Date: Fri, 1 Nov 2002 14:46:44 -0800 (PST) From: Bill Fenner <fenner@research.att.com> To: mime@traveller.cz Cc: current@FreeBSD.ORG Subject: Re: crash with network load (in tcp syncache ?) Message-ID: <200211012246.gA1Mki5n001478@stash.attlabs.att.com>
next in thread | raw e-mail | index | archive | help
sonewconn() hands sofree() a self-inconsistent socket -- so->so_head is
set, so so must be on a queue, but sonewconn() hasn't put it on a queue yet.
Please try this patch.
Bill
Index: uipc_socket2.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/uipc_socket2.c,v
retrieving revision 1.104
diff -u -r1.104 uipc_socket2.c
--- uipc_socket2.c 18 Sep 2002 19:44:11 -0000 1.104
+++ uipc_socket2.c 1 Nov 2002 22:40:52 -0000
@@ -192,7 +192,7 @@
return ((struct socket *)0);
if ((head->so_options & SO_ACCEPTFILTER) != 0)
connstatus = 0;
- so->so_head = head;
+ so->so_head = NULL;
so->so_type = head->so_type;
so->so_options = head->so_options &~ SO_ACCEPTCONN;
so->so_linger = head->so_linger;
@@ -209,6 +209,7 @@
return ((struct socket *)0);
}
+ so->so_head = head;
if (connstatus) {
TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
so->so_state |= SS_COMP;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211012246.gA1Mki5n001478>