Date: Mon, 27 Feb 2017 13:07:17 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 217391] [ipfw] [panic] erroneous ipfw rule triggers KASSERT Message-ID: <bug-217391-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217391 Bug ID: 217391 Summary: [ipfw] [panic] erroneous ipfw rule triggers KASSERT Product: Base System Version: 11.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: ports@grosbein.net Next three commands trigger KASSERT/panic for INVARIANTS-enabled kernel: ipfw table 1 create type addr ipfw add 1 count ip from any to any in recv 'table(10)' # pilot error ipfw flush # (or "service ipfw start" as it includes flush) Kernel built without INVARIANTS works fine. Panic message: panic: wrong type 1 (2) for table id 1 Backtrace follows: (kgdb) bt #0 doadump (textdump=3D1) at pcpu.h:222 #1 0xffffffff80590ac5 in kern_reboot (howto=3D<value optimized out>) at /data2/src/sys/kern/kern_shutdown.c:366 #2 0xffffffff805910a0 in vpanic (fmt=3D<value optimized out>, ap=3D<value optimized out>) at /data2/src/sys/kern/kern_shutdown.c:759 #3 0xffffffff80590ed6 in kassert_panic (fmt=3D<value optimized out>) at /data2/src/sys/kern/kern_shutdown.c:649 #4 0xffffffff8072c784 in unref_rule_objects (ch=3D0xffffffff80ec6610, rule=3D<value optimized out>) at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:2613 #5 0xffffffff80732503 in delete_range (chain=3D<value optimized out>, rt=3D0xfffffe0238c907c8, ndel=3D<value optimized out>) at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:803 #6 0xffffffff80730c50 in del_rules (chain=3D0xffffffff80ec6610, op3=3D<value optimized out>, sd=3D0xfffffe0238c90740) at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:1265 #7 0xffffffff8072e2cd in ipfw_ctl3 (sopt=3D0xfffffe0238c909b0) at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:3674 #8 0xffffffff806ddd62 in rip_ctloutput (so=3D0xfffff8017c82a360, sopt=3D0xfffffe0238c909b0) at /data2/src/sys/netinet/raw_ip.c:596 #9 0xffffffff806222a9 in sogetopt (so=3D0xfffff8017c82a360, sopt=3D0xfffffe0238c909b0) at /data2/src/sys/kern/uipc_socket.c:2743 #10 0xffffffff8062678e in kern_getsockopt (td=3D0xfffff801b10fd000, ---Type <return> to continue, or q <return> to quit--- s=3D<value optimized out>, level=3D<value optimized out>, name=3D<value optimized out>, val=3D<value optimized out>, valseg=3D<value optimized out>, valsize=3D0xfffffe0238c90a1c) at /data2/src/sys/kern/uipc_syscalls.c:1489 #11 0xffffffff80626690 in sys_getsockopt (td=3D0xfffff801b10fd000, uap=3D0xfffffe0238c90b30) at /data2/src/sys/kern/uipc_syscalls.c:1435 #12 0xffffffff8083316c in amd64_syscall (td=3D0xfffff801b10fd000, traced=3D= 0) at subr_syscall.c:135 #13 0xffffffff8081486b in Xfast_syscall () at /data2/src/sys/amd64/amd64/exception.S:396 #14 0x0000000800b3a9da in ?? () Current language: auto; currently minimal (kgdb) frame 4 #4 0xffffffff8072c784 in unref_rule_objects (ch=3D0xffffffff80ec6610,=20 rule=3D<value optimized out>) at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:2613 2613 KASSERT(no->subtype =3D=3D subtype, (kgdb) l 2608 if (rw =3D=3D NULL) 2609 continue; 2610 no =3D rw->find_bykidx(ch, kidx); 2611=20=20=20=20 2612 KASSERT(no !=3D NULL, ("table id %d not found", kid= x)); 2613 KASSERT(no->subtype =3D=3D subtype, 2614 ("wrong type %d (%d) for table id %d", 2615 no->subtype, subtype, kidx)); 2616 KASSERT(no->refcnt > 0, ("refcount for table %d is = %d", 2617 kidx, no->refcnt)); (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-217391-8>