its enough to start pf inside jail to reproduce this bug. i was add to kernel only these options: options VIMAGE device pf final trap image can be seen at http://s25.postimg.org/qmumaj5y7/fatal_trap12.png uname -a FreeBSD host 10.1-RC2 FreeBSD 10.1-RC2 #2: Tue Oct 21 15:22:30 MSK 2014 admin@host:/usr/src/sys/amd64/compile/MSRV amd64
Can you provide more details: (1) What command did you use to start the jail? (2) What config file did you use for pf? (3) What command did you use to start pf?
Created attachment 150526 [details] fatal_trap12-p1.png
Created attachment 150527 [details] pf_min.conf
---------- Forwarded message ---------- From: Ivan UAdm <ivan.uadm@gmail.com> Date: Wed, Dec 10, 2014 at 8:49 AM Subject: bug id 194515 Hi, Craig i was update enviroment to 10.1-release, but bug is still there > Can you provide more details: (1) What command did you use to start the jail? i start with: jail -c persist name=testjail001 vnet path=/usr/local/jails/testjail001 host.hostname=testjail001 allow.raw_sockets allow.socket_af (2) What config file did you use for pf? see in attach (3) What command did you use to start pf? i start with /etc/rc.d/pf start at jailstart time -- MVH, Ivan mobile: +7 931 250 2064
*** Bug 188018 has been marked as a duplicate of this bug. ***
(In reply to Craig Rodrigues from comment #5) > *** Bug 188018 has been marked as a duplicate of this bug. *** Remember to test: pfctl -sr -v
*** Bug 143808 has been marked as a duplicate of this bug. ***
*** Bug 179264 has been marked as a duplicate of this bug. ***
(In reply to Craig Rodrigues from comment #8) > *** Bug 179264 has been marked as a duplicate of this bug. *** See also: http://lists.freebsd.org/pipermail/freebsd-virtualization/2013-June/001296.html
*** Bug 161094 has been marked as a duplicate of this bug. ***
*** Bug 176112 has been marked as a duplicate of this bug. ***
*** Bug 160541 has been marked as a duplicate of this bug. ***
*** Bug 160496 has been marked as a duplicate of this bug. ***
*** Bug 148155 has been marked as a duplicate of this bug. ***
A commit references this bug: Author: rodrigc Date: Tue Jan 6 08:39:09 UTC 2015 New revision: 276746 URL: https://svnweb.freebsd.org/changeset/base/276746 Log: Merge: r258322 from projects/pf branch Split functions that initialize various pf parts into their vimage parts and global parts. Since global parts appeared to be only mutex initializations, just abandon them and use MTX_SYSINIT() instead. Kill my incorrect VNET_FOREACH() iterator and instead use correct approach with VNET_SYSINIT(). PR: 194515 Differential Revision: D1309 Submitted by: glebius, Nikos Vassiliadis <nvass@gmx.com> Reviewed by: trociny, zec, gnn Changes: head/sys/net/pfvar.h head/sys/netpfil/pf/pf.c head/sys/netpfil/pf/pf_if.c head/sys/netpfil/pf/pf_ioctl.c head/sys/netpfil/pf/pf_norm.c head/sys/netpfil/pf/pf_table.c
A commit references this bug: Author: rodrigc Date: Tue Jan 6 09:03:04 UTC 2015 New revision: 276747 URL: https://svnweb.freebsd.org/changeset/base/276747 Log: Instead of creating a purge thread for every vnet, create a single purge thread and clean up all vnets from this thread. PR: 194515 Differential Revision: D1315 Submitted by: Nikos Vassiliadis <nvass@gmx.com> Changes: head/sys/netpfil/pf/pf.c
A commit references this bug: Author: rodrigc Date: Tue Jan 6 16:47:04 UTC 2015 New revision: 276756 URL: https://svnweb.freebsd.org/changeset/base/276756 Log: Reapply previous patch to fix build. PR: 194515 Changes: head/sys/net/pfvar.h head/sys/netpfil/pf/pf.c head/sys/netpfil/pf/pf_if.c head/sys/netpfil/pf/pf_ioctl.c head/sys/netpfil/pf/pf_norm.c
Is this going to be MFCd? The 3 commits apply cleanly to stable/10 and seem to work (but I have only tested it lightly so far)
(In reply to darius from comment #18) I'm OK with merging this to stable/10, but I would like to get some feedback from PF users on the state of things in CURRENT before merging. What is your experience with this patch? Herbert Skuhra has provided good feedback, but getting a few more people to try it and report would be great. Herbert found another bug in CURRENT: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195859 That is a bug in the bridge code, and not part of the VIMAGE + PF fixes. However, all this stuff is interrelated. It would be nice to get a fix in for PR 195859, so provide a consistent testing environment for VIMAGE in CURRENT. That will make it easier to backport patches to stable/10.
Updated 10.1-BETA and 10.1-RC versioned bugs to 10.1-STABLE.
Is there any update on these fixes? I've just happened to bump my 10.1-RELEASE into 10-STABLE and created few VIMAGE based jails. As soon as I stop any of them, and I can reproduce it every time, the host OS crashes. That makes the entire VIMAGE completely unusable...
The commits done under https://svnweb.freebsd.org/changeset/base/276756 were backed out in https://svnweb.freebsd.org/changeset/base/277519 . Nikos is working on another patch https://reviews.freebsd.org/D1944
It seems the problem was fixed with r302156 before stable/11 was branched but never merged to stable/10.
vnet is now supported in 12.0 (but not in earlier releases). Many vent-related problems were fixed in pf (and pf-in-vnet-jails is now part of our automated tests). Please re-open it if you're still having issues on 12 or later.