Date: Sun, 5 Mar 2006 14:52:33 -0500 From: Kris Kennaway <kris@obsecurity.org> To: net@FreeBSD.org Subject: Double free in icmp6 processing? Message-ID: <20060305195233.GB2880@xor.obsecurity.org>
next in thread | raw e-mail | index | archive | help
--QTprm0S8XgL7H0Dt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I've been doing a lot of ping6'ing trying to track down the cause of the nd6 panics on sparc64 SMP machines, and I'm also seeing the following panic: -- memory address not aligned sfar=0xdedeadc0de sfsr=0x40029 %o7=0xc031d8e4 -- m_tag_delete_chain() at m_tag_delete_chain+0x28 mb_dtor_mbuf() at mb_dtor_mbuf+0x18 uma_zfree_arg() at uma_zfree_arg+0x18 m_freem() at m_freem+0x38 icmp6_error() at icmp6_error+0x61c icmp6_error2() at icmp6_error2+0x158 nd6_llinfo_timer() at nd6_llinfo_timer+0x158 softclock() at softclock+0x238 ithread_execute_handlers() at ithread_execute_handlers+0x144 ithread_loop() at ithread_loop+0xa4 fork_exit() at fork_exit+0x94 fork_trampoline() at fork_trampoline+0x8 which looks like a double free of an mbuf. Can someone take a look? Kris --QTprm0S8XgL7H0Dt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (FreeBSD) iD8DBQFEC0GBWry0BWjoQKURAhtwAKC8q2yBd9Fu2FQ5XBSREMtX/vM/sgCeNG8E bZ2b2aKCbnHstXBsYrN+Gv4= =w2/Y -----END PGP SIGNATURE----- --QTprm0S8XgL7H0Dt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060305195233.GB2880>