hello,
On 2023-11-04 15:26, Alexandr Nedvedicky wrote:
> Hello Johan,
>
> On Sat, Nov 04, 2023 at 10:01:06AM -0400, Johan Huldtgren wrote:
> > hello,
> >
> > On 2023-11-03 19:10, Alexandr Nedvedicky wrote:
> > > Hello Johan,
> > >
> > >
> > > On Fri, Nov 03, 2023 at 12:27:53PM -0400, Johan Huldtgren wrote:
> > > </snip>
> > > >
> > > > so this box just has the default (from when it was installed) ruleset.
> > > >
> > > > $ doas cat /etc/pf.conf
> > > > # $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
> > > > #
> > > > # See pf.conf(5) and /etc/examples/pf.conf
> > > >
> > > > set skip on lo
> > > > set state-defaults pflow
> > > >
> > > > block return # block stateless traffic
> > > > pass # establish keep-state
> > > >
> > > > # By default, do not permit remote connections to X11
> > > > block return in on ! lo0 proto tcp to port 6000:6010
> > > >
> > > > # Port build user does not need network
> > > > block return out log proto {tcp udp} user _pbuild
> > > >
> > >
> > > So that's surprising then... Looks like you are very lucky
> > > to hit the ASSERT. I'm surprised we have not seen it earlier.
> > >
> > > Diff below makes sure pf_test() function does not overwrite
> > > timeout member in pf_state structure when timeout is set
> > > to PFTM_UNLINKED already. We also modify/update timeout member
> > > under protection of state mutex (pf_state::mtx).
> > >
> > >
> > > Can you test the diff below? It applies to current as well to 7.4
> >
> > I've rebuilt with your diff, as the panic was seemingly random I'm not
> > sure how I can test, but I'll let this system run with your patch and
> > report any issues should I see them. If you have any specific things
> > you'd like me to try don't hesitate to let me know. dmesg below for
> > complteness sake.
> >
> > thanks again,
> >
>
> I'm afraid there is nothing more to do than keep an eye on your
> system. I think what really increased a chance here is the number
> of CPUs your box has.
>
> It is OK if you can come back with report early in December to let
> us know if it helps or if there are more similar issues (which I'm
> sure there are still some left).
sure thing, I'll report back should any issues occur or early December
whichever comes first.
thanks,
.jh
