From arved@FreeBSD.org  Fri May 20 20:26:36 2005
Return-Path: <arved@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8782B16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 20 May 2005 20:26:36 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4172943DA6
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 20 May 2005 20:26:36 +0000 (GMT)
	(envelope-from arved@FreeBSD.org)
Received: from freefall.freebsd.org (arved@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j4KKQZXM002219
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 20 May 2005 20:26:35 GMT
	(envelope-from arved@freefall.freebsd.org)
Received: (from arved@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j4KKQZgd002218;
	Fri, 20 May 2005 20:26:35 GMT
	(envelope-from arved)
Message-Id: <200505202026.j4KKQZgd002218@freefall.freebsd.org>
Date: Fri, 20 May 2005 20:26:35 GMT
From: Tilman Linneweh <arved@arved.at>
Reply-To: Tilman Linneweh <arved@arved.at>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: panic: "Duplicate free of item %p from zone %p(%s)\n"
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         81324
>Category:       kern
>Synopsis:       [panic] "Duplicate free of item %p from zone %p(%s)\n"
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    darrenr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 20 20:30:10 GMT 2005
>Closed-Date:    Mon Aug 16 05:09:39 UTC 2010
>Last-Modified:  Mon Aug 16 05:09:39 UTC 2010
>Originator:     Tilman Linneweh
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD via.arved.de 5.4-STABLE FreeBSD 5.4-STABLE #12: Sun Apr 24 11:47:55 CEST 2005     root@via.arved.de:/usr/obj/usr/src/sys/VIA  i386


	
>Description:
	This bug has been reproducable since 5.3.
	The Machine is an ipfilter/ipnat Firewall. 
	The panic happens when another machine behind a different
	Firewall opens an SSH Session to a machine behind the ipnat-Gateway.
	and does not terminate it correctly (because it crashed itself, 
	or because a laptop is put into sleep)
	mode)

#22 0xc0532dbb in panic (
    fmt=0xc06e28f8 "Duplicate free of item %p from zone %p(%s)\n")
    at /usr/src/sys/kern/kern_shutdown.c:550
#23 0xc0657260 in uma_dbg_free (zone=0xc0c6aae0, slab=0xc1355fa8, 
    item=0xc1355e00) at /usr/src/sys/vm/uma_dbg.c:301
#24 0xc065602f in uma_zfree_arg (zone=0xc0c6aae0, item=0xc1355e00, udata=0x0)
    at /usr/src/sys/vm/uma_core.c:2273
#25 0xc0564b82 in m_freem (mb=0x0) at uma.h:304
#26 0xc044f864 in fr_check (ip=0xc1355e50, hlen=25, ifp=0xc1120000, out=0, 
    mp=0xca869c88) at /usr/src/sys/contrib/ipfilter/netinet/fil.c:1387
#27 0xc0451302 in fr_check_wrapper (arg=0x0, mp=0x0, ifp=0xc1120000, dir=1, 
    inp=0x0) at /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c:345
#28 0xc059cfad in pfil_run_hooks (ph=0xc0760c20, mp=0xca869cd4, 
    ifp=0xc1120000, dir=1, inp=0x0) at /usr/src/sys/net/pfil.c:137
#29 0xc05b2dd5 in ip_input (m=0xc1355e00)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/sys/netinet/ip_input.c:457
#30 0xc059ba12 in netisr_processqueue (ni=0xc075feb8)
    at /usr/src/sys/net/netisr.c:233
#31 0xc059bbc0 in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:340
#32 0xc0521088 in ithread_loop (arg=0xc1074400)
    at /usr/src/sys/kern/kern_intr.c:547
#33 0xc05204fc in fork_exit (callout=0xc0520f64 <ithread_loop>, 
    arg=0xc1074400, frame=0xca869d48) at /usr/src/sys/kern/kern_fork.c:790
#34 0xc067a08c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209

	
>How-To-Repeat:
	
>Fix:

	


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->darrenr 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Mon May 23 13:45:03 GMT 2005 
Responsible-Changed-Why:  
Over to ipfilter maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=81324 
State-Changed-From-To: open->closed 
State-Changed-By: arved 
State-Changed-When: Mon Aug 16 05:06:57 UTC 2010 
State-Changed-Why:  
I have been forced by this to switch to pf.  

Now several years have passed, and i am not interested in switching back to reproduce it. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=81324 
>Unformatted:
