[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
kernel/2389: Kernel panic when sniffing, may be same bug as kernel/2378
- To: gnats@openbsd.org
- Subject: kernel/2389: Kernel panic when sniffing, may be same bug as kernel/2378
- From: "Grudge Mason" <grudge_mason@hotmail.com>
- Date: Mon, 11 Feb 2002 22:28:46 +0100
- Resent-Date: Mon, 11 Feb 2002 14:40:03 -0700 (MST)
- Resent-From: gnats@cvs.openbsd.org (GNATS Management)
- Resent-Message-Id: <200202112140.g1BLe3fY015834@cvs.openbsd.org>
- Resent-Reply-To: gnats@cvs.openbsd.org,Received: "from openbsd.cs.colorado.edu (openbsd.cs.colorado.edu [128.138.192.83]) by cvs.openbsd.org (8.12.2/8.12.1) with ESMTP id g1BLVaWV002654 (version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=FAIL) for" <gnats@cvs.openbsd.org>;,Mon@naughty.monkey.org, 11@naughty.monkey.org,Feb@naughty.monkey.org, 2002@naughty.monkey.org,14:31:36.-0700@cvs.openbsd.org (MST)
- Resent-To: bugs@cvs.openbsd.org
>Number: 2389
>Category: kernel
>Synopsis: Kernel panic when sniffing
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: bugs
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Feb 11 14:40:01 MST 2002
>Last-Modified:
>Originator: Grudge Mason
>Organization:
None
>Release: 3.0
>Environment:
<machine, os, target, libraries (multiple lines)>
System : OpenBSD 3.0
Architecture: OpenBSD.i386
Machine : i386
>Description:
About once every 3-4 days, the kernel crashes with the message
below. It may be the same bug as the one called kernel/2378, or at least
very similar. It has happened both with PF enabled and disabled.
It has happend several times on machines running with a few fxp interfaces
as passive network traffic listeners, in promiscous mode. Several 3.0 boxes
have crashed when running stuff like ipaudit and snort (not at the same
time).
All machines had been up and running OpenBSD 2.9 for six months without any
problems. Here is the output from a crashed machine. The output is carefully
(hopefully) written down by hand from pictures taken with a digital camera.
uvm_fault(0xfeb4bbf4, 0xa0260000, 0, 3) -> 1
kernel: page fault trap, code=0
Stopped at _pool_get+0x26a: movl %eax,0x8(%edx)
ddb> trace
_pool_get(e057c2a8,0,0,dfbfa508,e1ef0d00) at _pool_get+0x26a
_fxp_add_rfabuf(e1ef3000,e1ef0d00,feb4bbf4,40143000) at _fxp_add_rfabuf+0xe7
_fxp_intr(e1ef3000) at _fxp_intr+0x1c9
_Xrecurse5() at _Xrecurse5+0x6d
--- interrupt ---
0x400edd64:
ddb> ps
PID PPID PGRP UID S FLAGS WAIT COMMAND
*31726 6410 26699 0 2 0x4004 snort-1.8.4
6410 26699 26699 0 3 0x4084 wait bash
26699 22255 26699 0 3 0x4084 pause sh
22255 12330 12330 0 3 0x84 piperd cron
10723 1 10723 0 3 0x40184 select sendmail
18061 1 18061 0 3 0x4086 ttyin getty
13692 1 13692 0 3 0x4086 ttyin getty
5997 1 5997 0 3 0x4086 ttyin getty
3284 1 3284 0 3 0x4086 ttyin getty
9602 1 9602 0 3 0x4086 ttyin getty
12330 1 12330 0 3 0x84 nanosleep cron
31602 1 31602 1000 3 0x84 netcon perl
14673 1 14673 0 3 0x84 select sshd
23091 1 23091 0 3 0x184 select inetd
24935 1 24935 0 2 0x84 syslogd
7 0 0 0 3 0x100204 apmev apm0
6 0 0 0 3 0x100204 crypto_wa crypto
5 0 0 0 3 0x100204 syncer update
4 0 0 0 3 0x100204 cleaner cleaner
3 0 0 0 3 0x100204 reaper reaper
2 0 0 0 3 0x100204 daemon_sl pagedaemon
1 0 1 0 3 0x4084 wait init
0 -1 0 0 3 0x80204 scheduler swapper
26619 12330 12330 0 5 0x2004 cron
24779 12330 12330 0 5 0x2004 cron
4212 12330 12330 0 5 0x2004 cron
ddb> boot sync
uvm_fault(0xfeb4bbf4, 0xa0260000, 0, 3) -> 1
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb>
This particular kernel is a slightly modified 3.0-STABLE from 2002-02-05,
but it also happens with a GENERIC 3.0-RELEASE
This one was compiled as GENERIC, plus:
option NMBCLUSTERS = 8192
option NKMEMCLUSTERS = 16384
maxusers 64
dmesg:
OpenBSD 3.0-stable (foo) #0: Tue Feb 5 12:21:02 CET 2002
root@foo:/usr/src/sys/arch/i386/compile/foo
cpu0: AMD Athlon Model 4 (Thunderbird) ("AuthenticAMD" 686-class) 1.30 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SYS,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
real mem = 1610199040 (1572460K)
avail mem = 1487638528 (1452772K)
using 5689 buffers containing 80613376 bytes (78724K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(f7) BIOS, date 05/18/01, BIOS32 rev. 0 @ 0xfb220
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev. 2.1 @ 0xf0000/0xb6a0
pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xfdbd0/176 (9 entries)
pcibios0: PCI Exclusive IRQs: 5 7 10 11
pcibios0: PCI Interrupt Router at 000:07:0 ("VIA VT82C596A PCI-ISA" rev
0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8c00 0xcc000/0x1800 0xce000/0x1800 0xd0000/0x1800
0xd2000/0x1800
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8363 Host" rev 0x03
ppb0 at pci0 dev 1 function 0 "VIA VT8363 PCI-AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "Nvidia Vanta" rev 0x15
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0 "VIA VT82C686 PCI-ISA" rev 0x40
pciide0 at pci0 dev 7 function 1 "VIA VT82C571 IDE" rev 0x06: ATA100,
channel 0 configured to
compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <ST360021A>
wd0: 16-sector PIO, LBA, 57241MB, 16383 cyl, 16 head, 63 sec, 117231408
sectors
wd1 at pciide0 channel 0 drive 1: <ST380021A>
wd1: 16-sector PIO, LBA, 76319MB, 16383 cyl, 16 head, 63 sec, 156301488
sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5
wd2 at pciide0 channel 1 drive 0: <IC35L040AVER07-0>
wd2: 16-sector PIO, LBA, 39266MB, 16383 cyl, 16 head, 63 sec, 80418240
sectors
atapiscsi0 at pciide0 channel 1 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <LG, CD-ROM CRD-8522B, 1.02> SCSI0 5/cdrom
removable
wd2(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
cd0(pciide0:1:1): using PIO mode 4, DMA mode 2
pchb1 at pci0 dev 7 function 4 "VIA VT82C686 SMBus" rev 0x40
fxp0 at pci0 dev 9 function 0 "Intel 82557" rev 0x0c: irq 11, address
00:02:b3:43:ca:6f
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
fxp1 at pci0 dev 10 function 0 "Intel 82557" rev 0x0c: irq 5, address
00:02:b3:47:ca:81
inphy1 at fxp1 phy 1: i82555 10/100 media interface, rev. 4
fxp2 at pci0 dev 12 function 0 "Intel 82557" rev 0x0c: irq 10, address
00:02:b3:42:cb:5a
inphy2 at fxp2 phy 1: i82555 10/100 media interface, rev. 4
fxp3 at pci0 dev 13 function 0 "Intel 82557" rev 0x0c: irq 11, address
00:02:b3:4b:58:a4
inphy3 at fxp3 phy 1: i82555 10/100 media interface, rev. 4
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask c040 netmask cc60 ttymask dc62
pctr: user-level cycle counter enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
dkcsum: wd1 matched BIOS disk 81
dkcsum: wd2 matched BIOS disk 82
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
WARNING: / was not properly unmounted
>How-To-Repeat:
Run some monitoring software on interface(s) in promiscous mode,
watching some fairly large amount of traffic.
>Fix:
>Audit-Trail:
>Unformatted: