From nobody Fri Aug 18 22:18:55 2023 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RSGVl5HXXz4rBGK for ; Fri, 18 Aug 2023 22:18:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RSGVl28t2z4frT for ; Fri, 18 Aug 2023 22:18:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692397135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ss5jAkHEMF7uLzoCAo8m6KkAljBivfFzDSnFUjFbdCw=; b=ABsUp67UKZAbuH1wAQSSDJjzdgFqsZPvfJWV92EAYf+kr+XLP5RAP7lnndqM6pgiDMYzjw cPpi4u7zC2PRC1THwxClr2AwrgO/UVXCk/ONhY9iEetILXDHHPayWbYAO+1PLmnXeXfiYW eTQ51zCYFvJNK/DpWnZfCzRQKBfCWWukzG4wa5ZE5ppz81oVmxmIzP1eVxpZ0cMZQEWuAE GRyAqCWPVibVzAhkN0kUE/gr0kZeAdG02O2MBkmcQoeImURqQLH5a+eCdWXytIjfnbBbBy fMMWBEnA5fXIrWAsUqSGGkW1GlKXtfVZfuM1CvHVHbeRk+k+dSsvM26glrjcZQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1692397135; a=rsa-sha256; cv=none; b=CDypf5rj6uSIeNYelat+v6rqUkJ5ltmCKjjBWvZo/MMkslkUCkC4bhXIkHJ/cmhugSH0hH jcq78xFD5Mpu6M06sPua59oRWYH5A4oUMA0b1eNOU14JDgSuQMkYvgZYCivvkywmj1lVkW IArbevIn/GFDrH1vb0cSLrVYp0IVHCpq3k8iX8DePNthsyFM3ArPHjWZWTbNsIaZau30NI S/c6xf4+VynoqLjhhaYWc5usJp2s9bRrqjhe1r1uPCkBVALSOFG+KnuId1MDsRe8yhBc9S dpTlxmkrYKm8/Wsc+dah/OzXtUwDTWzoFWVOQnJQd/OmzOVb+FD7GsUPDVWdqA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RSGVl18nBzYZM for ; Fri, 18 Aug 2023 22:18:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 37IMItLx055610 for ; Fri, 18 Aug 2023 22:18:55 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 37IMItfd055609 for bugs@FreeBSD.org; Fri, 18 Aug 2023 22:18:55 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 273207] pf_syncookie_mac for IPv6 random cause panic Date: Fri, 18 Aug 2023 22:18:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dev@rincat.ch X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D273207 --- Comment #6 from Rin Cat --- Changed sysctl: debug.debugger_on_panic=3D"0" dev.mce.0.rx_pauseframe_control=3D"0" dev.mce.1.rx_pauseframe_control=3D"0" hw.ibrs_disable=3D"0" hw.ixl.enable_head_writeback=3D"0" hw.syscons.kbd_reboot=3D"0" kern.ipc.maxsockbuf=3D"4262144" kern.ipc.mb_use_ext_pgs=3D"0" kern.ipc.nmbclusters=3D"1000000" kern.randompid=3D"1" net.enc.in.ipsec_bpf_mask=3D"2" net.enc.in.ipsec_filter_mask=3D"2" net.enc.out.ipsec_bpf_mask=3D"1" net.enc.out.ipsec_filter_mask=3D"1" net.inet.icmp.drop_redirect=3D"1" net.inet.icmp.icmplim=3D"0" net.inet.icmp.log_redirect=3D"0" net.inet.icmp.reply_from_interface=3D"1" net.inet.ip.accept_sourceroute=3D"0" net.inet.ip.forwarding=3D"1" net.inet.ip.intr_queue_maxlen=3D"1000" net.inet.ip.portrange.first=3D"1024" net.inet.ip.random_id=3D"1" net.inet.ip.redirect=3D"0" net.inet.ip.sourceroute=3D"0" net.inet.tcp.blackhole=3D"2" net.inet.tcp.delayed_ack=3D"0" net.inet.tcp.drop_synfin=3D"1" net.inet.tcp.log_debug=3D"0" net.inet.tcp.recvspace=3D"65228" net.inet.tcp.sendspace=3D"65228" net.inet.tcp.syncookies=3D"0" net.inet.tcp.tso=3D"0" net.inet.udp.blackhole=3D"1" net.inet.udp.checksum=3D"1" net.inet.udp.maxdgram=3D"57344" net.inet6.ip6.dad_count=3D"0" net.inet6.ip6.forwarding=3D"1" net.inet6.ip6.intr_queue_maxlen=3D"1000" net.inet6.ip6.prefer_tempaddr=3D"1" net.inet6.ip6.redirect=3D"0" net.inet6.ip6.use_tempaddr=3D"1" net.link.bridge.pfil_bridge=3D"1" net.link.bridge.pfil_local_phys=3D"0" net.link.bridge.pfil_member=3D"0" net.link.bridge.pfil_onlyip=3D"0" net.link.ether.inet.log_arp_movements=3D"1" net.link.ether.inet.log_arp_wrong_iface=3D"1" net.link.tap.user_open=3D"1" net.link.vlan.mtag_pcp=3D"1" net.local.dgram.maxdgram=3D"8192" net.pf.share_forward=3D"0" net.pf.share_forward6=3D"0" net.route.multipath=3D"0" security.bsd.see_other_gids=3D"0" security.bsd.see_other_uids=3D"0" vfs.read_max=3D"32" vm.pmap.pti=3D"1" pf ruleset: Very basic since I just set it up for a few days. It has multiple NICs and one of them connect to 10G switch with VLANs, work= s as gateway. scrub on igb1 all random-id fragment reassemble scrub on mce1_vlan10 all random-id fragment reassemble scrub on mce1_vlan4 all random-id fragment reassemble scrub on mce1_vlan3 all random-id fragment reassemble scrub on mce1_vlan2 all random-id fragment reassemble scrub on mce1_vlan6 all random-id fragment reassemble scrub on mce1_vlan5 all random-id fragment reassemble scrub on mce1_vlan1 all random-id fragment reassemble scrub on igb0 all random-id fragment reassemble block drop in log on mce1_vlan10 inet6 from fe80::ee0d:9aff:fea6:bfff to any block drop in log on mce1_vlan4 inet6 from fe80::ee0d:9aff:fea6:bfff to any block drop in log on mce1_vlan2 inet6 from fe80::ee0d:9aff:fea6:bfff to any block drop in log on mce1_vlan6 inet6 from fe80::ee0d:9aff:fea6:bfff to any block drop in log on mce1_vlan5 inet6 from fe80::ee0d:9aff:fea6:bfff to any block drop in log on ! igb1 inet6 from 2001:1970:5642:b400::/64 to any block drop in log on igb1 inet6 from fe80::a236:9fff:fe85:4ee5 to any block drop in log inet6 from <__automatic_6aadc26c_1> to any block drop in log on ! mce1_vlan10 inet6 from 2605:59c8:X:A::/64 to any block drop in log on ! mce1_vlan4 inet6 from 2605:59c8:X:B::/64 to any block drop in log on ! mce1_vlan2 inet6 from 2605:59c8:X:C::/64 to any block drop in log on ! mce1_vlan6 inet6 from 2605:59c8:X:D::/64 to any block drop in log on ! mce1_vlan5 inet6 from 2605:59c8:X:E::/64 to any block drop in log on ! igb0 inet6 from 2605:59c8:2200:25cf::/64 to any block drop in log on igb0 inet6 from fe80::a236:9fff:fe85:4ee4 to any block drop in log on ! igb1 inet from 192.168.0.0/24 to any block drop in log inet from <__automatic_6aadc26c_0> to any block drop in log on ! mce1_vlan10 inet from 10.1.50.0/24 to any block drop in log on ! mce1_vlan4 inet from 10.1.3.0/24 to any block drop in log on ! mce1_vlan3 inet from 10.1.2.0/24 to any block drop in log on ! mce1_vlan2 inet from 10.1.1.0/24 to any block drop in log on ! mce1_vlan6 inet from 10.1.6.0/24 to any block drop in log on ! mce1_vlan5 inet from 10.1.5.0/24 to any block drop in log on ! mce1_vlan1 inet from 10.1.0.0/24 to any block drop in log on ! igb0 inet from 100.64.0.0/10 to any block drop in log inet all=20 block drop in log inet6 all=20 pass in log quick inet6 proto ipv6-icmp all icmp6-type unreach keep state=20 pass in log quick inet6 proto ipv6-icmp all icmp6-type toobig keep state=20 pass in log quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep stat= e=20 pass in log quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep stat= e=20 pass out log quick inet6 proto ipv6-icmp from (self) to fe80::/10 icmp6-type echoreq keep state=20 pass out log quick inet6 proto ipv6-icmp from (self) to ff02::/16 icmp6-type echoreq keep state=20 pass out log quick inet6 proto ipv6-icmp from (self) to fe80::/10 icmp6-type echorep keep state=20 pass out log quick inet6 proto ipv6-icmp from (self) to ff02::/16 icmp6-type echorep keep state=20 pass out log quick inet6 proto ipv6-icmp from (self) to fe80::/10 icmp6-type routersol keep state=20 pass out log quick inet6 proto ipv6-icmp from (self) to ff02::/16 icmp6-type routersol keep state=20 pass out log quick inet6 proto ipv6-icmp from (self) to fe80::/10 icmp6-type routeradv keep state=20 pass out log quick inet6 proto ipv6-icmp from (self) to ff02::/16 icmp6-type routeradv keep state=20 pass out log quick inet6 proto ipv6-icmp from (self) to fe80::/10 icmp6-type neighbrsol keep state=20 pass out log quick inet6 proto ipv6-icmp from (self) to ff02::/16 icmp6-type neighbrsol keep state=20 pass out log quick inet6 proto ipv6-icmp from (self) to fe80::/10 icmp6-type neighbradv keep state=20 pass out log quick inet6 proto ipv6-icmp from (self) to ff02::/16 icmp6-type neighbradv keep state=20 pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-t= ype echoreq keep state=20 pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-t= ype echoreq keep state=20 pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-t= ype routersol keep state=20 pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-t= ype routersol keep state=20 pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-t= ype routeradv keep state=20 pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-t= ype routeradv keep state=20 pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-t= ype neighbrsol keep state=20 pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-t= ype neighbrsol keep state=20 pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-t= ype neighbradv keep state=20 pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-t= ype neighbradv keep state=20 pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-t= ype echoreq keep state=20 pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-t= ype routersol keep state=20 pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-t= ype routeradv keep state=20 pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-t= ype neighbrsol keep state=20 pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-t= ype neighbradv keep state=20 pass in log quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type ech= oreq keep state=20 pass in log quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type routersol keep state=20 pass in log quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type routeradv keep state=20 pass in log quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type neighbrsol keep state=20 pass in log quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type neighbradv keep state=20 block drop in log quick inet proto tcp from any port =3D 0 to any=20 block drop in log quick inet proto udp from any port =3D 0 to any=20 block drop in log quick inet6 proto tcp from any port =3D 0 to any=20 block drop in log quick inet6 proto udp from any port =3D 0 to any=20 block drop in log quick inet proto tcp from any to any port =3D 0=20 block drop in log quick inet proto udp from any to any port =3D 0=20 block drop in log quick inet6 proto tcp from any to any port =3D 0=20 block drop in log quick inet6 proto udp from any to any port =3D 0=20 pass log quick inet6 proto carp from any to ff02::12 keep state=20 pass log quick inet proto carp from any to 224.0.0.18 keep state=20 block drop in log quick proto tcp from to (self) port =3D ssh= =20 block drop in log quick proto tcp from to (self) port =3D http= s=20 block drop in log quick from to any=20 pass in log quick on igb1 inet6 proto udp from fe80::/10 port =3D dhcpv6-cl= ient to fe80::/10 port =3D dhcpv6-client keep state=20 pass in log quick on igb1 proto udp from any port =3D dhcpv6-server to any = port =3D dhcpv6-client keep state=20 pass out log quick on igb1 proto udp from any port =3D dhcpv6-client to any= port =3D dhcpv6-server keep state=20 pass in log quick on igb1 proto udp from any port =3D bootps to any port = =3D bootpc keep state=20 pass out log quick on igb1 proto udp from any port =3D bootpc to any port = =3D bootps keep state=20 pass in log quick on mce1_vlan10 inet proto udp from any port =3D bootpc to 255.255.255.255 port =3D bootps keep state=20 pass in log quick on mce1_vlan10 proto udp from any port =3D bootpc to (sel= f) port =3D bootps keep state=20 pass out log quick on mce1_vlan10 proto udp from (self) port =3D bootps to = any port =3D bootpc keep state=20 pass in log quick on mce1_vlan10 inet6 proto udp from fe80::/10 to fe80::/10 port =3D dhcpv6-client keep state=20 pass in log quick on mce1_vlan10 inet6 proto udp from fe80::/10 to ff02::/16 port =3D dhcpv6-client keep state=20 pass in log quick on mce1_vlan10 inet6 proto udp from fe80::/10 to ff02::/16 port =3D dhcpv6-server keep state=20 pass in log quick on mce1_vlan10 inet6 proto udp from ff02::/16 to fe80::/10 port =3D dhcpv6-server keep state=20 pass in log quick on mce1_vlan10 inet6 proto udp from fe80::/10 to (self) p= ort =3D dhcpv6-client keep state=20 pass out log quick on mce1_vlan10 inet6 proto udp from (self) port =3D dhcpv6-server to fe80::/10 keep state=20 pass in log quick on mce1_vlan4 inet proto udp from any port =3D bootpc to 255.255.255.255 port =3D bootps keep state=20 pass in log quick on mce1_vlan4 proto udp from any port =3D bootpc to (self= ) port =3D bootps keep state=20 pass out log quick on mce1_vlan4 proto udp from (self) port =3D bootps to a= ny port =3D bootpc keep state=20 pass in log quick on mce1_vlan4 inet6 proto udp from fe80::/10 to fe80::/10 port =3D dhcpv6-client keep state=20 pass in log quick on mce1_vlan4 inet6 proto udp from fe80::/10 to ff02::/16 port =3D dhcpv6-client keep state=20 pass in log quick on mce1_vlan4 inet6 proto udp from fe80::/10 to ff02::/16 port =3D dhcpv6-server keep state=20 pass in log quick on mce1_vlan4 inet6 proto udp from ff02::/16 to fe80::/10 port =3D dhcpv6-server keep state=20 pass in log quick on mce1_vlan4 inet6 proto udp from fe80::/10 to (self) po= rt =3D dhcpv6-client keep state=20 pass out log quick on mce1_vlan4 inet6 proto udp from (self) port =3D dhcpv6-server to fe80::/10 keep state=20 pass in log quick on mce1_vlan3 inet proto udp from any port =3D bootpc to 255.255.255.255 port =3D bootps keep state=20 pass in log quick on mce1_vlan3 proto udp from any port =3D bootpc to (self= ) port =3D bootps keep state=20 pass out log quick on mce1_vlan3 proto udp from (self) port =3D bootps to a= ny port =3D bootpc keep state=20 pass in log quick on mce1_vlan2 inet proto udp from any port =3D bootpc to 255.255.255.255 port =3D bootps keep state=20 pass in log quick on mce1_vlan2 proto udp from any port =3D bootpc to (self= ) port =3D bootps keep state=20 pass out log quick on mce1_vlan2 proto udp from (self) port =3D bootps to a= ny port =3D bootpc keep state=20 pass in log quick on mce1_vlan2 inet6 proto udp from fe80::/10 to fe80::/10 port =3D dhcpv6-client keep state=20 pass in log quick on mce1_vlan2 inet6 proto udp from fe80::/10 to ff02::/16 port =3D dhcpv6-client keep state=20 pass in log quick on mce1_vlan2 inet6 proto udp from fe80::/10 to ff02::/16 port =3D dhcpv6-server keep state=20 pass in log quick on mce1_vlan2 inet6 proto udp from ff02::/16 to fe80::/10 port =3D dhcpv6-server keep state=20 pass in log quick on mce1_vlan2 inet6 proto udp from fe80::/10 to (self) po= rt =3D dhcpv6-client keep state=20 pass out log quick on mce1_vlan2 inet6 proto udp from (self) port =3D dhcpv6-server to fe80::/10 keep state=20 pass in log quick on mce1_vlan6 inet proto udp from any port =3D bootpc to 255.255.255.255 port =3D bootps keep state=20 pass in log quick on mce1_vlan6 proto udp from any port =3D bootpc to (self= ) port =3D bootps keep state=20 pass out log quick on mce1_vlan6 proto udp from (self) port =3D bootps to a= ny port =3D bootpc keep state=20 pass in log quick on mce1_vlan6 inet6 proto udp from fe80::/10 to fe80::/10 port =3D dhcpv6-client keep state=20 pass in log quick on mce1_vlan6 inet6 proto udp from fe80::/10 to ff02::/16 port =3D dhcpv6-client keep state=20 pass in log quick on mce1_vlan6 inet6 proto udp from fe80::/10 to ff02::/16 port =3D dhcpv6-server keep state=20 pass in log quick on mce1_vlan6 inet6 proto udp from ff02::/16 to fe80::/10 port =3D dhcpv6-server keep state=20 pass in log quick on mce1_vlan6 inet6 proto udp from fe80::/10 to (self) po= rt =3D dhcpv6-client keep state=20 pass out log quick on mce1_vlan6 inet6 proto udp from (self) port =3D dhcpv6-server to fe80::/10 keep state=20 pass in log quick on mce1_vlan5 inet proto udp from any port =3D bootpc to 255.255.255.255 port =3D bootps keep state=20 pass in log quick on mce1_vlan5 proto udp from any port =3D bootpc to (self= ) port =3D bootps keep state=20 pass out log quick on mce1_vlan5 proto udp from (self) port =3D bootps to a= ny port =3D bootpc keep state=20 pass in log quick on mce1_vlan5 inet6 proto udp from fe80::/10 to fe80::/10 port =3D dhcpv6-client keep state=20 pass in log quick on mce1_vlan5 inet6 proto udp from fe80::/10 to ff02::/16 port =3D dhcpv6-client keep state=20 pass in log quick on mce1_vlan5 inet6 proto udp from fe80::/10 to ff02::/16 port =3D dhcpv6-server keep state=20 pass in log quick on mce1_vlan5 inet6 proto udp from ff02::/16 to fe80::/10 port =3D dhcpv6-server keep state=20 pass in log quick on mce1_vlan5 inet6 proto udp from fe80::/10 to (self) po= rt =3D dhcpv6-client keep state=20 pass out log quick on mce1_vlan5 inet6 proto udp from (self) port =3D dhcpv6-server to fe80::/10 keep state=20 pass in log quick on mce1_vlan1 inet proto udp from any port =3D bootpc to 255.255.255.255 port =3D bootps keep state=20 pass in log quick on mce1_vlan1 proto udp from any port =3D bootpc to (self= ) port =3D bootps keep state=20 pass out log quick on mce1_vlan1 proto udp from (self) port =3D bootps to a= ny port =3D bootpc keep state=20 pass in log quick on igb0 inet6 proto udp from fe80::/10 port =3D dhcpv6-cl= ient to fe80::/10 port =3D dhcpv6-client keep state=20 pass in log quick on igb0 proto udp from any port =3D dhcpv6-server to any = port =3D dhcpv6-client keep state=20 pass out log quick on igb0 proto udp from any port =3D dhcpv6-client to any= port =3D dhcpv6-server keep state=20 pass in log quick on igb0 proto udp from any port =3D bootps to any port = =3D bootpc keep state=20 pass out log quick on igb0 proto udp from any port =3D bootpc to any port = =3D bootps keep state=20 block drop in log quick on igb1 inet from to any=20 block drop in log quick on igb1 inet6 from to any=20 block drop in log quick on igb0 inet from to any=20 block drop in log quick on igb0 inet6 from to any=20 pass in quick on lo0 all no state=20 pass out log all flags S/SA keep state allow-opts=20 pass in log quick on mce1_vlan2 proto tcp from any to (self) port =3D ssh f= lags S/SA keep state=20 pass in log quick on mce1_vlan2 proto tcp from any to (self) port =3D http = flags S/SA keep state=20 pass in log quick on mce1_vlan2 proto tcp from any to (self) port =3D https= flags S/SA keep state=20 pass out log route-to (igb1 192.168.0.1) inet from (igb1) to ! (igb1:networ= k) flags S/SA keep state allow-opts=20 pass out log route-to (igb1 fe80::481d:70ff:feaf:b2) inet6 from (igb1) to ! (igb1:network) flags S/SA keep state allow-opts=20 pass out log route-to (igb0 100.64.0.1) inet from (igb0) to ! (igb0:network) flags S/SA keep state allow-opts=20 pass out log route-to (igb0 fe80::200:5eff:fe00:101) inet6 from (igb0) to ! (igb0:network) flags S/SA keep state allow-opts=20 pass in quick on mce1_vlan2 inet from (mce1_vlan2:network) to any flags S/SA keep state=20 pass in quick on mce1_vlan2 inet6 from (mce1_vlan2:network) to any flags S/= SA keep state=20 pass in quick on mce1_vlan2 inet6 from fe80::/10 to any flags S/SA keep sta= te=20 pass in quick on mce1_vlan1 inet from (mce1_vlan1:network) to any flags S/SA keep state=20 pass in quick on mce1_vlan3 inet from (mce1_vlan3:network) to any flags S/SA keep state=20 pass in quick on mce1_vlan4 inet from (mce1_vlan4:network) to any flags S/SA keep state=20 pass in quick on mce1_vlan4 inet6 from (mce1_vlan4:network) to any flags S/= SA keep state=20 pass in quick on mce1_vlan4 inet6 from fe80::/10 to any flags S/SA keep sta= te=20 pass in quick on mce1_vlan5 inet from (mce1_vlan5:network) to any flags S/SA keep state=20 pass in quick on mce1_vlan5 inet6 from (mce1_vlan5:network) to any flags S/= SA keep state=20 pass in quick on mce1_vlan5 inet6 from fe80::/10 to any flags S/SA keep sta= te=20 pass in quick on mce1_vlan6 inet from (mce1_vlan6:network) to any flags S/SA keep state=20 pass in quick on mce1_vlan6 inet6 from (mce1_vlan6:network) to any flags S/= SA keep state=20 pass in quick on mce1_vlan6 inet6 from fe80::/10 to any flags S/SA keep sta= te=20 pass in quick on mce1_vlan10 inet from (mce1_vlan10:network) to any flags S= /SA keep state=20 pass in quick on mce1_vlan10 inet6 from (mce1_vlan10:network) to any flags = S/SA keep state=20 pass in quick on mce1_vlan10 inet6 from fe80::/10 to any flags S/SA keep st= ate=20 There is no special traffic (40+ normal devices (servers/PC/phones)), but t= his panic will only happen if I configured IPv6, used for a few days on IPv4 on= ly without any issue. I can have like 90% chance to make it panic if I run IPv6 test on https://test-ipv6.com/ . It does seem to be related to IPv6 new connections, not loads. --=20 You are receiving this mail because: You are the assignee for the bug.=