Subject: Re: kern/34212: Kernel panic with IPv6 and IPF v4.1.8
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Martti Kuparinen <martti.kuparinen@iki.fi>
List: netbsd-bugs
Date: 10/09/2006 06:10:03
The following reply was made to PR kern/34212; it has been noted by GNATS.
From: Martti Kuparinen <martti.kuparinen@iki.fi>
To: gnats-bugs@NetBSD.org
Cc: darrenr@netbsd.org, kern-bug-people@NetBSD.org,
gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org,
darrenr@reed.wattle.id.au
Subject: Re: kern/34212: Kernel panic with IPv6 and IPF v4.1.8
Date: Mon, 09 Oct 2006 09:05:51 +0300
Panic this morning
#0 0x3fec0000 in ?? ()
#1 0xc03a0077 in cpu_reboot (howto=256, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:751
#2 0xc0327804 in panic (fmt=0xc06d3ae1 "trap")
at ../../../../kern/subr_prf.c:242
#3 0xc03aa535 in trap (frame=0xc0894750)
at ../../../../arch/i386/i386/trap.c:336
#4 0xc0102ed3 in calltrap ()
#5 0xc01445c4 in fr_stlookup (fin=0xc0894960, tcp=0xc2069ff8, ifqp=0xc0894928)
at ../../../../dist/ipf/netinet/ip_state.c:2279
#6 0xc0144ac7 in fr_checkstate (fin=0xc0894960, passp=0xc089495c)
at ../../../../dist/ipf/netinet/ip_state.c:2493
#7 0xc01296b9 in fr_check (ip=0xc2069fd0, hlen=40, ifp=0xc1b2b04c, out=1,
mp=0xc0894a68) at ../../../../dist/ipf/netinet/fil.c:2369
#8 0xc012e733 in fr_check_wrapper6 (arg=0x0, mp=0xc0894a68, ifp=0xc1b2b04c,
dir=2) at ../../../../dist/ipf/netinet/ip_fil_netbsd.c:210
#9 0xc036c6da in pfil_run_hooks (ph=0xc07cdfe0, mp=0xc0894af4,
ifp=0xc1b2b04c, dir=2) at ../../../../net/pfil.c:72
#10 0xc0156bd1 in ip6_output (m0=0xc2069f00, opt=0x0, ro=0xc0894bb0, flags=4,
im6o=0x0, so=0x0, ifpp=0xc0894c38) at ../../../../netinet6/ip6_output.c:811
#11 0xc01499ff in icmp6_reflect (m=0xc2069f00, off=40)
at ../../../../netinet6/icmp6.c:2144
(gdb) print *(fr_info_t *)0xc0894960
$1 = {fin_ifp = 0xc1b2b04c, fin_fi = {fi_v = 6, fi_xx = 0, fi_tos = 0,
fi_ttl = 64, fi_p = 58, fi_optmsk = 0, fi_src = {i6 = {3088318752,
16842756, 0, 16777216}, in4 = {s_addr = 3088318752}, in6 = {
__u6_addr = {
__u6_addr8 = " \001\024�\004\0\001\001\0\0\0\0\0\0\0\001",
__u6_addr16 = {288, 47124, 4, 257, 0, 0, 0, 256}, __u6_addr32 = {
3088318752, 16842756, 0, 16777216}}}, vptr = {0xb8140120,
0x1010004}, lptr = {0xb8140120, 0x1010004}}, fi_dst = {i6 = {
3088318752, 16842756, 0, 33554432}, in4 = {s_addr = 3088318752},
in6 = {__u6_addr = {
__u6_addr8 = " \001\024�\004\0\001\001\0\0\0\0\0\0\0\002",
__u6_addr16 = {288, 47124, 4, 257, 0, 0, 0, 512}, __u6_addr32 = {
3088318752, 16842756, 0, 33554432}}}, vptr = {0xb8140120,
0x1010004}, lptr = {0xb8140120, 0x1010004}}, fi_secmsk = 0,
fi_auth = 0, fi_flx = 135168, fi_tcpmsk = 0, fi_res1 = 0}, fin_dat = {
fid_16 = {2, 0}, fid_32 = 2}, fin_out = 1, fin_rev = 0, fin_hlen = 40,
fin_tcpf = 0 '\0', fin_icode = 0 '\0', fin_rule = 4294967295,
fin_group = "�", '\0' <repeats 14 times>, fin_fr = 0x0, fin_dp = 0xc2069ff8,
fin_dlen = 1240, fin_plen = 1280, fin_ipoff = 0, fin_id = 96, fin_off = 0,
fin_depth = 0, fin_error = 51, fin_nat = 0x0, fin_state = 0x0,
fin_nattag = 0x0, fin_ip = 0xc2069fd0, fin_mp = 0xc0894a68,
fin_m = 0xc2069f00}
(gdb)
I started to read ip_state.c (starting from line #3436) and I noticed that if
the code tries to return at #3546 the lock is still active.
Should there be a "RWLOCK_EXIT(&ipf_state);" just before return statements at
lines 3546 and 3601?