Re: Reproducible 5.0.1 GENERIC panic

On Wed, 9 Sep 2009, Martin Husemann wrote:

On Wed, Sep 09, 2009 at 12:44:36AM +0200, Anders Lindgren wrote:
I just noticed that my trusty old Sun Ultra1 firewall, now running 5.0.1
GENERIC from the 20090729 nightly build, exhibits a trivially reproducible

I can't reproduce it - are you using the ipf ftp proxy? Could you try
with ipf temporarily disabled?

  Nice catch!

Indeed this only happens with the ftp proxy -- disabling only that single line from ipnat.conf resolves the problem.

It turned out I didn't have a suitably x-gendered null-modem cable for connecting a PC to a Sun at hand, so I could't catch a ddb session to file, but here's a transcript of the bt at the time of panic, if that's any help -- although it looks you've pretty much pinpointed the location already:

panic: in4_cksum: mbuf too short for IP header
Stopped in pid 0.3 (system) at  netbsd:cpu_Debugger+0x4:        nop
db> bt
in4_cksum(20c3100, 6, 14, a5, 0, 180e000) at netbsd:in4_cksum+0x9c
tcp_input_checksum(0, 20c3100, 20c344c, 14, 20, 85) at netbsd:tcp_input_checksum+0x128
tcp_input(20c3100, 14, 20f95e0, 14, 20c344c, 20c3170) at netbsd:tcp_input+0x6f0
ip_input(20c3170, 0, 0, 0, 1193f40, b30fb70) at netbsd:ip_input+0x7f4
ipintr(18a2c00, b307f80, b30f740, 6, 1, de) at netbsd:ipintr+0x2c
softintr_thread(b54e230, b30f740, 0, b2cd9d6, 1c05d18, b30ebf0) at 
lwp_trampoline(f005b2f8, fffb3cf8, 1106d0, fffb3df8, 0) at 

Another data point; this only happens when I ftp from the firewall itself. Identical ftp commands issued through the proxy from inside the LAN it gates does not provoke the panic.

Best regards,

