panic: TCP header not in one mbuf
YONETANI Tomokazu
qhwt+dragonfly-bugs at les.ath.cx
Sun Jul 18 02:52:14 PDT 2004
On Sat, Jul 17, 2004 at 10:04:43PM -0700, Matthew Dillon wrote:
>
> :No, it still panics at the same place with you patch applied.
> :I also updated the source to the latest(just before the update of
> :newvers.sh) and compiled the kernel with gcc2, but the same panic.
>
> Ok. Further investigation has revealed that if the ip_mport() function
> has to m_pullup() an mbuf and succeeds, the caller of ip_mport() will
> still use the original (possibly now freed) mbuf rather then the one
> modified by ip_mport(). Worse, if an error occurs in ip_mport() the
> mbuf is not always freed, and the caller always frees it, leading to
> a potential double-free.
Ok, this one did it! So far I'm seeing no panics while running cvsup
or downloading from ftp server. Thanks.
More information about the Bugs
mailing list