panic: TCP header not in one mbuf

YONETANI Tomokazu qhwt+dragonfly-bugs at les.ath.cx
Sun Jul 18 02:52:14 PDT 2004


On Sat, Jul 17, 2004 at 10:04:43PM -0700, Matthew Dillon wrote:
> 
> :No, it still panics at the same place with you patch applied.
> :I also updated the source to the latest(just before the update of
> :newvers.sh) and compiled the kernel with gcc2, but the same panic.
> 
>     Ok.  Further investigation has revealed that if the ip_mport() function
>     has to m_pullup() an mbuf and succeeds, the caller of ip_mport() will
>     still use the original (possibly now freed) mbuf rather then the one
>     modified by ip_mport().  Worse, if an error occurs in ip_mport() the
>     mbuf is not always freed, and the caller always frees it, leading to
>     a potential double-free.

Ok, this one did it! So far I'm seeing no panics while running cvsup
or downloading from ftp server. Thanks.





More information about the Bugs mailing list