[Bug 132774] [ipfw] IPFW with uid/gid/jail rules may lead to lockup
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 17 Nov 2023 15:20:52 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=132774 --- Comment #6 from vincent.jancso@outlook.com --- Update: I got the host to panic with a kernel debug build. Same stack trace on multiple hosts. panic: rw_rlock: wlock already held for tcpinp @ /usr/src/sys/netinet/in_pcb.c:2529 cpuid = 6 time = 1700228046 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe020367a020 vpanic() at vpanic+0x151/frame 0xfffffe020367a070 panic() at panic+0x43/frame 0xfffffe020367a0d0 __rw_rlock_int() at __rw_rlock_int+0x10e/frame 0xfffffe020367a100 in_pcblookup_hash() at in_pcblookup_hash+0x4f/frame 0xfffffe020367a130 in_pcblookup_mbuf() at in_pcblookup_mbuf+0x24/frame 0xfffffe020367a150 check_uidgid() at check_uidgid+0x1e7/frame 0xfffffe020367a1a0 ipfw_chk() at ipfw_chk+0x12c3/frame 0xfffffe020367a3f0 ipfw_check_packet() at ipfw_check_packet+0xec/frame 0xfffffe020367a4d0 pfil_run_hooks() at pfil_run_hooks+0xb7/frame 0xfffffe020367a510 ip_output() at ip_output+0xb56/frame 0xfffffe020367a640 tcp_respond() at tcp_respond+0xb32/frame 0xfffffe020367a720 tcp_twcheck() at tcp_twcheck+0x2e6/frame 0xfffffe020367a780 tcp_input_with_port() at tcp_input_with_port+0x7b0/frame 0xfffffe020367a8b0 tcp_input() at tcp_input+0xb/frame 0xfffffe020367a8c0 ip_input() at ip_input+0x18b/frame 0xfffffe020367a950 netisr_dispatch_src() at netisr_dispatch_src+0xb1/frame 0xfffffe020367a9b0 ether_demux() at ether_demux+0x17c/frame 0xfffffe020367a9e0 ether_nh_input() at ether_nh_input+0x40b/frame 0xfffffe020367aa40 netisr_dispatch_src() at netisr_dispatch_src+0xb1/frame 0xfffffe020367aaa0 ether_input() at ether_input+0x99/frame 0xfffffe020367ab00 ether_demux() at ether_demux+0xcd/frame 0xfffffe020367ab30 ether_nh_input() at ether_nh_input+0x40b/frame 0xfffffe020367ab90 netisr_dispatch_src() at netisr_dispatch_src+0xb1/frame 0xfffffe020367abf0 ether_input() at ether_input+0x99/frame 0xfffffe020367ac50 tcp_lro_flush() at tcp_lro_flush+0x304/frame 0xfffffe020367ac80 tcp_lro_rx_done() at tcp_lro_rx_done+0x3a/frame 0xfffffe020367aca0 tcp_lro_flush_all() at tcp_lro_flush_all+0x175/frame 0xfffffe020367acf0 iflib_rxeof() at iflib_rxeof+0xe2c/frame 0xfffffe020367ae00 _task_fn_rx() at _task_fn_rx+0x7a/frame 0xfffffe020367ae40 gtaskqueue_run_locked() at gtaskqueue_run_locked+0xa7/frame 0xfffffe020367aec0 gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0xc2/frame 0xfffffe020367aef0 fork_exit() at fork_exit+0x80/frame 0xfffffe020367af30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe020367af30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic -- You are receiving this mail because: You are the assignee for the bug.