Re: panic on kldunload ipfw.ko

From: Andre Oppermann <andre_at_freebsd.org>
Date: Fri, 20 Aug 2004 00:55:17 +0200
Nate Lawson wrote:
> 
> Easy to reproduce -- boot single user.  kldload ipfw.ko; kldunload
> ipfw.ko.  Next timeout, you get the following panic:
> 
> panic: write, page not present
> callout_reset() + 0x12c
> tcp_isn_tick() + 0x3f
> softclock
> ithread_loop
> 
> (gdb) l *callout_reset+0x12c
> 0xc05011e8 is in callout_reset (../../../kern/kern_timeout.c:437).
> 432
> 433             c->c_arg = arg;
> 434             c->c_flags |= (CALLOUT_ACTIVE | CALLOUT_PENDING);
> 435             c->c_func = ftn;
> 436             c->c_time = ticks + to_ticks;
> 437             TAILQ_INSERT_TAIL(&callwheel[c->c_time & callwheelmask],
> 438                               c, c_links.tqe);
> 439             mtx_unlock_spin(&callout_lock);
> 440     }
> 441
> 
> (gdb) l *tcp_isn_tick+0x3f
> 0xc0588c4f is in tcp_isn_tick (../../../netinet/tcp_subr.c:1368).
> 1363            if (projected_offset > isn_offset)
> 1364                    isn_offset = projected_offset;
> 1365
> 1366            isn_offset_old = isn_offset;
> 1367            callout_reset(&isn_callout, 1, tcp_isn_tick, NULL);
> 1368    }
> 1369
> 1370    /*
> 1371     * When a source quench is received, close congestion window
> 1372     * to one segment.  We will gradually open it again as we proceed.

This doesn't really make sense.  Nowhere in ip_fw2.c any tcp_* function
is touched.  However there might be a (long-standing) problem in ipfw2
which the patch below should fix.

-- 
Andre


Index: ip_fw2.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.72
diff -u -p -r1.72 ip_fw2.c
--- ip_fw2.c	19 Aug 2004 17:59:26 -0000	1.72
+++ ip_fw2.c	19 Aug 2004 22:52:12 -0000
_at__at_ -3421,8 +3421,8 _at__at_ ipfw_destroy(void)
 
 	ip_fw_chk_ptr = NULL;
 	ip_fw_ctl_ptr = NULL;
+	callout_drain(&ipfw_timeout);
 	IPFW_LOCK(&layer3_chain);
-	callout_stop(&ipfw_timeout);
 	layer3_chain.reap = NULL;
 	free_chain(&layer3_chain, 1 /* kill default rule */);
 	reap = layer3_chain.reap, layer3_chain.reap = NULL;
Received on Thu Aug 19 2004 - 20:55:20 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:07 UTC