Subject: kern/37037: ipnat: Data modified on freelist
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <Paul@stix.id.au, Ripke@stix.id.au>
List: netbsd-bugs
Date: 09/29/2007 10:15:01
>Number: 37037
>Category: kern
>Synopsis: ipnat: Data modified on freelist
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Sep 29 10:15:00 +0000 2007
>Originator: Paul Ripke
>Release: NetBSD 4.0_RC1
>Organization:
>Environment:
System: NetBSD zion.stix.org.au 4.0_RC1 NetBSD 4.0_RC1 (ZION) #1: Fri Sep 28 09:46:22 EST 2007 stix@hex.stix.org.au:/l/netbsd/netbsd-4/obj.i386/l/netbsd/netbsd-4/src/sys/arch/i386/compile/ZION i386
CVS update as of around 2007/09/28
$NetBSD: ip_state.c,v 1.15.2.8 2007/09/27 14:01:10 xtraeme Exp $
Architecture: i386
Machine: i386
>Description:
"ipnat -l" causing:
Sep 29 19:17:03 zion sudo: stix : TTY=ttyp2 ; PWD=/export/home/stix ; USER=root ; COMMAND=/usr/sbin/ipnat -l
Sep 29 19:17:13 zion /netbsd: Data modified on freelist: word 3 of object 0xc1df2080 size 36 previous type bar (0xc1e0f200 != 0xdeadbeef)
Sep 29 19:17:43 zion /netbsd: Data modified on freelist: word 3 of object 0xc1dbfdc0 size 36 previous type bar (0xc1f51e00 != 0xdeadbeef)
Possibly due to RDR sessions not expiring:
ksh$ sudo ipnat -l | grep RDR | wc -l
2168
ksh$ sudo ./ipnat -s
mapped in 77822 out 125346
added 3125 expired 944
no memory 0 bad nat 224
inuse 2181
rules 4
wilds 0
table 0xbfbfe95c list 0xc1e0f800
TCP Entries per state
0 1 2 3 4 5 6 7 8 9 10 11
0 0 0 0 2179 0 0 0 0 0 0 0
>How-To-Repeat:
/etc/ipnat.conf:
map pppoe0 192.168.0.0/16 -> 0/32 portmap tcp/udp 49152:65535 mssclamp 1440
map pppoe0 192.168.0.0/16 -> 0/32 mssclamp 1440
rdr ath0 0.0.0.0/0 port 80 -> 127.0.0.1 port 3128 tcp
rdr sk0 0.0.0.0/0 port 80 -> 127.0.0.1 port 3128 tcp
>Fix:
Unknown.