[DragonFlyBSD - Bug #3228] pfi_kif_unref: state refcount <= 0 in dmesg

bugtracker-admin at leaf.dragonflybsd.org bugtracker-admin at leaf.dragonflybsd.org
Fri Mar 5 06:39:47 PST 2021

Issue #3228 has been updated by peeter.

I noticed there might be a way to systematically reproduce the error by doing a port scan on the machine in question. One of my machines was port scanned, possibly with nmap, over a larger number of ports (more than just services, ie > 1024). Upon discovering open ports 22, 80, 443, the scanner tried to 

- log in via ssh with ssh1
- issued a large number of requests to nginx, which began with

"TRACE / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"

and then continued to a large number of things like 

"\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\xF8n\xC2\xCCy\xB3O0\x1D\xA3\xE0h\xCBE\x1F\xE39d)\xE7\xF3\x9B\xA6W\xEFg0A=\xEE\xBAk \x9E8w\xC57\xB8\xEF\xCC\x01&\x92\xCE\xF9\x06\xDF\xDC\xCF\xC1t\xCFZN\xB1\xFD\xB0\x157\x91\xBF\x03y\x1F\x00\x9C\x13\x02\x13\x03\x13\x01\x003\x009\x005\x00/\xC0,\xC00\x00\xA3\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0\xAF\xC0\xAD\xC0\xA3\xC0\x9F\xC0]\xC0a\xC0W\xC0S\xC0+\xC0/\x00\xA2\x00\x9E\xC0\xAE\xC0\xAC\xC0\xA2\xC0\x9E\xC0\x5C\xC0`\xC0V\xC0R\xC0$\xC0(\x00k\x00j\xC0s\xC0w\x00\xC4\x00\xC3\xC0#\xC0'\x00g\x00@\xC0r\xC0v\x00\xBE\x00\xBD\xC0" 400 157 "-" "-"

Over one minute pf issued about 20 messages 

"pfi_kif_unref: state refcount <= 0"

If such behavior indeed reproduces the message, it might help track down the bug.

Bug #3228: pfi_kif_unref: state refcount <= 0 in dmesg

* Author: justin
* Status: New
* Priority: Low
* Assignee: 
* Category: 
* Target version: 
I see this in dmesg:

pfi_kif_unref: state refcount <= 0

Maybe about 100-125 in a day, in an estimate.  This machine is using pf to NAT, with a few extra rules that are not in use.  There doesn't seem to be any harm in these messages, but they've been going on for a long time.  (several releases at least.)

You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

More information about the Bugs mailing list