panic on kldunload ipfw.ko
Andre Oppermann
andre at freebsd.org
Thu Aug 19 15:55:20 PDT 2004
Nate Lawson wrote:
>
> Easy to reproduce -- boot single user. kldload ipfw.ko; kldunload
> ipfw.ko. Next timeout, you get the following panic:
>
> panic: write, page not present
> callout_reset() + 0x12c
> tcp_isn_tick() + 0x3f
> softclock
> ithread_loop
>
> (gdb) l *callout_reset+0x12c
> 0xc05011e8 is in callout_reset (../../../kern/kern_timeout.c:437).
> 432
> 433 c->c_arg = arg;
> 434 c->c_flags |= (CALLOUT_ACTIVE | CALLOUT_PENDING);
> 435 c->c_func = ftn;
> 436 c->c_time = ticks + to_ticks;
> 437 TAILQ_INSERT_TAIL(&callwheel[c->c_time & callwheelmask],
> 438 c, c_links.tqe);
> 439 mtx_unlock_spin(&callout_lock);
> 440 }
> 441
>
> (gdb) l *tcp_isn_tick+0x3f
> 0xc0588c4f is in tcp_isn_tick (../../../netinet/tcp_subr.c:1368).
> 1363 if (projected_offset > isn_offset)
> 1364 isn_offset = projected_offset;
> 1365
> 1366 isn_offset_old = isn_offset;
> 1367 callout_reset(&isn_callout, 1, tcp_isn_tick, NULL);
> 1368 }
> 1369
> 1370 /*
> 1371 * When a source quench is received, close congestion window
> 1372 * to one segment. We will gradually open it again as we proceed.
This doesn't really make sense. Nowhere in ip_fw2.c any tcp_* function
is touched. However there might be a (long-standing) problem in ipfw2
which the patch below should fix.
--
Andre
Index: ip_fw2.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.72
diff -u -p -r1.72 ip_fw2.c
--- ip_fw2.c 19 Aug 2004 17:59:26 -0000 1.72
+++ ip_fw2.c 19 Aug 2004 22:52:12 -0000
@@ -3421,8 +3421,8 @@ ipfw_destroy(void)
ip_fw_chk_ptr = NULL;
ip_fw_ctl_ptr = NULL;
+ callout_drain(&ipfw_timeout);
IPFW_LOCK(&layer3_chain);
- callout_stop(&ipfw_timeout);
layer3_chain.reap = NULL;
free_chain(&layer3_chain, 1 /* kill default rule */);
reap = layer3_chain.reap, layer3_chain.reap = NULL;
More information about the freebsd-current
mailing list