woods@most.weird.com (Greg A. Woods) writes:

> This is NetBSD-1.3.3 with the sys_accept() patch I posted, as well as
> [...]
> Ever since trying either the original patch suggested by Darren, or my
> patch using ffree() instead of closef() the kernel has been reporting
> various numbers (about 80 yesterday, then only about 9 before the crash)
> of messages like the following just as squid does its log rotation:

I don't see what's surprising about this.  fdalloc() put the struct
file (`fp') into the process's file descriptor table, but your ffree()
call did not remove it.  Any future operation on that file descriptor
-- including cleanup during process exit -- will thus walk a stale
pointer.

You should have used fdrelease() instead.

I'm quite disturbed that such a change was made without actually
testing it prior to commit.