Date: Tue, 7 Mar 2017 10:04:00 +0900 From: Kristof Provost <kp@FreeBSD.org> To: Ross <basarevych@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: sonewconn: pru_attach() failed and kernel panic in PF Message-ID: <2EA59710-A019-4654-A85C-BE7A7DF56EB3@FreeBSD.org> In-Reply-To: <F5E22FFD-FE2D-4A1A-B284-D7B660CCF9BF@FreeBSD.org> References: <CANmv3=xB0Kce4ZQ4GYBE0cNpam0jzGPX7dSYSVBPiT-sryCyHA@mail.gmail.com> <D0CD7B4C-2C21-4ABE-9F1B-41E5414A9A8A@FreeBSD.org> <F5E22FFD-FE2D-4A1A-B284-D7B660CCF9BF@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
So it turns out I shouldn't commit things when jet lagged.=20 You want r314810 in head. The other one was mistakenly done in stable/11. It= needed to go there sooner or later so I'm just going to leave it.=20 Regards, Kristof > On 5 Mar 2017, at 22:19, Kristof Provost <kp@FreeBSD.org> wrote: >=20 >> On 5 Mar 2017, at 21:42, Kristof Provost wrote: >> There=E2=80=99s only a couple of calls to uma_zfree() in pf_get_translati= ons(). >>=20 >> These are: >> * uma_zfree(V_pf_state_key_z, skp); >> * uma_zfree(V_pf_state_key_z, *nkp); >> * uma_zfree(V_pf_state_key_z, *skp); >>=20 >> Going by the inconsistent pointer use the first one is rather suspect. >> Looking a bit deeper, pf_get_translation() is only called from one place,= >> and it always passes stack variables for skp and nkp, so the first call >> ends up trying to free that, which won=E2=80=99t work too well. >>=20 >> That=E2=80=99s a bug (and I=E2=80=99ll fix it), but you=E2=80=99re only r= unning into it because >> pf_state_key_clone() returned NULL, which will only happen under memory >> pressure. >>=20 > The fix is done in r314702. >=20 > Regards, > Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2EA59710-A019-4654-A85C-BE7A7DF56EB3>