>Number:         28976
>Category:       kern
>Synopsis:       pool ipqepl: putting with none out, panic: pool_put, in tcp_reass() (netbsd-1-6)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 15 20:54:00 +0000 2005
>Originator:     Greg A. Woods
>Release:        netbsd-1-6 20050112
>Organization:
Planix, Inc.; Toronto, Ontario; Canada
>Environment:
System: NetBSD 1.6.2_STABLE
Architecture: i386
Machine: i386
>Description:

	google doesn't seem to know anything about this kind of panic,
	and I don't think I've ever seen anything like it before either...

	it happened during normal download activity while surfing the web

>How-To-Repeat:

pool ipqepl: putting with none out
panic: pool_put
Stopped at      cpu_Debugger+0x4:       movl    %ebp,%esp
db> trace
cpu_Debugger(c1cbd034,c1cbd034,c067b0a0,c029e21f,c1cbd034) at cpu_Debugger+0x4
panic(c04d9060,e5024c1c,e5024b9c,c029c5c6,c04d9040) at panic+0xb0
pool_do_put(c067b0a0,c1cbd034,eb,5,e5024c20) at pool_do_put+0x3b
pool_put(c067b0a0,c1cbd034,e5024c1c,c1cd9a00) at pool_put+0x16
tcp_reass(c1c12298,e328e034,c2027300,e5024c94,c1cd9a00) at tcp_reass+0x388
tcp_input(c1cd9a00,14,6,1,c1cd9a00) at tcp_input+0x20e6
ip_input(c1cd9a00,c01e4344,c18ea000,e4d0a3e4) at ip_input+0x63b
ipintr(10,10,10,10,e4d0a3e4) at ipintr+0x6b
Xsoftnet() at Xsoftnet+0x2c
--- interrupt ---
idle(e4d0a3e4,3,c0295254,e4d0a3e4) at idle+0x20
bpendtsleep(c0673c08,118,c04d9f40,3,0) at bpendtsleep
sys_select(e4d0a3e4,e5024f80,e5024f78,c18d5038) at sys_select+0x304
syscall_plain(1f,85a001f,85a001f,bfbf001f,85af680) at syscall_plain+0xa7
db> 
db> reboot
syncing disks... /building/work/woods/m-NetBSD-1.6/sys/netinet/tcp_input.c:2285: tcpcb 0xc1c12298 reass already locked
panic: tcp_reass_lock
Stopped at      cpu_Debugger+0x4:       movl    %ebp,%esp
db> 


>Fix:

	unknown