From nobody Tue Aug 8 07:38:19 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RKlRH43tbz4Tqnm for ; Tue, 8 Aug 2023 07:38:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RKlRH2Xnkz4GX7 for ; Tue, 8 Aug 2023 07:38:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1691480299; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UMDXDegkuRs7QA/4BMaBveTSAGFWEadA6z+yiJ5vZjY=; b=tjWOWhclU3yfi6u9fTT24fImOffYm10H+ftiZOGRcG7SyrN0b6Het0TyQbHYX/suXHvsJr BVfXoAVbEJ4x9GxcIKKLcLwSvxiKODmmXQgwEG8mG+JjvSkhhxg30EwyRYxOYuj0UwFj+4 s9VwTl3VG6FjQDgD5xNcxtB035ikS2NN2y4ef8SMOIoRz/kwGneBpVoIJkT3DAgkAJK4M3 MoInPyU6XY5emJfSKke5jFtpcxYD00hXnfsKp5rHtSfa3XYEMmK8MdBPIdMi6L0lmvFd+F 6RRjRjqV6/4xl1EYhUTaihGiVKud8yjyGff/zDXQpn47IUTQe+bcXtMFp1+u8A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1691480299; a=rsa-sha256; cv=none; b=he5RZIKExfOy3Jj0bdJ9doSHdenfHTqgiZFccRapad5B7uE+ya4SU+PYtG4azr/Cqa7GOr M6Eu8KfUrM0g+E4knM2loPkADgs3LxtEF+9q3KN0zVJtIIgquxYy3PhdQj3AfnhadUmF0i 1ShozavcuqEZMoN57gqbLx7c/voZmYHzP8GMoIa6QWmVymRhVE0Y2KsvqOnmzsB52YJNDQ XlU89+eQtpWZRmTmErW3oSpn7DbkPOrc2plp0jnn4Yy+qOVDf/sbxBtXVCTPqPci7dIf5z /kZEygnAf6lJi7TEF2O4JU3aPO+stI00MoeApRspNvLZZFYTGDgGk+GlBRPoAQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RKlRH1Vszz9wx for ; Tue, 8 Aug 2023 07:38:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3787cJWF084134 for ; Tue, 8 Aug 2023 07:38:19 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3787cJRb084133 for pf@FreeBSD.org; Tue, 8 Aug 2023 07:38:19 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 272908] [14.0 CURRENT] Kernel panic in the pf_find_state_all_exists() Date: Tue, 08 Aug 2023 07:38:19 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: crash X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: burak.sn@outlook.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272908 --- Comment #2 from Alfa --- (In reply to Kristof Provost from comment #1) Hi, "pf rules" set optimization aggressive set timeout { adaptive.start 0, adaptive.end 0 } set limit states 200000 set limit src-nodes 20000 set timeout interval 10 set timeout frag 30 #Interface defines loopback =3D "lo0" igc1_if_gateway =3D "10.10.10.1" igc2_if_gateway =3D "192.168.111.1" igc0_if =3D "igc0" pppoe_igc1_if =3D "pppoe_igc1" igc2_if =3D "igc2" igc3_if =3D "igc3" igc4_if =3D "igc4" igc5_if =3D "igc5" igc3_20_if =3D "igc3.20" igc4_4093_if =3D "igc4.4093" igc3_2_if =3D "igc3.2" # Private networks, we are going to block incoming traffic from them priv_nets =3D "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }" table persist file "/etc/pf/country_xyz.txt" table { } table persist file "/tmp/block_ip_list.txt" table persist file "/tmp/botnet_ip_list.txt" table { 192.168.111.100,192.168.10.1,10.10.20.1,192.168.169.1,172.16.0.0/24 } ### options set block-policy drop set loginterface igc1 #Global Mac Adress ether anchor "global_mac" #Captive Portal Rules ether pass on { igc3.20 } tag "captiveportal_rdr_igc3.20" ether anchor "captiveportal_allowed_mac_igc3.20" on { igc3.20 } ether anchor "captiveportal_allowed_ip_igc3.20" on { igc3.20 } ether anchor "captiveportal_auth_igc3.20" on { igc3.20 } ### Scrub scrub from any to fragment no reassemble scrub from to any fragment no reassemble scrub in log nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" #### LOOPBACK NAT=20 no nat proto carp all nat on igc0 from { 10.10.10.1/24 } to { 10.10.10.1/24 } -> 10.10.10.1 nat on igc3 from { 192.168.10.1/24 } to { 192.168.10.1/24 } -> 192.168.10.1 nat on igc3.20 from { 10.10.20.1/24 } to { 10.10.20.1/24 } -> 10.10.20.1 nat on wg0 from any to { 192.168.237.1/24 } -> 192.168.237.1/32 source-hash= =20 #### NAT RULES=20 nat on igc2 inet from { any } to { a.b.c.d/32 } -> igc2:0 source-has= h=20=20 nat on enc0 inet from { 192.168.10.0/24 } to { 192.168.1.0/24 } ->= =20 x.y.z.t/32 source-hash=20=20 nat on igc2 inet from { any } to { a.b.c.d/32 } -> igc2:0 source-has= h=20=20 #nat_id=3D17 nat on enc0 inet from { 192.168.10.0/24 } to { 192.168.1.0/24 } ->= =20 x.y.z.t/32 source-hash=20=20 #DEFAULT NAT RULES=20 nat on pppoe_igc1 inet from { !pppoe_igc1 } to any port 500 -> (pppoe_igc1:= 0) static-port #static-port -> for_ipsec nat on pppoe_igc1 inet from { !pppoe_igc1 } to any -> (pppoe_igc1:0) port 1024:65535 nat on igc2 inet from { !igc2 } to any port 500 -> (igc2:0) static-port #static-port -> for_ipsec nat on igc2 inet from { !igc2 } to any -> (igc2:0) port 1024:65535 nat on igc4 inet from { !igc4 } to any port 500 -> (igc4:0) static-port #static-port -> for_ipsec nat on igc4 inet from { !igc4 } to any -> (igc4:0) port 1024:65535 #captive_portal_redirect rules rdr pass on igc3.20 proto { tcp } from any to !10.10.20.1 port { 80 } tagg= ed captiveportal_rdr_igc3.20 -> 10.10.20.1 port 80 rdr pass on igc3.20 proto { tcp } from any to !10.10.20.1 port { 443 } tag= ged captiveportal_rdr_igc3.20 -> 10.10.20.1 port 443 #Port Forwarding Rules rdr log on igc3 proto { tcp udp } from any to any port { 53 } -> 192.168.= 10.1 port 53 #LAN_interface_redirect_rule_130 #WAN_interface_redirect_rule_111 rdr log on { pppoe_igc1 } proto { tcp } from { any } to any port { 21 } -> 172.16.0.2 port 21 #forwarding_111 ### CARP Firewall Failover pass in quick on igc0 proto carp from any to any keep state pass in quick on igc2 proto carp from any to any keep state pass in quick on igc3 proto carp from any to any keep state pass in quick on igc4 proto carp from any to any keep state pass in quick on igc5 proto carp from any to any keep state pass in quick on lo0 inet from 127.0.0.1 to 127.0.0.1 keep state pass out quick on lo0 inet from 127.0.0.1 to 127.0.0.1 keep state #### DROP Mysql/Postgresql Ports #### pass in quick inet proto { tcp udp } from 127.0.0.1 to 127.0.0.1 block drop in log quick inet proto { tcp, udp } from any to (self) port 9300 block drop in log quick inet proto { tcp, udp } from any to (self) port 9200 block drop in log quick inet proto { tcp, udp } from any to (self) port 6379 ## Quarantine IP List block in log quick inet from to any block in log quick inet from any to block out log quick inet from to any block out log quick inet from any to ## BLOCK botnet AND blocked ip list block in log quick inet from to any block in log quick inet from any to block out log quick inet from to any block out log quick inet from any to block in log quick inet from to any block in log quick inet from any to block out log quick inet from to any block out log quick inet from any to ## block ipv6 block in quick inet6 all block out quick inet6 all load anchor "anomaly" from "/etc/anomaly.txt" #anomaly anchor "anomaly" ## Port Forwarding Allow Rules=20 # Antispoof WAN ports antispoof log for pppoe_igc1 antispoof log for igc2 antispoof log for igc4 # IPSec Allow Rule pass out quick route-to ( igc2 192.168.111.1 ) proto udp from (self) to a.b= .c.d port =3D 500 keep state label "ipsec_vpn_1_500" pass in quick on igc2 reply-to ( igc2 192.168.111.1 ) proto udp from a.b.c.= d to (self) port =3D 500 keep state label "ipsec_vpn_1_500" pass out quick route-to ( igc2 192.168.111.1 ) proto udp from (self) to a.b= .c.d port =3D 4500 keep state label "ipsec_vpn_1_4500" pass in quick on igc2 reply-to ( igc2 192.168.111.1 ) proto udp from a.b.c.= d to (self) port =3D 4500 keep state label "ipsec_vpn_1_4500" pass out quick route-to ( igc2 192.168.111.1 ) proto esp from (self) to a.b= .c.d keep state label "ipsec_vpn_1_esp" pass in quick on igc2 reply-to ( igc2 192.168.111.1 ) proto udp from a.b.c.= d to (self) keep state label "ipsec_vpn_1_esp" # SSLVPN Allow Rule pass out log quick route-to ( pppoe_igc1 10.10.10.1 ) proto { udp } from (s= elf) port 1194 to any keep state label "ssl_vpn_1" pass in log quick on pppoe_igc1 reply-to ( pppoe_igc1 10.10.10.1 ) proto udp from any to (self) port =3D 1194 keep state label "ssl_vpn_1" #### Lan access rule=20 pass in quick on igc0 from any to (igc0) keep state label "anti_lock_rule" pass in quick on igc3 from any to (igc3) keep state label "anti_lock_rule" pass in quick on igc5 from any to (igc5) keep state label "anti_lock_rule" pass in quick on igc3.20 from any to (igc3.20) keep state label "anti_lock_rule" pass in quick on igc4.4093 from any to (igc4.4093) keep state label "anti_lock_rule" pass in quick on igc3.2 from any to (igc3.2) keep state label "anti_lock_ru= le" #Syslog send=20 pass out quick proto { udp } from any to 192.168.10.244 port 514 pass out quick proto { udp } from any to 192.168.10.233 port 514 #Captive Portal Allow rules=20 #captive_portal_pass_rules pass in quick on igc3.20 proto { tcp } from any to 10.10.20.1 port { 80 } k= eep state(sloppy) pass out quick on igc3.20 proto { tcp } from 10.10.20.1 port { 80 } to any flags any keep state(sloppy) block in quick on igc3.20 from any to !10.10.20.1 tagged captiveportal_rdr_igc3.20 # Custom Rules=20 pass in log quick on { LAN_ZONE } inet from { 192.168.10.233/32 } to { = any } flags S/SA keep state label "custom_rule_57" tag "ltag_57" block drop in log quick on { igc0 } inet from { any } to { 192.168.10.0= /24 } label "custom_rule_71" tag "ltag_71" block drop in log quick on { igc3 } proto { tcp udp } from { any } to { a= ny } port { 25 } label "custom_rule_40" tag "ltag_40" pass in log quick on { igc3 } inet from { 192.168.10.1/32 } to {=20 192.168.10.244/32 } flags S/SA keep state label "custom_rule_59" tag "ltag_59" block drop in log quick on { igc3 } inet from { 192.168.10.244/32 } to {= =20 any } label "custom_rule_56" tag "ltag_56" pass in log quick on { igc3.20 } inet from { any } to { 192.168.10.183= /32 } flags S/SA keep state label "custom_rule_61" tag "ltag_61" block drop in log quick on { igc3.20 } inet from { any } to {=20 192.168.10.0/24 172.16.0.0/24 } label "custom_rule_50" tag "ltag_50" pass in log quick on { igc3 igc0 } inet from { any } to { any } flags S/SA keep state label "custom_rule_41" tag "ltag_41" pass out log quick reply-to { ( pppoe_igc1 10.10.10.1 ) } proto { tcp } from { any } to { any } port { 3535 } flags S/SA keep state label "custom_rule_73" tag "ltag_73" # WAN to LAN deny all block drop in log quick on pppoe_igc1 from any to any label "custom_rule_-1" tag "ltag_-1" block drop in log quick on igc2 from any to any label "custom_rule_-1" tag "ltag_-1" block drop in log quick on igc4 from any to any label "custom_rule_-1" tag "ltag_-1" pass in log label "custom_rule_-2" tag "ltag_-2" pass out log label "custom_rule_-3" tag "ltag_-3" ########################################################### # ether rules=20 # pfctl -se ether anchor "global_mac" l3 all ether pass on igc3.20 l3 all tag captiveportal_rdr_igc3.20 ether anchor "captiveportal_allowed_mac_igc3.20" on igc3.20 l3 all ether anchor "captiveportal_allowed_ip_igc3.20" on igc3.20 l3 all ether anchor "captiveportal_auth_igc3.20" on igc3.20 l3 all # pfctl -a captiveportal_auth_igc3.20 -se ether pass in quick from 7c:6a:ab:7d:da:a6 l3 all tag captiveportal_auth_igc3.20 dnpipe 1006 ether pass out quick to 7c:6a:ab:7d:da:a6 l3 all tag captiveportal_auth_igc= 3.20 dnpipe 6 # pipes # dnctl pipe 1006 show you have mail 01006: 2.000 Mbit/s 0 ms burst 0=20 q132078 50 sl. 0 flows (1 buckets) sched 66542 weight 0 lmax 0 pri 0 dropt= ail sched 66542 type FIFO flags 0x1 64 buckets 0 active mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 # dnctl pipe 6 show 00006: 10.000 Mbit/s 0 ms burst 0=20 q131078 50 sl. 0 flows (1 buckets) sched 65542 weight 0 lmax 0 pri 0 dropt= ail sched 65542 type FIFO flags 0x1 64 buckets 0 active mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000 # kldstat you have mail Id Refs Address Size Name 1 74 0xffffffff80200000 1d4f6a0 kernel 2 1 0xffffffff81f50000 108e8 carp.ko 3 2 0xffffffff81f62000 946c8 pf.ko 4 2 0xffffffff81ff7000 4c108 ipfw.ko 5 1 0xffffffff82600000 462be0 zfs.ko 6 1 0xffffffff82520000 4240 ichsmb.ko 7 1 0xffffffff82525000 2178 smbus.ko 8 1 0xffffffff82528000 12808 dummynet.ko 9 1 0xffffffff8253b000 42a0 ipfw_nat.ko 10 1 0xffffffff82540000 d932 libalias.ko 11 1 0xffffffff8254e000 2e560 if_wg.ko 12 1 0xffffffff8257d000 2240 pflog.ko 13 1 0xffffffff82580000 2224 speaker.ko 14 1 0xffffffff82583000 72f8 if_vxlan.ko 15 1 0xffffffff8258b000 25b8 if_enc.ko 16 1 0xffffffff8258e000 76b0 if_ovpn.ko 17 1 0xffffffff82596000 12848 ipsec.ko 18 1 0xffffffff825a9000 52e0 ng_pppoe.ko 19 8 0xffffffff825af000 bb28 netgraph.ko 20 1 0xffffffff825bb000 38b8 ng_socket.ko 21 1 0xffffffff825bf000 4404 ng_mppc.ko 22 1 0xffffffff825c4000 20b0 rc4.ko 23 1 0xffffffff825c7000 23b8 ng_iface.ko 24 1 0xffffffff825ca000 61e8 ng_ppp.ko 25 1 0xffffffff825d1000 2138 ng_tee.ko 26 1 0xffffffff825d4000 31c8 ng_ether.ko 27 1 0xffffffff825d8000 2138 ng_tcpmss.ko 28 1 0xffffffff825db000 2538 ipdivert.ko igc0@pci0:1:0:0: class=3D0x020000 rev=3D0x04 hdr=3D0x00 vendor=3D0x8= 086 device=3D0x125c subvendor=3D0x8086 subdevice=3D0x0000 vendor =3D 'Intel Corporation' device =3D 'Ethernet Controller I226-V' class =3D network subclass =3D ethernet "Can this be reproduced? Consistently or intermittently?" It occurs intermittently. When this panic happens, four days later the same panic occurred again --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 8 09:15:59 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RKnbz4Wx9z4Txmn for ; Tue, 8 Aug 2023 09:15:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RKnbz2TBHz4PpV for ; Tue, 8 Aug 2023 09:15:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1691486159; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3Bpc3orkzuTVylIe/zoNt/JrQHRfBFhwtqpLbW0CDCo=; b=QHrblYQYSFlGp08d3oFYL9/b25VsKAo2GhdWs1PftRYpbAkwsBjaRnK/QOdQK9ob7i9050 o/eCgRet5npPOGOT+oUqUJwNu/1xLArNV/DHw14MdklgN4iIduSqrM8KxfW8stxwRgNNbx Cp/7B1tCXbehXMulWgIOf9WmcGF3WmqdL0kR/pXTgY5e/zISnr3W8iUewvR5g0arw/aGIp eOqjmAmFwYDabo4oQH8JMJtbE0wFsWXl8rFGJ7PvpF0pYitfExAVK/3J0v3bRynFxsqf+o 7pwSKPsenUpKi4GZ7vZlNnclQY8Dfj8DrGon8q2yD2iWOePAILX3d8j20D4neg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1691486159; a=rsa-sha256; cv=none; b=PdBFfwLcq3EW71VCPzSGLqbzYFM6X9iRLzMh9HSYwb9QtsAJgyeRUJ5q157Ba41tG6V6Qn HmR3RXwelsXhosTgywD2vvDxCSVNPSMHJjeVLGzIQ5hJkCegyjcZjlJXWblkK4Hkwz/Qog bPzrOqLcFX1B8svwMJQbLh8MfZPNuQUaTuejyBZsEyZR4cy0Qw54gKCnm4Bf/jEJ2DgRcU TIPKwTx79dLR59pSpXvnBskuOUT+jzYwEA2ISs8S+GqL9vk4WcLTzm7vIRRx+NvIj2MAt2 uFNjgJBnTP2be3sf5yPbbYoQbQTJcyP4PINYxyuBAjm83XHsC9X8Ofy1wS8VBg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RKnbz1Zg2zD2S for ; Tue, 8 Aug 2023 09:15:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3789Fxk6032652 for ; Tue, 8 Aug 2023 09:15:59 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3789FxoT032651 for pf@FreeBSD.org; Tue, 8 Aug 2023 09:15:59 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 272908] [14.0 CURRENT] Kernel panic in the pf_find_state_all_exists() Date: Tue, 08 Aug 2023 09:15:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: crash X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272908 --- Comment #3 from Kristof Provost --- We're going to need to look at a core dump. It's a very odd place for a panic, in the sense that nothing that's changed= in the past several years should affect that, and it's also a relatively straightforward call. It really shouldn't be panicking there. You're using a couple of new-ish features (dummynet, ethernet rules, openvpn DCO), but they don't appear to be involved here, and you're also using them= the way pfsense does and I've not seen any similar reports there. So, when this recurs please do the kgdb dance. We'll want the local variabl= es in pf_find_state_all_exists() and pf_find_state_all() for starters. Do keep that core file around, because we're almost certainly going to want to poke= it more. Also gather the full panic output, not just the backtrace, because it's not quite clear to me if we're running into an assertion failure or a segmentat= ion fault or something else. --=20 You are receiving this mail because: You are the assignee for the bug.=