From owner-freebsd-hackers  Mon Aug 12 20:39:18 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id UAA12353
          for hackers-outgoing; Mon, 12 Aug 1996 20:39:18 -0700 (PDT)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA12346;
          Mon, 12 Aug 1996 20:39:10 -0700 (PDT)
Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.12/8.6.9) id NAA19491; Tue, 13 Aug 1996 13:24:06 +0930
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199608130354.NAA19491@genesis.atrad.adelaide.edu.au>
Subject: Re: machine crashing, what panic: free means?
To: lmcsato@lmc.ericsson.se (Samy Touati)
Date: Tue, 13 Aug 1996 13:24:05 +0930 (CST)
Cc: terry@lambert.org, gpalmer@FreeBSD.ORG, hackers@FreeBSD.ORG
In-Reply-To: <Pine.Sola.3.91.960812223736.6012A-100000@chicago> from "Samy Touati" at Aug 12, 96 10:41:26 pm
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Samy Touati stands accused of saying:
> 
> Reading symbols from kernel.debug...done.
> (kgdb) exec-file /var/crash/kernel.1
> (kgdb) core-file /var/crash/vmcore.1
> IdlePTD 1c9000
> current pcb at 1b5ff8
> panic: free: multiple frees
> #0  boot (howto=256) at ../../i386/i386/machdep.c:892
> 892                                     dumppcb.pcb_ptd = rcr3();
> (kgdb) where
> #0  boot (howto=256) at ../../i386/i386/machdep.c:892
> #1  0xf0112a73 in panic (fmt=0xf010baa2 "free: multiple frees")
>     at ../../kern/subr_prf.c:124
> #2  0xf010bb83 in free (addr=0xf05c4b80, type=1)
>     at ../../kern/kern_malloc.c:337 
> #3  0xf0138aca in pppstart (tp=0xf01b52e8) at ../../net/if_ppp.c:1042
> #4  0xf019ed7b in siopoll () at ../../i386/isa/sio.c:1554
> #5  0xf0187067 in doreti_swi ()
> #6  0xf018f25c in cpu_switch ()
> 
> 
> After browsing through the sources, it seems that the problem is related 
> to the sio port being saturated.

It has nothing at all to do with that; the problem looks like it's to
do with a corrupted mbuf chain.  (1042 is near an MFREE() macro).

There was a nasty buffer overflow bug in the ppp code in 2.1 that has
subsequently been fixed.  This may be your culprit.

> Right now I'm using a 486DX 33, will a DX66 help?

No.

> I don't have 2.1.5 yet, does anybody knows if sio.c has been changed to 
> address this problem?

sio.c has nothing to do with this.

> I'm going to reduce the spped of the serial port to 112000 bauds and see 
> if this helps.

It won't solve the basic problem.  And you can't set a port to 112000.

> Samy

-- 
]] Mike Smith, Software Engineer        msmith@atrad.adelaide.edu.au    [[
]] Genesis Software                     genesis@atrad.adelaide.edu.au   [[
]] High-speed data acquisition and      (GSM mobile) 0411-222-496       [[
]] realtime instrument control          (ph/fax)  +61-8-267-3039        [[
]] Collector of old Unix hardware.      "Where are your PEZ?" The Tick  [[