From owner-freebsd-bugs@FreeBSD.ORG Tue Jan 31 09:00:14 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F90116A420 for ; Tue, 31 Jan 2006 09:00:14 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 702BC43D48 for ; Tue, 31 Jan 2006 09:00:13 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0V90DFR039071 for ; Tue, 31 Jan 2006 09:00:13 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0V90Dc9039070; Tue, 31 Jan 2006 09:00:13 GMT (envelope-from gnats) Resent-Date: Tue, 31 Jan 2006 09:00:13 GMT Resent-Message-Id: <200601310900.k0V90Dc9039070@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Andrey V. Elsukov" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D40AA16A420 for ; Tue, 31 Jan 2006 08:59:23 +0000 (GMT) (envelope-from elsukov@rdu.kirov.ru) Received: from mgat.rdu.kirov.ru (mgat.rdu.kirov.ru [85.93.37.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FB4C43D55 for ; Tue, 31 Jan 2006 08:59:16 +0000 (GMT) (envelope-from elsukov@rdu.kirov.ru) Received: from rdu.kirov.ru (localhost [127.0.0.1]) by mail.rdu.kirov.ru (Postfix) with ESMTP id 8AC6833B10 for ; Tue, 31 Jan 2006 11:59:13 +0300 (MSK) Received: (from elsukov@localhost) by rdu.kirov.ru (8.12.10/8.12.9/Submit) id k0V8xDqI020897; Tue, 31 Jan 2006 11:59:13 +0300 (MSK) Message-Id: <200601310859.k0V8xDqI020897@rdu.kirov.ru> Date: Tue, 31 Jan 2006 11:59:13 +0300 (MSK) From: "Andrey V. Elsukov" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/92593: panic when used ipfw uid/gid checks and ipfw_ether X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Andrey V. Elsukov" List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2006 09:00:14 -0000 >Number: 92593 >Category: kern >Synopsis: panic when used ipfw uid/gid checks and ipfw_ether >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jan 31 09:00:12 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Andrey V. Elsukov >Release: FreeBSD 7.0-CURRENT >Organization: >Environment: 7.0-CURRENT, but i have some reports from my friend, that this panic can get on the 5.4-RELEASE and 6.0-RELEASE. I have IPFW in the kernel. # cat /boot/loader.conf debug.mpsafenet=0 >Description: I get a kernel panic when receive some ip packet (in this backtrace - udp broadcast). >How-To-Repeat: My system is in the local network, i try a folowing commands: # ipfw add 1 count ip from any to any uid 0 # sysctl net.inet.ether.ipfw=1 --- bt.log begins here --- GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x203a7325 fault code = supervisor read, page not present instruction pointer = 0x20:0xc06bb03c stack pointer = 0x28:0xc608a8bc frame pointer = 0x28:0xc608a8bc code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 31 (em0 taskq) Dumping 63 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 63MB (16128 pages) 48 32 16 #0 doadump () at pcpu.h:166 in pcpu.h (kgdb) bt full #0 doadump () at pcpu.h:166 No locals. #1 0xc046b3c7 in db_fncall (dummy1=-1063420928, dummy2=0, dummy3=-1065352653, dummy4=0xc608a68c "¸¦\bÆxå\177À¤¦\bƨ¦\bÆ\220\a") at /usr/src/sys/ddb/db_command.c:489 fn_addr = -1067104744 args = {1, 0, 539020440, 78, -1063540320, -1063540544, 0, -972511628, 2, -1064560544} nargs = 0 retval = 0 t = 0 #2 0xc046b1cc in db_command (last_cmdp=0xc093f604, cmd_table=0x0, aux_cmd_tablep=0xc08b8840, aux_cmd_tablep_end=0xc08b885c) at /usr/src/sys/ddb/db_command.c:404 cmd = (struct command *) 0xc08c1a00 t = 0 modif = "¸¦\bÆxå\177À¤¦\bƨ¦\bÆ\220\a\000\000\220\a\000\000Ï\a\000\000\000\000\000\000\000|\235À\r\000\000\000\000|\235À\000|\235À\r\000\000\000\001\000\000\000ä¦\bÆ«Þ\177Àä¦\bÆÄÞ\177ÀÀ¨\233À\200I\232Àx\000\000\000\000ÿ\223À\f\000\000\000\004§\bÆhÒFÀ/¯\210À@ÏFÀ\f\000\000\000\000ÿ\223ÀòÆFÀ" addr = -1063420928 count = -1065352653 have_addr = 0 result = 0 #3 0xc046b294 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455 No locals. #4 0xc046cead in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221 jb = {{_jb = {-972511420, -972511440, -972511368, 1, 12, -1069101498, -972511108, 2, 1, -972511108, 1, 12}}} prev_jb = (void *) 0x0 bkpt = 0 #5 0xc066fc7c in kdb_trap (type=12, code=0, tf=0xc608a87c) at /usr/src/sys/kern/subr_kdb.c:485 did_stop_cpus = 1 handled = -972511108 #6 0xc081d6b8 in trap_fatal (frame=0xc608a87c, eva=540701477) at /usr/src/sys/i386/i386/trap.c:853 eflags = 514 code = 514 type = 12 ss = 514 esp = 0 softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 13, ssd_xx1 = 1, ssd_def32 = 1, ssd_gran = 1} msg = 0x0 #7 0xc081d3fb in trap_pfault (frame=0xc608a87c, usermode=0, eva=540701477) at /usr/src/sys/i386/i386/trap.c:770 va = 540700672 vm = (struct vmspace *) 0x0 map = 0xc0956a40 rv = 1 ftype = 1 '\001' td = (struct thread *) 0xc1682d00 p = (struct proc *) 0xc1681d38 #8 0xc081d015 in trap (frame= {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = 0, tf_esi = 1, tf_ebp = -972511044, tf_isp = -972511064, tf_ebx = -1064787347, tf_edx = 540701477, tf_ecx = 0, tf_eax = 540701477, tf_trapno = 12, tf_err = 0, tf_eip = -1066684356, tf_cs = 32, tf_eflags = 66118, tf_esp = -972510844, tf_ss = -1066983424}) at /usr/src/sys/i386/i386/trap.c:455 td = (struct thread *) 0xc1682d00 p = (struct proc *) 0xc1681d38 sticks = 0 i = 0 ucode = 0 type = 12 code = 0 addr = 0 eva = 540701477 ksi = {ksi_link = {tqe_next = 0x0, tqe_prev = 0x0}, ksi_info = { si_signo = 0, si_errno = 0, si_code = 0, si_pid = 0, si_uid = 0, si_status = 0, si_addr = 0x0, si_value = {sival_int = 0, sival_ptr = 0x0}, _reason = {_fault = {_trapno = 0}, _timer = { _timerid = 0, _overrun = 0}, _mesgq = {_mqd = 0}, _poll = { _band = 0}, __spare__ = {__spare1__ = 0, __spare2__ = {0, 0, 0, 0, 0, 0, 0}}}}, ksi_flags = 0, ksi_sigq = 0x0} #9 0xc08096da in calltrap () at /usr/src/sys/i386/i386/exception.s:137 No locals. #10 0xc06bb03c in strlen (str=0x203a7325
) at /usr/src/sys/libkern/strlen.c:41 s = 0x203a7325
#11 0xc0672000 in kvprintf (fmt=0xc088a26d " not owned at %s:%d", func=0xc0671928 , arg=0xc608a9a0, radix=10, ap=0xc608a9e8 "\214\224\211À\207\a") at /usr/src/sys/kern/subr_prf.c:679 nbuf = "ÿÿÿÿ\000Ø\000\000\225zA\000Ü©\bÆè[\202À¶©\bÆ\001\000\000\000\n\000\000\000À©\bÆ\004\000\000\000\n\000\000\000\000\000\000\000zÚ\000\000\000d\000\000zÚ\000\000\000\000\000\000" d = 0x0 p = 0x203a7325
percent = 0xc088a26b "%s not owned at %s:%d" q = 0x1
up = (u_char *) 0x0 ch = 540701477 n = 1 num = 0 base = 0 lflag = 0 qflag = 0 tmp = 1 width = 0 ladjust = 0 sharpflag = 0 neg = 0 sign = 0 dot = 0 cflag = 0 hflag = 0 jflag = 0 tflag = 0 zflag = 0 dwidth = 0 padc = 32 ' ' stop = 0 retval = 6 #12 0xc06718c5 in vsnprintf ( str=0x203a7325
, size=540701477, format=0xc088a265 "mutex %s not owned at %s:%d", ap=0xc608a9e4 "%s: \214\224\211À\207\a") at /usr/src/sys/kern/subr_prf.c:413 info = {str = 0xc0958266 "", remain = 250} retval = 540701477 #13 0xc0654dd2 in panic (fmt=0xc088a265 "mutex %s not owned at %s:%d") at /usr/src/sys/kern/kern_shutdown.c:522 td = (struct thread *) 0xc1682d00 bootopt = 256 newpanic = 1 ap = 0xc608a9e4 "%s: \214\224\211À\207\a" buf = "mutex ", '\0' #14 0xc064d31a in _mtx_assert (m=0xc088ebd2, what=0, file=0xc089948c "/usr/src/sys/netinet/ip_fw2.c", line=1927) at /usr/src/sys/kern/kern_mutex.c:754 No locals. #15 0xc06ee15e in check_uidgid (insn=0xc1b193a4, proto=17, oif=0x0, dst_ip= {s_addr = 4283504044}, dst_port=138, src_ip={s_addr = 961615276}, src_port=138, ugp=0xc608aae0, lookup=0xc608aacc, inp=0xc088eb42) at /usr/src/sys/netinet/ip_fw2.c:1927 pi = (struct inpcbinfo *) 0x99 wildcard = -1064768702 pcb = (struct inpcb *) 0xc088eb42 match = -1063623928 gp = (gid_t *) 0x203a7325 #16 0xc06ef037 in ipfw_chk (args=0xc608ab54) at /usr/src/sys/netinet/ip_fw2.c:2467 match = 0 tablearg = 0 skip_or = 0 cmd = (ipfw_insn *) 0xc1b193a4 l = 3 cmdlen = 2 m = (struct mbuf *) 0xc1870300 ip = (struct ip *) 0xc18af810 fw_ugid_cache = {fw_groups = {1, 0, 416612352, 4259840, 3322456984, 0, 3230777056, 4291221, 3322456860, 3229769270, 0, 2147483648, 3579545, 0, 0, 3322456964}, fw_ngroups = -1067066171, fw_uid = 0, fw_prid = -2147483648} ugid_lookup = 0 divinput_flags = 0 oif = (struct ifnet *) 0x0 f = (struct ip_fw *) 0xc1b19380 retval = 3 hlen = 20 offset = 0 proto = 17 '\021' src_port = 138 dst_port = 138 src_ip = {s_addr = 961615276} dst_ip = {s_addr = 4283504044} ip_len = 244 pktlen = 244 dyn_dir = 3 q = (ipfw_dyn_rule *) 0x0 mtag = (struct m_tag *) 0xc1b19380 ulp = (void *) 0xc18af824 is_ipv6 = 0 ext_hd = 0 is_ipv4 = 1 #17 0xc06c292d in ether_ipfw_chk (m0=0xc608ac74, dst=0x0, rule=0xc608ac58, shared=0) at /usr/src/sys/net/if_ethersubr.c:429 eh = (struct ether_header *) 0xc18af802 save_eh = {ether_dhost = "ÿÿÿÿÿÿ", ether_shost = "\000P¿Óòh", ether_type = 8} m = (struct mbuf *) 0xc1870300 i = -1047857136 args = {m = 0xc1870300, oif = 0x0, next_hop = 0x0, rule = 0x0, eh = 0xc608ac24, flags = -1067021237, f_id = {dst_ip = 2887078399, src_ip = 2887078201, dst_port = 138, src_port = 138, proto = 17 '\021', flags = 2 '\002', addr_type = 4 '\004', dst_ip6 = {__u6_addr = { __u6_addr8 = "\000-hÁ\214«\bÆF\002\000\000tà\225À", __u6_addr16 = { 11520, 49512, 43916, 50696, 582, 0, 57460, 49301}, __u6_addr32 = { 3244829952, 3322456972, 582, 3231047796}}}, src_ip6 = {__u6_addr = { __u6_addr8 = "\230«\bÆAÏdÀÀF\232ÀÄ«\bÆ", __u6_addr16 = {43928, 50696, 53057, 49252, 18112, 49306, 43972, 50696}, __u6_addr32 = { 3322456984, 3227832129, 3231336128, 3322457028}}}, flow_id6 = 3228020860, frag_id6 = 3231047796}, cookie = 0, inp = 0xc088eb42, dummypar = {opt_or = 0x6ae, ro_or = {ro_rt = 0xc095e074, ro_dst = {sin6_len = 0 '\0', sin6_family = 0 '\0', sin6_port = 0, sin6_flowinfo = 3230198594, sin6_addr = {__u6_addr = { __u6_addr8 = "«\006\000\000\000-hÁ\003\000\000\000\020\000\000", __u6_addr16 = {1707, 0, 11520, 49512, 3, 0, 16, 0}, __u6_addr32 = {1707, 3244829952, 3, 16}}}, sin6_scope_id = 3322457064}}, flags_or = -1067021237, im6o_or = 0xc0958030, origifp_or = 0x2, ifp_or = 0xc088c812, dst_or = { sin6_len = 110 'n', sin6_family = 2 '\002', sin6_port = 0, sin6_flowinfo = 3244829952, sin6_addr = {__u6_addr = { __u6_addr8 = "ô«\bÆF\002\000\000 :\225À\000¬\bÆ", __u6_addr16 = { 44020, 50696, 582, 0, 14880, 49301, 44032, 50696}, __u6_addr32 = { 3322457076, 582, 3231005216, 3322457088}}}, sin6_scope_id = 3227832129}, mtu_or = 3243774656, ro_pmtu_or = { ro_rt = 0xc608ac24, ro_dst = {sin6_len = 197 'Å', sin6_family = 52 '4', sin6_port = 49242, sin6_flowinfo = 3231005216, sin6_addr = { __u6_addr = { __u6_addr8 = "\000\000\000\000È\214\207ÀV\001\000\000F\000\000", __u6_addr16 = {0, 0, 36040, 49287, 342, 0, 70, 0}, __u6_addr32 = { 0, 3230108872, 342, 70}}}, sin6_scope_id = 3247048704}}}} __func__ = "ether_ipfw_chk" #18 0xc06c2df7 in ether_demux (ifp=0xc16a5800, m=0xc1870300) at /usr/src/sys/net/if_ethersubr.c:683 eh = (struct ether_header *) 0xc18af802 isr = 540701477 ether_type = 2048 rule = (struct ip_fw *) 0x0 __func__ = "ether_demux" #19 0xc06c2caa in ether_input (ifp=0xc16a5800, m=0xc1870300) at /usr/src/sys/net/if_ethersubr.c:595 eh = (struct ether_header *) 0x203a7325 etype = 2048 __func__ = "ether_input" #20 0xc0516313 in em_process_receive_interrupts (adapter=0xc1657800, count=99) at /usr/src/sys/dev/em/if_em.c:3180 m = (struct mbuf *) 0xc1870300 ifp = (struct ifnet *) 0xc16a5800 mp = (struct mbuf *) 0xc1870300 accept_frame = 1 '\001' eop = 1 '\001' len = 258 desc_len = 29477 prev_len_adj = 0 i = 251 current_desc = (struct em_rx_desc *) 0xc1699fa0 #21 0xc0512f2f in em_handle_rxtx (context=0xc1657800, pending=1) at /usr/src/sys/dev/em/if_em.c:1110 adapter = (struct adapter *) 0xc1657800 ifp = (struct ifnet *) 0xc16a5800 #22 0xc0676a4c in taskqueue_run (queue=0xc167ec00) at /usr/src/sys/kern/subr_taskqueue.c:255 task = (struct task *) 0xc16579d0 owned = 1 pending = 1 #23 0xc0676d76 in taskqueue_thread_loop (arg=0x203a7325) at /usr/src/sys/kern/subr_taskqueue.c:358 tq = (struct taskqueue *) 0xc167ec00 #24 0xc0640f0c in fork_exit (callout=0xc0676d2c , arg=0xc16579e0, frame=0xc608ad38) at /usr/src/sys/kern/kern_fork.c:790 p = (struct proc *) 0xc1681d38 td = (struct thread *) 0x203a7325 #25 0xc080973c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:198 No locals. (kgdb) f 16 #16 0xc06ef037 in ipfw_chk (args=0xc608ab54) at /usr/src/sys/netinet/ip_fw2.c:2467 2467 match = check_uidgid( (kgdb) info locals             p *args $1 = {m = 0xc1870300, oif = 0x0, next_hop = 0x0, rule = 0x0, eh = 0xc608ac24, flags = -1067021237, f_id = {dst_ip = 2887078399, src_ip = 2887078201, dst_port = 138, src_port = 138, proto = 17 '\021', flags = 2 '\002', addr_type = 4 '\004', dst_ip6 = {__u6_addr = { __u6_addr8 = "\000-hÁ\214«\bÆF\002\000\000tà\225À", __u6_addr16 = { 11520, 49512, 43916, 50696, 582, 0, 57460, 49301}, __u6_addr32 = { 3244829952, 3322456972, 582, 3231047796}}}, src_ip6 = {__u6_addr = { __u6_addr8 = "\230«\bÆAÏdÀÀF\232ÀÄ«\bÆ", __u6_addr16 = {43928, 50696, 53057, 49252, 18112, 49306, 43972, 50696}, __u6_addr32 = { 3322456984, 3227832129, 3231336128, 3322457028}}}, flow_id6 = 3228020860, frag_id6 = 3231047796}, cookie = 0, inp = 0xc088eb42, dummypar = {opt_or = 0x6ae, ro_or = {ro_rt = 0xc095e074, ro_dst = {sin6_len = 0 '\0', sin6_family = 0 '\0', sin6_port = 0, sin6_flowinfo = 3230198594, sin6_addr = {__u6_addr = { __u6_addr8 = "«\006\000\000\000-hÁ\003\000\000\000\020\000\000", __u6_addr16 = {1707, 0, 11520, 49512, 3, 0, 16, 0}, __u6_addr32 = {1707, 3244829952, 3, 16}}}, sin6_scope_id = 3322457064}}, flags_or = -1067021237, im6o_or = 0xc0958030, origifp_or = 0x2, ifp_or = 0xc088c812, dst_or = { sin6_len = 110 'n', sin6_family = 2 '\002', sin6_port = 0, sin6_flowinfo = 3244829952, sin6_addr = {__u6_addr = { __u6_addr8 = "ô«\bÆF\002\000\000 :\225À\000¬\bÆ", __u6_addr16 = { 44020, 50696, 582, 0, 14880, 49301, 44032, 50696}, __u6_addr32 = { 3322457076, 582, 3231005216, 3322457088}}}, sin6_scope_id = 3227832129}, mtu_or = 3243774656, ro_pmtu_or = { ro_rt = 0xc608ac24, ro_dst = {sin6_len = 197 'Å', sin6_family = 52 '4', sin6_port = 49242, sin6_flowinfo = 3231005216, sin6_addr = { __u6_addr = { __u6_addr8 = "\000\000\000\000È\214\207ÀV\001\000\000F\000\000", __u6_addr16 = {0, 0, 36040, 49287, 342, 0, 70, 0}, __u6_addr32 = { 0, 3230108872, 342, 70}}}, sin6_scope_id = 3247048704}}}} (kgdb) p *args->eh $2 = {ether_dhost = "ÿÿÿÿÿÿ", ether_shost = "\000P¿Óòh", ether_type = 8} (kgdb) f 15 #15 0xc06ee15e in check_uidgid (insn=0xc1b193a4, proto=17, oif=0x0, dst_ip= {s_addr = 4283504044}, dst_port=138, src_ip={s_addr = 961615276}, src_port=138, ugp=0xc608aae0, lookup=0xc608aacc, inp=0xc088eb42) at /usr/src/sys/netinet/ip_fw2.c:1927 1927 INP_LOCK_ASSERT(inp); (kgdb) p *inp $3 = {inp_hash = {le_next = 0x7273752f, le_prev = 0x6372732f}, inp_list = { le_next = 0x7379732f, le_prev = 0x72656b2f}, inp_flow = 1970483054, inp_inc = {inc_flags = 98 'b', inc_len = 114 'r', inc_pad = 30559, inc_ie = {ie_fport = 29801, ie_lport = 25966, ie_dependfaddr = { ie46_foreign = {ia46_pad32 = {1663988595, 1953068800, 1936942446}, ia46_addr4 = {s_addr = 1668246560}}, ie6_foreign = {__u6_addr = { __u6_addr8 = "ss.c\000witness loc", __u6_addr16 = {29555, 25390, 30464, 29801, 25966, 29555, 27680, 25455}, __u6_addr32 = { 1663988595, 1953068800, 1936942446, 1668246560}}}}, ie_dependladdr = {ie46_local = {ia46_pad32 = {1919877227, 544367972, 1953720684}, ia46_addr4 = {s_addr = 1953451520}}, ie6_local = { __u6_addr = {__u6_addr8 = "k\000order list\000Not", __u6_addr16 = { 107, 29295, 25956, 8306, 26988, 29811, 19968, 29807}, __u6_addr32 = {1919877227, 544367972, 1953720684, 1953451520}}}}}}, inp_ppcb = 0x6f6e6520
, inp_pcbinfo = 0x20686775, inp_socket = 0x6f6d656d, inp_label = 0x66207972, inp_flags = 1931506287, inp_sp = 0x69746174, inp_vflag = 99 'c', inp_ip_ttl = 32 ' ', inp_ip_p = 111 'o', inp_ip_minttl = 114 'r', inp_depend4 = {inp4_ip_tos = 100 'd', inp4_options = 0x73250021, inp4_moptions = 0x6f6c203a}, inp_depend6 = {inp6_options = 0x25206b63, inp6_outputopts = 0x73692073, inp6_moptions = 0x206e6f20, inp6_icmp6filt = 0x646e6570, inp6_cksum = 543649385, inp6_ifindex = 26988, inp6_hops = 29811}, inp_portlist = { le_next = 0x74756220, le_prev = 0x746f6e20}, inp_phd = 0x5f4f4c20, inp_gencnt = 23453980198979927, inp_mtx = {mtx_object = { lo_name = 0x203a7325
, lo_type = 0x6b636f6c
, lo_flags = 1931814944, lo_witness_data = {lod_list = { stqe_next = 0x73252029}, lod_witness = 0x73252029}}, mtx_lock = 1851876128, mtx_recurse = 1953459744}} (kgdb) --- bt.log ends here --- >Fix: --- src/sys/netinet/ip_fw2.c Tue Jan 24 13:38:06 2006 +++ src/sys/netinet/ip_fw2.c Tue Jan 31 10:31:12 2006 @@ -2462,6 +2462,12 @@ break; if (is_ipv6) /* XXX to be fixed later */ break; + /* + * XXX uid/gid checks don't work with + * a layer2 packets + */ + if (args->eh != NULL) + break; if (proto == IPPROTO_TCP || proto == IPPROTO_UDP) match = check_uidgid( >Release-Note: >Audit-Trail: >Unformatted: