Bug 224414

Summary: 'kldload pf' or 'pf_enable="YES"' triggers immediate panic
Product: Base System Reporter: S Senator <freebsd-bugzilla>
Component: kernAssignee: freebsd-pf (Nobody) <pf>
Status: Closed FIXED    
Severity: Affects Some People CC: freebsd-bugzilla, kp, paul.g.webster
Priority: ---    
Version: 11.1-RELEASE   
Hardware: amd64   
OS: Any   

Description S Senator 2017-12-18 01:16:14 UTC 
Adding
   pf_enable="YES"

to /boot/loader.conf or /boot/loader.conf.local or, after a full boot,
   modload pf
causes an immediate kernel panic. This is reproducible on the (FreeBSD Mall 11.1 purchased) installation CD by selecting 'Shell' and then executing: modload pf

This system was reliably in service for >3+ years running FreeBSD 9.0-RELEASE. Upgrading to 11.1-RELEASE appears to have introduced this symptom.
1
# ls -l /boot/kernel/pf.ko
 ... 348024 July 21 02:20 /boot/kernel/pf.ko

# sum /boot/kernel/pf.ko
 13544 340 /boot/kernel/pf.ko

Kernel version: 11.1-RELEASE r321309 Fri Jul 21 02:08:28 UTC 2017 root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64

Motherboard: SuperMicro X7DB8-X http://www.supermicro.com/products/motherboard/xeon1333/5000P/X7DB8-X.cfm

NICs: Intel Pro/1000 (quantity 3) - detected as em[0-2]

Disk controllers: 3Ware 9550SXU-4LP (quantity 2) - detected as twa[0-1]

I am in the process of reinstalling this with a larger /var so as to enable crash dumps.
Comment 1 Paul Webster 2017-12-18 07:05:32 UTC 
I do have some emN hardware somewhere that I know works with freebsd and my current production server seems fairly happy too:

igb0: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0x3000-0x30                                                                               1f mem 0xb1100000-0xb117ffff,0xb1180000-0xb1183fff irq 17 at device 0.0 on pci3
igb0: Using MSIX interrupts with 5 vectors
igb0: Ethernet address: 00:1e:67:c4:6f:5b
igb0: Bound queue 0 to cpu 0
igb0: Bound queue 1 to cpu 1
igb0: Bound queue 2 to cpu 2
igb0: Bound queue 3 to cpu 3
igb0: netmap queues/slots: TX 4/10


I BELIEVE there was a driver change for all intel network hardware coming up or just passed though, it might actually be in current (will wait for someone else to confirm) if you have the ability or time you could try installing one of the 12-snapshot ISO's to a USB pen and booting that to see if it shows the same issues.
Comment 2 Kristof Provost freebsd_committer freebsd_triage 2017-12-18 07:21:27 UTC 
I would be very useful to have a crashdump, as right now there's not a lot to go on.
Comment 3 Kristof Provost freebsd_committer freebsd_triage 2017-12-18 09:59:13 UTC 
If I had to guess (and given that there's no information right now that's all I can do) it might be FreeBSD-EN-17:08-pf. 
Make sure you've updated your installation to the latest 11.1 patch version.

https://www.freebsd.org/security/advisories/FreeBSD-EN-17:08.pf.asc
Comment 4 S Senator 2017-12-19 03:37:45 UTC 
This problem description matches the presented stack trace and panic:
from: https://www.freebsd.org/security/advisories/FreeBSD-EN-17:08.pf.asc

"A pf housekeeping thread (pf_purge_thread) could potentially use an
uninitialized variable, leading to a division by zero and a kernel panic."

After following the remediation steps: (freebsd-update fetch; freebsd-update install) this does not occur.

This may be closed.