Re: CURRENT: kernel panic in IPFW while stopping jails

In reply to: Gleb Smirnoff : "Re: CURRENT: kernel panic in IPFW while stopping jails"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alastair Hogge <agh_at_riseup.net>
Date: Fri, 23 Jan 2026 23:47:18 UTC

On 2026-01-17 12:12, Gleb Smirnoff wrote:
> Hi,

Hello Gleb,

> I have pushed all necessary changes to main, that properly address the panic
> with auto-numbered rules with the "log" keyword, that was introduced in the
> late December.  Very sorry that it took so long!

Sync'd, updated, and restored ipfw config. No problems here. Thanks for
your efforts.

> On Fri, Jan 02, 2026 at 12:57:52PM -0600, Dan Mahoney (ports) wrote:
> D> Glebius
> D> 
> D> Confirmed, this now fixes the issue (which apparently involves auto-numbered rules and the "log" keyword).
> D> 
> D> At some point, I'll make sure I have the process down to capture a core dump more easily for you.  Welcome to the fun of tracking MAIN :)
> D> 
> D> Thanks for all your quick work.  Please do let me know then this change makes it into git.
> D> 
> D> -Dan
> D> 
> D> > On Jan 1, 2026, at 7:57 PM, Dan Mahoney (ports) <freebsd@gushi.org> wrote:
> D> > 
> D> > Building now.  Sorry for delay, I've been doing a long cross-country drive.
> D> > 
> D> > -Dan
> D> > 
> D> >> On Dec 31, 2025, at 12:00 PM, Gleb Smirnoff <glebius@freebsd.org> wrote:
> D> >> 
> D> >> On Wed, Dec 31, 2025 at 03:06:38AM +0000, Alastair Hogge wrote:
> D> >> A> > I have found the problem, thanks to Alastair for a core file.
> D> >> A> > 
> D> >> A> > The problem affects rules with automatic rule numbers and logging.
> D> >> A> > 
> D> >> A> > The attached patch should fix the problem, but it is not a final version.
> D> >> A> 
> D> >> A> Is there a special patch incantation I should be aware of? I have tried
> D> >> A> the patch against both 8e951583936980909d34a6104ace781541fb62b1[1], and
> D> >> A> 4fecc8e3fe9408621429777b1028c9afb83c3925[2], and observed the following:
> D> >> ...
> D> >> A> 3 out of 3 hunks failed while patching sys/netpfil/ipfw/ip_fw_sockopt.c
> D> >> 
> D> >> The only explanation I have is that your email agent has mangled the patch.
> D> >> 
> D> >> A> > Dan & Alastair, if any of you can confirm that the patch heals your setup - I
> D> >> A> > will appreciate.
> D> >> A> 
> D> >> A> I manually patched in your work, and was able to boot a sync'd
> D> >> A> -CURRENT[2], with logging counters re-enabled, there has been no panics
> D> >> A> for ~20 minutes now.
> D> >> 
> D> >> Great! The patch as is isn't final. I will find out something better after
> D> >> the holidays.
> D> >> 
> D> >> -- 
> D> >> Gleb Smirnoff
> D> > 
> D> > 
> D>