[issue1481] panic: assertion: kva_p(buf) in soopt_from_kbuf (after ipfw pipe show, 2.2.1-R)

Sepherosa Ziehau sepherosa at gmail.com
Tue Sep 1 22:06:42 PDT 2009

On Tue, Sep 1, 2009 at 11:10 PM, Mykhaylo (via DragonFly issue
tracker)<sinknull at leaf.dragonflybsd.org> wrote:
> New submission from Mykhaylo <mclone at gmail.com>:
> Host panics when root does "ipfw pipe show".
> Doesn't matter if dummynet.ko is loaded via kldload
> or it is loaded with loader.
> Recompilation of dummynet.ko doesn't solve this.
> Dumps availible on http://Sahara.org.ua/~planner/{vmcore,kernel}.{0,1}
> (first dump with release binary, second - with module compiled from git branch
> v2.2.1)
> kgdb output follows:
> Unread portion of the kernel message buffer:
> panic: assertion: kva_p(buf) in soopt_from_kbuf
> Trace beginning at frame 0xc8cccb98
> panic(c8cccbbc,0,cb6cfca0,c06845b4,c8cccbc8) at panic+0x8c
> panic(c0570d57,c058c319,c054fa2c,0,c8cccd30) at panic+0x8c
> soopt_from_kbuf(cb6cfca0,fffffff8,0,c1525440,cacaf000) at soopt_from_kbuf+0x7a

Looks like zero sized kmalloced memory could not pass kva_p test.
Try following patch:

Best Regards,

> ip_dn_sockopt(cb6cfca0) at ip_dn_sockopt+0xe4
> rip_ctloutput(c1622b00,cb6cfca0,1,c8cccd68,c037a3fd) at rip_ctloutput+0xaa
> netmsg_pru_ctloutput(cb6cfbfc) at netmsg_pru_ctloutput+0x10
> netmsg_service(cb6cfbfc,0,1,c06845b4,ff800000) at netmsg_service+0x53
> netmsg_service_loop(c0688014,0,0,0,0) at netmsg_service_loop+0x18
> lwkt_exit() at lwkt_exit

Live Free or Die

More information about the Bugs mailing list