Nate Lawson wrote: > > Easy to reproduce -- boot single user. kldload ipfw.ko; kldunload > ipfw.ko. Next timeout, you get the following panic: > > panic: write, page not present > callout_reset() + 0x12c > tcp_isn_tick() + 0x3f > softclock > ithread_loop > > (gdb) l *callout_reset+0x12c > 0xc05011e8 is in callout_reset (../../../kern/kern_timeout.c:437). > 432 > 433 c->c_arg = arg; > 434 c->c_flags |= (CALLOUT_ACTIVE | CALLOUT_PENDING); > 435 c->c_func = ftn; > 436 c->c_time = ticks + to_ticks; > 437 TAILQ_INSERT_TAIL(&callwheel[c->c_time & callwheelmask], > 438 c, c_links.tqe); > 439 mtx_unlock_spin(&callout_lock); > 440 } > 441 > > (gdb) l *tcp_isn_tick+0x3f > 0xc0588c4f is in tcp_isn_tick (../../../netinet/tcp_subr.c:1368). > 1363 if (projected_offset > isn_offset) > 1364 isn_offset = projected_offset; > 1365 > 1366 isn_offset_old = isn_offset; > 1367 callout_reset(&isn_callout, 1, tcp_isn_tick, NULL); > 1368 } > 1369 > 1370 /* > 1371 * When a source quench is received, close congestion window > 1372 * to one segment. We will gradually open it again as we proceed. This doesn't really make sense. Nowhere in ip_fw2.c any tcp_* function is touched. However there might be a (long-standing) problem in ipfw2 which the patch below should fix. -- Andre Index: ip_fw2.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v retrieving revision 1.72 diff -u -p -r1.72 ip_fw2.c --- ip_fw2.c 19 Aug 2004 17:59:26 -0000 1.72 +++ ip_fw2.c 19 Aug 2004 22:52:12 -0000 _at__at_ -3421,8 +3421,8 _at__at_ ipfw_destroy(void) ip_fw_chk_ptr = NULL; ip_fw_ctl_ptr = NULL; + callout_drain(&ipfw_timeout); IPFW_LOCK(&layer3_chain); - callout_stop(&ipfw_timeout); layer3_chain.reap = NULL; free_chain(&layer3_chain, 1 /* kill default rule */); reap = layer3_chain.reap, layer3_chain.reap = NULL;Received on Thu Aug 19 2004 - 20:55:20 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:07 UTC