Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Jan 1996 09:58:56 -0500 (EST)
From:      Denis Fortin <fortinde@dmr.ca>
To:        bugs@freebsd.org
Cc:        fortin@acm.org
Subject:   2.0.5 crashes daily: multiple frees is if_ppp.c -> more info
Message-ID:  <199601221458.JAA03015@poterne.mtl.dmr.ca>
index | next in thread | raw e-mail 

Greetings...

	I've just done a send-pr to describe a problem that we're having
that is causing our internet gateway to crash almost daily.	The
problem appears to be in /sys/net/if_ppp.c and be caused by "Multiple frees".

	I have included a gdb traceback in my send-pr, but I've just 
noticed that I've done the "info locals" at the wrong frame level, so
it's not as useful as it could be.  Here is a better version that shows
the values of the locals in if_ppp.c...

--->CUT HERE<---
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.13 (i386-unknown-freebsd), 
Copyright 1994 Free Software Foundation, Inc...
IdlePTD 1f0000
current pcb at 1c3f70
panic: free: multiple frees
#0  boot (arghowto=256) at ../../i386/i386/machdep.c:870
870				dumppcb.pcb_ptd = rcr3();
(kgdb) bt
#0  boot (arghowto=256) at ../../i386/i386/machdep.c:870
#1  0xf0112843 in panic (fmt=0xf010b9b2 "free: multiple frees")
    at ../../kern/subr_prf.c:128
#2  0xf010ba93 in free (addr=0xf1520180, type=1)
    at ../../kern/kern_malloc.c:337
#3  0xf013582e in pppstart (tp=0xf01c23e4) at ../../net/if_ppp.c:1028
#4  0xf01a84fc in siopoll () at ../../i386/isa/sio.c:1569
#5  0xf018e667 in doreti_swi ()
#6  0xf019688c in cpu_switch ()
(kgdb) up
#1  0xf0112843 in panic (fmt=0xf010b9b2 "free: multiple frees")
    at ../../kern/subr_prf.c:128
128		boot(bootopt);
(kgdb) up
#2  0xf010ba93 in free (addr=0xf1520180, type=1)
    at ../../kern/kern_malloc.c:337
337				panic("free: multiple frees");
(kgdb) up
#3  0xf013582e in pppstart (tp=0xf01c23e4) at ../../net/if_ppp.c:1028
1028		    MFREE(m, m2);
(kgdb) l
1023			    (*tp->t_oproc)(tp);
1024			return 0;	/* can't do any more at the moment */
1025		    }
1026	
1027		    /* Finished with this mbuf; free it and move on. */
1028		    MFREE(m, m2);
1029		    if (m2 == NULL)
1030			break;
1031	
1032		    m = m2;
(kgdb) info loc
sc = (struct ppp_softc *) 0xf01c43cc
m = (struct mbuf *) 0xf1520180
len = 0
start = (unsigned char *) 0xf15201c4 "\237Ö"
stop = (unsigned char *) 0xf15201c4 "\237Ö"
cp = (unsigned char *) 0xf151b280 "\200õQñ"
n = -246304128
ndone = 0
done = 1
m2 = (struct mbuf *) 0xf151b280
(kgdb) quit
--->CUT HERE<---
-- 
Denis Fortin                                               denis.fortin@dmr.ca
DMR Group Inc, +1 (514) 877-3301                     These opinions are my own
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601221458.JAA03015>