netbsd-bugs: kern/24981: ipfilter in 2.0 branch panics the system

Subject: kern/24981: ipfilter in 2.0 branch panics the system
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <smb@research.att.com>
List: netbsd-bugs
Date: 03/30/2004 15:57:39
>Number:         24981
>Category:       kern
>Synopsis:       ipfilter in 2.0 branch panics the system
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 30 20:58:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Steven M. Bellovin
>Release:        NetBSD 2.0_BETA
>Organization:
AT&T Labs Research
>Environment:
	
	
System: NetBSD berkshire.research.att.com 2.0_BETA NetBSD 2.0_BETA (BERKSHIRE) #0: Tue Mar 30 09:44:51 EST 2004 smb@berkshire.research.att.com:/usr/obj/sys/arch/i386/compile/BERKSHIRE i386
Architecture: i386
Machine: i386
>Description:
	At boot-time, with ipfilter=YES, my system reproducibly panics.
	I have non-null ipf.conf and ip6.conf files, though I'm not
	using ipv6 at the moment except for link-local.  Here's the panic:

	uvm_fault(0xcb2fb528, 0, 0, 1) -> 0xe
	fatal page fault in supervisor mode
	trap type 6 code 0 eip c01380e5 cs 8 eflags 10206 cr2 2c ilevel 5
	panic: trap
	Begin traceback...
	trap() at netbsd:trap+0x141
	--- trap (number 6) ---
	fr_checkv6sum(cb403720,3,4,1,0) at netbsd:fr_checkv6sum+0x35
	frpr_udp6(cb403720,ffffffff,40,1,0) at netbsd:frpr_udp6+0x10
	frpr_ipv6hdr(cb403720,2,0,cb4036f8,c11a5c00) at netbsd:frpr_ipv6hdr+0xbd
	fr_makefrip(28,c11a857c,cb403720,0,0) at netbsd:fr_makefrip+0x79
	fr_checkicmp6matchingstate(cb4038d0,0,0,0,0) at netbsd:fr_checkicmp6matchingstat
	e+0xc1
	fr_stlookup(cb4038d0,c11a8574,cb403898,0,cb4038d0) at netbsd:fr_stlookup+0x3cc
	fr_checkstate(cb4038d0,cb4038cc,cb4038d0,d,0) at netbsd:fr_checkstate+0x223
	fr_check(c11a854c,28,c0629140,1,cb4039d8) at netbsd:fr_check+0x4f9
	fr_check_wrapper6(0,cb4039d8,c0629140,2,c0629140) at netbsd:fr_check_wrapper6+0x
	23
	pfil_run_hooks(c0610080,cb403a64,c0629140,2,0) at netbsd:pfil_run_hooks+0x5b
	ip6_output(c11a8500,0,cb403b20,4,0) at netbsd:ip6_output+0x871
	icmp6_reflect(c11a8500,28,4,28,c11a8500) at netbsd:icmp6_reflect+0x287
	icmp6_error(c11a8500,1,4,0,c11a85a4) at netbsd:icmp6_error+0x1b8
	udp6_input(cb403da0,cb403d6c,11,1,c9c8) at netbsd:udp6_input+0x1b3
	ip6_input(c11a8500,0,0,c11a8500,0) at netbsd:ip6_input+0x408
	ip6intr(23ac,c11a8500,0,cb403e1c,c0322476) at netbsd:ip6intr+0x71
	DDB lost frame for netbsd:Xsoftnet+0x4d, trying 0xcb403dc0
	Xsoftnet() at netbsd:Xsoftnet+0x4d

>How-To-Repeat:
	See above
>Fix:
	Unknown.
>Release-Note:
>Audit-Trail:
>Unformatted: