From nobody Thu Nov 16 16:40:45 2023 X-Original-To: ipfw@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SWQl144kWz50r6l for ; Thu, 16 Nov 2023 16:40:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SWQl10QTKz3GcB for ; Thu, 16 Nov 2023 16:40:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700152845; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=voIU3MpGavd75TwVXw15+6BEhHaycACWQnUGGwAErMk=; b=yeIJ3wE2TSFGR7O0aTQ9NgwoWzjj7Bn7MPBEy/VxvAYcEQnzsoL/5B+qPrhjKVCT5AFXSU eQRdGmm4KrIgxc2y9iF40jN6ut3P1BhHLCQVZ58srNiEeymBP1WnJOuu9aZb/zkvdpNSM6 D2jJstpA4qAW1WFzR++FLo0ua5lubrXVCV32b0dyKnxHCyPrRipwFowWXAjuy4hkI3Y6jI gIDDKXiSYAgP+uPeuxmtY9BpQnqnsPNfCZhZbLT35Dz2HzoqKgWFHTyg28OQ6IMzIN3Uih N/FkOfHrsFuhPyCqHzE1CyAhrju17p/H/8cNdh7o8hU5oFHVTLkkgypFpkFP0w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700152845; a=rsa-sha256; cv=none; b=VmlHtOC7cLkiFbUmy1oHC3vi+85lCdn5rix9XiHFSeIS9QGPIVqxzveLg3WIxitIrHgww7 TwCa76PJZzO7p7LOfQ7LhKLnvanGXJAikuKhTikDlp3fX0KnaseGf83+droAayba1SU4m1 adYsBy7iP6foR7CeUjMB2W2ovpJGR7jaKo8LNQfRKsgIhRHLOK5dpjIp+M4csTZHpgaxUI qHFwQel7FH0Kt8dOM33D1o1OXT7BPiuKYM3qFUXwmZXtIk2FgKvnrekDK9CpIfstGcu7wp fX4x1kslNdd1vNalsOsHn3DVcmlafBz96OnVB+Y+pGbv9mYvS6WkryO/a09wqA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SWQl06JZLz177Y for ; Thu, 16 Nov 2023 16:40:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3AGGeit8031041 for ; Thu, 16 Nov 2023 16:40:44 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3AGGeicj031040 for ipfw@FreeBSD.org; Thu, 16 Nov 2023 16:40:44 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 132774] [ipfw] IPFW with uid/gid/jail rules may lead to lockup Date: Thu, 16 Nov 2023 16:40:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.2-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: vincent.jancso@outlook.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: IPFW Technical Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ipfw List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ipfw@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D132774 vincent.jancso@outlook.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vincent.jancso@outlook.com --- Comment #5 from vincent.jancso@outlook.com --- Looks like I am hitting the same issue. I upgraded several hosts from 12.4 = to 13.2. Virtual machines are not affected, only physical hosts. I was able to narrow it down to some IPFW rules. Here is the setup: Host A: Recently upgraded, physical host with FreeBSD 13.2 Host B: Also physical host with FreeBSD 13.2, runs a webserver (10.1.1.20) Host A has this IPFW rule: $IPFW_CMD add 2040 allow ip from me to 10.1.1.20/32 uid 0 Host B has this IPFW rule: $IPFW_CMD add 3000 allow tcp from any to 10.1.1.20 80,443 keep-state I can reproduce a freeze by repeatedly fetching a file on Host A from Host = B: [root@host-a] $ while true; do curl -v=C2=A0http://10.1.1.2/test.txt=C2=A0-= -output /dev/null; done After a few seconds, the network connection of Host A is lost. I can still = log in through a local shell, but after about 20 seconds the host freezes completely. No kernel panic, nothing in the logs. Host B is still running fine and never freezes. - Freezes do NOT happen if I remove the uid 0 selector from Host A's rule or stop IPFW completely. - Freezes also do NOT happen if I remove the keep-state of Host B's rule or stop IPFW completely. @Stefan Rink Are you also maybe using an Intel NIC with the ixbge driver? My guess is an issue in combination with the driver and IPFW. [root@host-a] $ pciconf -lv | grep -A1 -B3 network ix0@pci0:6:0:0: class=3D0x020000 rev=3D0x01 hdr=3D0x00 vendor=3D0x8086 devi= ce=3D0x10f8 subvendor=3D0x103c subdevice=3D0x18d0 vendor =3D 'Intel Corporation' device =3D '82599 10 Gigabit Dual Port Backplane Connection' class =3D network subclass =3D ethernet ix1@pci0:6:0:1: class=3D0x020000 rev=3D0x01 hdr=3D0x00 vendor=3D0x8086 devi= ce=3D0x10f8 subvendor=3D0x103c subdevice=3D0x18d0 vendor =3D 'Intel Corporation' device =3D '82599 10 Gigabit Dual Port Backplane Connection' class =3D network subclass =3D ethernet --=20 You are receiving this mail because: You are the assignee for the bug.=