kernel: mfree: m->m_nextpkt != NULL

Noritoshi Demizu demizu at dd.iij4u.or.jp
Tue Sep 20 04:52:58 PDT 2005


> What does this Subject mean?

I observed the same message last week.

I think it comes from printf() in m_free() of kern/uipc_mbuf.c.

m_free() has one argument "struct mbuf *m".
This message is printed when m->m_nextpkt != NULL.

> The traceback on the console is going through ip_freef and ip_slowtimo.

Thanks.  Here is an excerpt from netinet/ip_input.c rev 1.58.

  1359:	/*
  1360:	 * Free a fragment reassembly header and all
  1361:	 * associated datagrams.
  1362:	 */
  1363:	static void
  1364:	ip_freef(struct ipq *fp)
  1365:	{
  1366:		struct mbuf *q;
  1367:	   
  1368:		while (fp->ipq_frags) {
  1369:			q = fp->ipq_frags;
  1370:			fp->ipq_frags = q->m_nextpkt;
+			q->m_nextpkt = NULL;
  1371:			m_freem(q);
  1372:		}
  1373:		remque(fp);
  1374:		mpipe_free(&ipq_mpipe, fp);
  1375:		nipq--;
  1376:	}

m_freem() frees an mbuf chain.  It calls m_free() to free each mbuf.
So, I think q->m_nextpkt should be cleared before calling m_freem().
If we add the line indicated by the '+' sign above, I think this
problem will be fixed.

I will try this modificatioin on Thursday.

Regards,
Noritoshi Demizu





More information about the Kernel mailing list