How to reproduce: ipfw table foo create ipfw add count all from any to "table(foo)" ipfw list Expected result: A count rule is added to the IPFW rules and `ipfw list` should print all rules to stdout. Actual result: A count rule is added to the IPFW rules and `ipfw list` prints all rules up the first one using a table. The ipfw tool crashes in print_ip() dereferencing a NULL pointer on the first rule containing a table as destination.
Do you have VIMAGE in your kernel?
Yes but there are no vnet enabled jails running.
I bet you started a vnet jail at least once since booting up. That's what triggers it. If you reboot and try your commands before any vnet jails start up it should work. Start a jail and it will be back to crashing.
I did hit the bug in a VNET enabled jail first and suspected it to be VNET related. I was surprised to reproduce it on the host. So I stopped the VNET jail and reduced the test case as far as possible. I didn't reboot the system as I didn't expect an in-kernel data corruption. Are there regression tests for this sort of thing in FreeBSD?
I'm an end user as well and hit the bug the exact same way. First in a vnet jail and then found it in the host as well. But I started digging through the ipfw code and then the kernel code to find out why so I could fix it and keep going with my firewall setup. Did ipfw tables work with vnet enabled before? If not it's not a regression. I don't know if it worked before with vnet as I just started using vnet a few weeks ago.
I applied the patch from #212649 to 11.0-RC2 and it fixed the problem. Is there any chance for the patch to be included in 11.0-RELEASE?
Fixed in head/ and stable/11. Thanks!
(In reply to Jan Bramkamp from comment #6) > I applied the patch from #212649 to 11.0-RC2 and it fixed the problem. Is > there any chance for the patch to be included in 11.0-RELEASE? No, it wont be in 11.0-RELEASE. Probably in some errata after release.
Is the errata stuck in the release engineering pipeline?