Double free in icmp6 processing?
Kris Kennaway
kris at obsecurity.org
Sun Mar 5 19:52:34 UTC 2006
I've been doing a lot of ping6'ing trying to track down the cause of
the nd6 panics on sparc64 SMP machines, and I'm also seeing the
following panic:
-- memory address not aligned sfar=0xdedeadc0de sfsr=0x40029 %o7=0xc031d8e4 --
m_tag_delete_chain() at m_tag_delete_chain+0x28
mb_dtor_mbuf() at mb_dtor_mbuf+0x18
uma_zfree_arg() at uma_zfree_arg+0x18
m_freem() at m_freem+0x38
icmp6_error() at icmp6_error+0x61c
icmp6_error2() at icmp6_error2+0x158
nd6_llinfo_timer() at nd6_llinfo_timer+0x158
softclock() at softclock+0x238
ithread_execute_handlers() at ithread_execute_handlers+0x144
ithread_loop() at ithread_loop+0xa4
fork_exit() at fork_exit+0x94
fork_trampoline() at fork_trampoline+0x8
which looks like a double free of an mbuf. Can someone take a look?
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20060305/14a4ba7c/attachment.bin
More information about the freebsd-net
mailing list