Subject: Re: kern/34212: Kernel panic with IPv6 and IPF v4.1.8
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Martti Kuparinen <martti.kuparinen@iki.fi>
List: netbsd-bugs
Date: 10/09/2006 06:10:03
The following reply was made to PR kern/34212; it has been noted by GNATS.

From: Martti Kuparinen <martti.kuparinen@iki.fi>
To: gnats-bugs@NetBSD.org
Cc: darrenr@netbsd.org, kern-bug-people@NetBSD.org,
	gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org,
	darrenr@reed.wattle.id.au
Subject: Re: kern/34212: Kernel panic with IPv6 and IPF v4.1.8
Date: Mon, 09 Oct 2006 09:05:51 +0300

 Panic this morning
 
 #0  0x3fec0000 in ?? ()
 #1  0xc03a0077 in cpu_reboot (howto=256, bootstr=0x0)
     at ../../../../arch/i386/i386/machdep.c:751
 #2  0xc0327804 in panic (fmt=0xc06d3ae1 "trap")
     at ../../../../kern/subr_prf.c:242
 #3  0xc03aa535 in trap (frame=0xc0894750)
     at ../../../../arch/i386/i386/trap.c:336
 #4  0xc0102ed3 in calltrap ()
 #5  0xc01445c4 in fr_stlookup (fin=0xc0894960, tcp=0xc2069ff8, ifqp=0xc0894928)
     at ../../../../dist/ipf/netinet/ip_state.c:2279
 #6  0xc0144ac7 in fr_checkstate (fin=0xc0894960, passp=0xc089495c)
     at ../../../../dist/ipf/netinet/ip_state.c:2493
 #7  0xc01296b9 in fr_check (ip=0xc2069fd0, hlen=40, ifp=0xc1b2b04c, out=1,
     mp=0xc0894a68) at ../../../../dist/ipf/netinet/fil.c:2369
 #8  0xc012e733 in fr_check_wrapper6 (arg=0x0, mp=0xc0894a68, ifp=0xc1b2b04c,
     dir=2) at ../../../../dist/ipf/netinet/ip_fil_netbsd.c:210
 #9  0xc036c6da in pfil_run_hooks (ph=0xc07cdfe0, mp=0xc0894af4,
     ifp=0xc1b2b04c, dir=2) at ../../../../net/pfil.c:72
 #10 0xc0156bd1 in ip6_output (m0=0xc2069f00, opt=0x0, ro=0xc0894bb0, flags=4,
     im6o=0x0, so=0x0, ifpp=0xc0894c38) at ../../../../netinet6/ip6_output.c:811
 #11 0xc01499ff in icmp6_reflect (m=0xc2069f00, off=40)
     at ../../../../netinet6/icmp6.c:2144
 
 
 
 (gdb) print *(fr_info_t *)0xc0894960
 $1 = {fin_ifp = 0xc1b2b04c, fin_fi = {fi_v = 6, fi_xx = 0, fi_tos = 0,
     fi_ttl = 64, fi_p = 58, fi_optmsk = 0, fi_src = {i6 = {3088318752,
         16842756, 0, 16777216}, in4 = {s_addr = 3088318752}, in6 = {
         __u6_addr = {
           __u6_addr8 = " \001\024�\004\0\001\001\0\0\0\0\0\0\0\001",
           __u6_addr16 = {288, 47124, 4, 257, 0, 0, 0, 256}, __u6_addr32 = {
             3088318752, 16842756, 0, 16777216}}}, vptr = {0xb8140120,
         0x1010004}, lptr = {0xb8140120, 0x1010004}}, fi_dst = {i6 = {
         3088318752, 16842756, 0, 33554432}, in4 = {s_addr = 3088318752},
       in6 = {__u6_addr = {
           __u6_addr8 = " \001\024�\004\0\001\001\0\0\0\0\0\0\0\002",
           __u6_addr16 = {288, 47124, 4, 257, 0, 0, 0, 512}, __u6_addr32 = {
             3088318752, 16842756, 0, 33554432}}}, vptr = {0xb8140120,
         0x1010004}, lptr = {0xb8140120, 0x1010004}}, fi_secmsk = 0,
     fi_auth = 0, fi_flx = 135168, fi_tcpmsk = 0, fi_res1 = 0}, fin_dat = {
     fid_16 = {2, 0}, fid_32 = 2}, fin_out = 1, fin_rev = 0, fin_hlen = 40,
   fin_tcpf = 0 '\0', fin_icode = 0 '\0', fin_rule = 4294967295,
   fin_group = "�", '\0' <repeats 14 times>, fin_fr = 0x0, fin_dp = 0xc2069ff8,
   fin_dlen = 1240, fin_plen = 1280, fin_ipoff = 0, fin_id = 96, fin_off = 0,
   fin_depth = 0, fin_error = 51, fin_nat = 0x0, fin_state = 0x0,
   fin_nattag = 0x0, fin_ip = 0xc2069fd0, fin_mp = 0xc0894a68,
   fin_m = 0xc2069f00}
 (gdb)
 
 
 I started to read ip_state.c (starting from line #3436) and I noticed that if
 the code tries to return at #3546 the lock is still active.
 
 Should there be a "RWLOCK_EXIT(&ipf_state);" just before return statements at
 lines 3546 and 3601?