[Bug 274915] [pf][panic] immediately on loading ruleset, in pf_ioctl_addrule sha #4ffe410
Date: Sat, 04 Nov 2023 18:01:27 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274915
Bug ID: 274915
Summary: [pf][panic] immediately on loading ruleset, in
pf_ioctl_addrule sha #4ffe410
Product: Base System
Version: 15.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: dch@freebsd.org
Attachment #246120 text/plain
mime type:
Created attachment 246120
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=246120&action=edit
pf.conf that triggers it
## dump
```
[555]
[555] Fatal trap 12: page fault while in kernel mode
[555] cpuid = 0; apic id = 00
[555] fault virtual address = 0x0
[555] fault code = supervisor read data, page not present
[555] instruction pointer = 0x20:0xffffffff86f5d574
[555] stack pointer = 0x28:0xfffffe027f6a8c40
[555] frame pointer = 0x28:0xfffffe027f6a8c90
[555] code segment = base 0x0, limit 0xfffff, type 0x1b
[555] = DPL 0, pres 1, long 1, def32 0, gran 1
[555] processor eflags = interrupt enabled, resume, IOPL = 0
[555] current process = 0 (netlink_socket (PID)
[555] rdi: 0000000000000070 rsi: fffffe015526f1e0 rdx: 00000000000000c4
[555] rcx: 0000000000000004 r8: 0000000000000000 r9: 0000000000000000
[555] rax: 0000000000000000 rbx: 00000000000000c4 rbp: fffffe027f6a8c90
[555] r10: 0000000000000000 r11: 0000000000000000 r12: 0000000000000004
[555] r13: fffffe00d69e4078 r14: fffff8090e4b7800 r15: fffff8090e58f000
[555] trap number = 12
[555] panic: page fault
[555] cpuid = 0
[555] time = 1699118804
[555] KDB: stack backtrace:
[555] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
0xfffffe027f6a8920
[555] vpanic() at vpanic+0x132/frame 0xfffffe027f6a8a50
[555] panic() at panic+0x43/frame 0xfffffe027f6a8ab0
[555] trap_fatal() at trap_fatal+0x40c/frame 0xfffffe027f6a8b10
[555] trap_pfault() at trap_pfault+0x4f/frame 0xfffffe027f6a8b70
[555] calltrap() at calltrap+0x8/frame 0xfffffe027f6a8b70
[555] --- trap 0xc, rip = 0xffffffff86f5d574, rsp = 0xfffffe027f6a8c40, rbp =
0xfffffe027f6a8c90 ---
[555] pf_ioctl_addrule() at pf_ioctl_addrule+0x224/frame 0xfffffe027f6a8c90
[555] pf_handle_addrule() at pf_handle_addrule+0xa0/frame 0xfffffe027f6a8d00
[555] nl_taskqueue_handler() at nl_taskqueue_handler+0x79b/frame
0xfffffe027f6a8e40
[555] taskqueue_run_locked() at taskqueue_run_locked+0x182/frame
0xfffffe027f6a8ec0
[555] taskqueue_thread_loop() at taskqueue_thread_loop+0xc2/frame
0xfffffe027f6a8ef0
[555] fork_exit() at fork_exit+0x7f/frame 0xfffffe027f6a8f30
[555] fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe027f6a8f30
[555] --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
[555] KDB: enter: panic
```
## output of `pfctl -vef /etc/pf.conf`
```
...
pass out quick on igb0 proto udp from any port = dhcpv6-server to any port =
dhcpv6-server keep state
pass out quick on igb0 inet proto udp all keep state
pass out quick on igb0 inet6 proto udp all keep state
pass in on igb0 inet proto icmp all keep state
pass in on igb0 inet proto icmp all icmp-type echoreq keep state
pass in on igb0 inet proto icmp all icmp-type unreach keep state
pass in on tap0 inet proto icmp all icmp-type echoreq keep state
pass in on tap0 inet proto icmp all icmp-type unreach keep state
pass in on tap1 inet proto icmp all icmp-type echoreq keep state
pass in on tap1 inet proto icmp all icmp-type unreach keep state
pass in on vm-public inet proto icmp all icmp-type echoreq keep state
pass in on vm-public inet proto icmp all icmp-type unreach keep state
pass in quick on igb0 inet proto udp from any to 172.16.1.4 port = domain keep
state
pass in quick on igb0 inet proto udp from any to 172.16.1.4 port = 9000 keep
state
pass in quick on igb0 inet proto udp from any to 172.16.1.4 port = 9993 keep
state
pass in quick on igb0 inet proto udp from any to 172.16.1.4 port = 42853 keep
state
pass in quick on igb0 inet proto udp from any to 172.16.1.4 port = 21027 keep
state
pass in quick on igb0 inet proto udp from any to 172.16.1.4 port = 3478 keep
state
... probably should be more rules output here
```
## ifconfig
```
igb0: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP>
metric 0 mtu 1400
options=4e503bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
ether ac:1f:6b:67:e1:38
inet 172.16.1.4 netmask 0xffffff00 broadcast 172.16.1.255
inet6 fe80::ae1f:6bff:fe67:e138%igb0 prefixlen 64 scopeid 0x1
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
igb1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4e507bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
ether ac:1f:6b:67:e1:39
media: Ethernet autoselect
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo1: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 100.64.0.0 netmask 0xfffe0000
inet 100.64.0.1 netmask 0xffffffff
inet 100.64.0.2 netmask 0xffffffff
inet 100.64.0.3 netmask 0xffffffff
inet 100.64.0.4 netmask 0xffffffff
inet 100.64.0.5 netmask 0xffffffff
inet 100.64.0.6 netmask 0xffffffff
inet 100.64.0.7 netmask 0xffffffff
inet 100.64.0.8 netmask 0xffffffff
inet 100.64.0.9 netmask 0xffffffff
inet 100.64.0.10 netmask 0xffffffff
inet 100.64.0.11 netmask 0xffffffff
inet 100.64.0.12 netmask 0xffffffff
inet 100.64.0.13 netmask 0xffffffff
inet 100.64.0.14 netmask 0xffffffff
inet 100.64.0.15 netmask 0xffffffff
inet 100.64.68.238 netmask 0xffffffff
inet 100.64.8.8 netmask 0xffffffff
inet6 fe80::1%lo1 prefixlen 64 scopeid 0x4
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
zt1flo98dm17np8: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
metric 5000 mtu 2800
options=80000<LINKSTATE>
ether 2a:3d:9d:3c:2f:91
hwaddr 58:9c:fc:10:65:16
inet6 fc7b:c4d6:6be2:8e50:6c98::1 prefixlen 40
inet6 fe80::283d:9dff:fe3c:2f91%zt1flo98dm17np8 prefixlen 64 scopeid
0x5
groups: tap
media: Ethernet 1000baseT <full-duplex>
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Opened by PID 25
ztagim5o45dhe4c: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
metric 5000 mtu 2800
options=80000<LINKSTATE>
ether 8e:5a:56:5a:ad:5d
hwaddr 58:9c:fc:00:16:3e
inet6 fca2:927d:4de2:8e50:6c98::1 prefixlen 40
inet6 fe80::8c5a:56ff:fe5a:ad5d%ztagim5o45dhe4c prefixlen 64 scopeid
0x6
groups: tap
media: Ethernet 1000baseT <full-duplex>
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Opened by PID 25
vm-public: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
metric 0 mtu 1400
options=0
ether be:b4:fd:ec:d1:27
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 20000
groups: bridge vm-switch viid-4c918@
nd6 options=9<PERFORMNUD,IFDISABLED>
```
lots of netlink-related messages scroll past at unreadable speed during the
crash.
I'll try to trim the pf.conf to find what's responsible in the meantime.
--
You are receiving this mail because:
You are the assignee for the bug.