This was reported for 10.1-RELEASE by ketas @ IRC. I have also confirmed it in HEAD. groupname = all if_addgroup(): groups insert pfi_kif_update(): 0xfffff8000480cb00 pfi_kif_update(): 0xfffff8000480c400 pfi_kif_update(): 0xfffff8000480cb00 groupname = stf if_addgroup(): ifg == NULL if_addgroup(): groups insert pfi_kif_update(): 0xfffff8000480c400 pfi_kif_update(): 0xfffff8000480cb00 pfi_kif_update(): 0xfffff8000480c400 pfi_kif_update(): 0xfffff8000480cb00 pfi_kif_update(): 0xfffff8000480c400 [ ... ] Fatal double fault rip = 0xffffffff809ed9fc rsp = 0xfffffe0238914000 rbp = 0xfffffe0238914020 cpuid = 0; apic id = 00 panic: double fault cpuid = 0 KDB: stack backtrace: [ ... ] pfi_kif_update() at pfi_kif_update+0x29/frame 0xfffffe0238914630 pfi_kif_update() at pfi_kif_update+0x23c/frame 0xfffffe0238914690 pfi_kif_update() at pfi_kif_update+0x23c/frame 0xfffffe02389146f0 pfi_kif_update() at pfi_kif_update+0x23c/frame 0xfffffe0238914750 pfi_kif_update() at pfi_kif_update+0x23c/frame 0xfffffe02389147b0 [ ... more recursion ... ] pfi_change_group_event() at pfi_change_group_event+0x56/frame 0xfffffe02389178f0 if_addgroup() at if_addgroup+0x4ce/frame 0xfffffe0238917950 if_clone_createif() at if_clone_createif+0x1cf/frame 0xfffffe02389179a0 kern_ioctl() at kern_ioctl+0x230/frame 0xfffffe0238917a00 sys_ioctl() at sys_ioctl+0x16a/frame 0xfffffe0238917ae0 amd64_syscall() at amd64_syscall+0x282/frame 0xfffffe0238917bf0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe0238917bf0 --- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x3c54795a85a, rsp = 0x74f3a9666078, rbp = 0x74f3a96660c0 --- KDB: enter: panic [ thread pid 70905 tid 100584 ] Stopped at kdb_enter+0x3e: movq $0,kdb_why How-To-Repeat: # ifconfig stf create This seems related to #127042.
There's a patch in https://reviews.freebsd.org/D3435 It's not perfect, in that it doesn't fix all of the issues with interface groups in pf, but it does fix this panic.