Summary: | ipfw(8): Referencing a table in the ruleset causes ipfw list/show to crash with SIGSEGV. | ||
---|---|---|---|
Product: | Base System | Reporter: | Jan Bramkamp <crest> |
Component: | kern | Assignee: | freebsd-ipfw (Nobody) <ipfw> |
Status: | Closed FIXED | ||
Severity: | Affects Many People | CC: | ae, avernar, crest |
Priority: | --- | ||
Version: | 11.0-RC1 | ||
Hardware: | Any | ||
OS: | Any | ||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212576 |
Description
Jan Bramkamp
2016-09-13 11:24:44 UTC
Do you have VIMAGE in your kernel? Yes but there are no vnet enabled jails running. I bet you started a vnet jail at least once since booting up. That's what triggers it. If you reboot and try your commands before any vnet jails start up it should work. Start a jail and it will be back to crashing. I did hit the bug in a VNET enabled jail first and suspected it to be VNET related. I was surprised to reproduce it on the host. So I stopped the VNET jail and reduced the test case as far as possible. I didn't reboot the system as I didn't expect an in-kernel data corruption. Are there regression tests for this sort of thing in FreeBSD? I'm an end user as well and hit the bug the exact same way. First in a vnet jail and then found it in the host as well. But I started digging through the ipfw code and then the kernel code to find out why so I could fix it and keep going with my firewall setup. Did ipfw tables work with vnet enabled before? If not it's not a regression. I don't know if it worked before with vnet as I just started using vnet a few weeks ago. I applied the patch from #212649 to 11.0-RC2 and it fixed the problem. Is there any chance for the patch to be included in 11.0-RELEASE? Fixed in head/ and stable/11. Thanks! (In reply to Jan Bramkamp from comment #6) > I applied the patch from #212649 to 11.0-RC2 and it fixed the problem. Is > there any chance for the patch to be included in 11.0-RELEASE? No, it wont be in 11.0-RELEASE. Probably in some errata after release. Is the errata stuck in the release engineering pipeline? |