On 29.8.2022. 20:01, Hrvoje Popovski wrote: > On 9.8.2022. 21:32, Hrvoje Popovski wrote: >> On 9.8.2022. 19:56, Alexandr Nedvedicky wrote: >>> this is a NULL pointer dereference panic. I think we've seen it few >>> months >>> back. patch below was applied to one of your test machines if I remember >>> correct. can you give it a try again to see if it will help? >>> >>> the change adds a mutex to pf_state structure to protect references >>> to keys attached to state. >>> >>> we also have to take into account a fact that pf_state_export() may be >>> presented with state which keys got detached. Hence we have to >>> skip such state when doing export. Therefore pf_state_export() >>> indicates a failure to hint caller whether data were written (success) >>> and we should move to next free slot in output buffer. Or nothing >>> got written (failure) and current slot in output buffer is still free. >> >> Hi, >> >> this diff is applied to firewall and I will monitor it. >> >> Thank you ... >> > > Hi, > > after 20 days with this diff firewall seems stable. Problem is that last > time firewall was up for long time too, and I'm not sure what triggered > that panic. I will update that firewall to latest snapshot, apply that > diff and wait... > >
Hi, after month or so with this diff firewall didn't panic.