Date: Mon, 22 Jan 1996 09:58:56 -0500 (EST) From: Denis Fortin <fortinde@dmr.ca> To: bugs@freebsd.org Cc: fortin@acm.org Subject: 2.0.5 crashes daily: multiple frees is if_ppp.c -> more info Message-ID: <199601221458.JAA03015@poterne.mtl.dmr.ca>
next in thread | raw e-mail | index | archive | help
Greetings...
I've just done a send-pr to describe a problem that we're having
that is causing our internet gateway to crash almost daily. The
problem appears to be in /sys/net/if_ppp.c and be caused by "Multiple frees".
I have included a gdb traceback in my send-pr, but I've just
noticed that I've done the "info locals" at the wrong frame level, so
it's not as useful as it could be. Here is a better version that shows
the values of the locals in if_ppp.c...
--->CUT HERE<---
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.13 (i386-unknown-freebsd),
Copyright 1994 Free Software Foundation, Inc...
IdlePTD 1f0000
current pcb at 1c3f70
panic: free: multiple frees
#0 boot (arghowto=256) at ../../i386/i386/machdep.c:870
870 dumppcb.pcb_ptd = rcr3();
(kgdb) bt
#0 boot (arghowto=256) at ../../i386/i386/machdep.c:870
#1 0xf0112843 in panic (fmt=0xf010b9b2 "free: multiple frees")
at ../../kern/subr_prf.c:128
#2 0xf010ba93 in free (addr=0xf1520180, type=1)
at ../../kern/kern_malloc.c:337
#3 0xf013582e in pppstart (tp=0xf01c23e4) at ../../net/if_ppp.c:1028
#4 0xf01a84fc in siopoll () at ../../i386/isa/sio.c:1569
#5 0xf018e667 in doreti_swi ()
#6 0xf019688c in cpu_switch ()
(kgdb) up
#1 0xf0112843 in panic (fmt=0xf010b9b2 "free: multiple frees")
at ../../kern/subr_prf.c:128
128 boot(bootopt);
(kgdb) up
#2 0xf010ba93 in free (addr=0xf1520180, type=1)
at ../../kern/kern_malloc.c:337
337 panic("free: multiple frees");
(kgdb) up
#3 0xf013582e in pppstart (tp=0xf01c23e4) at ../../net/if_ppp.c:1028
1028 MFREE(m, m2);
(kgdb) l
1023 (*tp->t_oproc)(tp);
1024 return 0; /* can't do any more at the moment */
1025 }
1026
1027 /* Finished with this mbuf; free it and move on. */
1028 MFREE(m, m2);
1029 if (m2 == NULL)
1030 break;
1031
1032 m = m2;
(kgdb) info loc
sc = (struct ppp_softc *) 0xf01c43cc
m = (struct mbuf *) 0xf1520180
len = 0
start = (unsigned char *) 0xf15201c4 "\237Ö"
stop = (unsigned char *) 0xf15201c4 "\237Ö"
cp = (unsigned char *) 0xf151b280 "\200õQñ"
n = -246304128
ndone = 0
done = 1
m2 = (struct mbuf *) 0xf151b280
(kgdb) quit
--->CUT HERE<---
--
Denis Fortin denis.fortin@dmr.ca
DMR Group Inc, +1 (514) 877-3301 These opinions are my own
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601221458.JAA03015>