Hello OpenBSD, Kernel panic in pool_do_get(pfstatepl) with OpenBSD 5.0-stable [1] on an Alix board [2]. The kernel panics regularly but after an unpredictable duration (sometimes days, sometimes minutes).
The system uses flashrd [3] to install and run OpenBSD from Compact Flash. The kernel options of flashrd are however identical to the GENERIC kernel. I've attached the kernel panic as well as the output from 'trace' and 'ps' below. Further, a slightly modified rc.conf.local and pf.conf (to protect the innocent) are included as well. [1] CVS of 20 March [2] http://pcengines.ch/alix2d13.htm [3] http://www.nmedia.net/flashrd Sincerely, Max # panic: pool_do_get(pfstatepl): free list modified: page 0xd8e93000; item addr 0xd8e930a0; offset 0x0=0x0 Stopped at Debugger+0x4: popl %ebp ddb> trace Debugger(d08b0cb8,d8e03ad0,d0890248,d8e03ad0,1bb4fed4) at Debugger+0x4 panic(d0890248,d0888f9e,d8e93000,d8e930a0,0) at panic+0x5d pool_do_get(d0d988a0,a,1bb4fed4,d0377f2c,d1433024) at pool_do_get+0x33e pool_get(d0d988a0,a,0,d8e03c28,2) at pool_get+0x3d pf_test_rule(d8e03ca8,d8e03ca4,2,d1487400,d57dfe00) at pf_test_rule+0xbdc pf_test(2,2,d1478800,d8e03dec,0) at pf_test+0xc64 ip_output(d57dfe00,0,d0dae564,1,0) at ip_output+0x776 ip_forward(d57dfe00,0,d1477400,d8e03edc,0) at ip_forward+0x181 ipv4_input(d57dfe00,6,d8e03ef4,d04444c5,d0203189) at ipv4_input+0x373 ipintr(d0203189,d13ddaa0,d8e03f14,d0572acf,0) at ipintr+0x73 netintr(0,c,1,0,d0202086) at netintr+0xc5 softintr_dispatch(1) at softintr_dispatch+0x4f Xsoftnet() at Xsoftnet+0x12 --- interrupt --- cpu_idle_cycle(d0dcdfa0) at cpu_idle_cycle+0xf Bad frame pointer: 0xd0e7fe48 ddb> ps PID PPID PGRP UID S FLAGS WAIT COMMAND 24267 4560 4560 73 3 0x80 poll syslogd 4560 1 4560 0 3 0x80 netio syslogd 5616 1 5616 0 3 0x80 ttyin ksh 20415 1 20415 0 3 0x80 select cron 10998 1 10998 71 3 0x80 kqread ftp-proxy 9007 1 9007 92 3 0x80 select rtadvd 16708 8296 8296 91 3 0x80 kqread snmpd 8296 1 8296 0 3 0x80 kqread snmpd 28589 1 28589 0 3 0x80 select sshd 11417 26326 30389 83 3 0x80 poll ntpd 26326 30389 30389 83 3 0x80 poll ntpd 19571 6256 6256 74 3 0x80 bpf pflogd 30389 1 30389 0 3 0x80 poll ntpd 6256 1 6256 0 3 0x80 netio pflogd 15964 1 15964 0 3 0x80 mfsidl mount_mfs 805 1 805 0 3 0x80 mfsidl mount_mfs 13 0 0 0 3 0x100200 aiodoned aiodoned 12 0 0 0 3 0x100200 syncer update 11 0 0 0 3 0x100200 cleaner cleaner 10 0 0 0 3 0x100200 reaper reaper 9 0 0 0 3 0x100200 pgdaemon pagedaemon 8 0 0 0 3 0x100200 bored crypto 7 0 0 0 3 0x100200 pftm pfpurge 6 0 0 0 3 0x100200 usbtsk usbtask 5 0 0 0 3 0x100200 usbatsk usbatsk 4 0 0 0 3 0x100200 bored syswq * 3 0 0 0 7 0x40100200 idle0 2 0 0 0 3 0x100200 kmalloc kmthread 1 0 1 0 3 0x80 wait init 0 -1 0 0 3 0x200 scheduler swapper rc.conf.local: pf=YES ntpd_flags="" dhcpd_flags="vlan2 vlan3" rtadvd_flags="vlan2 vlan3 vlan4" ftpproxy_flags="" snmpd_flags="" sendmail_flags="NO" inetd_flags="NO" pf.conf: ################ 1. MACROS int_if = "vlan2" gst_if = "vlan3" dmz_if = "vlan4" ext_if = "pppoe0" gif_if = "gif0" chzrh02 = "213.144.148.74" server_web = 212.xxx.yyy.11 server_vpn = 212.xxx.yyy.10 ############### 2. LISTS tcp_services="{ 22, 113 }" ############### 3. TABLES table <martians> const persist {10/8, 172.16/12, 127/8, 192.168/16, \ 169.254/16, 240/4, 0/8, 192.0.2/24} table <mgmt_subnets> const persist {62.xxx.yyy.zzz/24} table <bruteforce> persist ################ 4. OPTIONS set block-policy return set loginterface $ext_if set skip on lo set limit { states 8192, frags 4096 } set optimization normal set ruleset-optimization basic ################ 5. NORMALIZATION match in all scrub (max-mss 1440) ################ 6. REDIRECTION anchor "ftp-proxy/*" pass in quick on {$int_if, $gst_if} inet proto tcp to any port ftp \ divert-to 127.0.0.1 port 8021 pass in quick on $ext_if inet proto tcp from any to $server_web port ftp \ flags S/SAFR modulate state rdr-to lo0 port 8022 ################ 7. TRANSLATION match out on $ext_if inet from {$int_if:network, $gst_if:network} \ to any nat-to ($ext_if:0) ################ 8. FILTERS: DEFAULT, ANTI-SPOOFING and CLEANSING block in log all pass out quick antispoof quick for { lo $int_if $gst_if $dmz_if $ext_if} block drop in log quick on $ext_if from <martians> to any ################ 9. FILTERS: IPv4 TO FIREWALL pass in quick on {$int_if, $gst_if} inet proto udp from any port 68 \ to { $int_if, 255.255.255.255 } port 67 keep state pass in quick on $int_if inet proto tcp from $int_if:network \ to $int_if port { ssh } flags S/SAFR keep state block in quick on $ext_if inet proto tcp from <bruteforce> \ to ($ext_if) port { ssh } pass in quick on $ext_if inet proto tcp from <mgmt_subnets> \ to ($ext_if) port { ssh } flags S/SA keep state \ (max-src-conn 10, max-src-conn-rate 5/3, \ overload <bruteforce> flush global) pass in quick on $int_if inet proto icmp from $int_if:network \ to {$int_if, $gst_if, $dmz_if, ($ext_if)} icmp-type 8 code 0 keep state pass in quick on $gst_if inet proto icmp from $int_if:network \ to $gst_if icmp-type 8 code 0 keep state pass in quick on $dmz_if inet proto icmp from $int_if:network \ to $dmz_if icmp-type 8 code 0 keep state pass in quick on $ext_if inet proto icmp from any \ to ($ext_if) icmp-type 8 code 0 keep state pass in quick on $ext_if inet proto tcp from any \ to ($ext_if) port { 10000 } keep state pass in quick on $ext_if inet proto udp from any \ to ($ext_if) port { 500, 4500 } keep state pass in quick on $ext_if inet proto 50 from any \ to ($ext_if) keep state pass in quick on $ext_if proto 41 from $chzrh02 \ to ($ext_if) keep state pass in quick on $dmz_if inet proto udp from $server_web \ to $int_if port { snmp } keep state pass in quick on $ext_if from $chzrh02 to ($ext_if) block in log quick inet from any \ to {$int_if, $gst_if, $dmz_if, ($ext_if)} ################ 10. FILTERS: IPv6 TO FIREWALL pass in quick on $int_if inet6 proto ipv6-icmp to $int_if keep state pass in quick on $gif_if inet6 proto ipv6-icmp from any \ to $gif_if keep state pass in quick on $gif_if inet6 proto ipv6-icmp from 2001:xxxx:yyyy:zzzz::1 \ to 2001:xxxx:yyyy:zzzz::2 keep state block in log quick inet6 from any \ to {$int_if, $gst_if, $dmz_if, $gif_if, ($ext_if)} #################### 11. FILTERS: LAN SEGMENTS pass in quick on $int_if to any pass in quick on $dmz_if to \ {!$int_if:network, !$gst_if:network, !$dmz_if, !$ext_if} pass in quick on $gst_if to \ {!$int_if:network, !$dmz_if:network, !$gst_if, !$ext_if} #################### 12. FILTERS: DMZ SERVICES pass in quick on $ext_if inet proto tcp from any \ to $server_vpn port { 10000 } keep state pass in quick on $ext_if inet proto udp from any \ to $server_vpn port { 500, 4500 } keep state pass in quick on $ext_if inet proto 50 from any to $server_vpn pass in quick on $ext_if inet proto icmp from any \ to $server_vpn icmp-type 8 code 0 keep state pass in quick on $ext_if inet proto tcp from <mgmt_subnets> \ to $server_vpn port { http, https } keep state pass in quick on $dmz_if inet proto udp from $dmz_if:network \ to $int_if:network port { snmp } keep state pass in quick on $ext_if inet proto tcp from any \ to $server_web port { http, https } keep state
