Created attachment 165051 [details] Backtrace of the fatal trap triggered by the jailed pfctl -sr Running "pfctl -sr" from within a jail having its own vnet trigger a "Fatal trap 12: page fault while in kernel mode" (backtrace in the screenshot attached). Surprisingly, the "dump" command successfully generate a core dump that can be read with kgdb but "bt" don't show any thread containing the pfioctl call. Anyway, the jail is configured as follow: $ head -n 17 /etc/jail.conf allow.mount; allow.mount.devfs; allow.sysvipc; devfs_ruleset = 5; exec.clean; exec.poststop = "/jail/etc/poststop $name"; exec.prestart = "/jail/etc/prestart $name"; exec.start = "sh /etc/rc"; host.hostname = "$name.fb11.lab.local"; mount.devfs; path = /jail/$name; persist; left { vnet = new; vnet.interface = epair0a; } [...] $ grep -e pf -e jail /etc/rc.conf jail_enable="NO" # Set the jail list to "" to create all the jails found in jail.conf(5) jail_list="" pf_enable="YES" pf_log="YES" $ cat /etc/pf.conf pass from any to any $ pfctl -sr pass all flags S/SA keep state $ cat /etc/devfs.rules [ruleset=5] add include $devfsrules_jail add path 'pf' unhide $ ll -i /dev/pf 88 crw------- 1 root wheel 0x58 Jan 4 14:30 /dev/pf $ sudo jexec left ls -li /dev/pf 88 crw------- 1 root wheel 0x58 Jan 4 13:30 /dev/pf $
I forgot to show the prestart script: $ cat /jail/etc/prestart #!/bin/sh set -eux jname="$1" cd /jail for e in $(cd /jail/root; find . -maxdepth 1 -type d ! -name '.' ! -name 'dev' | sed 's_^./__1'); do mount -t unionfs -o below "/jail/root/$e" "$jname/$e" done The intent is to use a template to populate the jail but excluding the dev/ directory.
Maybe related to bug #194515.
vnet is supported in 12, and pf works both on host and in jails there.