Hi,
Not sure if it's proper to send a bug that root causes as there is a million
ways root can crash the kernel (I think).
But I was fooling around with a self made spoofer that writes to a bpf device
and I noticed this panic after sending perhaps 500 packets.
OpenBSD 5.3-current (SATURN) #19: Sat May 11 23:27:19 CEST 2013
[email protected]:/usr/src/sys/arch/amd64/compile/SATURN
RTC BIOS diagnostic error 80<clock_battery>
real mem = 3987992576 (3803MB)
avail mem = 3874119680 (3694MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe3e70 (51 entries)
bios0: vendor Acer version "V1.08" date 12/06/2011
bios0: Acer AO722
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET APIC MCFG BOOT SLIC SSDT SSDT
acpi0: wakeup devices SPB2(S4) GEC_(S4) USB0(S3) USB4(S3) P2P_(S5)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD C-60 APU with Radeon(tm) HD Graphics, 998.33 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line
16-way L2 cache
cpu0: 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD C-60 APU with Radeon(tm) HD Graphics, 997.50 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line
16-way L2 cache
cpu1: 8 4MB entries fully associative
cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 21, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 4
acpimcfg0 at acpi0 addr 0xf8000000, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PB2_)
acpiprt2 at acpi0: bus -1 (PB3_)
acpiprt3 at acpi0: bus -1 (PB4_)
acpiprt4 at acpi0: bus -1 (PB5_)
acpiprt5 at acpi0: bus -1 (PB6_)
acpiprt6 at acpi0: bus -1 (PB7_)
acpiprt7 at acpi0: bus 2 (SPB0)
acpiprt8 at acpi0: bus -1 (SPB1)
acpiprt9 at acpi0: bus 6 (SPB2)
acpiprt10 at acpi0: bus 7 (SPB3)
acpiprt11 at acpi0: bus 1 (P2P_)
acpiec0 at acpi0
acpicpu0 at acpi0: C2, PSS
acpicpu1 at acpi0: C2, PSS
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT1 model "13848633228217409" serial 417d type Lion oem
"Sanyo "
acpiac0 at acpi0: AC unit online
acpibtn2 at acpi0: LID_
acpivideo0 at acpi0: VGA_
acpivout0 at acpivideo0: LCD_
acpivideo1 at acpi0: VGA_
acpivideo2 at acpi0: VGA_
cpu0: 998 MHz: speeds: 1000 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD AMD64 14h Host" rev 0x00
vga1 at pci0 dev 1 function 0 vendor "ATI", unknown product 0x9807 rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 1 function 1 "ATI Radeon HD 6310 HD Audio" rev 0x00: msi
azalia0: no supported codecs
ahci0 at pci0 dev 17 function 0 "ATI SBx00 SATA" rev 0x00: apic 4 int 19, AHCI
1.2
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0: <ATA, WDC WD3200BPVT-2, 01.0> SCSI3 0/direct
fixed naa.50014ee25be3a7df
sd0: 305245MB, 512 bytes/sector, 625142448 sectors
ohci0 at pci0 dev 18 function 0 "ATI SB700 USB" rev 0x00: apic 4 int 18,
version 1.0, legacy support
ehci0 at pci0 dev 18 function 2 "ATI SB700 USB2" rev 0x00: apic 4 int 17
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "ATI EHCI root hub" rev 2.00/1.00 addr 1
ohci1 at pci0 dev 19 function 0 "ATI SB700 USB" rev 0x00: apic 4 int 18,
version 1.0, legacy support
ehci1 at pci0 dev 19 function 2 "ATI SB700 USB2" rev 0x00: apic 4 int 17
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "ATI EHCI root hub" rev 2.00/1.00 addr 1
piixpm0 at pci0 dev 20 function 0 "ATI SBx00 SMBus" rev 0x42: polling
iic0 at piixpm0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
azalia1 at pci0 dev 20 function 2 "ATI SBx00 HD Audio" rev 0x40: apic 4 int 16
azalia1: codecs: Conexant/0x506c
audio0 at azalia1
pcib0 at pci0 dev 20 function 3 "ATI SB700 ISA" rev 0x40
ppb0 at pci0 dev 20 function 4 "ATI SB600 PCI" rev 0x40
pci1 at ppb0 bus 1
ppb1 at pci0 dev 21 function 0 "ATI SB800 PCIE" rev 0x00: msi
pci2 at ppb1 bus 2
ppb2 at pci0 dev 21 function 2 "ATI SB800 PCIE" rev 0x00
pci3 at ppb2 bus 6
alc0 at pci3 dev 0 function 0 "Attansic Technology L2C" rev 0xc1: msi, address
dc:0e:a1:54:ba:16
atphy0 at alc0 phy 0: F2 10/100 PHY, rev. 5
ppb3 at pci0 dev 21 function 3 "ATI SB800 PCIE" rev 0x00
pci4 at ppb3 bus 7
"Atheros AR9485" rev 0x01 at pci4 dev 0 function 0 not configured
pchb1 at pci0 dev 24 function 0 "AMD AMD64 14h Link Cfg" rev 0x43
pchb2 at pci0 dev 24 function 1 "AMD AMD64 14h Address Map" rev 0x00
pchb3 at pci0 dev 24 function 2 "AMD AMD64 14h DRAM Cfg" rev 0x00
km0 at pci0 dev 24 function 3 "AMD AMD64 14h Misc Cfg" rev 0x00
pchb4 at pci0 dev 24 function 4 "AMD AMD64 14h CPU Power" rev 0x00
pchb5 at pci0 dev 24 function 5 "AMD AMD64 14h Reserved" rev 0x00
pchb6 at pci0 dev 24 function 6 "AMD AMD64 14h NB Power" rev 0x00
pchb7 at pci0 dev 24 function 7 "AMD AMD64 14h Reserved" rev 0x00
usb2 at ohci0: USB revision 1.0
uhub2 at usb2 "ATI OHCI root hub" rev 1.00/1.00 addr 1
usb3 at ohci1: USB revision 1.0
uhub3 at usb3 "ATI OHCI root hub" rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot #0)
pckbc0: using irq 12 for aux slot #0
wsmouse0 at pms0 mux 0
pms0: Elantech Touchpad, version 2
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
mtrr: Pentium Pro MTRR support
urtwn0 at uhub0 port 2 "Belkin Components RTL8192CU" rev 2.00/2.00 addr 2
urtwn0: MAC/BB RTL8192CU, RF 6052 2T2R, address ec:1a:59:0d:fa:1c
uvideo0 at uhub1 port 1 configuration 1 interface 0 "Chicony Electronics Co.,
Ltd. WebCam" rev 2.00/82.57 addr 2
video0 at uvideo0
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on sd0a (b7929eff445098b7.a) swap on sd0b dump on sd0b
usb_transfer_complete: actlen > len -15996 > 4
usb_transfer_complete: actlen > len -15988 > 4
panic: rtfree 2
Stopped at Debugger+0x5: leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
IF RUNNING SMP, USE 'mach ddbcpu <#>' AND 'trace' ON OTHER PROCESSORS, TOO.
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb{0}> Debugger() at Debugger+0x5
panic() at panic+0xe4
rtfree() at rtfree+0xf4
route_output() at route_output+0x29b
raw_usrreq() at raw_usrreq+0x227
route_usrreq() at route_usrreq+0x6e
sosend() at sosend+0x473
sendit() at sendit+0x1b8
sys_sendto() at sys_sendto+0x55
syscall() at syscall+0x249
--- syscall (number 133) ---
end of kernel
end trace frame: 0x3, count: -10
The ps got lost because a boot reboot did not reboot the netbook. I had to
cold-cycle it, and thank goodness the panic trace was still there.
You got the dmesg and the backtrace that's all I can send you. If you're
interested in the spoofer I can't send you that. But for what it's worth
I can give you details. I was accidentally not including a destination address
in the spoofer so the ip_dst woudl have been zeroed, it paniced on that.
Cheers,
-peter
