[Bug 217391] [ipfw] [panic] erroneous ipfw rule triggers KASSERT
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Feb 27 13:07:17 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217391
Bug ID: 217391
Summary: [ipfw] [panic] erroneous ipfw rule triggers KASSERT
Product: Base System
Version: 11.0-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: ports at grosbein.net
Next three commands trigger KASSERT/panic for INVARIANTS-enabled kernel:
ipfw table 1 create type addr
ipfw add 1 count ip from any to any in recv 'table(10)' # pilot error
ipfw flush # (or "service ipfw start" as it includes flush)
Kernel built without INVARIANTS works fine.
Panic message: panic: wrong type 1 (2) for table id 1
Backtrace follows:
(kgdb) bt
#0 doadump (textdump=1) at pcpu.h:222
#1 0xffffffff80590ac5 in kern_reboot (howto=<value optimized out>)
at /data2/src/sys/kern/kern_shutdown.c:366
#2 0xffffffff805910a0 in vpanic (fmt=<value optimized out>,
ap=<value optimized out>) at /data2/src/sys/kern/kern_shutdown.c:759
#3 0xffffffff80590ed6 in kassert_panic (fmt=<value optimized out>)
at /data2/src/sys/kern/kern_shutdown.c:649
#4 0xffffffff8072c784 in unref_rule_objects (ch=0xffffffff80ec6610,
rule=<value optimized out>)
at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:2613
#5 0xffffffff80732503 in delete_range (chain=<value optimized out>,
rt=0xfffffe0238c907c8, ndel=<value optimized out>)
at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:803
#6 0xffffffff80730c50 in del_rules (chain=0xffffffff80ec6610,
op3=<value optimized out>, sd=0xfffffe0238c90740)
at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:1265
#7 0xffffffff8072e2cd in ipfw_ctl3 (sopt=0xfffffe0238c909b0)
at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:3674
#8 0xffffffff806ddd62 in rip_ctloutput (so=0xfffff8017c82a360,
sopt=0xfffffe0238c909b0) at /data2/src/sys/netinet/raw_ip.c:596
#9 0xffffffff806222a9 in sogetopt (so=0xfffff8017c82a360,
sopt=0xfffffe0238c909b0) at /data2/src/sys/kern/uipc_socket.c:2743
#10 0xffffffff8062678e in kern_getsockopt (td=0xfffff801b10fd000,
---Type <return> to continue, or q <return> to quit---
s=<value optimized out>, level=<value optimized out>,
name=<value optimized out>, val=<value optimized out>,
valseg=<value optimized out>, valsize=0xfffffe0238c90a1c)
at /data2/src/sys/kern/uipc_syscalls.c:1489
#11 0xffffffff80626690 in sys_getsockopt (td=0xfffff801b10fd000,
uap=0xfffffe0238c90b30) at /data2/src/sys/kern/uipc_syscalls.c:1435
#12 0xffffffff8083316c in amd64_syscall (td=0xfffff801b10fd000, traced=0)
at subr_syscall.c:135
#13 0xffffffff8081486b in Xfast_syscall ()
at /data2/src/sys/amd64/amd64/exception.S:396
#14 0x0000000800b3a9da in ?? ()
Current language: auto; currently minimal
(kgdb) frame 4
#4 0xffffffff8072c784 in unref_rule_objects (ch=0xffffffff80ec6610,
rule=<value optimized out>)
at /data2/src/sys/netpfil/ipfw/ip_fw_sockopt.c:2613
2613 KASSERT(no->subtype == subtype,
(kgdb) l
2608 if (rw == NULL)
2609 continue;
2610 no = rw->find_bykidx(ch, kidx);
2611
2612 KASSERT(no != NULL, ("table id %d not found", kidx));
2613 KASSERT(no->subtype == subtype,
2614 ("wrong type %d (%d) for table id %d",
2615 no->subtype, subtype, kidx));
2616 KASSERT(no->refcnt > 0, ("refcount for table %d is %d",
2617 kidx, no->refcnt));
(kgdb)
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list