sonewconn: pru_attach() failed and kernel panic in PF
Kristof Provost
kp at FreeBSD.org
Sun Mar 5 13:19:10 UTC 2017
On 5 Mar 2017, at 21:42, Kristof Provost wrote:
> There’s only a couple of calls to uma_zfree() in
> pf_get_translations().
>
> These are:
> * uma_zfree(V_pf_state_key_z, skp);
> * uma_zfree(V_pf_state_key_z, *nkp);
> * uma_zfree(V_pf_state_key_z, *skp);
>
> Going by the inconsistent pointer use the first one is rather suspect.
> Looking a bit deeper, pf_get_translation() is only called from one
> place,
> and it always passes stack variables for skp and nkp, so the first
> call
> ends up trying to free that, which won’t work too well.
>
> That’s a bug (and I’ll fix it), but you’re only running into it
> because
> pf_state_key_clone() returned NULL, which will only happen under
> memory
> pressure.
>
The fix is done in r314702.
Regards,
Kristof
More information about the freebsd-pf
mailing list