NetBSD Problem Report #40443

From www@NetBSD.org  Wed Jan 21 01:22:51 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 6EA4263BFAC
	for <gnats-bugs@gnats.netbsd.org>; Wed, 21 Jan 2009 01:22:51 +0000 (UTC)
Message-Id: <20090121012251.0CD7A63B8BA@narn.NetBSD.org>
Date: Wed, 21 Jan 2009 01:22:51 +0000 (UTC)
From: peter@boku.net
Reply-To: peter@boku.net
To: gnats-bugs@NetBSD.org
Subject: panic in ftp proxy in ipfilter
X-Send-Pr-Version: www-1.0

>Number:         40443
>Category:       kern
>Synopsis:       panic in ftp proxy in ipfilter
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 21 01:25:01 +0000 2009
>Originator:     Peter Eisch
>Release:        netbsd-4-0
>Organization:
>Environment:
NetBSD copperhead 4.0.0_PATCH NetBSD 4.0.0_PATCH (PETER-FW) #2: Fri Aug 15 17:09:11 CDT 2008  peter@buster:/builds/netbsd-4-0/i386/obj/builds/netbsd-4-0/src/sys/arch/i386/compile/PETER-FW i386

>Description:

db{0}> bt
cpu_Debugger(c0972f61,d4b4facc,0,0,200250) at netbsd:cpu_Debugger+0x4
panic(c094c79b,2,10,c5441600,6) at netbsd:panic+0x155
m_copydata(c37ace00,ac,12,c52cbc2b,12) at netbsd:m_copydata+0xc2
ippr_ftp_process(d4b4fcb8,c4fa3000,c52cbc00,0,c37ace00) at netbsd:ippr_ftp_proce
ss+0x496
ippr_ftp_out(d4b4fcb8,c55f2a80,c4fa3000,c4fa3054,0) at netbsd:ippr_ftp_out+0x58
appr_check(d4b4fcb8,c4fa3000,5dae,1083,1500) at netbsd:appr_check+0xb6
fr_natout(d4b4fcb8,c4fa3000,1,1,43dd5a20) at netbsd:fr_natout+0xa8
fr_checknatout(d4b4fcb8,d4b4fd60,d4b4fcb8,c01b534b,d4b4fcd0) at netbsd:fr_checkn
atout+0xb4
fr_check(c37ace38,14,c34b3400,1,d4b4fdd0) at netbsd:fr_check+0x91f
fr_check_wrapper(0,d4b4fdd0,c34b3400,2,0) at netbsd:fr_check_wrapper+0x97
pfil_run_hooks(c0a66880,d4b4fe80,c34b3400,2,c0a668b8) at netbsd:pfil_run_hooks+0
x91
ip_output(c38ed200,0,c0a668b4,1,0) at netbsd:ip_output+0xabf
ip_forward(c38ed200,0,c2d11058,1,49765f5e) at netbsd:ip_forward+0x145
ip_input(c38ed200,7,d4b4ff50,c0518a12,0) at netbsd:ip_input+0x85b
ipintr(d4b40010,30,10,10,d4b4d000) at netbsd:ipintr+0x24
DDB lost frame for netbsd:Xsoftnet+0x49, trying 0xd4b4ff58
Xsoftnet() at netbsd:Xsoftnet+0x49
--- interrupt ---
0x246:
db{0}> 

>How-To-Repeat:
map vlan150 208.79.194.36/32 -> 206.9.34.25/32 proxy port ftp ftp/tcp
map vlan150 208.79.194.36/32 -> 206.9.34.25/32 portmap tcp/udp 40000:60000
map vlan150 208.79.194.36/32 -> 206.9.34.25/32

...and send traffic through.

It will lock up within a day (maybe even within 100 session requests).

>Fix:
I wish I had a fix.
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.