Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Aug 2004 00:55:17 +0200
From:      Andre Oppermann <andre@freebsd.org>
To:        Nate Lawson <nate@root.org>
Cc:        current@freebsd.org
Subject:   Re: panic on kldunload ipfw.ko
Message-ID:  <41252FD5.C67E25E0@freebsd.org>
References:  <41251502.2020607@root.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Nate Lawson wrote:
> 
> Easy to reproduce -- boot single user.  kldload ipfw.ko; kldunload
> ipfw.ko.  Next timeout, you get the following panic:
> 
> panic: write, page not present
> callout_reset() + 0x12c
> tcp_isn_tick() + 0x3f
> softclock
> ithread_loop
> 
> (gdb) l *callout_reset+0x12c
> 0xc05011e8 is in callout_reset (../../../kern/kern_timeout.c:437).
> 432
> 433             c->c_arg = arg;
> 434             c->c_flags |= (CALLOUT_ACTIVE | CALLOUT_PENDING);
> 435             c->c_func = ftn;
> 436             c->c_time = ticks + to_ticks;
> 437             TAILQ_INSERT_TAIL(&callwheel[c->c_time & callwheelmask],
> 438                               c, c_links.tqe);
> 439             mtx_unlock_spin(&callout_lock);
> 440     }
> 441
> 
> (gdb) l *tcp_isn_tick+0x3f
> 0xc0588c4f is in tcp_isn_tick (../../../netinet/tcp_subr.c:1368).
> 1363            if (projected_offset > isn_offset)
> 1364                    isn_offset = projected_offset;
> 1365
> 1366            isn_offset_old = isn_offset;
> 1367            callout_reset(&isn_callout, 1, tcp_isn_tick, NULL);
> 1368    }
> 1369
> 1370    /*
> 1371     * When a source quench is received, close congestion window
> 1372     * to one segment.  We will gradually open it again as we proceed.

This doesn't really make sense.  Nowhere in ip_fw2.c any tcp_* function
is touched.  However there might be a (long-standing) problem in ipfw2
which the patch below should fix.

-- 
Andre


Index: ip_fw2.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.72
diff -u -p -r1.72 ip_fw2.c
--- ip_fw2.c	19 Aug 2004 17:59:26 -0000	1.72
+++ ip_fw2.c	19 Aug 2004 22:52:12 -0000
@@ -3421,8 +3421,8 @@ ipfw_destroy(void)
 
 	ip_fw_chk_ptr = NULL;
 	ip_fw_ctl_ptr = NULL;
+	callout_drain(&ipfw_timeout);
 	IPFW_LOCK(&layer3_chain);
-	callout_stop(&ipfw_timeout);
 	layer3_chain.reap = NULL;
 	free_chain(&layer3_chain, 1 /* kill default rule */);
 	reap = layer3_chain.reap, layer3_chain.reap = NULL;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41252FD5.C67E25E0>