Re: pf cannot allocate memory after a time

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Thu, 23 Dec 2021 14:39:03 UTC

On 11 Dec 2021, at 17:14, tech-lists wrote:
> context: main-n251261-25d0ccbe101 on arm64.aarch64 (raspberry 
> pi4b/8GB)
…
> pfctl: Cannot allocate memory.
>
<long story snipped>

See also https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260406

Tl;dr: pfctl fails to add addresses to a table because an uma_zalloc() 
call fails).

vmstat -z output:

	ITEM                   SIZE  LIMIT     USED     FREE      REQ     
FAILSLEEP XDOMAIN
	pf table entries:       160, 400000,   15196,    1604,   36039,   9,   
0,   0

We can clearly see the memory allocation failure there, but no obvious 
reason why.
It appears that there’s plenty of free memory, and we’re also 
clearly far away from the configured limit. Nevertheless the 
uma_zalloc() call returns NULL.

I’ve tried to dtrace that, but ran into impossible results from dtrace 
(the uma_zalloc_args:return probe did not fire, but the 
pfr_create_kentry:return did. pfr_create_kentry() unconditionally calls 
uma_zalloc_args(), so that shouldn’t be possible).

Right now the suspicion is that there’s something strange going on 
with the arm64 allocator (because it’s not been seen on amd64 so far), 
but I’m generally uncertain of everything, other than it’s not 
actually pf’s fault that it’s not getting memory.

Best regards,
Kristof