Subject: kern/26850: ipnat FTP proxy crashes 2.0G i386 router
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <nathanw@mit.edu>
List: netbsd-bugs
Date: 09/04/2004 13:38:16
>Number: 26850
>Category: kern
>Synopsis: ipnat FTP proxy crashes 2.0G i386 router
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Sep 04 17:39:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Nathan J. Williams
>Release: NetBSD 2.0G
>Organization:
Massachvsetts Institvte of Technology
>Environment:
System: NetBSD marvin-the-martian.nathanw.com 2.0G NetBSD 2.0G (MARVIN) #87: Fri Sep 3 16:21:47 EDT 2004 nathanw@marvin-the-martian.nathanw.com:/nbsd/src/sys/arch/i386/compile/MARVIN i386
Architecture: i386
Machine: i386
>Description:
A Windows machine behind my NAT box ran it's virus-check autoupdater, which
FTP's various files from the vendor's server. This panics the NAT box, quite reproducably. I have a crash dump and stack traces.
The panic message is:
panic: kernel diagnostic assertion "mlen == 0 || !M_READONLY(m)" failed: file "../../../../kern/uipc_mbuf.c", line 1072
The machine's ipnat.conf is:
map tlp0 10.1.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map tlp0 10.1.0.0/24 -> 0/32 portmap tcp/udp 15000:20000
map tlp0 10.1.0.0/24 -> 0/32
The network interfaces are:
tlp0 at pci0 dev 9 function 0: ADMtek AN985 Ethernet, pass 1.1
tlp0: interrupting at ioapic0 pin 21 (irq 10)
tlp0: Ethernet address 00:c0:49:b4:63:23
acphy0 at tlp0 phy 1: ACXXX 10/100 media interface, rev. 0
acphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
tlp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:c0:49:b4:63:23
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.0.0.103 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::2c0:49ff:feb4:6323%tlp0 prefixlen 64 scopeid 0x1
tlp1 at pci2 dev 8 function 0: Lite-On 82C169 Ethernet, pass 2.0
tlp1: interrupting at ioapic0 pin 19 (irq 9)
tlp1: Ethernet address 00:a0:cc:dc:14:68
bmtphy0 at tlp1 phy 1: BCM5201 10/100 media interface, rev. 2
bmtphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
tlp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:a0:cc:dc:14:68
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.1.0.1 netmask 0xffffff00 broadcast 10.1.0.255
inet6 fe80::2a0:ccff:fedc:1468%tlp1 prefixlen 64 scopeid 0x2
ipnat -l output from the core:
# ipnat -l -N netbsd.21 -M netbsd.21.core
List of active MAP/Redirect filters:
map tlp0 10.1.0.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map tlp0 10.1.0.0/24 -> 0.0.0.0/32 portmap tcp/udp 15000:20000
map tlp0 10.1.0.0/24 -> 0.0.0.0/32
List of active sessions:
MAP 10.1.0.240 1748 <- -> 10.0.0.103 1748 [205.227.137.53 21]
proxy ftp/6 use 1 flags 0
proto 6 flags 0 bytes 1149 pkts 18 data YES size 392
FTP Proxy:
passok: 0
Client:
seq 8f175945 (ack 8f17595c) len 23 junk 0 cmds 0
buf [PORT 10,1,0,240,6,213\015\012PORT 10,1,0,240,6,213\015\012\000]
Server:
seq 95553f27 (ack 95553f27) len 20 junk 0 cmds 200
buf [200 Type set to I.\015\012ogged in.\015\012i.com.Your use is subject to the terms and conditions in Legal.TXT and Usage.TXT files\015\012\000]
MAP 10.1.0.15 123 <- -> 10.0.0.103 15002 [64.254.4.116 123]
MAP 10.1.0.15 123 <- -> 10.0.0.103 15001 [207.177.51.228 123]
MAP 10.1.0.15 123 <- -> 10.0.0.103 15000 [216.165.129.244 123]
The stack trace is:
(gdb) where
#0 0x3feec000 in ?? ()
#1 0xc02ab7c5 in cpu_reboot (howto=260, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:751
#2 0xc0237c4b in panic (
fmt=0xc03dde40 "kernel %sassertion \"%s\" failed: file \"%s\", line %d")
at ../../../../kern/subr_prf.c:242
#3 0xc035d21c in __assert (t=0xc0388cb7 "diagnostic ",
f=0xc038ed5f "../../../../kern/uipc_mbuf.c", l=1072,
e=0xc038ed43 "mlen == 0 || !M_READONLY(m)")
at ../../../../../../lib/libkern/__assert.c:47
#4 0xc024b1b0 in m_copyback (m0=0xc182a900, off=40, len=23,
cp=0xc0492244 "PORT 10,0,0,103,6,213\r\n")
at ../../../../kern/uipc_mbuf.c:1066
#5 0xc013210b in ippr_ftp_port (fin=0xc04924e4, ip=0xcafea80e,
nat=0xc16eca00, f=0xc16ece08, dlen=46)
at ../../../../netinet/ip_ftp_pxy.c:273
#6 0xc01325fc in ippr_ftp_client (fin=0xc04924e4, ip=0xcafea80e,
nat=0xc16eca00, ftp=0xc16ece00, dlen=46)
at ../../../../netinet/ip_ftp_pxy.c:436
#7 0xc013338b in ippr_ftp_process (fin=0xc04924e4, nat=0xc16eca00,
ftp=0xc16ece00, rv=0) at ../../../../netinet/ip_ftp_pxy.c:1165
#8 0xc01372d2 in ippr_ftp_out (fin=0xc04924e4, aps=0xc26d9080, nat=0xc16eca00)
at ../../../../netinet/ip_ftp_pxy.c:1256
#9 0xc0136d60 in appr_check (fin=0xc04924e4, nat=0xc16eca00)
at ../../../../netinet/ip_proxy.c:476
#10 0xc012fd2b in fr_natout (fin=0xc04924e4, nat=0xc16eca00, natadd=1,
nflags=1) at ../../../../netinet/ip_nat.c:3740
#11 0xc012f929 in fr_checknatout (fin=0xc04924e4, passp=0xc04924c0)
at ../../../../netinet/ip_nat.c:3612
#12 0xc0123fd0 in fr_check (ip=0xcafea80e, hlen=20, ifp=0xc1746044, out=1,
mp=0xc04925fc) at ../../../../netinet/fil.c:2364
#13 0xc012af3a in fr_check_wrapper (arg=0x0, mp=0xc04925fc, ifp=0xc1746044,
dir=2) at ../../../../netinet/ip_fil_netbsd.c:158
#14 0xc02776b0 in pfil_run_hooks (ph=0xc0424260, mp=0xc049265c,
ifp=0xc1746044, dir=2) at ../../../../net/pfil.c:72
#15 0xc0114140 in ip_output (m0=0xc182a900)
at ../../../../netinet/ip_output.c:731
#16 0xc01133c7 in ip_forward (m=0xc182a900, srcrt=0)
at ../../../../netinet/ip_input.c:1913
#17 0xc0111efe in ip_input (m=0xc182a900) at ../../../../netinet/ip_input.c:859
#18 0xc01136e6 in ipintr () at ../../../../netinet/ip_input.c:466
#19 0xc010abe5 in Xsoftnet ()
#20 0xc02a498b in softintr_dispatch (which=0) at x86/intr.h:168
#21 0xc010ac2a in Xsoftclock ()
#22 0xc025d3a0 in vfs_shutdown () at ../../../../kern/vfs_subr.c:2706
#23 0xc02ab7d9 in cpu_reboot (howto=256, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:737
#24 0xc0237c4b in panic (
fmt=0xc03dde40 "kernel %sassertion \"%s\" failed: file \"%s\", line %d")
at ../../../../kern/subr_prf.c:242
#25 0xc035d21c in __assert (t=0xc0388cb7 "diagnostic ",
f=0xc038ed5f "../../../../kern/uipc_mbuf.c", l=1072,
e=0xc038ed43 "mlen == 0 || !M_READONLY(m)")
at ../../../../../../lib/libkern/__assert.c:47
#26 0xc024b1b0 in m_copyback (m0=0xc182ce00, off=40, len=23,
cp=0xc0492960 "PORT 10,0,0,103,6,213\r\n")
at ../../../../kern/uipc_mbuf.c:1066
#27 0xc013210b in ippr_ftp_port (fin=0xc0492c00, ip=0xcb01a80e,
nat=0xc16eca00, f=0xc16ece08, dlen=23)
at ../../../../netinet/ip_ftp_pxy.c:273
#28 0xc01325fc in ippr_ftp_client (fin=0xc0492c00, ip=0xcb01a80e,
nat=0xc16eca00, ftp=0xc16ece00, dlen=23)
at ../../../../netinet/ip_ftp_pxy.c:436
#29 0xc013338b in ippr_ftp_process (fin=0xc0492c00, nat=0xc16eca00,
ftp=0xc16ece00, rv=0) at ../../../../netinet/ip_ftp_pxy.c:1165
#30 0xc01372d2 in ippr_ftp_out (fin=0xc0492c00, aps=0xc26d9080, nat=0xc16eca00)
at ../../../../netinet/ip_ftp_pxy.c:1256
#31 0xc0136d60 in appr_check (fin=0xc0492c00, nat=0xc16eca00)
at ../../../../netinet/ip_proxy.c:476
#32 0xc012fd2b in fr_natout (fin=0xc0492c00, nat=0xc16eca00, natadd=1,
nflags=1) at ../../../../netinet/ip_nat.c:3740
#33 0xc012f929 in fr_checknatout (fin=0xc0492c00, passp=0xc0492bdc)
at ../../../../netinet/ip_nat.c:3612
#34 0xc0123fd0 in fr_check (ip=0xcb01a80e, hlen=20, ifp=0xc1746044, out=1,
mp=0xc0492d18) at ../../../../netinet/fil.c:2364
#35 0xc012af3a in fr_check_wrapper (arg=0x0, mp=0xc0492d18, ifp=0xc1746044,
dir=2) at ../../../../netinet/ip_fil_netbsd.c:158
#36 0xc02776b0 in pfil_run_hooks (ph=0xc0424260, mp=0xc0492d78,
ifp=0xc1746044, dir=2) at ../../../../net/pfil.c:72
#37 0xc0114140 in ip_output (m0=0xc182ce00)
at ../../../../netinet/ip_output.c:731
#38 0xc01133c7 in ip_forward (m=0xc182ce00, srcrt=0)
at ../../../../netinet/ip_input.c:1913
#39 0xc0111efe in ip_input (m=0xc182ce00) at ../../../../netinet/ip_input.c:859
#40 0xc01136e6 in ipintr () at ../../../../netinet/ip_input.c:466
#41 0xc010abe5 in Xsoftnet ()
Note that this is actually a double panic; the second panic occurs when the
first one tries to reboot (frame 23) but another softnet interrupt gets
in and does the same thing.
Contents of the mbuf that m_copyback complains about, in frames 26 and frame 4,
respectively:
(gdb) f 26
#26 0xc024b1b0 in m_copyback (m0=0xc182ce00, off=40, len=23,
cp=0xc0492960 "PORT 10,0,0,103,6,213\r\n")
at ../../../../kern/uipc_mbuf.c:1066
1066 m->m_next = n;
(gdb) p m
$13 = (struct mbuf *) 0xc182ce00
(gdb) p *m
(gdb) p/x *m
$15 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0, mh_data = 0xcb01a80e,
mh_owner = 0x0, mh_len = 0x3f, mh_flags = 0x1000003, mh_paddr = 0x398de00,
mh_type = 0x1}, M_dat = {MH = {MH_pkthdr = {rcvif = 0xc1777044, tags = {
slh_first = 0x0}, len = 0x3f, csum_flags = 0x0, csum_data = 0x0},
MH_dat = {MH_ext = {ext_buf = 0xcb01a800, ext_free = 0x0,
ext_arg = 0xc0431a60, ext_size = 0x800, ext_type = 0x48001045,
ext_nextref = 0xc1520b00, ext_prevref = 0xc1520b00, ext_un = {
extun_paddr = 0x1f20f800, extun_pgs = {0x1f20f800, 0x43100712,
0x1600fcff, 0xbb18f48c, 0x8119f8a0, 0x2c831880, 0x4ef7,
0xa080101, 0xa4270000, 0x9f2ce414, 0xa000000, 0x1f9a5b2c,
0x89f5965c, 0xed2b8e58, 0x29c1c7a7, 0x5, 0x4828e0e8}}},
MH_databuf = {0x0, 0xa8, 0x1, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x60, 0x1a,
0x43, 0xc0, 0x0, 0x8, 0x0, 0x0, 0x45, 0x10, 0x0, 0x48, 0x0, 0xb,
0x52, 0xc1, 0x0, 0xb, 0x52, 0xc1, 0x0, 0xf8, 0x20, 0x1f, 0x12, 0x7,
0x10, 0x43, 0xff, 0xfc, 0x0, 0x16, 0x8c, 0xf4, 0x18, 0xbb, 0xa0,
0xf8, 0x19, 0x81, 0x80, 0x18, 0x83, 0x2c, 0xf7, 0x4e, 0x0, 0x0, 0x1,
0x1, 0x8, 0xa, 0x0, 0x0, 0x27, 0xa4, 0x14, 0xe4, 0x2c, 0x9f, 0x0,
0x0, 0x0, 0xa, 0x2c, 0x5b, 0x9a, 0x1f, 0x5c, 0x96, 0xf5, 0x89, 0x58,
0x8e, 0x2b, 0xed, 0xa7, 0xc7, 0xc1, 0x29, 0x5, 0x0, 0x0, 0x0, 0xe8,
0xe0, 0x28, 0x48, 0x9, 0x5, 0xb6, 0x40, 0x22, 0x0, 0xc0, 0x1, 0x0,
0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0xb0, 0x8, 0x5, 0x0,
0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xbd, 0x75, 0x8, 0xc, 0x6e, 0xb6,
0x40, 0x19, 0x1, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5, 0x4, 0xf5,
0x3, 0x0, 0x0, 0xb0, 0x8, 0xa0, 0x6e, 0xcb, 0x8, 0xd8, 0xeb, 0xbf,
0xbf, 0x40, 0xf0, 0x16, 0x8, 0x8, 0x0, 0xb6, 0x40, 0x38, 0x7f, 0x4d,
0x0, 0x40, 0x0, 0x0, 0x0, 0x22, 0x0, 0xc0, 0x1, 0x0, 0x0, 0x0, 0x0,
0x8d, 0x3, 0xe0, 0x0, 0x8a, 0x3, 0xdc, 0x0, 0x4, 0x0, 0x0, 0x3, 0x7,
0x2, 0xb6, 0x40, 0x38, 0x7f, 0x4d, 0x0...}}}, M_databuf = {0x44,
0x70, 0x77, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0 <repeats 12 times>,
0xa8, 0x1, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x60, 0x1a, 0x43, 0xc0, 0x0, 0x8,
0x0, 0x0, 0x45, 0x10, 0x0, 0x48, 0x0, 0xb, 0x52, 0xc1, 0x0, 0xb, 0x52,
0xc1, 0x0, 0xf8, 0x20, 0x1f, 0x12, 0x7, 0x10, 0x43, 0xff, 0xfc, 0x0,
0x16, 0x8c, 0xf4, 0x18, 0xbb, 0xa0, 0xf8, 0x19, 0x81, 0x80, 0x18, 0x83,
0x2c, 0xf7, 0x4e, 0x0, 0x0, 0x1, 0x1, 0x8, 0xa, 0x0, 0x0, 0x27, 0xa4,
0x14, 0xe4, 0x2c, 0x9f, 0x0, 0x0, 0x0, 0xa, 0x2c, 0x5b, 0x9a, 0x1f,
0x5c, 0x96, 0xf5, 0x89, 0x58, 0x8e, 0x2b, 0xed, 0xa7, 0xc7, 0xc1, 0x29,
0x5, 0x0, 0x0, 0x0, 0xe8, 0xe0, 0x28, 0x48, 0x9, 0x5, 0xb6, 0x40, 0x22,
0x0, 0xc0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0xb0,
0x8, 0x5, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xbd, 0x75, 0x8, 0xc,
0x6e, 0xb6, 0x40, 0x19, 0x1, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5, 0x4,
0xf5, 0x3, 0x0, 0x0, 0xb0, 0x8, 0xa0, 0x6e, 0xcb, 0x8, 0xd8, 0xeb, 0xbf,
0xbf, 0x40, 0xf0, 0x16, 0x8, 0x8, 0x0, 0xb6, 0x40, 0x38, 0x7f, 0x4d,
0x0, 0x40, 0x0, 0x0, 0x0, 0x22, 0x0, 0xc0, 0x1, 0x0, 0x0, 0x0, 0x0,
0x8d, 0x3...}}}
(gdb) f 4
#4 0xc024b1b0 in m_copyback (m0=0xc182a900, off=40, len=23,
cp=0xc0492244 "PORT 10,0,0,103,6,213\r\n")
at ../../../../kern/uipc_mbuf.c:1066
1066 m->m_next = n;
(gdb) p m
$16 = (struct mbuf *) 0xc182a900
(gdb) p/x *m
$17 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0, mh_data = 0xcafea80e,
mh_owner = 0x0, mh_len = 0x3f, mh_flags = 0x1000003, mh_paddr = 0x396b900,
mh_type = 0x1}, M_dat = {MH = {MH_pkthdr = {rcvif = 0xc1777044, tags = {
slh_first = 0x0}, len = 0x3f, csum_flags = 0x0, csum_data = 0x0},
MH_dat = {MH_ext = {ext_buf = 0xcafea800, ext_free = 0x0,
ext_arg = 0xc0431a60, ext_size = 0x800, ext_type = 0x0,
ext_nextref = 0xc1827f00, ext_prevref = 0xc1827f00, ext_un = {
extun_paddr = 0x3b6d800, extun_pgs = {0x3b6d800, 0x20044da,
0xcd4963b3, 0xdccca000, 0x86814, 0x90000045, 0xb691, 0x90d41140,
0x100010a, 0x1400010a, 0xfe030108, 0x510c7c00, 0xbb05cc24,
0x1000000, 0x0, 0x0, 0x0}}}, MH_databuf = {0x0, 0xa8, 0xfe,
0xca, 0x0, 0x0, 0x0, 0x0, 0x60, 0x1a, 0x43, 0xc0, 0x0, 0x8, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x82, 0xc1, 0x0, 0x7f, 0x82,
0xc1, 0x0, 0xd8, 0xb6, 0x3, 0xda, 0x44, 0x0, 0x2, 0xb3, 0x63, 0x49,
0xcd, 0x0, 0xa0, 0xcc, 0xdc, 0x14, 0x68, 0x8, 0x0, 0x45, 0x0, 0x0,
0x90, 0x91, 0xb6, 0x0, 0x0, 0x40, 0x11, 0xd4, 0x90, 0xa, 0x1, 0x0,
0x1, 0xa, 0x1, 0x0, 0x14, 0x8, 0x1, 0x3, 0xfe, 0x0, 0x7c, 0xc, 0x51,
0x24, 0xcc, 0x5, 0xbb, 0x0, 0x0, 0x0, 0x1, 0x0 <repeats 23 times>,
0x2, 0x0, 0x0, 0x1, 0xed, 0x0, 0x0, 0x0, 0x2,
0x0 <repeats 14 times>, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x10, 0x0, 0x0, 0x0, 0x3, 0x91, 0x0, 0x0, 0x0, 0xfb, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2,
0xb3, 0x63, 0x49, 0xcd, 0x0, 0xa0, 0xcc, 0xdc, 0x14, 0x68, 0x8, 0x0,
0x45, 0x0, 0x0, 0xbc, 0x93, 0x26, 0x0, 0x0, 0x40, 0x11, 0xd2, 0xf4,
0xa, 0x1, 0x0, 0x1, 0xa, 0x1, 0x0, 0x14, 0x8, 0x1, 0x3, 0xfe, 0x0,
0xa8, 0xf7, 0x4}}}, M_databuf = {0x44, 0x70, 0x77, 0xc1, 0x0, 0x0,
0x0, 0x0, 0x3f, 0x0 <repeats 12 times>, 0xa8, 0xfe, 0xca, 0x0, 0x0, 0x0,
0x0, 0x60, 0x1a, 0x43, 0xc0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x7f, 0x82, 0xc1, 0x0, 0x7f, 0x82, 0xc1, 0x0, 0xd8, 0xb6, 0x3,
0xda, 0x44, 0x0, 0x2, 0xb3, 0x63, 0x49, 0xcd, 0x0, 0xa0, 0xcc, 0xdc,
0x14, 0x68, 0x8, 0x0, 0x45, 0x0, 0x0, 0x90, 0x91, 0xb6, 0x0, 0x0, 0x40,
0x11, 0xd4, 0x90, 0xa, 0x1, 0x0, 0x1, 0xa, 0x1, 0x0, 0x14, 0x8, 0x1,
0x3, 0xfe, 0x0, 0x7c, 0xc, 0x51, 0x24, 0xcc, 0x5, 0xbb, 0x0, 0x0, 0x0,
0x1, 0x0 <repeats 23 times>, 0x2, 0x0, 0x0, 0x1, 0xed, 0x0, 0x0, 0x0,
0x2, 0x0 <repeats 14 times>, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x10, 0x0, 0x0, 0x0, 0x3, 0x91, 0x0, 0x0, 0x0, 0xfb, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xb3, 0x63,
0x49, 0xcd, 0x0, 0xa0, 0xcc, 0xdc, 0x14, 0x68, 0x8, 0x0, 0x45, 0x0, 0x0,
0xbc, 0x93, 0x26, 0x0, 0x0, 0x40, 0x11, 0xd2, 0xf4, 0xa, 0x1, 0x0, 0x1,
0xa, 0x1, 0x0, 0x14, 0x8, 0x1, 0x3...}}}
>How-To-Repeat:
Fire up particular FTP commands behind a 2.0G i386 box.
I can reproduce this at will, and can provide more information from the core
on request.
>Fix:
Unknown. This appears to be distinct from the other FTP problems discussed
in PRs kern/26671, kern/26697, but could be related to kern/25702, though
the observed stack traces are a bit different.
>Release-Note:
>Audit-Trail:
>Unformatted: