NetBSD Problem Report #41364
From jruohone@gmail.com Wed May 6 05:23:44 2009
Return-Path: <jruohone@gmail.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id DA30663B8DF
for <gnats-bugs@gnats.netbsd.org>; Wed, 6 May 2009 05:23:44 +0000 (UTC)
Message-Id: <20090506051721.97F8314437@marx.bitnet>
Date: Wed, 6 May 2009 08:17:21 +0300 (EEST)
From: Jukka Ruohonen <jruohonen@iki.fi>
Sender: a b <jruohone@gmail.com>
Reply-To: jruohonen@iki.fi
To: gnats-bugs@gnats.NetBSD.org
Subject: Panic in ipf(8)
X-Send-Pr-Version: 3.95
>Number: 41364
>Category: kern
>Synopsis: Panic in ipf(89)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed May 06 05:25:00 +0000 2009
>Closed-Date: Tue May 12 09:18:12 +0000 2009
>Last-Modified: Tue May 12 09:18:12 +0000 2009
>Originator: Jukka Ruohonen
>Release: NetBSD 5.99.11
>Organization:
-
>Environment:
System: NetBSD camus.bitnet 5.99.11 NetBSD 5.99.11 (GENERIC_LOCAL) #0: Thu
Apr 23 17:08:34 UTC 2009
toor@camus.bitnet:/var/tmp/obj/sys/arch/amd64/compile/GENERIC_LOCAL amd64
Architecture: x86_64
Machine: amd64
>Description:
Trying to disable ipf(8) that has not been enabled beforehand causes
a complete lockdown. Today I managed to get a trace (this is quickly
copied by hand and occured in a single user mode):
Enter pathname of shell or RETURN for /bin/sh:
# ipf -D
panic: kernel diagnostic assertion "c->c_magic == CALLOUT_MAGIC"
failed: file "/usr/src/sys/kern/kern_timeout.c", line 426
fatal breakpoint trap in supervisor mode
trap type 1 code 0 rip ffffffffff80242b75 cs 8 rflags 246 cr2
717ffd9caff0 cpl0 rsp ffff8000495874b0
Stopped in pid 5.1 (ipf) at netbsd:breakpoint+0xf: leave
db{0}> bt
breakpoint() at netbsd:breakpoint+0xf
panic() at netbsd:panic+0x289
__kernassert() at netbsd:__kernassert+0x2d
callout_stop() at netbsd:callout_stop+0xc2
ipfdetach() at netbsd:ipfdetach+0x4c
fr_ipf_ioctl() at netbsd:fr_ipf_ioctl+0x4bb
cdev_ioctl() at netbsd:cdev_ioctl+0x91
VOP_IOCTL() at netbsd:COP_IOCTL+0x6e
vn_ioctl() at netbsd:vn_ioctl0x6d
sys_ioctl() at netbsd:sys_ioctl+0x134
syscall() at netbsd:syscall+0xc2
db{0}>
>How-To-Repeat:
Boot a kernel with working "ipf.conf" but "ipfilter=NO" and issue
either "/etc/rc.d/ipfilter stop" or "ipf -D".
This can be reproduced on stable i386 and AMD64 5.0 as well.
>Fix:
By looking at "../sys/dist/ipf/netinet/ip_fil_netbsd.c", which is
extremely hard to follow due #ifdefs, my initial thought is that
ipfdetach() simply calls callout_stop() without assuring that
callout_init() has called.
>Release-Note:
>Audit-Trail:
From: Mihai Chelaru <mihai.chelaru@NGNetworks.ro>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: kern/41364: Panic in ipf(8)
Date: Wed, 06 May 2009 20:57:21 +0300
Hi,
Can you check if this is fixing it ?
Index: ip_fil_netbsd.c
===================================================================
RCS file: /cvsroot/src/sys/dist/ipf/netinet/ip_fil_netbsd.c,v
retrieving revision 1.49
diff -u -p -r1.49 ip_fil_netbsd.c
--- ip_fil_netbsd.c 19 Apr 2009 18:08:56 -0000 1.49
+++ ip_fil_netbsd.c 6 May 2009 17:53:56 -0000
@@ -485,7 +485,8 @@ int ipfdetach(void)
SPL_NET(s);
#if (__NetBSD_Version__ >= 104010000)
- callout_stop(&fr_slowtimer_ch);
+ if (fr_running > 0)
+ callout_stop(&fr_slowtimer_ch);
#else
untimeout(fr_slowtimer, NULL);
#endif /* NetBSD */
--
Mihai
From: Jukka Ruohonen <jruohonen@iki.fi>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/41364: Panic in ipf(8)
Date: Wed, 6 May 2009 21:24:09 +0300
On 06.05.2009, Mihai Chelaru wrote:
> Hi,
>
> Can you check if this is fixing it ?
>
>
> Index: ip_fil_netbsd.c
> ===================================================================
> RCS file: /cvsroot/src/sys/dist/ipf/netinet/ip_fil_netbsd.c,v
> retrieving revision 1.49
> diff -u -p -r1.49 ip_fil_netbsd.c
> --- ip_fil_netbsd.c 19 Apr 2009 18:08:56 -0000 1.49
> +++ ip_fil_netbsd.c 6 May 2009 17:53:56 -0000
> @@ -485,7 +485,8 @@ int ipfdetach(void)
> SPL_NET(s);
>
> #if (__NetBSD_Version__ >= 104010000)
> - callout_stop(&fr_slowtimer_ch);
> + if (fr_running > 0)
> + callout_stop(&fr_slowtimer_ch);
> #else
> untimeout(fr_slowtimer, NULL);
> #endif /* NetBSD */
>
>
> --
> Mihai
That fixed it:
# ipf -D
SIOCFRENB: No such file or directory
Thanks, Jukka.
From: Mihai Chelaru <kefren@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/41364 CVS commit: src/sys/dist/ipf/netinet
Date: Fri, 8 May 2009 05:18:34 +0000
Module Name: src
Committed By: kefren
Date: Fri May 8 05:18:34 UTC 2009
Modified Files:
src/sys/dist/ipf/netinet: ip_fil_netbsd.c
Log Message:
Don't call callout_stop() without callout_init()
Fixes PR/41364
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 src/sys/dist/ipf/netinet/ip_fil_netbsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/41364 CVS commit: [netbsd-5] src/sys/dist/ipf/netinet
Date: Mon, 11 May 2009 20:02:44 +0000
Module Name: src
Committed By: bouyer
Date: Mon May 11 20:02:44 UTC 2009
Modified Files:
src/sys/dist/ipf/netinet [netbsd-5]: ip_fil_netbsd.c
Log Message:
Pull up following revision(s) (requested by kefren in ticket #748):
sys/dist/ipf/netinet/ip_fil_netbsd.c: revision 1.50
Don't call callout_stop() without callout_init()
Fixes PR/41364
To generate a diff of this commit:
cvs rdiff -u -r1.46.8.1 -r1.46.8.2 src/sys/dist/ipf/netinet/ip_fil_netbsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/41364 CVS commit: [netbsd-5-0] src/sys/dist/ipf/netinet
Date: Mon, 11 May 2009 20:03:08 +0000
Module Name: src
Committed By: bouyer
Date: Mon May 11 20:03:08 UTC 2009
Modified Files:
src/sys/dist/ipf/netinet [netbsd-5-0]: ip_fil_netbsd.c
Log Message:
Pull up following revision(s) (requested by kefren in ticket #748):
sys/dist/ipf/netinet/ip_fil_netbsd.c: revision 1.50
Don't call callout_stop() without callout_init()
Fixes PR/41364
To generate a diff of this commit:
cvs rdiff -u -r1.46.8.1 -r1.46.8.1.2.1 \
src/sys/dist/ipf/netinet/ip_fil_netbsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: kefren@NetBSD.org
State-Changed-When: Tue, 12 May 2009 09:18:12 +0000
State-Changed-Why:
Fixed, thanks for reporting !
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.