On 2025/12/17 11:19, Robert Smith wrote: > This is a production firewall. It is currently on kernel 7.8 with all patches > installed, and was at the time of the panic. .. > Previously it was running OpenBSD 7.5, with all patches and running fine > under Xen for around a couple of years with no problems. > > Within 8 days of upgrading to 7.8 and full patches with syspatch, we got this > kernel panic.
not sure if there are many developers around who would be working on xen as a possible workaround i would suggest trying "sysctl net.inet.tcp.tso=0" to see if that improves stability quick transcription from the .pngs for other readers: assert "sc->sc_tx_avail > used" in /sys/dev/pv/if_xbnf.c line 642, running procs xnf0 (cpu0), softnet0 (cpu1, running) panic __assert xnf_encap+0x41b xnf_start+0x18a ifq_serialize if_enqueue_ifq vlan_transmit vlan_enqueue ether_output if_output_tso ip_output ip_forward ip_input_if > I apologize I could not go through the traces and additional debug > information gathering. Due to internal delays we did not see the customer's > ticket for over 3 hours and needed to boot sync immediately. Firewall is used > for a very important customer, and there could not be any more delays in > getting their service back online. second firewall + carp might be a good idea if it's very important?
