[Bug 268832] panics in check_uidgid() for outgoing packets

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 10 Jan 2023 11:34:15 UTC

Alexander V. Chernikov <melifaro@FreeBSD.org> changed:

           What    |Removed                     |Added
           Assignee|bugs@FreeBSD.org            |net@FreeBSD.org

--- Comment #2 from Alexander V. Chernikov <melifaro@FreeBSD.org> ---
The following set of conditions leads to this:

* tcp_respond() does not propagate inpcb pointer if the connection is reset
* On the output path, ipfw_chk is called
* ipfw may run check_uidgid() to verify jail/uid/gid ruleset opcodes
* check_uidgid() performs incpb lookup, requesting read lock
* As inpcb is already write-locked, the search results in the panic

You are receiving this mail because:
You are the assignee for the bug.