It seems that after r343631, execute test case sys.netpfil.pf.fragmentation.v6 results kernel panic: root@:/usr/tests/sys/netpfil/pf # kyua test fragmentation:v6 fragmentation:v6 -> lock order reversal: 1st 0xffffffff82095820 allprison (allprison) @ /usr/src/sys/kern/kern_jail.c:966 2nd 0xffffffff820c3840 vnet_sysinit_sxlock (vnet_sysinit_sxlock) @ /usr/src/sys/net/vnet.c:575 stack backtrace: #0 0xffffffff80c450b3 at witness_debugger+0x73 #1 0xffffffff80c44e03 at witness_checkorder+0xac3 #2 0xffffffff80be7398 at _sx_slock_int+0x68 #3 0xffffffff80d0c7e7 at vnet_alloc+0x117 #4 0xffffffff80ba2912 at kern_jail_set+0x1b32 #5 0xffffffff80ba4290 at sys_jail_set+0x40 #6 0xffffffff810aee96 at amd64_syscall+0x276 #7 0xffffffff810882dd at fast_syscall_common+0x101 Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x10 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80e2e4f0 stack pointer = 0x28:0xfffffe00242b3590 frame pointer = 0x28:0xfffffe00242b36e0 code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (swi1: netisr 0) trap number = 12 panic: page fault cpuid = 1 time = 1549063497 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00242b3250 vpanic() at vpanic+0x1b4/frame 0xfffffe00242b32b0 panic() at panic+0x43/frame 0xfffffe00242b3310 trap_fatal() at trap_fatal+0x369/frame 0xfffffe00242b3360 trap_pfault() at trap_pfault+0x62/frame 0xfffffe00242b33b0 trap() at trap+0x2bb/frame 0xfffffe00242b34c0 calltrap() at calltrap+0x8/frame 0xfffffe00242b34c0 --- trap 0xc, rip = 0xffffffff80e2e4f0, rsp = 0xfffffe00242b3590, rbp = 0xfffffe00242b36e0 --- ip6_forward() at ip6_forward+0x4a0/frame 0xfffffe00242b36e0 ip6_input() at ip6_input+0xdfe/frame 0xfffffe00242b37d0 netisr_dispatch_src() at netisr_dispatch_src+0xa2/frame 0xfffffe00242b3840 ether_demux() at ether_demux+0x16f/frame 0xfffffe00242b3870 ether_nh_input() at ether_nh_input+0x408/frame 0xfffffe00242b38d0 netisr_dispatch_src() at netisr_dispatch_src+0xa2/frame 0xfffffe00242b3940 ether_input() at ether_input+0x73/frame 0xfffffe00242b3970 epair_nh_sintr() at epair_nh_sintr+0x19/frame 0xfffffe00242b3990 swi_net() at swi_net+0x189/frame 0xfffffe00242b3a10 ithread_loop() at ithread_loop+0x187/frame 0xfffffe00242b3a70 fork_exit() at fork_exit+0x84/frame 0xfffffe00242b3ab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00242b3ab0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- Other kdb information is available at: https://gist.github.com/80eec9493d5ecfcbd123a308e2b8d4cc
Created attachment 201621 [details] suggested patch Can you please test this patch?
It works fine with sys.netpfil.pf.*, thanks!
A commit references this bug: Author: glebius Date: Sat Feb 2 05:49:05 UTC 2019 New revision: 343678 URL: https://svnweb.freebsd.org/changeset/base/343678 Log: Return PFIL_CONSUMED if packet was consumed. While here gather all the identical endings of pf_check_*() into single function. PR: 235411 Changes: head/sys/netpfil/pf/pf_ioctl.c