Hi,
I just want to make sure this hasn't gone unnoticed:
http://marc.info/?l=openbsd-bugs&m=131179618801709&w=2
http://marc.info/?l=openbsd-bugs&m=131180575015325&w=2
I was able to reproduce this bug on OpenBSD 5.0.
# cat /etc/rc.conf.local
ntpd_flags= # enabled during install
pf=NO
# cat /etc/hostname.sl0
inet 192.168.253.1 255.255.255.255 192.168.253.2
!/sbin/slattach -s 115200 cua00
!/sbin/route -q add -host 192.168.254.2 192.168.253.2
#
A flood ping should be sufficient to reproduce the bug in a few seconds:
# ping -f 192.168.253.2
And here a the dmesg with ddb trace and ps output:
ddb>
OpenBSD 5.0 (GENERIC) #43: Wed Aug 17 10:10:52 MDT 2011
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Nehemiah ("CentaurHauls" 686-class) 1.01 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MTRR,PGE,CMOV,PAT,MMX,FXSR,SSE
real mem = 125300736 (119MB)
avail mem = 113270784 (108MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/02/05, BIOS32 rev. 0 @ 0xfb390,
SMBIOS rev. 2.2 @ 0xf0800 (37 entries)
bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 11/02/2005
bios0: Neoware Systems Inc. Thin Client
apm0 at bios0: Power Management spec V1.2 (slowidle)
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf0000/0xdf84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdef0/128 (6 entries)
pcibios0: PCI Exclusive IRQs: 5 11 12 15
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT82C596A ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xf400
cpu0 at mainbus0: (uniprocessor)
cpu0: RNG AES
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8623 PCI" rev 0x00
viaagp0 at pchb0: v2
agp0 at viaagp0: aperture at 0xee000000, size 0xe800000
ppb0 at pci0 dev 1 function 0 "VIA VT8633 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "VIA CLE266" rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: irq 15
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: irq 5
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: irq 11
ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: irq 12
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "VIA EHCI root hub" rev 2.00/1.00 addr 1
viapm0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00: SMI
iic0 at viapm0
spdmem0 at iic0 addr 0x50: 128MB DDR SDRAM non-parity PC2700CL2.5
viapm0: 24-bit timer at 3579545Hz
pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <WDC WD600UE-22KVT0>
wd0: 16-sector PIO, LBA48, 57231MB, 117210240 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 ignored (disabled)
auvia0 at pci0 dev 17 function 5 "VIA VT8233 AC97" rev 0x50: irq 11
ac97: codec id 0x56494161 (VIA Technologies VT1612A)
ac97: codec features headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D
audio0 at auvia0
vr0 at pci0 dev 18 function 0 "VIA RhineII-2" rev 0x74: irq 15, address
00:e0:c5:52:83:dd
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 10: OUI
0x004063, model 0x0032
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "VIA UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "VIA UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "VIA UHCI root hub" rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: W83697HF rev 0x12
lm1 at wbsio0 port 0x290/8: W83697HF
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a (2c3f191a6a9dac90.a) swap on wd0b dump on wd0b
WARNING: / was not properly unmounted
panic: mtx_enter: locking against myself
Stopped at Debugger+0x4: popl %ebp
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> Debugger(d08cee78,d4d759cc,d02030b4,d4d759cc,0) at Debugger+0x4
panic(d02030b4,d4d759ec,d03ecdf3,d0a23a20,d4593000) at panic+0x5d
mtx_enter(d0a23a20,d4593000,d4d75a0c,d4d759ec,d2eb3b00) at mtx_enter+0x60
pool_put(d0a23a20,d4d3a800,10,d03f3012,d0f1e894) at pool_put+0x33
m_extfree(d2eb3b00,1,d4d75a4c,d0401080,80) at m_extfree+0x80
m_free_unlocked(d2eb3b00,d4d3a93d,80,d4d3a93e,d4d3a93e) at
m_free_unlocked+0x30
m_free(d2eb3b00,1,d0f1e848,d4d3d550,42) at m_free+0x25
slstart(d0f1e800,3f8,6,d4d3d4b4,42) at slstart+0x23e
comintr(d0ee4000) at comintr+0x13d
Xrecurse_legacy4() at Xrecurse_legacy4+0xb7
--- interrupt ---
pool_do_get(d0a23a20,2,d4d75cd4,d04025a3,60) at pool_do_get+0x271
pool_get(d0a23a20,2,352d2df4,d4d75cf4,d0203189) at pool_get+0x3d
m_clget(0,2,d0edc034,800,d4d6b008) at m_clget+0x82
vr_alloc_mbuf(d0edc000,d0edc768,60,136,d0edc6f0) at vr_alloc_mbuf+0x41
vr_fill_rx_ring(d0edc000,d0ebb380,0,c00,a) at vr_fill_rx_ring+0x51
vr_rxeof(d0edc000,e400,c,1,d0ebb3c0) at vr_rxeof+0xb5
vr_intr(d0edc000) at vr_intr+0x124
Xrecurse_legacy15() at Xrecurse_legacy15+0xbb
--- interrupt ---
uvm_fault(d4d6e0b8,7ef0c000,0,3,cfbe7058) at uvm_fault+0x675
trap() at trap+0x3f6
--- trap (number 2129707008) ---
0x6:
ddb> Debugger(d08cee78,d4d759cc,d02030b4,d4d759cc,0) at Debugger+0x4
ddb> PID PPID PGRP UID S FLAGS WAIT COMMAND
*15365 28343 29104 0 7 0 less
28343 18534 28343 0 3 0x88 paus\M-e ksh
18534 27774 18534 0 3 0x80 select sshd
4777 1 4777 0 3 0x80 ttyin getty
31515 1 31515 0 3 0x80 ttyin getty
10226 1 10226 0 3 0x80 ttyin getty
14119 1 14119 0 3 0x80 ttyin getty
19584 1 19584 0 3 0x80 ttyin getty
14533 1 14533 0 3 0x80 select cron
16119 1 16119 0 3 0x80 select ripd
7300 1 7300 0 3 0x80 select zebra
24854 1 24854 0 3 0x80 select inetd
17538 1 17538 0 3 0x80 select sendmail
27774 1 27774 0 3 0x80 select sshd
1423 4699 23023 83 3 0x80 poll ntpd
4699 23023 23023 83 3 0x80 poll ntpd
23023 1 23023 0 3 0x80 poll ntpd
4822 26438 26438 73 3 0x80 poll syslogd
26438 1 26438 0 3 0x80 netio syslogd
14707 1 14707 77 3 0x80 poll dhclient
8403 1 20766 0 3 0x80 poll dhclient
2377 1 20766 0 3 0x88 pause slattach
14 0 0 0 3 0x100200 aiodoned aiodoned
13 0 0 0` 3 0x100200 syncer update
12 0 0 0 3 0x100200 cleaner cleaner
11 0 0 0 3 0x100200 reaper reaper
10 0 0 0 3 0x100200 pgdaemon pagedaemon
9 0 0 0 3 0x100200 bored crypto
8 0 0 0 3 0x100200 pftm pfpurge
7 0 0 0 3 0x100200 usbtsk usbtask
6 0 0 0 3 0x100200 usbatsk usbatsk
5 0 0 0 3 0x100200 apmev apm0
4 0 0 0 3 0x100200 bored syswq
3 0 0 0 3 0x40100200 idle0
2 0 0 0 3 0x100200 kmalloc kmthread
1 0 1 0 3 0x80 wait init
0 -1 0 0 3 0x200 scheduler swapper
ddb> panic: mtx_enter: locking against myself
Stopped at Debugger+0x4: popl %ebp
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> syncing disks... splassert: assertwaitok: want -1 have 2
panic: assertwaitok: non-zero mutex count: 1
Stopped at Debugger+0x4: popl %ebp
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> panic: mtx_enter: locking against myself
Stopped at Debugger+0x4: popl %ebp
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> panic: mtx_enter: locking against myself
Stopped at Debugger+0x4: popl %ebp
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb>
