[Bug 251414] pf sometimes panics when reloading ruleset with tables

Thu Nov 26 20:25:46 UTC 2020

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251414

            Bug ID: 251414
           Summary: pf sometimes panics when reloading ruleset with tables
           Product: Base System
           Version: 12.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: sigsys at gmail.com

Happens on 12.2-RELEASE when doing a `service pf reload` when pf.conf loads a
table from a file with about 2700 entries.  Never had this problem before I
added the table.

[1232428] Fatal trap 12: page fault while in kernel mode
[1232428] cpuid = 2; apic id = 02
[1232428] fault virtual address = 0x2010
[1232428] fault code            = supervisor write data, page not present
[1232428] instruction pointer   = 0x20:0xffffffff83595228
[1232428] stack pointer         = 0x0:0xfffffe0000504540
[1232428] frame pointer         = 0x0:0xfffffe00005045a0
[1232428] code segment          = base 0x0, limit 0xfffff, type 0x1b
[1232428]                       = DPL 0, pres 1, long 1, def32 0, gran 1
[1232428] processor eflags      = interrupt enabled, resume, IOPL = 0
[1232428] current process               = 0 (if_io_tqg_2)
[1232428] trap number           = 12
[1232428] panic: page fault
[1232428] cpuid = 2
[1232428] time = 1606389244
[1232428] KDB: stack backtrace:
[1232428] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
0xfffffe0000504200
[1232428] vpanic() at vpanic+0x17b/frame 0xfffffe0000504250
[1232428] panic() at panic+0x43/frame 0xfffffe00005042b0
[1232428] trap_fatal() at trap_fatal+0x391/frame 0xfffffe0000504310
[1232428] trap_pfault() at trap_pfault+0x4f/frame 0xfffffe0000504360
[1232428] trap() at trap+0x286/frame 0xfffffe0000504470
[1232428] calltrap() at calltrap+0x8/frame 0xfffffe0000504470
[1232428] --- trap 0xc, rip = 0xffffffff83595228, rsp = 0xfffffe0000504540, rbp
= 0xfffffe00005045a0 ---
[1232428] pfr_update_stats() at pfr_update_stats+0x1a8/frame 0xfffffe00005045a0
[1232428] pf_test() at pf_test+0xebe/frame 0xfffffe0000504740
[1232428] pf_check_in() at pf_check_in+0x1d/frame 0xfffffe0000504760
[1232428] pfil_run_hooks() at pfil_run_hooks+0x87/frame 0xfffffe00005047f0
[1232428] ip_input() at ip_input+0x40e/frame 0xfffffe00005048a0
[1232428] netisr_dispatch_src() at netisr_dispatch_src+0xca/frame
0xfffffe00005048f0
[1232428] ether_demux() at ether_demux+0x138/frame 0xfffffe0000504920
[1232428] ether_nh_input() at ether_nh_input+0x33b/frame 0xfffffe0000504980
[1232428] netisr_dispatch_src() at netisr_dispatch_src+0xca/frame
0xfffffe00005049d0
[1232428] ether_input() at ether_input+0x4b/frame 0xfffffe0000504a00
[1232428] iflib_rxeof() at iflib_rxeof+0xae6/frame 0xfffffe0000504ae0
[1232428] _task_fn_rx() at _task_fn_rx+0x72/frame 0xfffffe0000504b20
[1232428] gtaskqueue_run_locked() at gtaskqueue_run_locked+0x121/frame
0xfffffe0000504b80
[1232428] gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0xb6/frame
0xfffffe0000504bb0
[1232428] fork_exit() at fork_exit+0x7e/frame 0xfffffe0000504bf0
[1232428] fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0000504bf0
[1232428] --- trap 0, rip = 0, rsp = 0, rbp = 0 ---

[10502] Fatal trap 12: page fault while in kernel mode
[10502] cpuid = 12; apic id = 0c
[10502] fault virtual address   = 0xc030
[10502] fault code              = supervisor write data, page not present
[10502] instruction pointer     = 0x20:0xffffffff83595228
[10502] stack pointer           = 0x28:0xfffffe0000536330
[10502] frame pointer           = 0x28:0xfffffe0000536390
[10502] code segment            = base 0x0, limit 0xfffff, type 0x1b
[10502]                         = DPL 0, pres 1, long 1, def32 0, gran 1
[10502] processor eflags        = interrupt enabled, resume, IOPL = 0
[10502] current process         = 0 (if_io_tqg_12)
[10502] trap number             = 12
[10502] panic: page fault
[10502] cpuid = 12
[10502] time = 1606400775
[10502] KDB: stack backtrace:
[10502] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
0xfffffe0000535ff0
[10502] vpanic() at vpanic+0x17b/frame 0xfffffe0000536040
[10502] panic() at panic+0x43/frame 0xfffffe00005360a0
[10502] trap_fatal() at trap_fatal+0x391/frame 0xfffffe0000536100
[10502] trap_pfault() at trap_pfault+0x4f/frame 0xfffffe0000536150
[10502] trap() at trap+0x286/frame 0xfffffe0000536260
[10502] calltrap() at calltrap+0x8/frame 0xfffffe0000536260
[10502] --- trap 0xc, rip = 0xffffffff83595228, rsp = 0xfffffe0000536330, rbp =
0xfffffe0000536390 ---
[10502] pfr_update_stats() at pfr_update_stats+0x1a8/frame 0xfffffe0000536390
[10502] pf_test() at pf_test+0xebe/frame 0xfffffe0000536530
[10502] pf_check_out() at pf_check_out+0x1d/frame 0xfffffe0000536550
[10502] pfil_run_hooks() at pfil_run_hooks+0x87/frame 0xfffffe00005365e0
[10502] ip_output() at ip_output+0xaf8/frame 0xfffffe0000536730
[10502] ip_forward() at ip_forward+0x32e/frame 0xfffffe00005367f0
[10502] ip_input() at ip_input+0x7c5/frame 0xfffffe00005368a0
[10502] netisr_dispatch_src() at netisr_dispatch_src+0xca/frame
0xfffffe00005368f0
[10502] ether_demux() at ether_demux+0x138/frame 0xfffffe0000536920
[10502] ether_nh_input() at ether_nh_input+0x33b/frame 0xfffffe0000536980
[10502] netisr_dispatch_src() at netisr_dispatch_src+0xca/frame
0xfffffe00005369d0
[10502] ether_input() at ether_input+0x4b/frame 0xfffffe0000536a00
[10502] iflib_rxeof() at iflib_rxeof+0xae6/frame 0xfffffe0000536ae0
[10502] _task_fn_rx() at _task_fn_rx+0x72/frame 0xfffffe0000536b20
[10502] gtaskqueue_run_locked() at gtaskqueue_run_locked+0x121/frame
0xfffffe0000536b80
[10502] gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0xb6/frame
0xfffffe0000536bb0
[10502] fork_exit() at fork_exit+0x7e/frame 0xfffffe0000536bf0
[10502] fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0000536bf0
[10502] --- trap 0, rip = 0, rsp = 0, rbp = 0 ---

-- 
You are receiving this mail because:
You are the assignee for the bug.