Subject: Re: panic: multiple frees
To: None <firstname.lastname@example.org>
From: Niklas Hallqvist <email@example.com>
Date: 08/09/1995 01:12:30
>>>>> "Herb" == Herb Peyerl <firstname.lastname@example.org> writes:
Herb> For the last few days I've been trying to get a -current i386
Herb> machine running (Saturdays sources) and am encountering
Herb> I'm seeing "panic: multiple frees" with network traffic and it's
Herb> quite reproducible. It happens more frequently when bombarded
Herb> with NFS traffic but also happens quite regularly when bombarded
Herb> with "tar cvf | rsh tar xvf - " type activity... The stack trace
Herb> invariable has an "m_freem()" in it and somewhere further down
Herb> the loop has epintr() or epget() in it...
Herb> The machine is a generic i386/33 with an aha1542CF and a 3c509.
Herb> The machine bombarding it has a 3c509 in it as well...
Herb> Christos? Were you seeing similar weirdnesses? Anyone?
Well, we were a group discussing it on IRC and came to the conclusion
that the new ep driver must be writing out of bounds somewhere which
manifests itself like a free problem later. The backtrace doesn't
necessarily point to the function that is the culprit. I browsed
through epget and it looked as the lengths given to insw et. al were
correct, but the again, I just skimmed through the code. For these
types of things it would be nice to have some sort of kernel-purify,
I think Berndt Ernesti filed a PR yesterday on it... He'll be trying
some older if_ep versions to see exactly where the error got
I myself don't have a 3c509 so don't followup to me with possible
Niklas Hallqvist Phone: +46-(0)31-40 75 00
Applitron Datasystem Fax: +46-(0)31-83 39 50
Molndalsvagen 95 Email: email@example.com
S-412 63 GOTEBORG WWW: Here