Re: crashes after upgrading to recent snapshot

Sun, 12 Apr 2026 16:56:03 -0700 

Hello Pedro,

sorry to coming back after a long time...
I've missed you report back in Feb and then
had not time to get back to this.

David Gwynne (dlg@) has backed out the diff which
introduced to panic you report.

I put the offending change back hoping to reproduce
the issue and start debugging it.

On Wed, Feb 04, 2026 at 11:33:19PM +0000, Pedro Caetano wrote:
> Hello,
> 
> While getting back from fosdem and noticing the httpd errata, it
> seemed like a good idea to upgrade my vm running @ obsd.ams to latest
> snapshot.
> 
> Unfortunately the code does not seem stable as it crashes, sometimes
> after a few minutes sometimes right after booting.
> 
> It is a vm with full disk encryption setup, running tor, smtpd,
> unbound, nsd plus a few wireguard tunnels, please let me know if
> further details on my networking/pf setup is needed.
> 

    I suspect wireguard might be somehow involved. So I gave it
    a try to see if I could be also lucky seeing the same crash.
    unfortunately it's not the case.

this is my pf.conf:

    #set skip on lo

    block return    # block stateless traffic
    pass            # establish keep-state

    # By default, do not permit remote connections to X11
    block return in on ! lo0 proto tcp to port 6000:6010

    # Port build user does not need network
    block return out log proto {tcp udp} user _pbuild

    pass out on vio1 from 192.168.10.0/24 to any nat-to(vio1)
    pass out on vio0 from 192.168.10.0/24 to any nat-to(vio0)
    anchor "regress"

the two NAT rules translate traffic which comes over wg0 interface.
this is the content of etc/hostname.wg0 on firewall host:

    #
    # wgkey comes from `openssl rand -base64 32`
    #
    # more details on Solene's blog here:
    # https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html
    #
    wgkey EYR0EQVIREUFiVR25aCnSg2Z+45fcynEauiQw8Jsy+k=
    #
    # IP address is PF_OUT
    #
    wgpeer wVNVajQQdLKRQKghS42uaFm7YszMiA5WDz4X4gDLUkM= wgaip 192.168.10.0/24
    inet 192.168.10.1/24
    wgport 4433
    up

my firewall works even if the traffic from remote wg-peer hits the
the NAT rules.

can you share more details on your firewall (pf.conf)
and wire guard set up (ifconfig and netstat -rn output)?
So I have better chance to reproduce the issue.

thanks and
regards
sashan

Reply via email to