>Number: 6396
>Category: kernel
>Synopsis: Insert run(4) device, sh /etc/netstart run0, wait 10 seconds,
>boom!
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sun Jun 06 08:50:02 GMT 2010
>Closed-Date:
>Last-Modified:
>Originator:
>Release:
>Organization:
>Environment:
System : OpenBSD 4.7
Details : OpenBSD 4.7-current (GENERIC) #11: Tue Jun 1 17:32:02
MDT 2010
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
Architecture: OpenBSD.i386
Machine : i386
>Description:
Boot.
Insert run(4) device.
# sh /etc/netstart run0
Wait ~10 seconds, boom!
-- hostname.run0 --
nwid Rancor wpa wpapsk 0xd0n7th1nks00 up
dhcp
-------------------
Device works on other machine (fairly current), thus
it may very well be unrelated to run(4) (but INAKH).
[...]
run0 at uhub0 port 1 "Ralink 802.11 n WLAN" rev 2.00/1.01 addr 2
run0: MAC/BBP RT3070 (rev 0x0200), RF RT3020 (MIMO 1T1R), address
00:22:cf:0c:5b:df
uvm_fault(0xd0931780, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at 0: uvm_fault(0xd0931780, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at db_read_bytes+0x14: movb 0(%edx),%al
ddb> db_read_bytes(0,1,d75d8d94,2,d75d8e50) at db_read_bytes+0x14
db_get_value(0,1,0,2,0) at db_get_value+0x24
db_disasm(0,0,d03982dc,0,0) at db_disasm+0x25
db_print_loc_and_inst(0,d75d8e7c,d75d8e94,d75d8e84,0) at
db_print_loc_and_inst+0x2d
db_trap(6,0,d75d8ea4,d0398359,5) at db_trap+0x75
kdb_trap(6,0,d75d8f00,d53c0810) at kdb_trap+0xab
trap() at trap+0x8e
--- trap (number -787208560) ---
Bad frame pointer: 0xd1141340
0:
ddb> PID PPID PGRP UID S FLAGS WAIT COMMAND
2450 2221 2221 0 3 0x4002 usbsyn dhclient
2221 27289 2221 0 3 0x4082 pause sh
18591 1 18591 0 3 0x4082 ttyin getty
28529 1 28529 0 3 0x4082 ttyin getty
21258 1 21258 0 3 0x4082 ttyin getty
13693 1 13693 0 3 0x4082 ttyin getty
13631 1 13631 0 3 0x4082 ttyin getty
28651 1 28651 0 3 0x80 select cron
13667 1 13667 77 3 0x180 poll dhclient
27289 14267 27289 1000 3 0x4082 pause zsh
14267 31642 31642 1000 3 0x180 select sshd
31642 18974 31642 0 3 0x4180 netio sshd
24924 1 18565 0 3 0x82 poll dhclient
13802 1 13802 0 3 0x80 poll openvpn
2325 3048 3048 67 3 0x180 netcon httpd
5338 3048 3048 67 3 0x180 netcon httpd
25540 3048 3048 67 3 0x180 netcon httpd
14612 3048 3048 67 3 0x180 netcon httpd
26608 3048 3048 67 3 0x180 netcon httpd
13068 1 13068 0 3 0x180 select inetd
11840 1 11840 0 3 0x40180 select sendmail
3048 1 3048 67 3 0x180 select httpd
18974 1 18974 0 3 0x80 select sshd
824 18207 30629 83 3 0x180 poll ntpd
18207 30629 30629 83 3 0x180 poll ntpd
30629 1 30629 0 3 0x80 poll ntpd
10914 3258 3258 0 3 0x80 nfsd nfsd
722 3258 3258 0 3 0x80 nfsd nfsd
7185 3258 3258 0 3 0x80 nfsd nfsd
28959 3258 3258 0 3 0x80 nfsd nfsd
3258 1 3258 0 3 0x80 netcon nfsd
6935 1 6935 0 3 0x80 select mountd
29452 1 29452 28 3 0x180 poll portmap
31789 16798 16798 74 3 0x180 bpf pflogd
16798 1 16798 0 3 0x80 netio pflogd
9996 24129 24129 73 2 0x180 syslogd
24129 1 24129 0 3 0x88 netio syslogd
27038 1 27038 77 3 0x180 poll dhclient
16026 1 18565 0 3 0x82 poll dhclient
14 0 0 0 3 0x100200 bored crypto
13 0 0 0 3 0x100200 aiodoned aiodoned
12 0 0 0 3 0x100200 syncer update
11 0 0 0 3 0x100200 cleaner cleaner
10 0 0 0 3 0x100200 reaper reaper
9 0 0 0 3 0x100200 pgdaemon pagedaemon
8 0 0 0 3 0x100200 pftm pfpurge
* 7 0 0 0 7 0x100200 usbtask
6 0 0 0 3 0x100200 usbevt usb0
5 0 0 0 3 0x100200 apmev apm0
4 0 0 0 3 0x100200 bored syswq
3 0 0 0 3 0x40100200 idle0
2 0 0 0 3 0x100200 kmalloc kmthread
1 0 1 0 3 0x4080 wait init
0 -1 0 0 3 0x80200 scheduler swapper
ddb>
>How-To-Repeat:
Seems to be reproducable.
>Fix:
None known.
dmesg:
OpenBSD 4.7-current (GENERIC) #11: Tue Jun 1 17:32:02 MDT 2010
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) III Mobile CPU 1000MHz ("GenuineIntel" 686-class) 1
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,SSE
real mem = 267350016 (254MB)
avail mem = 249729024 (238MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/30/99, BIOS32 rev. 0 @ 0xfd7f2, SMBIOS
rev. 2.3 @ 0xefb40
(40 entries)
bios0: vendor Phoenix Technologies Ltd. version "EB.M2.10" date 11/01/01
bios0: Hewlett-Packard HP OmniBook PC
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 0%
apm0: AC on, battery charge critical
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xfd7f0/0x810
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdee0/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc0000/0xe000
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82830M Host" rev 0x02
intelagp0 at pchb0
agp0 at intelagp0: aperture at 0xe0000000, size 0xe400000
ppb0 at pci0 dev 1 function 0 "Intel 82830M AGP" rev 0x02
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M6" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: irq 10
drm0 at radeondrm0
uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x01: irq 10
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x41
pci2 at ppb1 bus 2
mem address conflict 0x10000000/0x1000
mem address conflict 0x10001000/0x1000
"3Com V.90 Modem" rev 0x00 at pci2 dev 2 function 0 not configured
esa0 at pci2 dev 3 function 0 "ESS ES1989" rev 0x12: irq 5
ac97: codec id 0x45838308 (ESS Technology ES1921)
ac97: codec features 20 bit DAC, 20 bit ADC, ESS Technology
audio0 at esa0
cbb0 at pci2 dev 5 function 0 "TI PCI1420 CardBus" rev 0x00: irq 10
cbb1 at pci2 dev 5 function 1 "TI PCI1420 CardBus" rev 0x00: irq 10
fxp0 at pci2 dev 8 function 0 "Intel PRO/100 VM" rev 0x41, i82562: irq 10,
address
00:c0:9f:06:ca:68
inphy0 at fxp0 phy 1: i82562EM 10/100 PHY, rev. 0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 4 device 0 cacheline 0x0, lattimer 0x20
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801CAM LPC" rev 0x01: 24-bit timer
at 3579545Hz:
SpeedStep
pciide0 at pci0 dev 31 function 1 "Intel 82801CAM IDE" rev 0x01: DMA, channel 0
configured to
compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <FUJITSU MHT2040AH>
wd0: 16-sector PIO, LBA, 34880MB, 71435250 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <TOSHIBA, DVD-ROM SD-C2502, 1915> ATAPI 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801CA/CAM SMBus" rev 0x01: irq 10
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 256MB SDRAM non-parity PC133CL2
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask ef4d netmask ef4d ttymask ffdf
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
WARNING: / was not properly unmounted
usbdevs:
Controller /dev/usb0:
addr 1: full speed, self powered, config 1, UHCI root hub(0x0000),
Intel(0x8086), rev 1.00
port 1 powered
port 2 powered
>Release-Note:
>Audit-Trail:
>Unformatted:
To: [email protected]
Subject: Kernel crash on run(4)
From: Johan Torin <[email protected]>
Reply-To: Johan Torin <[email protected]>
