Hi again, On Sun, Nov 30, 2025 at 10:18:14AM +0100, Alexandr Nedvedicky wrote: > > so the crash does not seem to be related to source nodes. > also the rules you've shared do not seem to use the source node code. > > so it's actually caused by state which refers to dead memory left > behind the rule which got removed. > > this feels there is something not quite right with handling of reference > counter to rules. Crap, I just realized that I've modified the rules from when the crash happened to when I dumped the rules I sent you.
When the crash happened, I also had "label bad" on the urpf-failed, no-route and the udp "from any to 239.255.255.0/24" rules. I also had "label icmp" on all the ICMP rules. Apart from that, all is the same. I saw the word counters in "LABEL COUNTERS" in "pfctl -s all" and removed the labels to prevent a future crash in case this was related. I've also changed hw.smt=1 back to to hw.smt=0 after the crash. My apologies for not realizing this sooner. > I keep looking around. how frequent is the crash on your box? any estimate > on how long it took after new rules got loaded? I've only had one crash (26th of November) and the only change I've made since the boot (29th of October), is that I replaced the IP in the __automatic_a96e4b04_0 table on the 13th of November. So, it ran for about 13 days until the crash happened. Jesper Wallin
