On r<> ipfw table outIf create type iface ipfw table outIf add iface1 ipfw table outIf add iface2 ipfw table outIf destory causes panic on destroy with message: Panic: Lock IPFW UH lock not exclusively locked @ /usr/src/sys/modules/ipfw/../netpfil/ipfw/ip_fw_iface.c:392
Oh, sorry, it is r278021.
Stacktrace is #12 0xffffffff814505e6 in ipfw_iface_del_notify (ch=<value optimized out>, ic=0xfffff80002b1e5b8) at /data/src/sys/modules/ipfw/../../netpfil/ipfw/ip_fw_iface.c:392 #13 0xffffffff8144f865 in destroy_ifidx_locked (ii=<value optimized out>, no=0xfffff80002b1e580, arg=0xffffffff80741504) at /data/src/sys/modules/ipfw/../../netpfil/ipfw/ip_fw_table_algo.c:2136 #14 0xffffffff81443ccc in ipfw_objhash_foreach (ni=0xfffff80005fcf800, f=0xffffffff8144f850 <destroy_ifidx_locked>, arg=0xffffffff81454d00) at /data/src/sys/modules/ipfw/../../netpfil/ipfw/ip_fw_sockopt.c:3400 #15 0xffffffff8144d765 in ta_destroy_ifidx (ta_state=0xfffff80005563b00, ti=<value optimized out>) at /data/src/sys/modules/ipfw/../../netpfil/ipfw/ip_fw_table_algo.c:2156 #16 0xffffffff81449f5c in flush_table_v0 (ch=<value optimized out>, op3=<value optimized out>, sd=<value optimized out>) at /data/src/sys/modules/ipfw/../../netpfil/ipfw/ip_fw_table.c:3050 #17 0xffffffff81442122 in ipfw_ctl3 (sopt=0xfffffe01236c3a78) at /data/src/sys/modules/ipfw/../../netpfil/ipfw/ip_fw_sockopt.c:2700 #18 0xffffffff804bdf54 in kern_setsockopt (td=0xfffff80005fb2000, s=<value optimized out>, level=<value optimized out>, name=<value optimized out>, val=<value optimized out>, valseg=<value optimized out>, valsize=<value optimized out>) at /data/src/sys/kern/uipc_syscalls.c:1453 #19 0xffffffff804bde84 in sys_setsockopt (td=0xffffffff80741504, uap=<value optimized out>) at /data/src/sys/kern/uipc_syscalls.c:1407 #20 0xffffffff806a51b6 in amd64_syscall (td=0xfffff80005fb2000, traced=0) at subr_syscall.c:133 #21 0xffffffff80684dcb in Xfast_syscall () at /data/src/sys/amd64/amd64/exception.S:395 #22 0x0000000800b2dcba in ?? ()
A commit references this bug: Author: melifaro Date: Thu Feb 5 13:49:06 UTC 2015 New revision: 278259 URL: https://svnweb.freebsd.org/changeset/base/278259 Log: * Make sure table algorithm destroy hook is always called without locks * Explicitly lock freeing interface references in ta_destroy_ifidx * Change ipfw_iface_unref() to require UH lock * Add forgotten ipfw_iface_unref() to destroy_ifidx_locked() PR: kern/197276 Submitted by: lev Sponsored by: Yandex LLC Changes: head/sys/netpfil/ipfw/ip_fw_iface.c head/sys/netpfil/ipfw/ip_fw_private.h head/sys/netpfil/ipfw/ip_fw_table.c head/sys/netpfil/ipfw/ip_fw_table_algo.c
To originators/assignees of this PR: A commit to the tree references this PR, however the PR is still in a non-closed state. Please review this PR and close as appropriate, or if closing the PR requires a merge to stable/10, please let re@ know as soon as possible. Thank you. Glen