Re: Panic during boot on assertion in ipfw strtup

In reply to: Ronald Klop : "Re: Panic during boot on assertion in ipfw strtup"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kevin Oberman <rkoberman_at_gmail.com>
Date: Sun, 21 Dec 2025 04:09:02 UTC
On Sat, Dec 20, 2025 at 1:08 AM Ronald Klop <ronald-lists@klop.ws> wrote:

> There were changes to bpf. Maybe try those.
>
> Regards,
> Ronald
>
> *Van:* Kevin Oberman <rkoberman@gmail.com>
> *Datum:* 20 december 2025 06:24
> *Aan:* FreeBSD Current <freebsd-current@freebsd.org>
> *Onderwerp:* Panic during boot on assertion in ipfw strtup
>
> As of current as of Dec 16  21:22:39 UTC 2025 m system panics when
> starting ipfw. was not happening on 2f29d0f3e6d2 on Saturday Dec 13. I
> tried to get a dump, but the system did an immediate reboot when I tried
> 'panic'. Here is the panic output:
> Dec 19 07:12:30 ptavv kernel: ipfw2 (+ipv6) initialized, divert loadable,
> nat loadable, default to deny, logging disabled
> Dec 19 07:12:30 ptavv kernel: panic: Assertion tap->rule == rule failed at
> /usr/src/sys/netpfil/ipfw/ip_fw_bpf.c:86
> Dec 19 07:12:30 ptavv kernel: cpuid = 11
> Dec 19 07:12:30 ptavv kernel: time = 1766124707
> Dec 19 07:12:30 ptavv kernel: KDB: stack backtrace:
> Dec 19 07:12:30 ptavv kernel: db_trace_self_wrapper() at
> db_trace_self_wrapper+0x2b/frame 0xfffffe00eb3d3900
> Dec 19 07:12:30 ptavv kernel: vpanic() at vpanic+0x136/frame
> 0xfffffe00eb3d3a30
> Dec 19 07:12:30 ptavv kernel: panic() at panic+0x43/frame
> 0xfffffe00eb3d3a90
> Dec 19 07:12:30 ptavv kernel: ipfw_tap_alloc() at
> ipfw_tap_alloc+0x2f7/frame 0xfffffe00eb3d3ac0
> Dec 19 07:12:30 ptavv kernel: add_rules() at add_rules+0x137/frame
> 0xfffffe00eb3d3b30
> Dec 19 07:12:30 ptavv kernel: ipfw_ctl3() at ipfw_ctl3+0x365/frame
> 0xfffffe00eb3d3ce0
> Dec 19 07:12:30 ptavv kernel: sogetopt() at sogetopt+0x15a/frame
> 0xfffffe00eb3d3d40
> Dec 19 07:12:30 ptavv kernel: kern_getsockopt() at
> kern_getsockopt+0xb5/frame 0xfffffe00eb3d3dd0
> Dec 19 07:12:30 ptavv kernel: sys_getsockopt() at
> sys_getsockopt+0x52/frame 0xfffffe00eb3d3e00
> Dec 19 07:12:30 ptavv kernel: amd64_syscall() at amd64_syscall+0x169/frame
> 0xfffffe00eb3d3f30
> Dec 19 07:12:30 ptavv kernel: fast_syscall_common() at
> fast_syscall_common+0xf8/frame 0xfffffe00eb3d3f30
> Dec 19 07:12:30 ptavv kernel: --- syscall (118, FreeBSD ELF64,
> getsockopt), rip = 0x1d91f7dd13da, rsp = 0x1d91f513d1a8$
> Dec 19 07:12:30 ptavv kernel: KDB: enter: panic
>
> I saw no commits to netpfilt that look like candidates during hte three
> day window, so I suspect that it is triggered by some other part of the
> ipfw start.
>
> I can do a bisect if nothing else seems useful. I'm afraid that I don't
> have a hash for the one that is the initial failure on Dec 16, so I'll  try
> to track down something close.
> --
> Kevin Oberman, Part time kid herder and retired Network Engineer
> E-mail: rkoberman@gmail.com
> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
>
> Thnks, Ronald, but I bisected the and tracked the culprit looks like
3daae1ac1d82ecdcd855101bab5206e914b1235. While I have not looked at the
details of the commit, it certainly looks likely to be the issue.

I have submitted  291854 now that I have found it.
-- 
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683