0, 0xefffa000, 0, 3) -> d
kernel: page fault trap, code=0
Stopped at      cache_zap+0x23: movl    %eax,0x4(%edx)
ddb> trace
cache_zap(d5070a44,d508eed0,d508ed2c,d04de971,d5073cac) at cache_zap+0x23
cache_purge(d5073cac,d508ec90,d30cb9b0,d30b7d4c,d508ec6c) at cache_purge+0x1c
nfs_lookup(d508ed40,d30b7d4c,d30b7d4c,d5073ad8,d508eebc) at nfs_lookup+0x1c1
VOP_LOOKUP(d5073ad8,d508eebc,d508eed0,d508eebc,20) at VOP_LOOKUP+0x2f
vfs_lookup(d508eea8,d30b6400,400,d508eec4,d0cfa1a4) at vfs_lookup+0x27b
namei(d508eea8,3,1,0,40) at namei+0x219
dofstatat(d30b7d4c,ffffff9c,cfbdbd8c,87483004,2) at dofstatat+0x5d
sys_lstat(d30b7d4c,d508ef64,d508ef84,d508efa8,d30b7d4c) at sys_lstat+0x38
syscall() at syscall+0x2d8
--- syscall (number -809648756) ---
0x2:
ddb> ps
   PID   PPID   PGRP    UID  S       FLAGS  WAIT          COMMAND
* 6744  20485   6744      0  7           0                gls
 11601      1  12205      0  3        0x80  select        shlight
 20485   6258  20485      0  3        0x80  wait          bash
  6258  20897   6258      0  3        0x80  select        sshd
  9682      1   9682      0  3        0x80  ttyin         getty
 22133      1  22133      0  3        0x80  select        cron
 25927      1  25927      0  3        0x80  htplev        hotplugd
  1203      0      0      0  3    0x100280  nfsidl        nfsio
 23160      0      0      0  3    0x100280  nfsidl        nfsio
  7013      0      0      0  3    0x100280  nfsidl        nfsio
 26499      0      0      0  3    0x100280  nfsidl        nfsio
 27916    153    153     70  3        0x80  select        named
   153      1    153      0  3        0x80  netio         named
 21181      1  21181      0  3        0x80  select        nmbd
 32577  20024  20024      0  3        0x80  select        smbd
 20024      1  20024      0  3        0x80  select        smbd
 10243      1  25861    585  3        0x80  kqread        lighttpd
  7219      1   7219      0  3        0x80  select        inetd
 31722      1  31722     77  3        0x80  poll          dhcpd
 20897      1  20897      0  3        0x80  select        sshd
  4352   4822  11538     83  3        0x80  poll          ntpd
  4822  11538  11538     83  3        0x80  poll          ntpd
 11538      1  11538      0  3        0x80  poll          ntpd
 27140  26687  26687     70  3        0x80  select        named
 26687      1  26687      0  3        0x80  netio         named
  2596   3824   3824     74  3        0x80  bpf           pflogd
  3824      1   3824      0  3        0x80  netio         pflogd
 13275  25702  25702     73  2        0x80                syslogd
 25702      1  25702      0  3        0x80  netio         syslogd
  5971      1   5971     77  3        0x80  poll          dhclient
  8156      1  10308      0  3        0x80  poll          dhclient
    13      0      0      0  3    0x100200  aiodoned      aiodoned
    12      0      0      0  3    0x100200  syncer        update
    11      0      0      0  3    0x100200  cleaner       cleaner
    10      0      0      0  3    0x100200  reaper        reaper
     9      0      0      0  3    0x100200  pgdaemon      pagedaemon
     8      0      0      0  3    0x100200  bored         crypto
     7      0      0      0  3    0x100200  pftm          pfpurge
     6      0      0      0  3    0x100200  usbtsk        usbtask
     5      0      0      0  3    0x100200  usbatsk       usbatsk
     4      0      0      0  3    0x100200  bored         syswq
     3      0      0      0  3  0x40100200                idle0
     2      0      0      0  3    0x100200  kmalloc       kmthread
     1      0      1      0  3        0x80  wait          init
     0     -1      0      0  3       0x200  scheduler     swapper
ddb> show registers
ds                  0x10
es                  0x10
fs                  0x20
gs                     0
edi           0xd30b7d4c        end+0x25ddba8
esi           0xd5073cac        end+0x4599b08
ebp           0xd508ec3c        end+0x45b4a98
ebx           0xd5070a44        end+0x45968a0
edx           0xefffaabb
ecx           0xd0a24280        nch_pool
eax           0xd5070b4c        end+0x45969a8
eip           0xd040e903        cache_zap+0x23
cs                   0x8
eflags           0x10286
esp           0xd508ec24        end+0x45b4a80
ss                  0x10
cache_zap+0x23: movl    %eax,0x4(%edx)
ddb>

Reply | Threaded
Open this post in threaded view
|

Re: sharity-light => uvm_fault

Markus Wawersich
In reply to this post by Bob Beck-4
I have discovered that there is a second way to do the crash.

both must mount a share with sharity-light.

then you can either

chown nobody /mnt/folder/on-share
ls /mnt/folder/on-share

or

chown nobody /mnt/folder/on-share
unshlight -a

the unshlight makes a unmount of the share.

and here is a different output of the trace command (perhaps it can help to find the bug):


uvm_fault(0xd09fa3c0, 0xefffa000, 0, 3) -> d
kernel: page fault trap, code=0
Stopped at      cache_zap+0x23: movl    %eax,0x4(%edx)
ddb> trace
cache_zap(d5068af0,d10b8200,d50b1d4c,d04c0911,d5063698) at cache_zap+0x23
cache_purge(d5063698,d506c270,d50b1d6c,d5063698,d50a1164) at cache_purge+0x1c
nfs_reclaim(d50b1d64,103ebb0,0,d5063698,d5063698) at nfs_reclaim+0xa1
VOP_RECLAIM(d5063698,d50a1164,d50a1164,d50a1164,0) at VOP_RECLAIM+0x29
vclean(d5063698,8,d50a1164,d0412fae,0) at vclean+0x8a
vgonel(d5063698,d50a1164,d50b1e2c,d0413fdb,d50635f4) at vgonel+0x64
vflush_vnode(d5063698,d50b1e40,d50b1e2c,d10b8200,d10bf400) at vflush_vnode+0x62

vfs_mount_foreach_vnode(d10bf400,d04143c0,d50b1e40,d041417a,50) at vfs_mount_fo
reach_vnode+0x2a
vflush(d10bf400,0,0,10,0) at vflush+0x33
nfs_unmount(d10bf400,0,d50a1164,d50a1164,d10bf41c) at nfs_unmount+0x37
dounmount(d10bf400,0,d50a1164,d50635fc,d0ad7574) at dounmount+0x84
sys_unmount(d50a1164,d50b1f64,d50b1f84,d50b1fa8,d50b1fa8) at sys_unmount+0xf0
syscall() at syscall+0x2d8
--- syscall (number 0) ---
0x2:
ddb> ps
   PID   PPID   PGRP    UID  S       FLAGS  WAIT          COMMAND
*23739   5128  23739      0  7           0                unshlight
  9452  18719   9452      0  3        0x80  select        shlight
  5128   4573   5128      0  3        0x80  wait          bash
  4573   4944   4573      0  3        0x80  select        sshd
 18719  32145  18719      0  3        0x80  wait          bash
 32145   4944  32145      0  3        0x80  select        sshd
 26351      1  19481      0  2           0                shlight
 14883  11579  11579      0  3        0x80  piperd        cron
  3466      1   3466      0  3        0x80  ttyin         getty
 11579      1  11579      0  3        0x80  select        cron
  8702      1   8702      0  3        0x80  htplev        hotplugd
 18173      0      0      0  3    0x100280  nfsidl        nfsio
 25431      0      0      0  3    0x100280  nfsidl        nfsio
   657      0      0      0  3    0x100280  nfsidl        nfsio
  2079      0      0      0  3    0x100280  nfsidl        nfsio
  3057  32147  32147     70  3        0x80  select        named
 32147      1  32147      0  3        0x80  netio         named
 14859      1  14859      0  3        0x80  select        nmbd
 24378  15919  15919      0  3        0x80  select        smbd
 15919      1  15919      0  3        0x80  select        smbd
  9765      1   2250    585  3        0x80  kqread        lighttpd
 24771      1  24771      0  3        0x80  select        inetd
 24269      1  24269     77  3        0x80  poll          dhcpd
  4944      1   4944      0  3        0x80  select        sshd
 21317   1599  13930     83  3        0x80  poll          ntpd
  1599  13930  13930     83  3        0x80  poll          ntpd
 13930      1  13930      0  3        0x80  poll          ntpd
 17196  27895  27895     70  3        0x80  select        named
 27895      1  27895      0  3        0x80  netio         named
  3870  20147  20147     74  3        0x80  bpf           pflogd
 20147      1  20147      0  3        0x80  netio         pflogd
  2390   6975   6975     73  2        0x80                syslogd
  6975      1   6975      0  3        0x80  netio         syslogd
 25917      1  25917     77  3        0x80  poll          dhclient
 31967      1  24786      0  3        0x80  poll          dhclient
    13      0      0      0  3    0x100200  aiodoned      aiodoned
    12      0      0      0  3    0x100200  syncer        update
    11      0      0      0  3    0x100200  cleaner       cleaner
    10      0      0      0  3    0x100200  reaper        reaper
     9      0      0      0  3    0x100200  pgdaemon      pagedaemon
     8      0      0      0  3    0x100200  bored         crypto
     7      0      0      0  3    0x100200  pftm          pfpurge
     6      0      0      0  3    0x100200  usbtsk        usbtask
     5      0      0      0  3    0x100200  usbatsk       usbatsk
     4      0      0      0  3    0x100200  bored         syswq
     3      0      0      0  3  0x40100200                idle0
     2      0      0      0  3    0x100200  kmalloc       kmthread
     1      0      1      0  3        0x80  wait          init
     0     -1      0      0  3       0x200  scheduler     swapper
  3063   9452   9452      0  5      0x2000                shlight
 19481  14883  19481      0  5      0x2000                sh
ddb> show registers
ds                  0x10
es                  0x10
fs                  0x20
gs                     0
edi           0xd506c270        end+0x45920cc
esi           0xd5063698        end+0x45894f4
ebp           0xd50b1d1c        end+0x45d7b78
ebx           0xd5068af0        end+0x458e94c
edx           0xefffaabb
ecx           0xd09b61b8        nfs_hashlock
eax           0xd5068ca8        end+0x458eb04
eip           0xd040e903        cache_zap+0x23
cs                   0x8
eflags           0x10286
esp           0xd50b1d04        end+0x45d7b60
ss                  0x10
cache_zap+0x23: movl    %eax,0x4(%edx)
ddb>



thanx

Reply | Threaded
Open this post in threaded view
|

Re: sharity-light => uvm_fault

Markus Wawersich
In reply to this post by Bob Beck-4
Hi.

Here is a guide how to see the bug with only an OpenBSD box (no other
Windows/Linux computer are needed):

- You need OpenBSD 5.0
- do all as user root:

Let's go ...


pkg_add samba-3.5.10.tgz
pkg_add sharity-light-1.3p0.tgz

mkdir /tmp/samba
mkdir /tmp/mnt

edit the file "/etc/samba/smb.conf" with the following content:

==========================================================
[global]
        workgroup = WORKGROUP
        map to guest = Bad Password

[test]
        path = /tmp/samba
        force user = root
        read only = No
        guest ok = Yes
==========================================================

then restart samba:
/etc/rc.d/samba restart

Now a Window PC can see in the share "test" the content of "/tmp/samba"
Then we mount this samba share with sharity-light:

shlight //localhost/test /tmp/mnt -n

(if you got the error "unknown host" check /etc/hosts => "127.0.0.1
localhost")

Now You can see in "/tmp/mnt" the content of "/tmp/samba".
but we will verify this:

mkdir /tmp/mnt/folder
ls /tmp/samba

Now you should see the folder "folder".

OK.
Let's crash it.

chown nobody /tmp/mnt/folder

I don't know what, but the chown command has done something bad.
You can now read You emails and do all other things but You can't do one of
these two:

ls /tmp/mnt/folder

or unmount /tmp/mnt with

unshlight -a


Hope it crashes ;-)

thank You for Your help.

Reply | Threaded
Open this post in threaded view
|

Re: sharity-light => uvm_fault

Markus Wawersich
In reply to this post by Bob Beck-4
Hi.

now a long time has passed, but this bug is still not resolved:
http://www.mail-archive.com/bugs@.../msg02253.html

I have build You a VMware Image (OpenBSD 5.1 snapshot) for easyer checking this bug.
http://www-pool.de/openbsd/OpenBSD.rar (127mb)
Just press the enter Button in the console.

If You reboot the machine then use this commands:

login as root (passwd: root)

mkdir /tmp/samba
mkdir /tmp/mnt
/etc/rc.d/samba start
shlight //localhost/test /tmp/mnt -n
mkdir /tmp/mnt/folder
chown nobody /tmp/mnt/folder
ls /tmp/mnt/folder

=>
uvm_fault(0xd0a0a840, 0xefffa000, 0, 3) -> d
kernel: page fault trap, code=0
Stopped at      cache_zap+0x23: movl    %eax,0x4(%edx)
ddb>


Thank You for Your help.