netbsd-bugs: kern/25702: ftp transfer from client panics 2.0 NAT router

Subject: kern/25702: ftp transfer from client panics 2.0 NAT router
To: None <gnats-bugs@gnats.NetBSD.org>
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
List: netbsd-bugs
Date: 05/25/2004 13:50:02

>Number:         25702
>Category:       kern
>Synopsis:       ftp transfer from client panics 2.0 NAT router
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue May 25 12:00:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
>Release:        NetBSD 2.0_BETA
>Organization:
Mahlzeit!
>Environment:
	
	
System: NetBSD pizza.causeuse.org 2.0_BETA NetBSD 2.0_BETA (PIZZA) #11: Thu May 20 17:33:04 CEST 2004 hauke@pizza.causeuse.org:/var/obj/netbsd-builds/2_0/sparc/obj/sys/arch/sparc/compile/PIZZA sparc
Architecture: sparc
Machine: sparc

>Description:

	An an ipfilter/ipnat/pppoe router (2.0BETA sparcstation 10)
	panics reproducibly when a client machine attempts an ftp
	transfer through it.

db{0}> t
cpu_Debugger(0xf0247cd8, 0xf0243180, 0x100, 0x2, 0xf0c4da60, 0xf027e000) at netbsd:m_copydata+0xa4
m_copydata(0x0, 0x0, 0x28, 0xf0d49264, 0x1ae, 0xf0298f1c) at netbsd:ipllog+0x1b4
ipllog(0x0, 0x4, 0xf0273878, 0xf0273880, 0xf0273888, 0x2) at netbsd:ipflog+0x1ec
ipflog(0xf0273968, 0x40008111, 0x0, 0xf027a800, 0xf027a800, 0xf0279c00) at netbsd:fr_dolog+0x9c
fr_dolog(0xf0273968, 0xf0273964, 0xf0273968, 0x40000000, 0x17, 0x14) at netbsd:fr_check+0x2f8
fr_check(0xf0bd9b50, 0x14, 0xf0bc6800, 0x0, 0xf0273ad4, 0xdd03) at netbsd:fr_check_wrapper+0x60
fr_check_wrapper(0xf0bd9b50, 0xf0273ad4, 0xf0ba5800, 0x1, 0x0, 0xffff) at netbsd:pfil_run_hooks+0x60
pfil_run_hooks(0xf02d09ac, 0xf0273b94, 0xf0ba5800, 0x1, 0x0, 0xf0bd9b64) at netbsd:ip_input+0xbb8
ip_input(0xf0bd9b00, 0xfe014008, 0x20000, 0x2000, 0x0, 0xf027d400) at netbsd:ipintr+0x88
ipintr(0xf02ddf5c, 0xf0242888, 0x356, 0x0, 0xf027d400, 0xf00) at netbsd:softnet+0x7c
softnet(0xf0273c80, 0xf01f2fcc, 0x100, 0x408000e7, 0x538, 0x100) at 0xf00066c0
0xf00066c0(0xf027da18, 0xf0244f10, 0x292, 0x0, 0x200, 0x1d) at netbsd:switchexit+0x100
db{0}> reboot
syncing disks... hme0: status=30001<GOTFRAME,RXTOHOST,NORXD>
panic: m_copydata
Stopped in pid 0.1 (swapper) at netbsd:cpu_Debugger+0x4: or %o7, %g0, %g1
db{0}> reboot
rebooting

Resetting ...

Please see http://la.causeuse.org/hauke/NetBSD/netbsd-2-0-experience/
for more examples.
	
>How-To-Repeat:

	Set up ss10 as pppoe router with ipnat; try an "ftp
	ftp://ftp.netbsd.org/", and usually the ipnat router goes boom
	at the end ("bye") of the session.

>Fix:
	No idea.
>Release-Note:
>Audit-Trail:
>Unformatted: