https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201879
Kristof Provost <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Kristof Provost <[email protected]> --- The dump suggests something's wrong with the pf_fragqueue. It looks like an element was freed but not removed from the list (based on the fault address of 0xdeadc0de, and the PC shows the panic is at the first dereference of the frag taken from the list). I don't understand how that can happen though. The list manipulations are always done with the pf_frag_mtx mutex held so it can't be a race. Any free of fragments is done through pf_remove_fragment(), which immediately removes it from the tailq. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
