kernel: mfree: m->m_nextpkt != NULL
Noritoshi Demizu
demizu at dd.iij4u.or.jp
Tue Sep 20 04:52:58 PDT 2005
> What does this Subject mean?
I observed the same message last week.
I think it comes from printf() in m_free() of kern/uipc_mbuf.c.
m_free() has one argument "struct mbuf *m".
This message is printed when m->m_nextpkt != NULL.
> The traceback on the console is going through ip_freef and ip_slowtimo.
Thanks. Here is an excerpt from netinet/ip_input.c rev 1.58.
1359: /*
1360: * Free a fragment reassembly header and all
1361: * associated datagrams.
1362: */
1363: static void
1364: ip_freef(struct ipq *fp)
1365: {
1366: struct mbuf *q;
1367:
1368: while (fp->ipq_frags) {
1369: q = fp->ipq_frags;
1370: fp->ipq_frags = q->m_nextpkt;
+ q->m_nextpkt = NULL;
1371: m_freem(q);
1372: }
1373: remque(fp);
1374: mpipe_free(&ipq_mpipe, fp);
1375: nipq--;
1376: }
m_freem() frees an mbuf chain. It calls m_free() to free each mbuf.
So, I think q->m_nextpkt should be cleared before calling m_freem().
If we add the line indicated by the '+' sign above, I think this
problem will be fixed.
I will try this modificatioin on Thursday.
Regards,
Noritoshi Demizu
More information about the Kernel
mailing list