netbsd-bugs: kern/25452: sbappendaddr panic on 2.0beta

Subject: kern/25452: sbappendaddr panic on 2.0beta
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <smb@research.att.com>
List: netbsd-bugs
Date: 05/03/2004 22:26:00
>Number:         25452
>Category:       kern
>Synopsis:       panic: sbappendaddr, possibly ipfilter-related
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue May 04 02:27:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Steven M. Bellovin
>Release:        NetBSD 2.0_BETA
>Organization:
AT&T Labs Research
>Environment:
	
	
System: NetBSD berkshire.research.att.com 2.0_BETA NetBSD 2.0_BETA (BERKSHIRE) #0: Mon May 3 19:23:23 EDT 2004 smb@berkshire.research.att.com:/usr/obj/sys/arch/i386/compile/BERKSHIRE i386
Architecture: i386
Machine: i386
>Description:
	Using today's kernel source plus the proposed fix for kern/24981, the 
	system panicked shortly after booting.  At the time of the panic, I was 
	trying to log in via ssh; ipfilter and ipmon were running.  netstat on 
	the client machine showed the connection as "ESTABLISHED", but I had 
	not seen any output from that window; I suspect that was doing a DNS 
	query when it died.

	Here's the panic message:

	panic: sbappendaddr
	Begin traceback...
	sbappendaddr(c11a3528,cbd1fd60,c11b0800,c11b0800,c11b0800) at netbsd:sbappendad
	dr+0x276
	udp4_sendup(c11a7c00,1c,cbd1fd60,c11a34b0,0) at netbsd:udp4_sendup+0xaa
	udp4_realinput(cbd1fd60,cbd1fd50,c11a7c00,14,c11a7c00) at netbsd:udp4_realinput
	+0x131
	udp_input(c11a7c00,14,11,d,a035407) at netbsd:udp_input+0x159
	ip_input(c11a7c00,0,0,0,0) at netbsd:ip_input+0x5ad
	ipintr(23d4,c11a7c00,0,cbd1fe5c,c0326cea) at netbsd:ipintr+0x71
	DDB lost frame for netbsd:Xsoftnet+0x40, trying 0xcbd1fe00
	Xsoftnet() at netbsd:Xsoftnet+0x40
	--- interrupt ---
	0:
	End traceback...

	gdb gives a few more levels:

	(gdb) bt
	#0  0x00000001 in ?? ()
	#1  0xc039793f in cpu_reboot ()
	#2  0xc0312178 in panic ()
	#3  0xc032919a in sbappendaddr ()
	#4  0xc012fd86 in udp4_sendup ()
	#5  0xc0130091 in udp4_realinput ()
	#6  0xc012f8b5 in udp_input ()
	#7  0xc0120191 in ip_input ()
	#8  0xc011fbc5 in ipintr ()
	#9  0xc0102b60 in Xsoftnet ()
	#10 0xc0326cea in sosend ()
	#11 0xc032a574 in sendit ()
	#12 0xc032a388 in sys_sendto ()
	#13 0xc03a1806 in syscall_plain ()
>How-To-Repeat:
	I don't know if it's repeatable
>Fix:
	I've disabled ipfilter again...
>Release-Note:
>Audit-Trail:
>Unformatted: