Date: Tue, 7 Mar 2017 10:04:00 +0900 From: Kristof Provost <kp@FreeBSD.org> To: Ross <basarevych@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: sonewconn: pru_attach() failed and kernel panic in PF Message-ID: <2EA59710-A019-4654-A85C-BE7A7DF56EB3@FreeBSD.org> In-Reply-To: <F5E22FFD-FE2D-4A1A-B284-D7B660CCF9BF@FreeBSD.org> References: <CANmv3=xB0Kce4ZQ4GYBE0cNpam0jzGPX7dSYSVBPiT-sryCyHA@mail.gmail.com> <D0CD7B4C-2C21-4ABE-9F1B-41E5414A9A8A@FreeBSD.org> <F5E22FFD-FE2D-4A1A-B284-D7B660CCF9BF@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
So it turns out I shouldn't commit things when jet lagged. You want r314810 in head. The other one was mistakenly done in stable/11. It needed to go there sooner or later so I'm just going to leave it. Regards, Kristof > On 5 Mar 2017, at 22:19, Kristof Provost <kp@FreeBSD.org> wrote: > >> On 5 Mar 2017, at 21:42, Kristof Provost wrote: >> There’s only a couple of calls to uma_zfree() in pf_get_translations(). >> >> These are: >> * uma_zfree(V_pf_state_key_z, skp); >> * uma_zfree(V_pf_state_key_z, *nkp); >> * uma_zfree(V_pf_state_key_z, *skp); >> >> Going by the inconsistent pointer use the first one is rather suspect. >> Looking a bit deeper, pf_get_translation() is only called from one place, >> and it always passes stack variables for skp and nkp, so the first call >> ends up trying to free that, which won’t work too well. >> >> That’s a bug (and I’ll fix it), but you’re only running into it because >> pf_state_key_clone() returned NULL, which will only happen under memory >> pressure. >> > The fix is done in r314702. > > Regards, > Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2EA59710-A019-4654-A85C-BE7A7DF56EB3>