From owner-freebsd-bugs@freebsd.org Mon Feb 27 13:07:17 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8C6A2CED2E8 for ; Mon, 27 Feb 2017 13:07:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7C6E5F55 for ; Mon, 27 Feb 2017 13:07:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v1RD7HUV011384 for ; Mon, 27 Feb 2017 13:07:17 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 217391] [ipfw] [panic] erroneous ipfw rule triggers KASSERT Date: Mon, 27 Feb 2017 13:07:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ports@grosbein.net X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2017 13:07:17 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217391 Bug ID: 217391 Summary: [ipfw] [panic] erroneous ipfw rule triggers KASSERT Product: Base System Version: 11.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: ports@grosbein.net Next three commands trigger KASSERT/panic for INVARIANTS-enabled kernel: ipfw table 1 create type addr ipfw add 1 count ip from any to any in recv 'table(10)' # pilot error ipfw flush # (or "service ipfw start" as it includes flush) Kernel built without INVARIANTS works fine. Panic message: panic: wrong type 1 (2) for table id 1 Backtrace follows: (kgdb) bt #0 doadump (textdump=3D1) at pcpu.h:222 #1 0xffffffff80590ac5 in kern_reboot (howto=3D) at /data2/src/sys/kern/kern_shutdown.c:366 #2 0xffffffff805910a0 in vpanic (fmt=3D, ap=3D) at /data2/src/sys/kern/kern_shutdown.c:759 #3 0xffffffff80590ed6 in kassert_panic (fmt=3D) at /data2/src/sys/kern/kern_shutdown.c:649 #4 0xffffffff8072c784 in unref_rule_objects (ch=3D0xffffffff80ec6610, rule=3D) at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:2613 #5 0xffffffff80732503 in delete_range (chain=3D, rt=3D0xfffffe0238c907c8, ndel=3D) at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:803 #6 0xffffffff80730c50 in del_rules (chain=3D0xffffffff80ec6610, op3=3D, sd=3D0xfffffe0238c90740) at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:1265 #7 0xffffffff8072e2cd in ipfw_ctl3 (sopt=3D0xfffffe0238c909b0) at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:3674 #8 0xffffffff806ddd62 in rip_ctloutput (so=3D0xfffff8017c82a360, sopt=3D0xfffffe0238c909b0) at /data2/src/sys/netinet/raw_ip.c:596 #9 0xffffffff806222a9 in sogetopt (so=3D0xfffff8017c82a360, sopt=3D0xfffffe0238c909b0) at /data2/src/sys/kern/uipc_socket.c:2743 #10 0xffffffff8062678e in kern_getsockopt (td=3D0xfffff801b10fd000, ---Type to continue, or q to quit--- s=3D, level=3D, name=3D, val=3D, valseg=3D, valsize=3D0xfffffe0238c90a1c) at /data2/src/sys/kern/uipc_syscalls.c:1489 #11 0xffffffff80626690 in sys_getsockopt (td=3D0xfffff801b10fd000, uap=3D0xfffffe0238c90b30) at /data2/src/sys/kern/uipc_syscalls.c:1435 #12 0xffffffff8083316c in amd64_syscall (td=3D0xfffff801b10fd000, traced=3D= 0) at subr_syscall.c:135 #13 0xffffffff8081486b in Xfast_syscall () at /data2/src/sys/amd64/amd64/exception.S:396 #14 0x0000000800b3a9da in ?? () Current language: auto; currently minimal (kgdb) frame 4 #4 0xffffffff8072c784 in unref_rule_objects (ch=3D0xffffffff80ec6610,=20 rule=3D) at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:2613 2613 KASSERT(no->subtype =3D=3D subtype, (kgdb) l 2608 if (rw =3D=3D NULL) 2609 continue; 2610 no =3D rw->find_bykidx(ch, kidx); 2611=20=20=20=20 2612 KASSERT(no !=3D NULL, ("table id %d not found", kid= x)); 2613 KASSERT(no->subtype =3D=3D subtype, 2614 ("wrong type %d (%d) for table id %d", 2615 no->subtype, subtype, kidx)); 2616 KASSERT(no->refcnt > 0, ("refcount for table %d is = %d", 2617 kidx, no->refcnt)); (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=