kern/40443: panic in ftp proxy in ipfilter

[peter%boku.net@localhost]

>Number:         40443
>Category:       kern
>Synopsis:       panic in ftp proxy in ipfilter
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 21 01:25:01 +0000 2009
>Originator:     Peter Eisch
>Release:        netbsd-4-0
>Organization:
>Environment:
NetBSD copperhead 4.0.0_PATCH NetBSD 4.0.0_PATCH (PETER-FW) #2: Fri Aug 15 
17:09:11 CDT 2008  
peter@buster:/builds/netbsd-4-0/i386/obj/builds/netbsd-4-0/src/sys/arch/i386/compile/PETER-FW
 i386

>Description:

db{0}> bt
cpu_Debugger(c0972f61,d4b4facc,0,0,200250) at netbsd:cpu_Debugger+0x4
panic(c094c79b,2,10,c5441600,6) at netbsd:panic+0x155
m_copydata(c37ace00,ac,12,c52cbc2b,12) at netbsd:m_copydata+0xc2
ippr_ftp_process(d4b4fcb8,c4fa3000,c52cbc00,0,c37ace00) at netbsd:ippr_ftp_proce
ss+0x496
ippr_ftp_out(d4b4fcb8,c55f2a80,c4fa3000,c4fa3054,0) at netbsd:ippr_ftp_out+0x58
appr_check(d4b4fcb8,c4fa3000,5dae,1083,1500) at netbsd:appr_check+0xb6
fr_natout(d4b4fcb8,c4fa3000,1,1,43dd5a20) at netbsd:fr_natout+0xa8
fr_checknatout(d4b4fcb8,d4b4fd60,d4b4fcb8,c01b534b,d4b4fcd0) at netbsd:fr_checkn
atout+0xb4
fr_check(c37ace38,14,c34b3400,1,d4b4fdd0) at netbsd:fr_check+0x91f
fr_check_wrapper(0,d4b4fdd0,c34b3400,2,0) at netbsd:fr_check_wrapper+0x97
pfil_run_hooks(c0a66880,d4b4fe80,c34b3400,2,c0a668b8) at netbsd:pfil_run_hooks+0
x91
ip_output(c38ed200,0,c0a668b4,1,0) at netbsd:ip_output+0xabf
ip_forward(c38ed200,0,c2d11058,1,49765f5e) at netbsd:ip_forward+0x145
ip_input(c38ed200,7,d4b4ff50,c0518a12,0) at netbsd:ip_input+0x85b
ipintr(d4b40010,30,10,10,d4b4d000) at netbsd:ipintr+0x24
DDB lost frame for netbsd:Xsoftnet+0x49, trying 0xd4b4ff58
Xsoftnet() at netbsd:Xsoftnet+0x49
--- interrupt ---
0x246:
db{0}> 

>How-To-Repeat:
map vlan150 208.79.194.36/32 -> 206.9.34.25/32 proxy port ftp ftp/tcp
map vlan150 208.79.194.36/32 -> 206.9.34.25/32 portmap tcp/udp 40000:60000
map vlan150 208.79.194.36/32 -> 206.9.34.25/32

...and send traffic through.

It will lock up within a day (maybe even within 100 session requests).

>Fix:
I wish I had a fix.