Relayd crashing Kernel on 10.1

Kolontai Andrej Andrej.Kolontai at Verwaltung.Uni-Muenchen.DE
Wed Nov 26 08:44:35 UTC 2014

Hello @all,

I'm new to this list and hope this is the right place to ask. 
We are using FreeBSD for our Firewalls and are actually happy with it. Since recently we use relayd (installed via pkg) to do some load balancing stuff. On a freshly installed machine running 10.0-RELEASE everything worked fine. 
On monday, I tried to upgrade to 10.1-RELEASE using freebsd-update as described in the handbook chapter 24. At first everything looked good but relayd wouldn't come up:

"Nov 24 10:50:48 flutters relayd[3300]: fatal: cannot add rule: Operation not supported by device
Nov 24 10:50:48 flutters relayd[3293]: lost child: pfe exited abnormally"

When I tried to start it with /usr/local/etc/rc.d/relayd start the kernel panicked. I had to roll back the update (which worked fine). However, I was able to reproduce this behavior on a virtual machine. 

My guess is it happens here:
#7  0xffffffff81a37954 in pfr_detach_table (kt=0x0)
    at /usr/src_10.1.0/sys/modules/pf/../../netpfil/pf/pf_table.c:2047

The corresponding code is:
pfr_detach_table(struct pfr_ktable *kt)

        KASSERT(kt->pfrkt_refcnt[PFR_REFCNT_RULE] > 0, ("%s: refcount %d\n",
            __func__, kt->pfrkt_refcnt[PFR_REFCNT_RULE]));

        if (!--kt->pfrkt_refcnt[PFR_REFCNT_RULE])
                pfr_setflags_ktable(kt, kt->pfrkt_flags&~PFR_TFLAG_REFERENCED);

>From what I know about C programming: kt is not supposed to be 0x0. 
My guess was that some data structure has changed between 10.0 and 10.1 kernels. So a recompile of relayd should fix that. It did. I compiled it from the ports and it worked. 

Now my question ist: did I do something wrong?  Maybe compiling is the preferred method over using binaries? I'm still trying to figure out what  the "stay-out-of-trouble"-mode on FreeBSD is (like yum -y update). But I'd rather use the binaries. 

Viele Grüße 

Andrej Kolontai

Ludwig-Maximilians-Universitaet Muenchen
Ref. VI.4 (IT-Sicherheit & Verzeichnisdienste) 
Martiusstrasse 4 / 207
80802 Muenchen

phone  +49 (0)89 2180-3815
email  mailto:andrej.kolontai at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: core.txt.0
Type: application/octet-stream
Size: 96477 bytes
Desc: core.txt.0
URL: <>

More information about the freebsd-questions mailing list