Why do I have unmarked packets / connections?

I have the following setup:

/ip firewall mangle
add action=mark-connection chain=prerouting comment="Mark Everything" disabled=no new-connection-mark=everything passthrough=yes
add action=mark-connection chain=prerouting comment="n-zone -> extern" connection-mark=everything disabled=no dst-address-list=!n-zone new-connection-mark=\
    extern passthrough=yes src-address-list=n-zone
add action=mark-connection chain=prerouting comment="extern -> n-zone" connection-mark=everything disabled=no dst-address-list=n-zone new-connection-mark=\
    extern passthrough=yes src-address-list=!n-zone
add action=mark-connection chain=prerouting comment="n-zone <-> n-zone" connection-mark=everything disabled=no dst-address-list=n-zone new-connection-mark=\
    local passthrough=yes src-address-list=n-zone
add action=mark-packet chain=prerouting comment=extern_trafic connection-mark=extern disabled=no new-packet-mark=extern_trafic passthrough=no
add action=mark-packet chain=prerouting comment=local_trafic connection-mark=local disabled=no new-packet-mark=local_trafic passthrough=no
add action=log chain=prerouting comment=wtf disabled=no log-prefix="[WTF CONNECTION]"
add action=mark-connection chain=prerouting comment=wtf disabled=no new-connection-mark=wtf passthrough=yes

And I can’t seem to understand why exactly do I have “wtf” packets since I’m marking everything. Anyone could enlighten me?

In first rule you are marking all connections, then in between you are remarking some connections and at the end all connections that do not match any of rules between first and last are remarked as WTF.

I know what I’m doing - but WHY don’t they match anything?

what about ‘src-address-list=!n-zone dst-address-list=!n-zone’? =)