From owner-freebsd-pf@freebsd.org Sun Feb 25 06:25:13 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 70ABDF11372 for ; Sun, 25 Feb 2018 06:25:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 027DC6E2BC for ; Sun, 25 Feb 2018 06:25:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 465531BA7D for ; Sun, 25 Feb 2018 06:25:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1P6PCxk025686 for ; Sun, 25 Feb 2018 06:25:12 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1P6PCEG025683 for freebsd-pf@FreeBSD.org; Sun, 25 Feb 2018 06:25:12 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 223093] /dev/pf locks disrupt other pf-dependent services (ftp-proxy, tftp-proxy, relayd, pfctl, etc) Date: Sun, 25 Feb 2018 06:25:12 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.4-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: component Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2018 06:25:13 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223093 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Component|bin |kern --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sun Feb 25 08:57:25 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8230AF228F4 for ; Sun, 25 Feb 2018 08:57:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 22A83722E1 for ; Sun, 25 Feb 2018 08:57:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 60FAC1CF3E for ; Sun, 25 Feb 2018 08:57:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1P8vOpN001987 for ; Sun, 25 Feb 2018 08:57:24 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1P8vOMv001984 for freebsd-pf@FreeBSD.org; Sun, 25 Feb 2018 08:57:24 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 209475] pf didn't check if enough free RAM for net.pf.states_hashsize Date: Sun, 25 Feb 2018 08:57:23 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.3-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2018 08:57:25 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D209475 --- Comment #31 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Sun Feb 25 08:56:44 UTC 2018 New revision: 329950 URL: https://svnweb.freebsd.org/changeset/base/329950 Log: pf: Cope with overly large net.pf.states_hashsize If the user configures a states_hashsize or source_nodes_hashsize value we may not have enough memory to allocate this. This used to lock up pf, because these allocations used M_WAITOK. Cope with this by attempting the allocation with M_NOWAIT and falling bac= k to the default sizes (with M_WAITOK) if these fail. PR: 209475 Submitted by: Fehmi Noyan Isi MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D14367 Changes: head/sys/net/pfvar.h head/sys/netpfil/pf/pf.c --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sun Feb 25 21:01:18 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0867BF28849 for ; Sun, 25 Feb 2018 21:01:18 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9CA4A70826 for ; Sun, 25 Feb 2018 21:01:17 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 05933234A6 for ; Sun, 25 Feb 2018 21:01:17 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1PL1GiY015085 for ; Sun, 25 Feb 2018 21:01:16 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1PL1GFx015070 for freebsd-pf@FreeBSD.org; Sun, 25 Feb 2018 21:01:16 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201802252101.w1PL1GFx015070@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: freebsd-pf@FreeBSD.org Subject: Problem reports for freebsd-pf@FreeBSD.org that need special attention Date: Sun, 25 Feb 2018 21:01:16 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2018 21:01:18 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 203735 | Transparent interception of ipv6 with squid and p 1 problems total for which you should take action. From owner-freebsd-pf@freebsd.org Mon Feb 26 05:40:19 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D95C3F2D10E for ; Mon, 26 Feb 2018 05:40:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 76F2284284 for ; Mon, 26 Feb 2018 05:40:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id C242A27D59 for ; Mon, 26 Feb 2018 05:40:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1Q5eIUk053611 for ; Mon, 26 Feb 2018 05:40:18 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1Q5eIYo053610 for freebsd-pf@FreeBSD.org; Mon, 26 Feb 2018 05:40:18 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 206468] pfsync: changing syncdev causes panic Date: Mon, 26 Feb 2018 05:40:18 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 05:40:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206468 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kp@freebsd.org --- Comment #1 from Kristof Provost --- I can't seem to reproduce this on either current or stable/10. Is this stil= l a problem for you? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Mon Feb 26 11:21:52 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4E3E5F3E8DD for ; Mon, 26 Feb 2018 11:21:52 +0000 (UTC) (envelope-from Joe@stream-technologies.com) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30074.outbound.protection.outlook.com [40.107.3.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9761070460 for ; Mon, 26 Feb 2018 11:21:50 +0000 (UTC) (envelope-from Joe@stream-technologies.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=streamtechnologiesuk.onmicrosoft.com; s=selector1-streamtechnologies-com01e; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=61LoG4WhMJljHIHs9j86k7cpsFB4U1pbB38smdZPnEQ=; b=rfUILOZNlDSdvi2xM3uHgss01jzYAFXA+uuVTuFZR8OSX2H9HRlZrgJQlkzPYR3TQzeuBwYhq7xtGEs8dJjYGyAp+B8uNlZIG4ZP69pMIOOVPGTDWRwyg8mq6aJ94EXNv3OnlCwADAvB1hCFCHwy0Y0NSFaT+h1GKmwTVxdUTK8= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Joe@stream-technologies.com; Received: from [192.168.6.128] (212.250.79.109) by AM4PR07MB3411.eurprd07.prod.outlook.com (2603:10a6:205:a::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.548.6; Mon, 26 Feb 2018 11:21:47 +0000 Subject: Re: Kernel Panic To: Kristof Provost References: <5A842FC6.7020806@stream-technologies.com> <5A8443BF.8040208@stream-technologies.com> <5289570D-24E1-4292-B4D2-D2F67D7D2D4F@sigsegv.be> Cc: freebsd-pf@freebsd.org From: Joe Jones Message-ID: <5A93EDC9.7020407@stream-technologies.com> Date: Mon, 26 Feb 2018 11:21:45 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <5289570D-24E1-4292-B4D2-D2F67D7D2D4F@sigsegv.be> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [212.250.79.109] X-ClientProxiedBy: LNXP265CA0069.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:5d::33) To AM4PR07MB3411.eurprd07.prod.outlook.com (2603:10a6:205:a::32) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d31de72e-e1b5-4822-b111-08d57d0b1f9f X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:AM4PR07MB3411; X-Microsoft-Exchange-Diagnostics: 1; AM4PR07MB3411; 3:WgyeqxLJX5+AE5EWlPAdPJZyL+/vdu+5Lyt0KSer9XoFchFeMrU++MyDkO/N+wpwksggwFU95uXzv7Lo4v75EeYRiNh1lQlKCVBvYC4KdyV5acXAGJFjs7HLcos7wPGJ/I0ktMxXcZRTQ5c1xHeTk8kktYwI2rvjOTEtOA4ER9akhsPo4vsAni+iSWmMp0+8LAwd1rlKcHEMJ9C+JTIxUQZNyQxOxmmUmX0N8DyNcDycDXTv5/7tbsrGSIgME882; 25:paofbFiR6xZuA/xXK/8Q9GPiAXE4vR7AZLi+cO5IrH7QlbTv6MosgqaScu405NckvaHNl81EQT6/ReLWNHVcefSjbikuVvfA9qQeCpdBVYmWYVZp6RQzorcdvkRLkD44zWYHHrmU8k9ZhZWCyr5o7pM2lmb4BYlsbjMOoTpo45qw3U6c+NhLuqsLvYJsV6aa1M2EbAWlR0+A6hf0IjsHYkMq/k/VVLhNXU8DI43pDenyPEvG0yueKGaObyexWl59FzxCVAufJRx6i3Pqlycde2gAlyo4AwLgz+eq3V6f55Mcl/cVMj2ZHod6ruxyZLWZy4PCbvNU6eHLPNgY+q15yA==; 31:zhQrV3K1YxbImsMmgarl9jjXy/giLGZJ+7AuPBhdpA+PVan/IfRANV1uwj7/m7nTzltzk5fnq+xZ542aAfmoZDwlB0aAKfUH8BHoRlIlTIb5x6gq70pErn3q7OoivmlRvkCWRnuz//XhAUzGla2ZvXEkJhkcaSjwU4Ulau594q3dlpgpdfnjLt3UKiRscQ4dVRSxYMucAc/T7pt6bT6m/AoLZNdp3FDN/Sp2nUy5eXY= X-MS-TrafficTypeDiagnostic: AM4PR07MB3411: X-Microsoft-Exchange-Diagnostics: 1; AM4PR07MB3411; 20:dCuwXkiEKdDjmFN2XzTnx1l7AQCNHIFeAJYeOtA9+7e5YYK32MDbqc828bdEPsyrUDB+72xPilyMloOK0iQP7TCKH43K8RfSurjPdQeNRBhQZpsGlGkjJcnfwD2CEP1z1K1b+CNo/XO+zb358RiJyrEegn1dHweQqAXWAXipPhk=; 4:BGbCJR/OGCVU2m8fGkqXvfYBdb0XT5dsJhPZvDUWPakcd+U15UVjp27jitoB1N2iv0+UkjiJrmfip3L4kwUwLYAk5dT4ORiRYjkU1Dq5jzKiKLPQbQCHSDK31tVRS9N7/pqR+2sqyIvBLvgpnDLGJbuKj/RR7LmKHxA9ui0zhwKcF/YXfNa2ipUrurBv/RT0tPaLtUbmizl3387dluJLvVyUQaShCSZVtcUHcwDYhrb5DnZQoO+7lItFxjI0Hc19Pm55ayCQcmnQKRY852Bxag== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501161)(3002001)(6041288)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:AM4PR07MB3411; BCL:0; PCL:0; RULEID:; SRVR:AM4PR07MB3411; X-Forefront-PRVS: 05954A7C45 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6049001)(346002)(39840400004)(366004)(39380400002)(376002)(396003)(199004)(189003)(80792005)(50466002)(6306002)(7736002)(16576012)(966005)(67846002)(8676002)(64126003)(575784001)(86362001)(81156014)(81166006)(72206003)(97736004)(65806001)(68736007)(229853002)(478600001)(305945005)(106356001)(105586002)(59896002)(66066001)(6916009)(65956001)(2950100002)(47776003)(53936002)(4326008)(33656002)(58126008)(6116002)(65816011)(76176011)(2906002)(87266011)(52116002)(6246003)(25786009)(3846002)(52146003)(2486003)(2870700001)(117156002)(8936002)(316002)(80316001)(59450400001)(23676004)(77096007)(53546011)(36756003)(386003)(221733001)(3480700004)(7116003)(6486002)(5660300001)(16526019)(26005)(186003)(93886005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR07MB3411; H:[192.168.6.128]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: stream-technologies.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtBTTRQUjA3TUIzNDExOzIzOld5d1hUNlNOZk8wU2VRK1M0bTlZaGl0allv?= =?utf-8?B?TVhVZTZiRXpCa1Y3SlprMENjMnk5WWlySEUzVDI0VC93VFhjeElkd2c0V0dk?= =?utf-8?B?YXZNRTNkZnJ6MTJlY0x5VWxva20rdFVybWtPK0xmVVhHT24xZjN5Tk0rYlhN?= =?utf-8?B?cG11TjkvR2lZNEt1cFVpbGdXajhxVEQ4L1hkMFh6QnF3K0hZMmNab0dBamdz?= =?utf-8?B?MWVUMENvYUs2ZDRoMElrTnNZRzVxeHpVV0g2WFZEM3NnL1NHeFpHZTVZNGlX?= =?utf-8?B?UXd2Q0ZZSE5PZWo1VnUvRGExWVBRL2tjZVBUTEc1dlo2b2FwSksvb0JiVngy?= =?utf-8?B?N25oR0ROdGUrdUhsUEI1bTVDczEvTzExUUZ0aGpvcW1IV3ZzTEJNWndVOHpJ?= =?utf-8?B?dElCS0tIaEhGN0ZnVDFrL3hMN1JEOXQ2SVZPeU84RWRkOXBYekVDUWdMTXdU?= =?utf-8?B?UUVpdjBWSHFGdUozRkNpamwrNWJ1WWdrbk5HcVlVTmVUN2Iybm40MWxRTkR2?= =?utf-8?B?SGRvazA0U3Z3WWJyVGM3WkNaTGpoSHVWMDZyYTQxUmRVNmhodnJhRDhFZGRS?= =?utf-8?B?ZldMSjlhYjR1bTZSdGRObkNnWFc1K1QwdlY4R0Q0T3lReElnS1dMT0tkU3Bq?= =?utf-8?B?V0ZOSnJWZlEyVFZsWktRTmFVRWpJZ2lOSVRFNFI0ZWRSZGN1ZVdJSlVCQ2ZM?= =?utf-8?B?Z1FtTm9weTI1dnJFNFNvSkxpamhmcUh3ckhzTnZqUk8rZW9oQ0doSS9xRmZu?= =?utf-8?B?aHZFY0pDN29pbzdabzJKQ2NWVXBPVkkybmVzS3hhYVh6dWRRaUt0a2VnNmFn?= =?utf-8?B?SWVjRjNEZXMwY2QvbXNkVjlTc1haOWs1QWROYWhIM3NVOElHajU1cUhEL0M4?= =?utf-8?B?SnQ5emRENkRTeWVCOGo0TTN3Y3RUVkpMV1I4b1Q1eGt2aU14dDN0bnREOVBV?= =?utf-8?B?SjNrR0lFL3NsNGlCSHFYVzI0YXd1YnBQOXdtdm9xVERpYVBGandlZlBXZUJm?= =?utf-8?B?NDdOZVpVUDdUbUROQkpUU2IzemVJbW5UOWxQKzZ2ZnRnS3ZvSFNJRHJmQTA5?= =?utf-8?B?SGt5dk0zSUZGL3ZML1NBei8rM2JnNDVvdW1DSm4vZzg1VTJHVGZ4R1FzalF2?= =?utf-8?B?UkVhblY2NVArNmc0bTd3YlFEakNvNkE5eHRzUG1qNldSRjE2b1RmWWlzYTM5?= =?utf-8?B?YWZEVnR2ZGdjUzdVaWl0enlTZG5WUXBtTVp2eUtkemMvYytOQ0cxTk1ad2Fw?= =?utf-8?B?VHg2N2FZNHZvMXVoYVpLdDZSUUtod3U3QzhRUVQ5V2N1QzRTcU9OZy9kbEFO?= =?utf-8?B?dDVqekZuTnlJMEhMclVHQmhmRGJoVGNUaERnZDgxWUV3ZHo5OUZBS1ZDb0gx?= =?utf-8?B?em1hMjIxMXRQNWlPbmU0Z3FiRC90eHl2SmhNQ1FaSFk1NExlRUM0NXpRbjVN?= =?utf-8?B?eEtzeisvdDNZdXE0K3R3OThvVjhoOXhXcUNrTG0zalk4eXJZQWFPSHhKVW4x?= =?utf-8?B?Kzg1UUMvTFUrNkZwZUk0U1dkU1oyZEFmUlpIQXlvN1hYWUpWQUJQS21NRWRD?= =?utf-8?B?R3pNeXl1Y0k0Q2VTMUpGTHhtb2V3RnphdXB6ZUZMM1BTa21uZ2FTai9RdUZE?= =?utf-8?B?eUdBTFhqeWNaZndxTEtRVjgvUXc4dEVvSExRWjRsaWtTNXgwaXNESzc3L2xK?= =?utf-8?B?YkNQeElicjVjeGZUemZBaGx6cFNVQ29XV2U5OW1VQXZKUjUyUWRoVGExdzVN?= =?utf-8?B?VmxHRGJ2ZGF0REhkTmk0Y08vb2pkdGZ2c29yYlB0MHhncXljblREbzVCSjht?= =?utf-8?B?ejkvcUtpczlHSWxNMnd2VktDS0Z2SXJReG9sK29lMVp1VER5bHhaYVBGOGJM?= =?utf-8?B?UnF5Q1hNUEJtMDl3YnBWYThSVnlaOUpUVWpZQnlZMVBtallZN3h2clhPcUxS?= =?utf-8?B?VFE0SVpOSnFFZVVjVzRXK1B3TnRVR0JYRENyVDdVVWZjNC95K2lUL01lN2RR?= =?utf-8?B?OEliNUFKRndXS29ud0FSOWcwZlBVZU1uODFaaTI2M1VVOHYwQ2pQdlJMd1B3?= =?utf-8?B?dXVLbjFsTkhFRElXTDZCNENXb0V5WmxGa0xxblhFUk5kNXpiUUkzRSttZ1Uw?= =?utf-8?B?VTUramNTYnZsRHlqTk9yQ2FHMTdJMHRvQWx0NFBlckxVQVRDOVhZdDRoL24v?= =?utf-8?B?QytTcmxrbWlhanUrc2tIUGhuUEJnPT0=?= X-Microsoft-Exchange-Diagnostics: 1; AM4PR07MB3411; 6:a/gWSX4rHWVQly7YQtHs2xoaz16JqY6bq1szF49h2Bhh/ifTqkmxZ+oEr2s17qsSDBG2rwTSGr1Ws2VKtCEIOkUqjvWNPxi229oMBB2znOksKz3FyALcE1isPOVEgBuFuL7vaS3nBD0EhfTIVmWqtt9EgQREEzoAytm5eg4OlIIqXvn5iy1D/sRf5llwA2f6JRtCEpwJWrb+H15pK21Qzbk5P3hkMNDx+cZnR7RliE4wmzux6SnhLNXBoUS+sxSa9b2Eu71GO5gvpy0FdBKJj87xzhdB1AmovQpK7rMcC3iYuCVhbaLz/bozQs8yKIkrz/D3exhOKylZHRhCYlK1mWYECTR4As7ICr7KWWkH5WE=; 5:J2QFcFWZC/ILxGUFmruauDiR4OGohl6d84oqLZIHQQU+Q5nYNu0q5UH6pQQ3RLi2jpDskXb/j+48pAE5sKU0a3mRAH3fsSYHLoVUGWq9m8SWCVfmrqF0Dk129N4RgSaAZkLUIwtxNYbRNXIIqjdJnYxzXHX5B7lBoB4e+p7jlsw=; 24:IdEm/5MdV0vOHO9YZzyQVyHv6Odq5bkUTt9Un98RIPGHngKcqi7YEtzuYob6vCNbSkuEqr8RNqiY5PQvG+sau8Mv7S9Qv0P3mCLIRIl9KeY=; 7:PfrC8zfvq0+7v6bqq7yuWFJSPjhu+py4yAjUkRm/MYJPc6cbACt7NFpw2ZW8X9fXgsjTEm3sxHSkM3ZUIYd0yf8y0saSO70VFQ3c/ZMLUkkyBRwgCab8d3WdDjG7USt+NeV69AefH8lKrPwwFlBK4UfNmSEw06KznwOdy9RwDx2RTfTp+NPwKaKnsyRM3cMeh8vPoBtI9ZMTofvfETKQfiBXG8ldV3oCFW4Fwyuoiexg3NvJnpCOMu5AIi3iCPsy SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: stream-technologies.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2018 11:21:47.0484 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d31de72e-e1b5-4822-b111-08d57d0b1f9f X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 720fa073-5781-43bf-bc14-7bef2603ed21 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB3411 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 11:21:52 -0000 Hi Kristof, we are not updating rules during the test although in production we will reload the rule set from time to time. We are constantly adding and removing from tables though, using the DIOCRADDADDRS and DIOCRDELADDRS ioctl, also DIOCKILLSTATES is being called a lot. These are all in response to RADIUS events. We tried using pfctl shell command rather than calling ioctl directly, to check that it wasn't a problem with how we are calling the ioctl. A little background. Our production system is running on 8.4 and has been stable for years. We are in the process of moving to 11.1 and are having big problems with stability when we allow customer traffic into the machine. At the moment we are using mirror ports on the switch to play live traffic into it. We're trying to work out the simplest configuration that causes a problem with a view to producing a good bug report. I have notices that the pfil interface https://www.freebsd.org/cgi/man.cgi?query=pfil&sektion=9 has locking in it which didn't exist in 8, I think it was introduced in 9? the locking functions appear in the man page in 10. I don't know if that interface is used directly by pf, but I'm guessing packet processing needs to be thread safe in a way it didn't in 8. Regards Joe Jones On 25/02/18 10:56, Kristof Provost wrote: > On 14 Feb 2018, at 19:57, Joe Jones wrote: >> On 14/02/18 13:09, Kristof Provost wrote: >>> On 14 Feb 2018, at 23:47, Joe Jones wrote: >>>> we are running test traffic through our system, after between 1 and >>>> 12 hours we get a kernel panic, always in the pfr_pool_get function >>>> in /usr/src/sys/netpfil/pf/pf_table.c line 2140. After a bit of >>>> investigation I confirmed that ke2 is set to null on line 2122. >>>> >>> It’d probably be interesting to know what the contents of uaddr/addr >>> is here. >>> From a very quick look at the code there’s supposed to be a route >>> lookup there, and I’d expect there to always be a result. The code >>> certainly expects it, because that looks to be what causes the panic. >>> >> >> (kgdb) p *uaddr >> No symbol "uaddr" in current context. >> >> (kgdb) p *addr >> $1 = { >> pfa = { >> v4 = { >> s_addr = 2016475826 >> }, >> v6 = { >> __u6_addr = { >> __u6_addr8 = 0xfffffe0000310d0c "��0x0\r1", >> __u6_addr16 = 0xfffffe0000310d0c, >> __u6_addr32 = 0xfffffe0000310d0c >> } >> }, >> addr8 = 0xfffffe0000310d0c "��0x0\r1", >> addr16 = 0xfffffe0000310d0c, >> addr32 = 0xfffffe0000310d0c >> } >> } >> > Interesting… That looks okay, so I have no idea why that lookup > returned NULL. > Are you modifying tables/rules at all during this test? > >> Am I right in thinking that's in network order. >> > I believe so, yes. > > Regards, > Kristof From owner-freebsd-pf@freebsd.org Tue Feb 27 04:40:30 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4ECE8F226C4 for ; Tue, 27 Feb 2018 04:40:30 +0000 (UTC) (envelope-from srs0=4s7g=fv=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D222D811E1 for ; Tue, 27 Feb 2018 04:40:29 +0000 (UTC) (envelope-from srs0=4s7g=fv=sigsegv.be=kristof@codepro.be) Received: from [220.247.151.153] (unknown [IPv6:2001:df9:2:0:8d66:da76:d93a:60cc]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 021B428689; Tue, 27 Feb 2018 05:40:27 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1519706428; bh=4joJ7/ydtzMDMIS23fPfv4GBnJ1fYBzOm+XE6rYZkIs=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=zBGwJ9JKguQTyWy3Mg9w3FW27I82jC3zYu/RKmPL93HWUO+CHNlyuojprfaeuHjLV 643L7KIf1orx0DTYTtoJ4n9jEbDAKvjZmXOpbqT6Z0PaNikuXbwon6cjp/3mFMk/ix trDMUDetSB7J0aV0EIguoH8DTYNI2PCiShwKQPF0= From: "Kristof Provost" To: "Joe Jones" Cc: freebsd-pf@freebsd.org Subject: Re: Kernel Panic Date: Tue, 27 Feb 2018 10:25:24 +0545 X-Mailer: MailMate (2.0BETAr6103) Message-ID: <9F39A687-FB34-4984-B969-5264DF38544E@sigsegv.be> In-Reply-To: <5A93EDC9.7020407@stream-technologies.com> References: <5A842FC6.7020806@stream-technologies.com> <5A8443BF.8040208@stream-technologies.com> <5289570D-24E1-4292-B4D2-D2F67D7D2D4F@sigsegv.be> <5A93EDC9.7020407@stream-technologies.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 04:40:30 -0000 On 26 Feb 2018, at 17:06, Joe Jones wrote: > Hi Kristof, > > we are not updating rules during the test although in production we > will reload the rule set from time to time. We are constantly adding > and removing from tables though, using the DIOCRADDADDRS and > DIOCRDELADDRS ioctl, also DIOCKILLSTATES is being called a lot. These > are all in response to RADIUS events. We tried using pfctl shell > command rather than calling ioctl directly, to check that it wasn't a > problem with how we are calling the ioctl. > That’s interesting. The panic leads me to suspect something’s wrong with the kt->pfrkt_ipv4->rt, which would explain why we get the unexpected NULL result. My first guess at the cause would be a race condition, where it’s being modified (through one of the ioctls you do) while the pfr_pool_get() is walking it. I don’t immediately see where that’d happen though, because both DIOCRADDADDRS and DIOCRDELADDRS take the rules lock (and pfr_pool_get() takes it too). It might be interesting to run this with these extra asserts (and be sure to enable INVARIANTS). diff --git a/sys/netpfil/pf/pf_table.c b/sys/netpfil/pf/pf_table.c index 18342a94073..cad9b4ea89f 100644 --- a/sys/netpfil/pf/pf_table.c +++ b/sys/netpfil/pf/pf_table.c @@ -962,6 +962,8 @@ pfr_unroute_kentry(struct pfr_ktable *kt, struct pfr_kentry *ke) struct radix_node *rn; struct radix_head *head = NULL; + PF_RULES_WASSERT(); + if (ke->pfrke_af == AF_INET) head = &kt->pfrkt_ip4->rh; else if (ke->pfrke_af == AF_INET6) @@ -1855,6 +1859,8 @@ pfr_destroy_ktable(struct pfr_ktable *kt, int flushaddr) { struct pfr_kentryworkq addrq; + PF_RULES_WASSERT(); + if (flushaddr) { pfr_enqueue_addrs(kt, &addrq, NULL, 0); pfr_clean_node_mask(kt, &addrq); Regards, Kristof From owner-freebsd-pf@freebsd.org Tue Feb 27 14:56:00 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CBBEEF2CAF2 for ; Tue, 27 Feb 2018 14:55:59 +0000 (UTC) (envelope-from Joe@stream-technologies.com) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0624.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1f::624]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 06D977BAE1 for ; Tue, 27 Feb 2018 14:55:58 +0000 (UTC) (envelope-from Joe@stream-technologies.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=streamtechnologiesuk.onmicrosoft.com; s=selector1-streamtechnologies-com01e; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=byxZdw9UV3jYemz9nqard5RMk7goQjOKwdYgnyy1QNg=; b=qcjGbiChUBe/qqLnynkK2HMeGtrjWUdc06w4KZhRwTQ90YArw6g65mG6CuA+pTT0kV2YyohK+SoiesuCVDXIZ8CImjvhT9OuenjeX07vkL3pVhz25vMvlzJGAiF/Jtkj/vRuXTHop4HgvdsSYwLTPrO7IzKo7mtTRAige9eduxE= Received: from [192.168.6.128] (212.250.79.109) by VI1PR07MB3421.eurprd07.prod.outlook.com (2603:10a6:802:23::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.548.6; Tue, 27 Feb 2018 14:55:55 +0000 Subject: Re: Kernel Panic To: Kristof Provost Cc: freebsd-pf@freebsd.org References: <5A842FC6.7020806@stream-technologies.com> <5A8443BF.8040208@stream-technologies.com> <5289570D-24E1-4292-B4D2-D2F67D7D2D4F@sigsegv.be> <5A93EDC9.7020407@stream-technologies.com> <9F39A687-FB34-4984-B969-5264DF38544E@sigsegv.be> From: Joe Jones Message-ID: <19aedb50-34c0-417d-fc1e-e8d519655684@stream-technologies.com> Date: Tue, 27 Feb 2018 14:55:53 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <9F39A687-FB34-4984-B969-5264DF38544E@sigsegv.be> Content-Language: en-US X-Originating-IP: [212.250.79.109] X-ClientProxiedBy: PR0P264CA0018.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100::30) To VI1PR07MB3421.eurprd07.prod.outlook.com (2603:10a6:802:23::31) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e6e0b34d-6fe2-4fea-ff42-08d57df23479 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:VI1PR07MB3421; X-Microsoft-Exchange-Diagnostics: 1; VI1PR07MB3421; 3:S0WhDpY/utmYqG9l1KmfZYrSvBTodpe5zYGzr66kITyL99fQEQxdCIwgVuk+U1E81OvcBFDc6IbRThI/FvJVJcWRsYjMD70yn+WlVoo0uba9Q5WBxlyRYT+2RhGme9DrzUoNfyvTXvualFWCCNtPJ1Zwd/xDealMUw0ajyTWvvpnGbTBmIGJGyYZIzKgDzeBynTHEATFJl+1JidMr+aJ8NSkSrGPPdR8r/KjQDIumN4ODtb4J4HN9tJ4qPDK4H/1; 25:AzeMZoeS9MaXsN8hueElOtgdClYNdu/B2uYA5efdSnu/m9o/Ldz2UpM7kCZVU6HdYFsmRG4crf0OI0Rhe8dTbK9yUvnX50xOEMD2q5QpKtlUfrDfDtCcKX4VFvkOPMFhba1aYeXoXh3NfABI0534eFXva/WSA2e7WOs9/L39u/SeSu+pa226iTPOnOrkzt5PYKihNkudv4BKiy2QUJw0ul5xu0qvnFLDtgN6/uI3JBubc/3kaCuDcvOsH2qJBhzx+GIPRckJLj/bLt0YXtJj14CuWAbBHOH/ECrcu5pLuBvhfEMd6uRS4tQUpTrthn3oMox5fSloUUaBfgLMQ7l/cQ==; 31:w0ARvgtOSjtBn7kWgWkqBxml1BzH2S9YNSfkV2xfLeKpNNS1YvGdluBzgrasxWHr8lqfRtR+SymMzPb6CFykXBuc2R3tXKQVrfm8XPbE2DXlzDEr/mEJdlmS+ohOfaq+bDSZK6Bx0KfO2kklYKaSzMIFa1AXEPqTVsSFSn5IrC3nJi+2Ym8USnQ+a0MFwFmYQzoHWmeFMMmbBAm9FTEopNXJVHM+TK31Y2faKpnxvII= X-MS-TrafficTypeDiagnostic: VI1PR07MB3421: X-Microsoft-Exchange-Diagnostics: 1; VI1PR07MB3421; 20:rKVvEau6J5JCW+5I3obxOrTqEBqMMNASLEkYAHgdlVfJhWdvNduSvUZcLCNPaPIqMx592MthN+xubbYvtXVrqyyrVYPUfPTZfYW9ulZ8AJbVCdqThANk3n/Q0Fh4saihBYKlxtiSDWOiUenUbt2NXMWXEUrEsUtoSXTks7ochok=; 4:Ckl8RISHY9ZHtiB8odks2bdLbwQDMbVPobkuWbE7vXEBqsNgSMusj1t0JW9va7doe9mS0D1miDRC4PfriLMsAVVCJp5EZWPbgv4/pmjcOQEXO2dkmDyhoOBkGLH00cV8MTbrIsWT5vK/wWJ3qYNk+xZThWuQRFs0b8k5MVCUHiz9sUeBHzPLKAxphGMvwyXxVeOVm0VMNifX/CyhbHAaCT0Tlv3D4JUpWq87uHm5OUleeSM7Q4qM4jur/v3U+pRccSd3/U4FbP72ijx6ZvE4gw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(10201501046)(3231220)(944501198)(93006095)(93001095)(3002001)(6041288)(20161123562045)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011); SRVR:VI1PR07MB3421; BCL:0; PCL:0; RULEID:; SRVR:VI1PR07MB3421; X-Forefront-PRVS: 05961EBAFC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6049001)(366004)(346002)(39850400004)(396003)(376002)(39380400002)(199004)(189003)(4326008)(117156002)(54896002)(65826007)(66066001)(386003)(86362001)(229853002)(93886005)(25786009)(6916009)(2950100002)(7736002)(52116002)(76176011)(6346003)(59450400001)(53546011)(77096007)(7116003)(80792005)(5660300001)(106356001)(33964004)(84326002)(186003)(16526019)(97736004)(105586002)(81166006)(316002)(31696002)(68736007)(81156014)(8676002)(58126008)(6116002)(31686004)(6246003)(2906002)(8936002)(65806001)(16576012)(3480700004)(16586007)(37036004)(64126003)(478600001)(65956001)(3846002)(221733001)(53936002)(36756003)(72206003)(6486002)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB3421; H:[192.168.6.128]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: stream-technologies.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Joe@stream-technologies.com; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; VI1PR07MB3421; 23:BP/5ZLa9shPqYm67VLjtdE7rP9HhDQwa2sOoen/vm?= =?us-ascii?Q?XeY0wbkaH0gwwVVigaxMt/nnle+vJd2cPnwOUO3/XVOw2J/bhncYoyD+ElOQ?= =?us-ascii?Q?gIJYYqbbpjVKRydY7Hz5UbHIEDBX043jSF5b5O2PzW6DZOc/tFp2LBx09xIX?= =?us-ascii?Q?cadxJAF0/rprlEhWAmE2K85CvUo0a9r7YMyrnNJ3BnCHfuDKlTxaAJMkmFPy?= =?us-ascii?Q?jVlKIwTAdiIfDWQzg6kRvOjogiaC488pw51gmr0ejmWK/6qV6+YerVWKbqPZ?= =?us-ascii?Q?l9QgGb4Xlh0ok4tEc9m8gZ9ijQqlhrpJK02Y9ecMclWMEByQuSRCRdApsL1F?= =?us-ascii?Q?VcQTZAUXBRj/wxgT0vLmO7uZ9qHWozQOKA0mB58LStf/HxK6vpO01wlmkZaw?= =?us-ascii?Q?B8h4ZPWygqw8iDnX1FDuMOO1SlxOEO+BdxLTECBC4tFe+BNJ4o+DEqwQocSo?= =?us-ascii?Q?tHFNF4eBSPRmulzmmpNk6kaLC7j0bvyfT/AR6Xt/aqVIUCmGOm+uzApmSua8?= =?us-ascii?Q?/EE3xu5nj6zwA17oRGVVYqXGOVebRGyRuLsaqNOSx82ssGGLP8AxfX7A3QO1?= =?us-ascii?Q?llwW2BIOrbjy35mkziRI+TDk6ThMyvU+kK/rvKQ+5rPSDqXP5kMS/DDK4XeB?= =?us-ascii?Q?UdW5cyc88xIHyl8FkNhEHoq5zN4s7Izo/GhZe7UZpIriOUL6J545Nbt7QLYL?= =?us-ascii?Q?zk86gt2WOv7RQdbwDFSKYRzZojx/Nm662YCHi2pPMX32NkoADtLJDXCXlcdR?= =?us-ascii?Q?Xh7KzRvKFH/bDrAL7Ex/JvrgPYqprOSBycjb37wNvpmqY6L4R6agX7MZ8w/M?= =?us-ascii?Q?eAP0mBGV6l0Z1ux7LIvUTcf1ur2IiwrPkAhYTvtyApuybUkoq3TbtXQRCYhV?= =?us-ascii?Q?OHEzsIT+iOiWXs2jEeE0y03inYIqXRb0XTf0hPXyRkpG/z1IP6wR8HzsZxa6?= =?us-ascii?Q?Tw0Ct0tC8CgxJX2Di07evQhiScgd5b0AG5L/15z+uTeTF7wvXLLJQy0YROQ5?= =?us-ascii?Q?LNa6krCM4bYkjIFKdcMn3MVNnvzK4WePwDrriuu0zAWJBwAiFvcpsSbuYcrd?= =?us-ascii?Q?Q7TdmGIChBtu7W1SDhlaUvgR7CIFiHrI2kYjlhAOiWho2edpl40xxb+qlm5n?= =?us-ascii?Q?+XaMfuB9vFtPLYCdlcIIJAVOo5/fgm1TojJwxjbH3lX0mawmYL4UTRsNvrPs?= =?us-ascii?Q?DPxs3cFInM8b9gSRzg7FlagvBcQLrS1stX7qW9tPKMoG2HFYHALhHWJdP8W1?= =?us-ascii?Q?cK1O0QL37poBvzJTytzjIugzEzCYR+kBdRsSDVoNrAuTqYI0UI03dxPg5z4Z?= =?us-ascii?Q?lvXcwPHLOq2YzAfEYIVRyagn8YCWZK5xRckJwWUwKsFzpgOcJpNpAaovc1Rg?= =?us-ascii?Q?ejRwb9Mj0zF26cucWQC8DknpTByO8ZVPIocOrlSPFgM6Jk2t/Fjat+DKbbwm?= =?us-ascii?Q?VmtS37vME7F3rulGlzpsUmW5z/g6wJmv2PNtYNpBI2y8cfgtMNU?= X-Microsoft-Exchange-Diagnostics: 1; VI1PR07MB3421; 6:xschFrveGjNIBog4LV07JiJbTR/LgBZNNKrJANf8QA6LPIEyePgRBMoDu/0aenf0KzW3EqJayK3RvR4ohvNImHHYF6DEJEh9vd2mC/BBi/+Ie5mUrwpMeRKOulenFXh8lRv9UfVjjwqeEEvSf/P8sHEUKxNr7nwuISq+h+0VRfNnQRZscwrJD9VwT6/ORBxgxsRr7pOEk7FhVamqvap+rt5Lzo1bbC9pMx3YH24wkgOE+sp6mhFmAJBZk+k3eqQVzUb5pvPO29bLXN5OLcymcaGdUvMYZIcvRhRdfyIwegKHyyd8OqL5dhTl7+XfLuCVT/zW+F3fDre0Rg9WF5H+O8bVb/EAnm0AVzZkz8sGvTU=; 5:DcFWe0OzkVFvWBJpN92+qhr07A0ss4sW5Pjbh4BeATZE9oLdIPFkwCWoGEj0Fz11YlHV4RQ5kKHj50g18FKIcIgDd2gs+UbP4U2ewNIiBDXw6XdPHsJwEfWJTEko39e3qdIRehivdVn6LF08F8fPOuqF0XRj6651bzUfvFOrZMc=; 24:TBlEseYomqVi0K1kA5DjwkpdMkC0TBXgVN8X/ZHhXxDIjYvx64o1K6G/JuTYLFgExEcm5iQNEtqCFMMVLRQii/uc7P0bVeZDq/LQmt2kRjc=; 7:Uqw9Z9CUDIpNjhzyOevBPqi9sTiAaKNEYwWTfxcI6RN7/KQcxln5SbGXrR/eR+qQvSOtTjZojKTbOBd9Fbd0sRuXbo+rFr1sgkb9VIPci51pcqOHgHIrdd1nI71Kad+kexaG64QD5Gi48wEnGFKbNYx/bPnwZj2hxmYH2jpK/nnhHX0tBKcMTmH9FlU1d7yoPKpQs49uAv/p92LatF1FBF7BiRZnmJS/0EdozJdHTg+WZQyGBhmw6VpevQwZQRVn SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: stream-technologies.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Feb 2018 14:55:55.7198 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e6e0b34d-6fe2-4fea-ff42-08d57df23479 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 720fa073-5781-43bf-bc14-7bef2603ed21 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB3421 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 14:56:00 -0000 Hi, we have a kernel panic after compiling with witness and invariant Feb 27 13:49:33 sovapn1 kernel: lock order reversal: Feb 27 13:49:33 sovapn1 kernel: 1st 0xfffffe000fed78b8 pf_idhash (pf_idhash) @ /usr/src/sys/netpfil/pf/pf.c:1078 Feb 27 13:49:33 sovapn1 kernel: 2nd 0xfffff8001e0474a8 pfsync (pfsync) @ /usr/src/sys/netpfil/pf/if_pfsync.c:1667 Feb 27 13:49:33 sovapn1 kernel: stack backtrace: Feb 27 13:49:33 sovapn1 kernel: #0 0xffffffff80a9efe0 at witness_debugger+0x70 Feb 27 13:49:33 sovapn1 kernel: #1 0xffffffff80a9eed3 at witness_checkorder+0xe23 Feb 27 13:49:33 sovapn1 kernel: #2 0xffffffff80a20aad at __mtx_lock_flags+0x9d Feb 27 13:49:33 sovapn1 kernel: #3 0xffffffff826d9f9d at pfsync_insert_state+0x7d Feb 27 13:49:33 sovapn1 kernel: #4 0xffffffff826ea729 at pf_state_insert+0x8b9 Feb 27 13:49:33 sovapn1 kernel: #5 0xffffffff826f444c at pf_test_rule+0x2bbc Feb 27 13:49:33 sovapn1 kernel: #6 0xffffffff826eec58 at pf_test+0x1598 Feb 27 13:49:33 sovapn1 kernel: #7 0xffffffff826ffb2d at pf_check_in+0x1d Feb 27 13:49:33 sovapn1 kernel: #8 0xffffffff80b488c4 at pfil_run_hooks+0xa4 Feb 27 13:49:33 sovapn1 kernel: #9 0xffffffff80ba5757 at ip_tryforward+0x157 Feb 27 13:49:33 sovapn1 kernel: #10 0xffffffff80ba7a8a at ip_input+0x38a Feb 27 13:49:33 sovapn1 kernel: #11 0xffffffff80b47a00 at netisr_dispatch_src+0x80 Feb 27 13:49:33 sovapn1 kernel: #12 0xffffffff80b309ce at ether_demux+0x15e Feb 27 13:49:33 sovapn1 kernel: #13 0xffffffff80b317ee at ether_nh_input+0x31e Feb 27 13:49:33 sovapn1 kernel: #14 0xffffffff80b47a00 at netisr_dispatch_src+0x80 Feb 27 13:49:33 sovapn1 kernel: #15 0xffffffff80b30d62 at ether_input+0x62 Feb 27 13:49:33 sovapn1 kernel: #16 0xffffffff82671427 at igb_rxeof+0x6e7 Feb 27 13:49:33 sovapn1 kernel: #17 0xffffffff826708fe at igb_msix_que+0xee we compiled with options INVARIANTS options INVARIANT_SUPPORT options WITNESSoptions WITNESS_SKIPSPIN options WITNESS_KDB we went back to the 11.1 release as the relenge branch didn't compile for us (probably our fault). Regards Joe Jones On 27/02/18 04:40, Kristof Provost wrote: > > On 26 Feb 2018, at 17:06, Joe Jones wrote: > > Hi Kristof, > > we are not updating rules during the test although in production > we will reload the rule set from time to time. We are constantly > adding and removing from tables though, using the DIOCRADDADDRS > and DIOCRDELADDRS ioctl, also DIOCKILLSTATES is being called a > lot. These are all in response to RADIUS events. We tried using > pfctl shell command rather than calling ioctl directly, to check > that it wasn't a problem with how we are calling the ioctl. > > That’s interesting. > > The panic leads me to suspect something’s wrong with the > kt->pfrkt_ipv4->rt, which would explain why we get the unexpected NULL > result. > My first guess at the cause would be a race condition, where it’s > being modified (through one of the ioctls you do) while the > pfr_pool_get() is walking it. > > I don’t immediately see where that’d happen though, because both > DIOCRADDADDRS and DIOCRDELADDRS take the rules lock (and > pfr_pool_get() takes it too). > > It might be interesting to run this with these extra asserts (and be > sure to enable INVARIANTS). > > |diff --git a/sys/netpfil/pf/pf_table.c b/sys/netpfil/pf/pf_table.c > index 18342a94073..cad9b4ea89f 100644 --- a/sys/netpfil/pf/pf_table.c > +++ b/sys/netpfil/pf/pf_table.c @@ -962,6 +962,8 @@ > pfr_unroute_kentry(struct pfr_ktable *kt, struct pfr_kentry *ke) > struct radix_node *rn; struct radix_head *head = NULL; + > PF_RULES_WASSERT(); + if (ke->pfrke_af == AF_INET) head = > &kt->pfrkt_ip4->rh; else if (ke->pfrke_af == AF_INET6) @@ -1855,6 > +1859,8 @@ pfr_destroy_ktable(struct pfr_ktable *kt, int flushaddr) { > struct pfr_kentryworkq addrq; + PF_RULES_WASSERT(); + if (flushaddr) { > pfr_enqueue_addrs(kt, &addrq, NULL, 0); pfr_clean_node_mask(kt, &addrq); | > > Regards, > Kristof > From owner-freebsd-pf@freebsd.org Wed Feb 28 04:07:25 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C15ECF24E6A for ; Wed, 28 Feb 2018 04:07:25 +0000 (UTC) (envelope-from srs0=z56q=fw=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5FAED823F3 for ; Wed, 28 Feb 2018 04:07:25 +0000 (UTC) (envelope-from srs0=z56q=fw=sigsegv.be=kristof@codepro.be) Received: from [220.247.151.153] (unknown [IPv6:2001:df9:2:0:8dbe:6587:e577:7328]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 1E3C42C0BE; Wed, 28 Feb 2018 05:07:22 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1519790843; bh=CnCSpHzmDX+hckFvz/IbwC/MdcJwXmroe+tWDeGlZ2s=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=B7pCNyzrniI4p2nOa55JxULdJofQRoIPq7xVwA4J5HSypP+PTYnf2PhoPZmwY57ms K1+aDrfFMOOEvFzXaaYNZiemlJakrTvlraeqf+C5z6cyGj5tU5w9kLiH8bmKRVjnWw 2zlWKUYGcK0pYwHGWS8s5eh0HH9KAI1pArIBXEO4= From: "Kristof Provost" To: "Joe Jones" Cc: freebsd-pf@freebsd.org Subject: Re: Kernel Panic Date: Wed, 28 Feb 2018 09:52:20 +0545 X-Mailer: MailMate (2.0BETAr6103) Message-ID: <22A6028C-9BBA-4117-8734-D976EA5A1367@sigsegv.be> In-Reply-To: <19aedb50-34c0-417d-fc1e-e8d519655684@stream-technologies.com> References: <5A842FC6.7020806@stream-technologies.com> <5A8443BF.8040208@stream-technologies.com> <5289570D-24E1-4292-B4D2-D2F67D7D2D4F@sigsegv.be> <5A93EDC9.7020407@stream-technologies.com> <9F39A687-FB34-4984-B969-5264DF38544E@sigsegv.be> <19aedb50-34c0-417d-fc1e-e8d519655684@stream-technologies.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 04:07:25 -0000 On 27 Feb 2018, at 20:40, Joe Jones wrote: > we have a kernel panic after compiling with witness and invariant > > Feb 27 13:49:33 sovapn1 kernel: lock order reversal: > Feb 27 13:49:33 sovapn1 kernel: 1st 0xfffffe000fed78b8 pf_idhash > (pf_idhash) @ /usr/src/sys/netpfil/pf/pf.c:1078 > Feb 27 13:49:33 sovapn1 kernel: 2nd 0xfffff8001e0474a8 pfsync (pfsync) > @ /usr/src/sys/netpfil/pf/if_pfsync.c:1667 That’s a lock order reversal. It’s not good, but it should at worst result in a deadlock. Did the system stop after this? It also looks like a different problem from the panic you initially reported. Regards, Kristof From owner-freebsd-pf@freebsd.org Wed Feb 28 08:54:06 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BAF2AF351B4 for ; Wed, 28 Feb 2018 08:54:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 568C76C975 for ; Wed, 28 Feb 2018 08:54:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 95A791B01B for ; Wed, 28 Feb 2018 08:54:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1S8s5lB046558 for ; Wed, 28 Feb 2018 08:54:05 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1S8s5ZK046557 for freebsd-pf@FreeBSD.org; Wed, 28 Feb 2018 08:54:05 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 127814] [pf] The flush in pf_reload in /etc/rc.d/pf does not work as intended Date: Wed, 28 Feb 2018 08:54:04 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 08:54:06 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D127814 --- Comment #3 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Wed Feb 28 08:53:07 UTC 2018 New revision: 330105 URL: https://svnweb.freebsd.org/changeset/base/330105 Log: pf: Do not flush on reload pfctl only takes the last '-F' argument into account, so this never did w= hat was intended. Moreover, there is no reason to flush rules before reloading, because pf keeps track of the rule which created a given state. That means that existing connections will keep being processed according to the rule which origina= lly created them. Simply reloading the (new) rules suffices. The new rules wi= ll apply to new connections. PR: 127814 Submitted by: Andreas Longwitz MFC after: 3 weeks Changes: head/etc/rc.d/pf --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Thu Mar 1 03:00:53 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3DD96F3BD22 for ; Thu, 1 Mar 2018 03:00:53 +0000 (UTC) (envelope-from srs0=y8dj=fx=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CF2C174A1D for ; Thu, 1 Mar 2018 03:00:52 +0000 (UTC) (envelope-from srs0=y8dj=fx=sigsegv.be=kristof@codepro.be) Received: from [169.254.13.141] (254.158.dhcp.conference.apricot.net [220.247.158.254]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 5D39A2D8E1; Thu, 1 Mar 2018 04:00:49 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1519873250; bh=6C87reV53rCwUtJpxM5uPcg5uXsve5NvK26wlPqhCkU=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=jrnOoPofojXkI0ZC/AO0b9e5jNM0QX9pO3GoC0mxzMLIY5ycJQJ6M+p7vunahwLdL FThiQ7+BaDYEdryFPWZkMBx8DVoPKhDaXVwHjoAVLhYjCSVCPNFa/UfvL6X8PzURrE Velx92TBXoTSj5WKtysjoJgKdKhNQI61JMH1CiQg= From: "Kristof Provost" To: "Joe Jones" Cc: freebsd-pf@freebsd.org Subject: Re: Kernel Panic Date: Thu, 01 Mar 2018 08:45:45 +0545 X-Mailer: MailMate (2.0BETAr6104) Message-ID: <06755C0B-4633-4FF7-988B-97A0A04D4EF6@sigsegv.be> In-Reply-To: <22A6028C-9BBA-4117-8734-D976EA5A1367@sigsegv.be> References: <5A842FC6.7020806@stream-technologies.com> <5A8443BF.8040208@stream-technologies.com> <5289570D-24E1-4292-B4D2-D2F67D7D2D4F@sigsegv.be> <5A93EDC9.7020407@stream-technologies.com> <9F39A687-FB34-4984-B969-5264DF38544E@sigsegv.be> <19aedb50-34c0-417d-fc1e-e8d519655684@stream-technologies.com> <22A6028C-9BBA-4117-8734-D976EA5A1367@sigsegv.be> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed; markup=markdown Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 03:00:53 -0000 On 28 Feb 2018, at 9:52, Kristof Provost wrote: > On 27 Feb 2018, at 20:40, Joe Jones wrote: >> we have a kernel panic after compiling with witness and invariant >> >> Feb 27 13:49:33 sovapn1 kernel: lock order reversal: >> Feb 27 13:49:33 sovapn1 kernel: 1st 0xfffffe000fed78b8 pf_idhash >> (pf_idhash) @ /usr/src/sys/netpfil/pf/pf.c:1078 >> Feb 27 13:49:33 sovapn1 kernel: 2nd 0xfffff8001e0474a8 pfsync >> (pfsync) @ /usr/src/sys/netpfil/pf/if_pfsync.c:1667 > > That’s a lock order reversal. It’s not good, but it should at > worst result in a deadlock. Did the system stop after this? > It also looks like a different problem from the panic you initially > reported. > Also, do you actively use pfsync in this setup? Does the panic happen on the box where you DIOCRADDADDRS or the other(s)? Regards, Kristof From owner-freebsd-pf@freebsd.org Thu Mar 1 09:57:24 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C10F5F2FEFC for ; Thu, 1 Mar 2018 09:57:24 +0000 (UTC) (envelope-from srs0=y8dj=fx=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5638179157 for ; Thu, 1 Mar 2018 09:57:24 +0000 (UTC) (envelope-from srs0=y8dj=fx=sigsegv.be=kristof@codepro.be) Received: from [192.168.26.135] (254.158.dhcp.conference.apricot.net [220.247.158.254]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id E2838441E1; Thu, 1 Mar 2018 10:57:21 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1519898242; bh=TL7Lpn+CuXQRz8QXV1xhHIrBPoDGKhIQasrHw75eGqg=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=yc0WRZaquptQ/OXo2PJe5qIYw6FiM1fot9uMTQGVmwKFu0t+lFRopqLgDtFqLHc1j YHn5jqfOdrkROIks//oawEdU/CfjCMhWBjm1eAO7fREMoDWhRBy7C8OEHY1/PcZ96n Smk55WAGtiPT4MOLKmbHKBUoL3aG8Zf6kpdAG1FQ= From: "Kristof Provost" To: "Joe Jones" Cc: freebsd-pf@freebsd.org Subject: Re: Kernel Panic Date: Thu, 01 Mar 2018 15:42:18 +0545 X-Mailer: MailMate (2.0BETAr6104) Message-ID: In-Reply-To: References: <5A842FC6.7020806@stream-technologies.com> <5A8443BF.8040208@stream-technologies.com> <5289570D-24E1-4292-B4D2-D2F67D7D2D4F@sigsegv.be> <5A93EDC9.7020407@stream-technologies.com> <9F39A687-FB34-4984-B969-5264DF38544E@sigsegv.be> <19aedb50-34c0-417d-fc1e-e8d519655684@stream-technologies.com> <22A6028C-9BBA-4117-8734-D976EA5A1367@sigsegv.be> <06755C0B-4633-4FF7-988B-97A0A04D4EF6@sigsegv.be> MIME-Version: 1.0 Content-Type: text/plain; format=flowed; markup=markdown X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 09:57:24 -0000 On 1 Mar 2018, at 15:37, Joe Jones wrote: > yes we use pfsync. Yesterday we tried with pfsync switched off, the > box still locked up but this time without a panic. > > We make the DIOCRADDADDRS ioctl on the master and the backup (we use > CARPed pairs). > Interesting. It might be related to pfsync. Is is the master that panics or the backup? Or both? Regards, Kristof From owner-freebsd-pf@freebsd.org Thu Mar 1 09:53:03 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C5EAF2F6F4 for ; Thu, 1 Mar 2018 09:53:03 +0000 (UTC) (envelope-from Joe@stream-technologies.com) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0605.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1f::605]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 578C478E7B for ; Thu, 1 Mar 2018 09:53:02 +0000 (UTC) (envelope-from Joe@stream-technologies.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=streamtechnologiesuk.onmicrosoft.com; s=selector1-streamtechnologies-com01e; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2McBP/MOG7dN+62pEOsIn0mpomMhzOePNcZDP54+HCc=; b=R7CVYINH27nXlsP2SlXqFqkgPkpGYw74J8rfUOoAwGZssgvb9mNuelrHwP1azA/bRUDF7IgAPPfwAxYB2JE8RvrNlUaosyAcY9c3KphbWIs/XkfLEOucWCjZ8Tnawz+8rwiRTuqqUMUmpn6SozwGrtApq4ekBUSXHfF1Dad9Ru0= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Joe@stream-technologies.com; Received: from [192.168.6.128] (212.250.79.109) by AM4PR07MB3412.eurprd07.prod.outlook.com (2603:10a6:205:a::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.548.6; Thu, 1 Mar 2018 09:52:58 +0000 Subject: Re: Kernel Panic To: Kristof Provost Cc: freebsd-pf@freebsd.org References: <5A842FC6.7020806@stream-technologies.com> <5A8443BF.8040208@stream-technologies.com> <5289570D-24E1-4292-B4D2-D2F67D7D2D4F@sigsegv.be> <5A93EDC9.7020407@stream-technologies.com> <9F39A687-FB34-4984-B969-5264DF38544E@sigsegv.be> <19aedb50-34c0-417d-fc1e-e8d519655684@stream-technologies.com> <22A6028C-9BBA-4117-8734-D976EA5A1367@sigsegv.be> <06755C0B-4633-4FF7-988B-97A0A04D4EF6@sigsegv.be> From: Joe Jones Message-ID: Date: Thu, 1 Mar 2018 09:52:56 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <06755C0B-4633-4FF7-988B-97A0A04D4EF6@sigsegv.be> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Originating-IP: [212.250.79.109] X-ClientProxiedBy: CWXP265CA0024.GBRP265.PROD.OUTLOOK.COM (2603:10a6:400:2e::36) To AM4PR07MB3412.eurprd07.prod.outlook.com (2603:10a6:205:a::33) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 66349f38-75a3-4a4a-4a84-08d57f5a371a X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:AM4PR07MB3412; X-Microsoft-Exchange-Diagnostics: 1; AM4PR07MB3412; 3:DL5KYYT8PijYkPIumEzonZ6QY/QFPwiXIj7IeJ/CMiy1yQ6nBQMutBE94bDi+DvGc4nUdeRL90Utmgb/TiQiPdlynqk4H7OzI1H0nYB4W7GW6OffBgStMUyclRz3dRNnS5Tz7mKzV/ydXpkc/yDQL9Y45Zn5kf+81KBSgxJqgX5S4nLsi2Vi++jzPa/bWPflRr15zbm/tSDugO26Cp6ifcDqk6vHJVBwjsAhcxw2towj6/iXUdFDv+UVsvZSvX7Y; 25:Z5wIuuYnSoH631dZmUzwY3h6XHEV/NZaPT3Q74dKTS+ueS5iB3JmUXTh2BuCS+QFuYQzzfoDzCgCglBtd92HRTGREWEvNdBqZdzURbdC+7z4/cRX9kbOuljbhHn2eiDO+QYACLtoeBxAATt5W8ibFOlVYdi87Lg9ScNqdulND8GLGj/gQRtDuTxgMyQJghiDZ1W/ylAawSVvzPxjANj6e+NMk3N2wSEpNsIIQ8/QVTRCro0gddXd2ND+hK7UwXLHPD9ISEfe00e9lVywWqI4muPvVCrPxWfdhoS5d1RGEDmfTkXUZFtSo/2NUdDVhe2Nx1ot+xxlaASzSLR4F0KOzA==; 31:A2xn8w6UyfobqTiMk0N/GENZKo9eVtfbaBPs0MtIpyBRFnZxTwtLnhGTeAm9jfe5CYC4yIZAGUfqcL+4ropK4HgquPucw2d4YWoZ2WpyPO3ds9H0GBiaQoFPgiaBjJ7I+FqtcorFQSboF714pdBqY8GoBX8e3d9hyYEgLGKE0+igru3FZjoLvb5X1IB8YLjI73Pu6lVl1RX49LYPHiOR8WQaz/0psmIpkVz55tucIWw= X-MS-TrafficTypeDiagnostic: AM4PR07MB3412: X-Microsoft-Exchange-Diagnostics: 1; AM4PR07MB3412; 20:Y1W/Z4i1nXbb7xd6sE/z7bT0b9j9G3xCfK8Img5q/we9LWTvWvchroSkDmv/LxlVBZRRPUNMXsGQJCFCbSZ/EAeZUXzo6M/CsP+kVszwsQ9hFJ1KCV9w3Wg01d7tzXDxS1bReEDJPeiFuODHCOy1EryP7e3cuV3NeqXU5dIk5Sg=; 4:alinWgRdj66+JSYWPTzRFSEdyZDhSrt6AqLw2JogFkZF9JwqIksDdoXDTH+3bBQWFIVKDAXfCVxcrid100ZYhwl3E+vyflg7lup0V+X6Po1eJUCWiMoAl61LlW1IrDC8jbUFZMmROaJqJJuxV0q3YyssACrYjgxAAvYvoisYW7PVageF6ZySHSqayvJuFv/6fos60IVnEIcqBRyyUbASRdPFc0mff8D9vDIiFirYDYjrilt/WcLbGjWEkIkoZb01A/VHlnD1SZ6ja8IlOXcflA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3231220)(944501226)(93006095)(93001095)(10201501046)(3002001)(6041288)(20161123560045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011); SRVR:AM4PR07MB3412; BCL:0; PCL:0; RULEID:; SRVR:AM4PR07MB3412; X-Forefront-PRVS: 05986C03E0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6049001)(39380400002)(346002)(39840400004)(376002)(366004)(396003)(199004)(189003)(59450400001)(2906002)(8676002)(81156014)(81166006)(67846002)(4326008)(221733001)(106356001)(47776003)(386003)(53546011)(52146003)(23676004)(229853002)(3480700004)(6916009)(2950100002)(117156002)(8936002)(80792005)(97736004)(65956001)(76176011)(86362001)(53936002)(6116002)(3846002)(65806001)(68736007)(7116003)(5660300001)(6246003)(7736002)(26005)(36756003)(478600001)(93886005)(72206003)(105586002)(186003)(66066001)(305945005)(2870700001)(6486002)(50466002)(64126003)(77096007)(25786009)(31696002)(65826007)(58126008)(316002)(52116002)(16526019)(16576012)(31686004)(2486003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR07MB3412; H:[192.168.6.128]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: stream-technologies.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtBTTRQUjA3TUIzNDEyOzIzOmw5NEZvWjdtOFQ5NEdEQ3h4Q0JvSXpWdDNH?= =?utf-8?B?WjE1L1VSTTBXTnFPK3MwcE9WR1h0akVFYkVCblRIK0RENENXVHpUeGw0dE12?= =?utf-8?B?ZTF3eHo3US9yN25rRTFaSmw4VWd6bTlGWS9KV3JwdEtuMXR0bGVkY09DRHc5?= =?utf-8?B?cEx1eWcwOXZvcjloSklqWDJqdlEwUDV1OVFSNVMyejNnTEJZWGhkMktzWmNt?= =?utf-8?B?M21mYzFHcndqSWsyUE1RMDdCTzB0cjNtREtxUFpRcURLdlVsRUpac0UwcFM5?= =?utf-8?B?V1ZuRGhHU21RQ2FtOWpwa1Z5c0oxckNYakRzVUc1MGJScTJHWFowRWhKbkNC?= =?utf-8?B?Zk5VUXdmcGlZdmdKbWt0cW1sM3FBbXU3NHdlNDVHR3Vod0g5b0diN0FLWkd4?= =?utf-8?B?MW1waGVWVHNxbFZsc0NGYU0zM2xsK2dINHFTMzFFck1oTFpEL1BKeElXN01s?= =?utf-8?B?YjEySlpWZStaT2RrbWtqWkFWb04zZXNNQ25sd1dndUl4V0prTlRuSnN2b3kz?= =?utf-8?B?RFI1Yk10eUllY3lIbGdGTDlDSkhrSjZ6cDU2K2VpRGtXTlhpQzhncG5OYkZO?= =?utf-8?B?Sk1xV24yUTUxSWxwenNkWDU3bnJ0S3l3eUdGTWlnYVFVb2syZUtjWWpSWFdv?= =?utf-8?B?andLY1hGUUo2d3lkQ1B1S3RzOEpzeGlVQ3RmZDViSWwySXI4RmlGZ050WTRq?= =?utf-8?B?OE1yZXhrY2RmcFNmak5GczFsS29QM1FJaitwVW9rQ3lpdm1xZnIzNjdldFE5?= =?utf-8?B?MFU1azI0ZUxXbDQ0ak4rM3EzVTlmUkhUZVpiMDZ5MEpzekttSkgvT1d0aXZD?= =?utf-8?B?VEU1eEhlWHBXZEh4UkpraGlkdjY2OUY5ZmJCRXhGR3dXeTRrVElMamtLejFx?= =?utf-8?B?ZExmN1Nrb2xDaG5ua3JGdTBlTmxobDgxVTR3RkxRRWZhTFU2cTFabStHaS9T?= =?utf-8?B?cCsyeHp1cUFoeExmalJEbWl2TUdsUUplc2paZVZTOFlEcUZFNW8xSWpKOWM4?= =?utf-8?B?RE9sdTFscnAyblh5SHVXU05UZTNiYUt4THhDNlRMbEl6eUtoZEZTS0hEREVF?= =?utf-8?B?U3RYY1YzZEorcXE0MnBPNy90RktUVzZXMGpuVjlRVWliOGJZSWlORFpwVG1u?= =?utf-8?B?UzFMMmpERkpJYTV0WDQ4VC9XaFAzYmQ4aW0zZHpoOUxCZHNuUWRZT0ZxOUdP?= =?utf-8?B?dXlLNXhEd05OTnJkQUdqVWYzTjdTdUl5N0QzT1NEQkQ2ck1DcGJvQ0lIV096?= =?utf-8?B?SFo0R015NkhCd1ZaU0htY0UrTGxNSEFUOSs1RmM1TkJid3p0Y0hydEhvN0lD?= =?utf-8?B?YkZ2bkp0WGw4WksxejdQSUdZY2dSOXFLUGk0eHhyZyt0Q29rQVpBNm5wYjBu?= =?utf-8?B?SU5EMWZCcFRXTzVPSzJkTUFvd2ZhY0dVYm43QU9zS0RMaFU3cWJrZmdxRHRZ?= =?utf-8?B?RnNXVGZQZzVVSWY2QkczYURvOENBdmNuVGN5MUxtQTQ1SXZDRlRJR2RDb29R?= =?utf-8?B?ZzYzRDJiK2ZHMzQ1NFBYTUV4L0dnb3BHL2xhNCtXZG5EN0huL0tJTFZ3U2hm?= =?utf-8?B?ellaZ1BYVkphejMzOHllS3hxbUNSRlRkaE81OTNZL0ZnMGIyNHhUMVlyV1pP?= =?utf-8?B?ZG1JbXdUZmdzd0w5QWZCNU1vWjNJZ0dsN0p3enA2NThpMjBYaFY1Z040UTB6?= =?utf-8?B?OFBCSlY2SnNRVEs1ZFI2SDk3cml0VHRwZ3JieEFJQ09XUDJJV0l5eGVwMUky?= =?utf-8?B?UW50d1ltMkpoMThxbmJMb0RkWDNpeEV1Z2ltbkwyWmFHQlF6UjFta2RobmFx?= =?utf-8?B?S1JaeGR0UnRRbUkyYitSdFMrUXo1Y3pOelk3WFdTSnlsMmlrME81dEZGRDc0?= =?utf-8?B?SVEwdDVZMktocGVvTFBPR3VTSEZZZVNucnNrZW9OajlscDFjVlN6YVUwTGlp?= =?utf-8?B?U2M1REQxVE5MNEpuVzVSTHhncXZhZWtiZGU1UzFtUzRQUTFmck1KM2ZFUFRt?= =?utf-8?B?UGJaajk4MVluVGl0cjNtb29oVUg1R095RmpaaHlxT1Z3MVJ4SnNwSm55anV6?= =?utf-8?Q?gLPU=3D?= X-Microsoft-Exchange-Diagnostics: 1; AM4PR07MB3412; 6:peXvxFSJh8rc97fkHW26xuAGjVx8tpJ3rIEAWYogBwdeZzXD+F/MjgWGHdoWhr/QAbdVxby+1oAZ9DT7SQa+7PaEcSeZrI7wW9OyaETCr04JP02SJOayjWWe03LVQ9asOwV8lKNlajmN5mj6YPpGwU9gnnbiYXN34ZNOCnRwQcIEAwViXd3Tb9ewUzS5kHQsmoxNCOeQDQCdBYGAaLJLiWF5RCKlussLv36Em4Ew+O6EsIqpdGldFwM6N2oUs+a25amBVJgq6Nl3p7soKulNkZLSjwNANoeRPU41bsEki03qMRr29bc/U+2vOrgPBfgVeJ0dU92UURho0l8vIbcFRGb0e7BWRQPO1oyBnSloLYI=; 5:yL8mZsWF3EF/wkAOp74KDu52pZTJAsYDx390klfHH+qNwrpSeK+oT4gIVyEDJf2COoKo5o/m+1telNgAYLaP+BXZ/JrEwmB/uhnxt5dCj7e/jX2byEhjuAhIQXmeMfLdNXVLUQwnL6a2CYiq6Uc4RQi12PGwco+Yvk4VOVXRgp8=; 24:Zh6srb4dNq3jN5iC9XU8nogftmU4oCRHdz6EkM2wsbtX8qx8G7Ra/Cnc5gyE+DztCHIi+kTb0TPm4fghtGnok5AXvDnUKDTnGwu+uNKS1bk=; 7:vSwuzT8npHqvpgabsSwmAiCPAIurzT827swDDL7KIICCR2ix86BFyYVKihVdOr6j+JLkjqKhxwUFab/V3HbqD1RRFdIhaLrNl1W+NlE/ON0e0k9dWnI1cFsoEC3/CyR9WKwhN6vR/OkSVU0+9s+45B68V+Ml/6Uffty71yS9xHmBjCaZn0JItm/R1D6UQVJnWm2LIRWYZFgRgwvxTMPMFbHZGfMhKo5KgWqBT0ZMwBEV75jlDo6gzVyqvaNxQRzQ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: stream-technologies.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Mar 2018 09:52:58.9906 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 66349f38-75a3-4a4a-4a84-08d57f5a371a X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 720fa073-5781-43bf-bc14-7bef2603ed21 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB3412 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 09:53:03 -0000 Hi Kristof, yes we use pfsync. Yesterday we tried with pfsync switched off, the box still locked up but this time without a panic. We make the DIOCRADDADDRS ioctl on the master and the backup (we use CARPed pairs). Regards Joe Jones On 01/03/18 03:00, Kristof Provost wrote: > On 28 Feb 2018, at 9:52, Kristof Provost wrote: >> On 27 Feb 2018, at 20:40, Joe Jones wrote: >>> we have a kernel panic after compiling with witness and invariant >>> >>> Feb 27 13:49:33 sovapn1 kernel: lock order reversal: >>> Feb 27 13:49:33 sovapn1 kernel: 1st 0xfffffe000fed78b8 pf_idhash >>> (pf_idhash) @ /usr/src/sys/netpfil/pf/pf.c:1078 >>> Feb 27 13:49:33 sovapn1 kernel: 2nd 0xfffff8001e0474a8 pfsync >>> (pfsync) @ /usr/src/sys/netpfil/pf/if_pfsync.c:1667 >> >> That’s a lock order reversal. It’s not good, but it should at worst >> result in a deadlock. Did the system stop after this? >> It also looks like a different problem from the panic you initially >> reported. >> > Also, do you actively use pfsync in this setup? Does the panic happen > on the box where you DIOCRADDADDRS or the other(s)? > > Regards, > Kristof From owner-freebsd-pf@freebsd.org Thu Mar 1 17:43:23 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5E1E9F3EDB5 for ; Thu, 1 Mar 2018 17:43:23 +0000 (UTC) (envelope-from Joe@stream-technologies.com) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0040.outbound.protection.outlook.com [104.47.1.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6E4857200E for ; Thu, 1 Mar 2018 17:43:21 +0000 (UTC) (envelope-from Joe@stream-technologies.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=streamtechnologiesuk.onmicrosoft.com; s=selector1-streamtechnologies-com01e; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=1U5yt/LUdeRV6D7MQXEa3XzseBIG4OlppVfRGH14VlY=; b=kpzvPBoKKE8MMxIsAHFE+dEunW6WIgtO9sk5RLpQclQe/7HW92QValDvVKg049XkJck5BxSNYuNYUnPXGXvZ/mNklCkkG8FZJLypJrXCsuaNTB2XAmwo5sa2lqxS4HWauqkJQCgI1jYKStp9EvjsCWUHdXPcZKxsKoTlzJEI3FE= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Joe@stream-technologies.com; Received: from [192.168.6.128] (212.250.79.109) by HE1PR07MB3420.eurprd07.prod.outlook.com (2603:10a6:7:2c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.548.6; Thu, 1 Mar 2018 17:43:19 +0000 Subject: Re: Kernel Panic To: Kristof Provost Cc: freebsd-pf@freebsd.org References: <5A842FC6.7020806@stream-technologies.com> <5A8443BF.8040208@stream-technologies.com> <5289570D-24E1-4292-B4D2-D2F67D7D2D4F@sigsegv.be> <5A93EDC9.7020407@stream-technologies.com> <9F39A687-FB34-4984-B969-5264DF38544E@sigsegv.be> <19aedb50-34c0-417d-fc1e-e8d519655684@stream-technologies.com> <22A6028C-9BBA-4117-8734-D976EA5A1367@sigsegv.be> <06755C0B-4633-4FF7-988B-97A0A04D4EF6@sigsegv.be> From: Joe Jones Message-ID: <235640a7-9463-6268-e8b2-3a333a011368@stream-technologies.com> Date: Thu, 1 Mar 2018 17:43:16 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Originating-IP: [212.250.79.109] X-ClientProxiedBy: LNXP265CA0047.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:5c::35) To HE1PR07MB3420.eurprd07.prod.outlook.com (2603:10a6:7:2c::11) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4ff93970-f150-4af1-076b-08d57f9beb98 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7153060)(7193020); SRVR:HE1PR07MB3420; X-Microsoft-Exchange-Diagnostics: 1; HE1PR07MB3420; 3:lD/FMpGvLlGNuLz2lenfSNtVWMHAv8t1Uq/nUosQY82ZzD6x0SzxFRn7NxJJRAS5f5FcK81kzUtXpQOjDvcmOhEHDN+MBailZDT0xkxE9c9T56qdETlwq7r8o6k36Q//iXvcH828yYG8W6oOtTkwMeuRXc54Hc07Ptowyih/5sgIPteoRCINnauhAU3MmEp4454buBS/LNhHcGrD5BKHvhdzXGP1ZCc3KY95FBLPYKOHVVxduXUfinyqopZunMHj; 25:ubMzKK6qg98aP1czyXzWxSTgsv+4M15XMuvffwAcoiVDsYJAMLEmDbioF+ffQLZfmYuAWpBoe4ILcpw8ZZikzTB5J5Y/kK2FStwa+5GTkJ+oG7taMnbeEL8aNPSQDM+aPH0PBJC06HtVJLOoczbA156SUiIvFMDV8Tby9kTfDY6Dnl5d1GfUoduJEwXixi9flgNM3GVOCYFlXd3WBAZN6CyC2e04G8RHl0eTjvqLwlD7D6ton6dM7S+LwbMwg2jfv7eDEmWEV1mOGIm1JnQuYgMR5Fc9nWdhjG0sc+SJJw1knnqrvK1+YiWG292kz1IOZhCeAhHb1RTmRqEhWs8W0g==; 31:vLqtjT4aarjKSKb1Op/O/O4TxHLGmvnC0ZNzr8wSRnjbATUiySp9W7DnyuVFlTUukv3dLWUwppjXOFtbs6Otz4C0wdUQPHXoOLMKlOwc8+WuGQOIblnD0LxJ5EytoigBInDeBJqeyUc9bnCTrMfoPE8AkeXaK3c0WUlIbWn+kcI0QtcNoo0rZXzJecGbmdx/gYoOBAmb3BJZ60CGPWoEnletgoiNQDpl2Ik/TCRbjik= X-MS-TrafficTypeDiagnostic: HE1PR07MB3420: X-Microsoft-Exchange-Diagnostics: 1; HE1PR07MB3420; 20:jQYcy7qzoxMueu6g8v1G5VwvWYpjJ4DSetJJm/krlGlsziyLtPktt84AxNyBCW5plIXWibKajiG9h0lWOuT8IYX5CmOZz/zfaTxU2Kj3IT+HhX9317I4r3eOfcggfvm8be6d1HF/fGXjIGqZC+C3yJRNB9nydxp0jXiImhNLvWM=; 4:XBdzO5Kf9VGkjmHI5W/bPuwSu1iZpjWoC36R4Lf4gjhH0YbZno9DRZsMZV7dx+l5ySWTRdJRuDAU3KmgliOINIGtmCbqu9PCAhK1zwhLG3ljwqQQsCoHt6kffLk9EzpyGH7tTn1OpcsVoTp3d2tbFGNUJ6PSizSrNeZjrwlY51hisC819RQBVqwq21COhcnN+rN6iaV6SCNBFB+VjfKW+NdPPR/smWETDdTrFHLX3qQ8XFVNgXhEpuERfLhfs8D8hMqMkdvTXNafJ+7JkyooGpYatd2T/gJod1ySpGnSm6HrkcP4GXTua5ublRRXVFI0 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(788757137089); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231220)(944501230)(10201501046)(3002001)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(6072148)(201708071742011); SRVR:HE1PR07MB3420; BCL:0; PCL:0; RULEID:; SRVR:HE1PR07MB3420; X-Forefront-PRVS: 05986C03E0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6049001)(346002)(376002)(366004)(39840400004)(39380400002)(396003)(199004)(189003)(7736002)(6116002)(68736007)(305945005)(3846002)(53936002)(6916009)(2950100002)(31686004)(117156002)(106356001)(4326008)(5660300001)(3480700004)(6666003)(6246003)(229853002)(186003)(25786009)(8936002)(65826007)(7116003)(8676002)(6486002)(59450400001)(81156014)(81166006)(64126003)(53546011)(93886005)(16526019)(26005)(77096007)(86362001)(67846002)(23676004)(2486003)(52146003)(65956001)(66066001)(221733001)(386003)(65806001)(47776003)(36756003)(16576012)(58126008)(50466002)(316002)(230700001)(76176011)(97736004)(52116002)(31696002)(80792005)(2906002)(478600001)(72206003)(105586002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3420; H:[192.168.6.128]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: stream-technologies.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtIRTFQUjA3TUIzNDIwOzIzOkpvRm9MdmZkT2pLWjJWZzZRa3ZOWXVaVWZT?= =?utf-8?B?MEFTSmc5OG1Uckw4cGNueGpSWnV0czN5VGdoM245RGZMVEp5d1hGYkdxVk9x?= =?utf-8?B?cnpyR1pIS281QUVSUk5lVDRtY3pDMENRNTN0STg1UGFXbFNLWC9tTG9yZzV1?= =?utf-8?B?ak1ZYS9nQjArekRMNEd1Ly9QRVBicHFiYmdyU2dtRE0wdTFOTEdQS21Tb3N0?= =?utf-8?B?aFBQckR3MnhjTVpBakJaUGNIV25SY0s0VExmZWZEK0JTMlpjZHdYNXpsSVcz?= =?utf-8?B?WnUrTC9BTjY3NFVEeU5aaVBPd2puNGt6bmxoakptMDRyT2x5TEJHeEVNK3BR?= =?utf-8?B?bksrTjVrS1FmM3lTcVNkZUIraFFkVC9HUnBpNGIxbTJHcjJod0dQbDRERjRI?= =?utf-8?B?eTV0Q2h0ZmNDYjFqSUQ4Nm94aDM5OUs3MVFwVXlOUWUvM2N4cllCaENPRTBQ?= =?utf-8?B?OXJsSUtjUlcrUkNpRDl1a1hrcy9FMzdmdEU2LzJ1am9ZZHpYdm4raHoxWk5i?= =?utf-8?B?a2YybDJUZC9MRjVrajVBTDZoUzFscUVUY2lQb1RzbzZxRFJST1BKTGFEOUdR?= =?utf-8?B?ZENJS3UrVU1PWHVOR0l4Y2pZeWt3Wlh5a3pmMDFoUVM4U1ovTUdZKzRuMWg3?= =?utf-8?B?OHJueEJkZVJHeTNrMFdQV0JpSlBsS1BkTnpybE0yR1lEbXl3WnhUVVhjbnMz?= =?utf-8?B?ZEQwVWR1ZWJTaUZWaGJHZklPaUpnZ3ordHVsUVpMK0hnb1BEWEkwVGJiYlZy?= =?utf-8?B?OS9KODdBTlJ2S2d2TnBIclJSbHlLOEJqOHVaSVB5Y0VieTRNV24xbm1WczNn?= =?utf-8?B?SGR0RlFIZE1vdTJrK0FINlJNaVBsNjNJVHRLR05VOTRRUlpCeThMWUoxQlJL?= =?utf-8?B?ZVI5VW9GTm9JWFQxWWZudnA4WFhOU1Q3ZnJIOUtIaWZia1IxV1ZJWmlZWlZ2?= =?utf-8?B?ZG0xZFhacXovQThqdWZWY3dTTmlXWFhSUXVHajg4SlFqVE5oQ3h2bHVGNngx?= =?utf-8?B?MnVPT1lrMmYyU2VGMEJkWHYxNTZMd1RMcmtZeDBOTDZreHNqZlF5U0hudzhn?= =?utf-8?B?ZzNhK1lvaEtyU0NFUzFIR3pZeDZoTWVjazYrT1YwRkJTNDRmdThSRW51Zjht?= =?utf-8?B?QUJSVXFaSjZTcVl6M2owMnRyNGY2a2doeHIxelVwbStDQkM4RS95N2Znak5n?= =?utf-8?B?SWZ2TkViZUNkbzB5SkcwdFFrSFhVSEYvemg4VVA0cVExN24weWg1T0JNUS9Y?= =?utf-8?B?Lzk3M0hUb1JxQ1BPbmM0dW5wOTFpQjhPYTJBUWZva0s2NS9yNjIwYkNaSktD?= =?utf-8?B?TVJMczJmUlE3UlBGWGQ1Sng2UjJLZlc5b0xVQjU0Z2tXb29HMFlHbXJRZnNQ?= =?utf-8?B?ZXg4VXlzMEZLOTR5QzRHck9hNjc1aktRYzJyM1A1Qmd4emo0MStoc3ZwLzNM?= =?utf-8?B?OFZERVpHQnVQdVEycjFRQVc5UHRhc1Nxc2ZEblN6cko1TFlXRmJUbmJCKzIv?= =?utf-8?B?c0duL1RlVHdKS01lcDB5WWJBc21hSXZmSUhyT1loSW90cUlGRVRkVEwxTjRH?= =?utf-8?B?a1VtN3Q4VENkZ0hicDh4dTQ5V2lkajE1VnJXMGhtOGpBaVA0TlhCeXlGVDlI?= =?utf-8?B?Q1duc3VwQ0xpOFVPNWdwRFZMUDEvSm14Z2NVNUUrbFU5c29EOUd6VVQ1OFB5?= =?utf-8?B?em15TU9EV2ZsQnV0TGZ2STFGeUxIcUErNjZuNFMwSW5oYkxmNWI5MEpCckgz?= =?utf-8?B?YjNtaStoWUppMWpraXhRQXpxc3J2ZDNvemJBRGs3QVpKVkNuai8wSE1pU2dL?= =?utf-8?B?eDFrV3JYWW04SXlaWXp4cmlWdVdIRmVvN25NREJNSXBkaUkyZytXeXp4L2F1?= =?utf-8?B?SVdDTzUvaWFYTnVYdHlBODlOQWZxaXBxMUZsbnVKendqTTE2REVlMkdsSEhM?= =?utf-8?B?Q1dBVFRRQXFIcjlRcDgyUXRWNEUyZDhuSm1tMHhGTU15Y3hoLzFOMW13c3cr?= =?utf-8?B?OE1IRC82ZEN3L2x4dmpoZ1FEZ005c3ZDeUJnWGZPL1BibUtXcnNRb3RkVHl5?= =?utf-8?Q?lCDg++ItM0nmMB3bE5KrIeJdN?= X-Microsoft-Exchange-Diagnostics: 1; HE1PR07MB3420; 6:gyGIgVgiwUxv88bBCxdMIraP2adpQELjDKPB0oyNu1QesAOvo0ShbkIOkBKdl2D34fNe51R4wwI3fZyIIqsfGWmmRPkEwjnQ5MXD02birTeCRvNdrU8eOJO76ht2YjFZSppLa0McgOjVQeqpdloimG3ZzyDDotCMry5bLXaOGrHkEgQDbyhaue6bexKjUGvAXXo2cz0s4CCxJFxx/ZKxROm90Wq4TAcWH0XyjTHh+dJLq8phKUx0L+8+7R74NVxds9xlVzo9o7uBS5Jm1TwuO2gJnzH0FJK0RKSCYL/DYnTQKe+N01fd+1L+XTA00SIUEA4SIWboHFJDaeofdPw9Ek4psfdycWtmlKIQjbcAlsM=; 5:rSajv51ShWucAK5KOobpQYkOeADDWd3lm+VYZjqr3PzBmoz5Qi8g7RoTuzGJZTwvATYPR2vPovKf+8lx4GuqL1ySaGfBpKZdKQgCjrnSmpXU0/i/WWYazhuBZrTaK10qIgQHOSOdIjPKh8zxKg8Qt1J2SMZrcXDI6HaVACts5No=; 24:ZU+PmXSUDKUGECw71sVPfvExK8xvKwRnp3Eu7ZGTMPD+D/1SSL/cw1wBg222Gyu4Gwar6VEVyvkHLHOpsrVWzeoaiS4ckjPSRbZRinxAADs=; 7:m41xb3kxjlwCEimHeT8a9tq9yohqMNOk/5GCsQ3a7o9L7qKEoJ7DcxEd1OIE8fzOH+2HC0ywnhJ1KT+sYqA/i6Ja0N9C7DgOLXx1Cvz5se6nnCg4uK4RxwaCHVUwVhBA3lBSeVygnmf6tLHRLhfmycRFvxu4nrIK+Xl/zDjnAWv9/8A8Nz4C+pUa1yBJHTrZeQ0ekRW/gPQnAQUshHI33wwRgT+FXyzP0F6hr2/riVnLWJumGE9//2duhNLAWSJZ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: stream-technologies.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Mar 2018 17:43:19.0059 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4ff93970-f150-4af1-076b-08d57f9beb98 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 720fa073-5781-43bf-bc14-7bef2603ed21 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3420 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 17:43:23 -0000 Hi Kristo, It's just the master that crashed, the backup can take over. We think the panic we got by compiling with witness and invariant may be a red herring. We are now looking rules like nat on $isp_if from to any -> sticky-address if we replace the external_napts table with a single address rather than a block of addresses the box does not crash. We are following this line of investigation at the moment. Regards Joe Jones On 01/03/18 09:57, Kristof Provost wrote: > On 1 Mar 2018, at 15:37, Joe Jones wrote: >> yes we use pfsync. Yesterday we tried with pfsync switched off, the >> box still locked up but this time without a panic. >> >> We make the DIOCRADDADDRS ioctl on the master and the backup (we use >> CARPed pairs). >> > Interesting. It might be related to pfsync. Is is the master that > panics or the backup? Or both? > > Regards, > Kristof From owner-freebsd-pf@freebsd.org Thu Mar 1 18:22:07 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 30C26F413C3 for ; Thu, 1 Mar 2018 18:22:07 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B46747382F for ; Thu, 1 Mar 2018 18:22:06 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: by mail-it0-x232.google.com with SMTP id w63so8683265ita.3 for ; Thu, 01 Mar 2018 10:22:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=xnPLTaIA/vP93pCUaSoGfhmFXDooB+kFvsZuQ55TE7I=; b=QJPR8e1magpYxnHLPtFxdiCzrKG+aN3p9CmVmRhoa2PRbx42VU4nuI1RgqTOkfRNeP J1OupfR+R0dtl/30IDjHMLTDxRErQgPzJN8A5bEAqJ96sBrKxE1SodRkAXcMU5TSIUJ2 /gFeXnYOgO88jmZzq51U/hs71uw4UjzZqsvF2K7tEQOud2UGJtvcdYqNSQfKQdzK6L58 ZwodMO3HAPxW1ZhsnHoHKK4TuC7EX9vaz2b9tnKcZOUY9fPPSyIXdQgL4VRT7/29EUWt bUxiy242ocyI6y61VFu6m+zDP6U/UktzhjAcXzjHMn9ztCm2WQuqEQpTms44gnKuGzGj /Iow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=xnPLTaIA/vP93pCUaSoGfhmFXDooB+kFvsZuQ55TE7I=; b=l0a8NVihXNpp9eE2IqLtlEcCApIZ4LRVbonepi3J4MH2Lu/f07AS5kvKX/3+Z5Fh6H +asTQ/rfiAliBuvAXabif/TtZFyZZVKfg4lKF/fwmphzZ288PvJp6IRzxfbpZtZHpexD M9m07bpYCLrsugA6T6qUdpMjOyU6NoVJ4sC1VL/gurr/G/QvZz8NmVnBkiDR59iGkQmw MYOCRv3H1dmeuDHtOFvHuBE3vugO8bnaqkM5yX78w9CK33WRmM18rfKwnQudYiw6344/ iXzQA52aylXV33zaLqqZxLRdGx48BgzEi5E/h40EkOsBDP2wPccsZu41wiAULy7XVPfi owpA== X-Gm-Message-State: APf1xPCp4dNl6zShpEhmIeDSnE/u0zhqmDyVH7eIAYiv5tQNt9y2ja2M ZwT2NNKhu/YuzbsbXNTrsnMwtejNO44BXlkbT0SQRnJM X-Google-Smtp-Source: AG47ELsAzWO5rPXq0R5OtocOtADJjEZ8doA8+RmHq3q3FlEUxK1BGOFPoY6nyk8ZEMegWB2U3j3jI5EVz1BGXb1gtbs= X-Received: by 10.36.17.77 with SMTP id 74mr4076350itf.74.1519928526022; Thu, 01 Mar 2018 10:22:06 -0800 (PST) MIME-Version: 1.0 Sender: ermal.luci@gmail.com Received: by 10.107.32.204 with HTTP; Thu, 1 Mar 2018 10:22:05 -0800 (PST) In-Reply-To: <235640a7-9463-6268-e8b2-3a333a011368@stream-technologies.com> References: <5A842FC6.7020806@stream-technologies.com> <5A8443BF.8040208@stream-technologies.com> <5289570D-24E1-4292-B4D2-D2F67D7D2D4F@sigsegv.be> <5A93EDC9.7020407@stream-technologies.com> <9F39A687-FB34-4984-B969-5264DF38544E@sigsegv.be> <19aedb50-34c0-417d-fc1e-e8d519655684@stream-technologies.com> <22A6028C-9BBA-4117-8734-D976EA5A1367@sigsegv.be> <06755C0B-4633-4FF7-988B-97A0A04D4EF6@sigsegv.be> <235640a7-9463-6268-e8b2-3a333a011368@stream-technologies.com> From: =?UTF-8?Q?Ermal_Lu=C3=A7i?= Date: Thu, 1 Mar 2018 10:22:05 -0800 X-Google-Sender-Auth: rFL4tho4WAQlJSDZkcLbDOZdGPs Message-ID: Subject: Re: Kernel Panic To: Joe Jones Cc: Kristof Provost , "freebsd-pf@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 18:22:07 -0000 On Thu, Mar 1, 2018 at 9:43 AM, Joe Jones wrote: > Hi Kristo, > > It's just the master that crashed, the backup can take over. > > We think the panic we got by compiling with witness and invariant may be a > red herring. > > We are now looking rules like > > nat on $isp_if from to any -> sticky-address > > if we replace the external_napts table with a single address rather than a > block of addresses the box does not crash. > > We are following this line of investigation at the moment. > This is a known issue and should be documented somewhere, possibly man page. It source is when locking was re-designed for pf(4). https://github.com/freebsd/freebsd/blob/releng/11.1/sys/netpfil/pf/pf_lb.c#L428 * XXXGL: in the round-robin case we need to store * the round-robin machine state in the rule, thus * forwarding thread needs to modify rule. * * This is done w/o locking, because performance is assumed * more important than round-robin precision. * * In the simpliest case we just update the "rpool->cur" * pointer. However, if pool contains tables or dynamic * addresses, then "tblidx" is also used to store machine * state. Since "tblidx" is int, concurrent access to it can't * lead to inconsistence, only to lost of precision. * * Things get worse, if table contains not hosts, but * prefixes. In this case counter also stores machine state, * and for IPv6 address, counter can't be updated atomically. * Probably, using round-robin on a table containing IPv6 * prefixes (or even IPv4) would cause a panic. The fix is to add proper locking around such scenario. At minimum there would be needed a RULES_WLOCK in there or maybe reside to atomics. > Regards > Joe Jones > > > On 01/03/18 09:57, Kristof Provost wrote: > >> On 1 Mar 2018, at 15:37, Joe Jones wrote: >> >>> yes we use pfsync. Yesterday we tried with pfsync switched off, the box >>> still locked up but this time without a panic. >>> >>> We make the DIOCRADDADDRS ioctl on the master and the backup (we use >>> CARPed pairs). >>> >>> Interesting. It might be related to pfsync. Is is the master that panics >> or the backup? Or both? >> >> Regards, >> Kristof >> > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > -- > Ermal > From owner-freebsd-pf@freebsd.org Thu Mar 1 20:11:41 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9BF72F25A13 for ; Thu, 1 Mar 2018 20:11:41 +0000 (UTC) (envelope-from Joe@stream-technologies.com) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40080.outbound.protection.outlook.com [40.107.4.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 022DC78091 for ; Thu, 1 Mar 2018 20:11:40 +0000 (UTC) (envelope-from Joe@stream-technologies.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=streamtechnologiesuk.onmicrosoft.com; s=selector1-streamtechnologies-com01e; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=X95JJKWu5pLOj96U615fS1y2M7Q4RjVgtq0sDouLrjc=; b=Ez08rbz3Gp5TQnyyBG8vc6cWjCJCDW19NXJytqshHo7qcfGwddlBwYFtGY88VptXuBLKyaVwXYNN2msev4NJGluYKW0cg9+0GtCtfyIZXN9HKgglbLJeTWtT2gP8Q1q2BgAtU/3+CNSyN31IGo0ZSV4r9CYwVTTK+OrjSFY+jbk= Received: from DB6PR07MB3413.eurprd07.prod.outlook.com (10.175.234.16) by DB6PR07MB3415.eurprd07.prod.outlook.com (10.175.234.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.567.5; Thu, 1 Mar 2018 20:11:38 +0000 Received: from DB6PR07MB3413.eurprd07.prod.outlook.com ([fe80::45f2:bbf6:f921:bf18]) by DB6PR07MB3413.eurprd07.prod.outlook.com ([fe80::45f2:bbf6:f921:bf18%5]) with mapi id 15.20.0567.002; Thu, 1 Mar 2018 20:11:38 +0000 From: Joe Jones To: Kristof Provost CC: "freebsd-pf@freebsd.org" Subject: Re: Kernel Panic Thread-Topic: Kernel Panic Thread-Index: AQHTpZHrV/fQIzRzUE6XEgqyGs34A6Oj3vQAgAARiYCAERLqAIABmWyAgAEiMgCAAKv3gIAA3SEAgAF/u4CAAHMpAIAAATkAgACn6ms= Date: Thu, 1 Mar 2018 20:11:37 +0000 Message-ID: References: <5A842FC6.7020806@stream-technologies.com> <5A8443BF.8040208@stream-technologies.com> <5289570D-24E1-4292-B4D2-D2F67D7D2D4F@sigsegv.be> <5A93EDC9.7020407@stream-technologies.com> <9F39A687-FB34-4984-B969-5264DF38544E@sigsegv.be> <19aedb50-34c0-417d-fc1e-e8d519655684@stream-technologies.com> <22A6028C-9BBA-4117-8734-D976EA5A1367@sigsegv.be> <06755C0B-4633-4FF7-988B-97A0A04D4EF6@sigsegv.be> , In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [84.51.152.180] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DB6PR07MB3415; 7:fnu81AQQL6CB6VRSuVuSZW/UefYpQ0dAMxnLy1BYJKQJFibO7xWkzupeNTV1WgLZI4Tm5oiDeaLM9/ekPdkzJb/uLIlqE0JGEe2/aOkK9gOMlwm/bOQ45y75vud4xjm9i0+dFUkmR9AoYRfJeqazQElqEsxKmgYkq2EE1Dsv+2kM8iVrmI5q1iLmRsw+KD9ailI8/gY+cXbNJFiSxy6t8qqkumAYS27veI3A7rirGlJ331XfbglgmKNz5V9rfxnO x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: de168af1-77a8-45a5-0504-08d57fb0a3b7 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7153060)(7193020); SRVR:DB6PR07MB3415; x-ms-traffictypediagnostic: DB6PR07MB3415: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(3231220)(944501231)(52105095)(6041288)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:DB6PR07MB3415; BCL:0; PCL:0; RULEID:; SRVR:DB6PR07MB3415; x-forefront-prvs: 05986C03E0 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39380400002)(366004)(396003)(376002)(39840400004)(189003)(199004)(2906002)(106356001)(316002)(478600001)(68736007)(229853002)(6246003)(6346003)(59450400001)(4326008)(3280700002)(2900100001)(3660700001)(76176011)(7696005)(93886005)(7736002)(6436002)(72206003)(6116002)(66066001)(80792005)(6916009)(99286004)(54896002)(9686003)(3480700004)(8936002)(2950100002)(55016002)(6606003)(26005)(86362001)(3846002)(221733001)(14454004)(53936002)(5660300001)(19627405001)(102836004)(186003)(33656002)(7116003)(97736004)(53546011)(6506007)(81156014)(25786009)(8676002)(5250100002)(81166006)(74316002)(105586002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR07MB3415; H:DB6PR07MB3413.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: stream-technologies.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Joe@stream-technologies.com; x-microsoft-antispam-message-info: ekvalmJsfPP9FxKTeKUfEgEK9xzCjZqGhXBYo90N7GSZCGGf/6nXl6SO/Sfteza4AOekSeqrzgIqAbMf19RwK380i3QVKWIE5P2pQQBTcuT2bnHjHeuzpqLye2zPfd2gr2DMeLLgRMsu3sDIQsvIkhf9vYBWoBa3G6fNF1FVAvo= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: stream-technologies.com X-MS-Exchange-CrossTenant-Network-Message-Id: de168af1-77a8-45a5-0504-08d57fb0a3b7 X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Mar 2018 20:11:37.8834 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 720fa073-5781-43bf-bc14-7bef2603ed21 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR07MB3415 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 20:11:41 -0000 Hi, there is a function called pf_get_sport in /usr/src/sys/netpfil/pf/pf_lb.c = which contains a do while loop, the guard is ! PF_AEQ(&init_addr, naddr, af= )). We put a counter in this loop and we saw it spin 431728 times, this app= ears to coincide with a lockup. we'll continue investigating tomorrow. Regards Joe Jones ________________________________ From: Kristof Provost Sent: 01 March 2018 09:57:18 To: Joe Jones Cc: freebsd-pf@freebsd.org Subject: Re: Kernel Panic On 1 Mar 2018, at 15:37, Joe Jones wrote: > yes we use pfsync. Yesterday we tried with pfsync switched off, the > box still locked up but this time without a panic. > > We make the DIOCRADDADDRS ioctl on the master and the backup (we use > CARPed pairs). > Interesting. It might be related to pfsync. Is is the master that panics or the backup? Or both? Regards, Kristof From owner-freebsd-pf@freebsd.org Sat Mar 3 11:30:04 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22247F32DEE for ; Sat, 3 Mar 2018 11:30:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A9E297C760 for ; Sat, 3 Mar 2018 11:30:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id C4F5B22576 for ; Sat, 3 Mar 2018 11:30:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w23BU29C078998 for ; Sat, 3 Mar 2018 11:30:02 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w23BU2Di078997 for freebsd-pf@FreeBSD.org; Sat, 3 Mar 2018 11:30:02 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 209475] pf didn't check if enough free RAM for net.pf.states_hashsize Date: Sat, 03 Mar 2018 11:30:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.3-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: fnoyanisi@yahoo.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Mar 2018 11:30:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D209475 --- Comment #32 from fehmi noyan isi --- Thank you! --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sat Mar 3 11:49:40 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 08B3DF343B3 for ; Sat, 3 Mar 2018 11:49:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9BA207D39F for ; Sat, 3 Mar 2018 11:49:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id DB8A92286B for ; Sat, 3 Mar 2018 11:49:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w23BnckY025724 for ; Sat, 3 Mar 2018 11:49:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w23Bnci3025723 for freebsd-pf@FreeBSD.org; Sat, 3 Mar 2018 11:49:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Date: Sat, 03 Mar 2018 11:49:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: noah.bergbauer@tum.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Mar 2018 11:49:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222126 --- Comment #49 from noah.bergbauer@tum.de --- At least in my particular case, I eventually tracked this down to a tunable from loader.conf: kern.timecounter.smp_tsc_adjust=3D1 Since I removed that, this issue hasn't happened once so I believe it might have been the reason. --=20 You are receiving this mail because: You are the assignee for the bug.=