Project

General

Profile

Actions
Copy link

Bug #16828

open

Kernel panic (page fault) in bpfmtap via vlantransmit when Suricata BPF listeners active on VLAN interfaces (26.03)

Added by Philip Cook about 9 hours ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Suricata
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
26.03
Affected Architecture:

Description

pfSense Version: pfSense Plus 26.03 (RELENG_26_03, built 2026-03-20)
Hardware: ASRock Rack D1521D4I (Xeon D-1521, 4-core, Broadwell-DE)
Onboard NIC: Intel I210 (igb driver)
PCIe NIC: Intel 82599ES 10GbE SFP+ (ixgbe driver)
RAM: 8 GB

Summary:
Recurring kernel panics (page fault) occurring multiple times over ~2 weeks.
Crash dumps show bpfmtap faulting during IP forwarding through VLAN interfaces
while Suricata has active BPF listeners on those VLANs.

Crash Stack Trace:
ipinput → iptryforward → etheroutput → etheroutputframe
→ vlantransmit → bpfmtap ← PAGE FAULT

Running at time of crash:
- Suricata with BPF listeners on ix1.40 and ix1.70 (VLAN sub-interfaces on 82599ES)
- Multiple Suricata instances (ix1.70, ix1.40)

Crash dates: 2026-04-23, 2026-04-30, 2026-05-01, 2026-05-04

Related historical bugs: #6690, #7893

Files

Download all files
textdump.tar.3 (394 KB) textdump.tar.3 Philip Cook, 05/05/2026 08:53 PM
textdump.tar.2 (394 KB) textdump.tar.2 Philip Cook, 05/05/2026 08:53 PM
textdump.tar.1 (404 KB) textdump.tar.1 Philip Cook, 05/05/2026 08:53 PM
textdump.tar (2).0 (408 KB) textdump.tar (2).0 Philip Cook, 05/05/2026 08:53 PM
info.3 (543 Bytes) info.3 Philip Cook, 05/05/2026 08:53 PM
info.2 (543 Bytes) info.2 Philip Cook, 05/05/2026 08:53 PM
info.1 (543 Bytes) info.1 Philip Cook, 05/05/2026 08:53 PM
info (2).0 (542 Bytes) info (2).0 Philip Cook, 05/05/2026 08:53 PM

No data to display

Actions
Copy link

Also available in: Atom PDF