[Bug 224485] [ipfw][dummynet] "REDZONE: Buffer overflow detected." after "ipfw pipe show"
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Dec 20 14:42:48 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224485
Bug ID: 224485
Summary: [ipfw][dummynet] "REDZONE: Buffer overflow detected."
after "ipfw pipe show"
Product: Base System
Version: 11.1-STABLE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: david at catwhisker.org
Created attachment 188994
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=188994&action=edit
This machine's kernel configuration file ("CANARY")
Issuing "ipfw pipe show" yields the following (in /var/log/messages):
Dec 20 14:15:30 g1-252 kernel: REDZONE: Buffer overflow detected. 16 bytes
corrupted after 0xfffff801d9cc9f48 (328 bytes allocated).
Dec 20 14:15:30 g1-252 kernel: Allocation backtrace:
Dec 20 14:15:30 g1-252 kernel: #0 0xffffffff80d49299 at redzone_setup+0xe9
Dec 20 14:15:30 g1-252 kernel: #1 0xffffffff80a1175d at malloc+0x22d
Dec 20 14:15:30 g1-252 kernel: #2 0xffffffff80c95e07 at dummynet_get+0x337
Dec 20 14:15:30 g1-252 kernel: #3 0xffffffff80ba4102 at rip_ctloutput+0x102
Dec 20 14:15:30 g1-252 kernel: #4 0xffffffff80ac2d9d at sogetopt+0xcd
Dec 20 14:15:30 g1-252 kernel: #5 0xffffffff80ac756b at kern_getsockopt+0xdb
Dec 20 14:15:30 g1-252 kernel: #6 0xffffffff80ac7462 at sys_getsockopt+0x52
Dec 20 14:15:30 g1-252 kernel: #7 0xffffffff80e3a66a at amd64_syscall+0xa6a
Dec 20 14:15:30 g1-252 kernel: #8 0xffffffff80e1cedb at Xfast_syscall+0xfb
Dec 20 14:15:30 g1-252 kernel: Free backtrace:
Dec 20 14:15:30 g1-252 kernel: #0 0xffffffff80d49604 at redzone_check+0x304
Dec 20 14:15:30 g1-252 kernel: #1 0xffffffff80a117b6 at free+0x46
Dec 20 14:15:30 g1-252 kernel: #2 0xffffffff80c9623d at dummynet_get+0x76d
Dec 20 14:15:30 g1-252 kernel: #3 0xffffffff80ba4102 at rip_ctloutput+0x102
Dec 20 14:15:30 g1-252 kernel: #4 0xffffffff80ac2d9d at sogetopt+0xcd
Dec 20 14:15:30 g1-252 kernel: #5 0xffffffff80ac756b at kern_getsockopt+0xdb
Dec 20 14:15:30 g1-252 kernel: #6 0xffffffff80ac7462 at sys_getsockopt+0x52
Dec 20 14:15:30 g1-252 kernel: #7 0xffffffff80e3a66a at amd64_syscall+0xa6a
Dec 20 14:15:30 g1-252 kernel: #8 0xffffffff80e1cedb at Xfast_syscall+0xfb
Similarly, "ipfw sched show" yields:
Dec 20 14:15:43 g1-252 kernel: REDZONE: Buffer overflow detected. 16 bytes
corrupted after 0xfffff80196cf9348 (328 bytes allocated).
Dec 20 14:15:43 g1-252 kernel: Allocation backtrace:
Dec 20 14:15:43 g1-252 kernel: #0 0xffffffff80d49299 at redzone_setup+0xe9
Dec 20 14:15:43 g1-252 kernel: #1 0xffffffff80a1175d at malloc+0x22d
Dec 20 14:15:43 g1-252 kernel: #2 0xffffffff80c95e07 at dummynet_get+0x337
Dec 20 14:15:43 g1-252 kernel: #3 0xffffffff80ba4102 at rip_ctloutput+0x102
Dec 20 14:15:43 g1-252 kernel: #4 0xffffffff80ac2d9d at sogetopt+0xcd
Dec 20 14:15:43 g1-252 kernel: #5 0xffffffff80ac756b at kern_getsockopt+0xdb
Dec 20 14:15:43 g1-252 kernel: #6 0xffffffff80ac7462 at sys_getsockopt+0x52
Dec 20 14:15:43 g1-252 kernel: #7 0xffffffff80e3a66a at amd64_syscall+0xa6a
Dec 20 14:15:43 g1-252 kernel: #8 0xffffffff80e1cedb at Xfast_syscall+0xfb
Dec 20 14:15:43 g1-252 kernel: Free backtrace:
Dec 20 14:15:43 g1-252 kernel: #0 0xffffffff80d49604 at redzone_check+0x304
Dec 20 14:15:43 g1-252 kernel: #1 0xffffffff80a117b6 at free+0x46
Dec 20 14:15:43 g1-252 kernel: #2 0xffffffff80c9623d at dummynet_get+0x76d
Dec 20 14:15:43 g1-252 kernel: #3 0xffffffff80ba4102 at rip_ctloutput+0x102
Dec 20 14:15:43 g1-252 kernel: #4 0xffffffff80ac2d9d at sogetopt+0xcd
Dec 20 14:15:43 g1-252 kernel: #5 0xffffffff80ac756b at kern_getsockopt+0xdb
Dec 20 14:15:43 g1-252 kernel: #6 0xffffffff80ac7462 at sys_getsockopt+0x52
Dec 20 14:15:43 g1-252 kernel: #7 0xffffffff80e3a66a at amd64_syscall+0xa6a
Dec 20 14:15:43 g1-252 kernel: #8 0xffffffff80e1cedb at Xfast_syscall+0xfb
I note that "ipfw queue show" does NOT yield a whine. :-)
This is running stable/11 on amd64:
FreeBSD g1-252.catwhisker.org 11.1-STABLE FreeBSD 11.1-STABLE #485
r327021M/327021:1101506: Wed Dec 20 04:34:23 PST 2017
root at g1-252.catwhisker.org:/common/S1/obj/usr/src/sys/CANARY amd64
(Though a quick reality-check running head @r327017 on the same system
(different slice; same hardware & same ipfw ruleset) yielded a similar whine
for "ipfw pipe show".)
Kernel modules loaded:
g1-252(11.1-S)[3] kldstat
Id Refs Address Size Name
1 40 0xffffffff80200000 1e4cef8 kernel
2 1 0xffffffff8204e000 21e30 geom_eli.ko
3 3 0xffffffff82070000 ad1c8 linux.ko
4 4 0xffffffff8211e000 e208 linux_common.ko
5 1 0xffffffff8212d000 4d80 coretemp.ko
6 1 0xffffffff82132000 546d8 iwn5000fw.ko
7 1 0xffffffff82187000 e14658 nvidia.ko
8 1 0xffffffff82f9c000 e0a8 cuse.ko
9 1 0xffffffff82fab000 a268 filemon.ko
10 1 0xffffffff83211000 bbbf tmpfs.ko
11 1 0xffffffff8321d000 5bc8 fdescfs.ko
12 1 0xffffffff83223000 a8f2 linprocfs.ko
13 1 0xffffffff8322e000 3d133 linux64.ko
14 1 0xffffffff8326c000 78e rtc.ko
g1-252(11.1-S)[4]
The kernel is based on GENERIC; has some devices I don't need on a laptop
snipped out, and IPFIREWALL_DEFAULT_TO_ACCEPT is explicitly not enabled.
Current ipfw stuff:
g1-252(11.1-S)[4] sudo ipfw show
00100 203030 21519482 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 84647 98610106 reass ip from any to any in
00500 0 0 allow ip from any to any via tun0
00600 0 0 allow ip from 172.17.1.252 to 172.17.1.252
00700 0 0 deny log ip from any to any ipoptions ssrr,lsrr,rr,ts
00800 0 0 deny log ip from table(1) to 172.17.1.252
00900 0 0 deny log ip from 172.17.1.252 to table(1)
01000 0 0 deny log ip from table(2) to 172.17.1.252 dst-port 22
01100 0 0 deny log ip from table(3) to 172.17.1.252 dst-port
80,443
01200 0 0 deny udp from any 135-139 to any
01300 0 0 deny udp from any to any dst-port 135-139
01400 0 0 deny tcp from any 135-139 to any
01500 0 0 deny tcp from any to any dst-port 135-139
01600 0 0 deny udp from any 445 to any
01700 0 0 deny udp from any to any dst-port 445
01800 0 0 deny tcp from any 445 to any
01900 0 0 deny tcp from any to any dst-port 445
02000 0 0 deny udp from any to any dst-port 631
02100 0 0 deny udp from any to any dst-port 1985
02200 0 0 deny udp from any to any dst-port 2222
02300 0 0 deny udp from any to any dst-port 5353
02400 0 0 deny ip from 224.0.0.0/4 to any
02500 0 0 deny ip from any to 224.0.0.0/4
02600 12 1008 skipto 60000 icmp from any to any icmptypes
0,3,4,8,11,12
02700 0 0 skipto 60000 udp from 172.17.1.252 68 to 172.17.0.1
dst-port 67 keep-state :default
02800 0 0 skipto 60000 udp from 172.17.0.1 67 to 172.17.1.252
dst-port 68 keep-state :default
02900 0 0 skipto 60000 udp from 172.17.1.252 68 to 172.17.0.1
dst-port 67 keep-state :default
03000 0 0 skipto 60000 udp from 172.17.0.1 67 to 172.17.1.252
dst-port 68 keep-state :default
03100 0 0 skipto 60000 udp from 172.17.1.252 to 172.17.255.255
dst-port 192 keep-state :default
03200 0 0 skipto 60000 udp from any 192 to 172.17.1.252
03300 0 0 skipto 60000 udp from 172.17.0.0/16 162 to
172.17.255.255 dst-port 162 keep-state :default
03400 0 0 deny ip from any to 172.17.255.255
03500 0 0 deny ip from 172.17.255.255 to any
03600 141401 103424861 skipto 60000 tcp from any to any established
03700 597 35820 skipto 60000 tcp from 172.17.1.252 to any setup
03800 0 0 skipto 60000 log tcp from any to any dst-port 22 setup
03900 0 0 skipto 60000 log tcp from any to any dst-port 3690 setup
04000 0 0 skipto 60000 tcp from any to 172.17.1.252 dst-port 80
setup
04100 0 0 skipto 60000 tcp from any to 172.17.1.252 dst-port 443
setup
04200 0 0 deny log tcp from any to any setup
04300 1331 246776 skipto 60000 udp from 172.17.1.252 to any dst-port 53
keep-state :default
04400 0 0 deny log udp from any to any dst-port 123 iplen 0-75
04500 184 13984 skipto 60000 udp from 172.17.1.252 to any dst-port 123
keep-state :default
04600 0 0 skipto 60000 udp from any 123 to 255.255.255.255
dst-port 123 keep-state :default
04700 0 0 skipto 60000 udp from 172.17.1.252 to any keep-state
:default
04800 0 0 deny log ip from any to any
60000 84617 98587266 allow ip from any to any in
60100 58908 5135183 queue 1 ip from any to any out
65535 1 340 deny ip from any to any
g1-252(11.1-S)[5] sudo ipfw pipe show
00001: unlimited 0 ms burst 0
q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail
sched 65537 type FIFO flags 0x0 0 buckets 0 active
g1-252(11.1-S)[6] sudo ipfw sched show
00001: unlimited 0 ms burst 0
q65537 50 sl. 0 flows (1 buckets) sched 1 weight 0 lmax 0 pri 0 droptail
sched 1 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 ECN
Children flowsets: 1
g1-252(11.1-S)[7] sudo ipfw queue show
q00001 50 sl. 0 flows (1 buckets) sched 1 weight 0 lmax 0 pri 0 droptail
g1-252(11.1-S)[8]
This (REDZONE whine) is readily reproducible for me.
I will attach a copy of the kernel configuration file ("CANARY").
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list