On 5 Mar 2017, at 21:42, Kristof Provost wrote:
There’s only a couple of calls to uma_zfree() in
pf_get_translations().
These are:
* uma_zfree(V_pf_state_key_z, skp);
* uma_zfree(V_pf_state_key_z, *nkp);
* uma_zfree(V_pf_state_key_z, *skp);
Going by the inconsistent pointer use the first one is rather suspect.
Looking a bit deeper, pf_get_translation() is only called from one
place,
and it always passes stack variables for skp and nkp, so the first
call
ends up trying to free that, which won’t work too well.
That’s a bug (and I’ll fix it), but you’re only running into it
because
pf_state_key_clone() returned NULL, which will only happen under
memory
pressure.
The fix is done in r314702.
Regards,
Kristof
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
