Date: Sat, 21 May 2005 05:53:19 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Tilman Linneweh <arved@arved.at> Cc: freebsd-bugs@freebsd.org Subject: Re: kern/81324: panic: "Duplicate free of item %p from zone %p(%s)\n" Message-ID: <20050521025318.GB1264@gothmog.gr> In-Reply-To: <200505202026.j4KKQZgd002218@freefall.freebsd.org> References: <200505202026.j4KKQZgd002218@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-05-20 20:26, Tilman Linneweh <arved@arved.at> wrote: > This bug has been reproducable since 5.3. The Machine is an > ipfilter/ipnat Firewall. The panic happens when another machine > behind a different Firewall opens an SSH Session to a machine behind > the ipnat-Gateway. and does not terminate it correctly (because it > crashed itself, or because a laptop is put into sleep) mode) > > #22 0xc0532dbb in panic ( > fmt=0xc06e28f8 "Duplicate free of item %p from zone %p(%s)\n") > at /usr/src/sys/kern/kern_shutdown.c:550 > #23 0xc0657260 in uma_dbg_free (zone=0xc0c6aae0, slab=0xc1355fa8, > item=0xc1355e00) at /usr/src/sys/vm/uma_dbg.c:301 > #24 0xc065602f in uma_zfree_arg (zone=0xc0c6aae0, item=0xc1355e00, udata=0x0) > at /usr/src/sys/vm/uma_core.c:2273 > #25 0xc0564b82 in m_freem (mb=0x0) at uma.h:304 > #26 0xc044f864 in fr_check (ip=0xc1355e50, hlen=25, ifp=0xc1120000, out=0, > mp=0xca869c88) at /usr/src/sys/contrib/ipfilter/netinet/fil.c:1387 > #27 0xc0451302 in fr_check_wrapper (arg=0x0, mp=0x0, ifp=0xc1120000, dir=1, > inp=0x0) at /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c:345 > #28 0xc059cfad in pfil_run_hooks (ph=0xc0760c20, mp=0xca869cd4, > ifp=0xc1120000, dir=1, inp=0x0) at /usr/src/sys/net/pfil.c:137 > #29 0xc05b2dd5 in ip_input (m=0xc1355e00) > at /usr/src/sys/netinet/ip_input.c:457 That's odd... The pfil_run_hooks() function passes the address of a local struct mbuf, which should be on the stack. How can this ever appear as a null pointer (mp=0x0) in frame #27 ?!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050521025318.GB1264>