[Bug 263078] kernel core generated from ipfw_chk() function
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 08 Apr 2022 13:39:54 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263078
--- Comment #2 from aadhya <aadhya@cisco.com> ---
Thanks for the info. We will implement the fix and try.
Based on further investigation using objdump and disassemble ipfw_chk(), it
looks like crash happened at this particular instruction :
0xffffffff807a431f <ipfw_chk+9839>: movzwl 0x2(%rcx),%r12d
Below is the instruction set in details :
=====================================
* Skip disabled rules, and re-enter
* the inner loop with the correct
* f_pos, f, l and cmd.
* Also clear cmdlen and skip_or
*/
for (; f_pos < chain->n_rules - 1 &&
0xffffffff807a42ff <ipfw_chk+9807>: add $0x8,%rsi
0xffffffff807a4303 <ipfw_chk+9811>: cmp %ecx,%eax
0xffffffff807a4305 <ipfw_chk+9813>: jl 0xffffffff807a42f0
<ipfw_chk+9792>
0xffffffff807a4307 <ipfw_chk+9815>: jmp 0xffffffff807a4311
(V_set_disable &
(1 << chain->map[f_pos]->set));
f_pos++)
;
/* Re-enter the inner loop at the skipto rule. */
f = chain->map[f_pos];
0xffffffff807a4309 <ipfw_chk+9817>: mov 0xffffffff81011110,%rbx
0xffffffff807a4311 <ipfw_chk+9825>: mov %rax,-0xe8(%rbp)
0xffffffff807a4318 <ipfw_chk+9832>: movslq %eax,%rcx
0xffffffff807a431b <ipfw_chk+9835>: mov (%rbx,%rcx,8),%rcx
0xffffffff807a431f <ipfw_chk+9839>: movzwl 0x2(%rcx),%r12d
0xffffffff807a4324 <ipfw_chk+9844>: xor %eax,%eax
0xffffffff807a4326 <ipfw_chk+9846>: mov %rcx,-0x90(%rbp)
0xffffffff807a432d <ipfw_chk+9853>: lea 0x20(%rcx),%r14
0xffffffff807a4331 <ipfw_chk+9857>: xor %r15d,%r15d
0xffffffff807a4334 <ipfw_chk+9860>: mov %r8d,-0x44(%rbp)
0xffffffff807a4338 <ipfw_chk+9864>: jmpq 0xffffffff807a50b0
<ipfw_chk+13312>
0xffffffff807a433d <ipfw_chk+9869>: cmpl $0x0,-0x80(%rbp)
=============================================
Thanks !!!
--
You are receiving this mail because:
You are the assignee for the bug.