From mux@qualys.com  Sat Sep 15 09:37:01 2001
Return-Path: <mux@qualys.com>
Received: from noos.fr (e109.dhcp212-198-25.noos.fr [212.198.25.109])
	by hub.freebsd.org (Postfix) with ESMTP id 7402337B40F
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 15 Sep 2001 09:37:00 -0700 (PDT)
Received: (from mux@localhost)
	by noos.fr (8.11.6/8.11.4) id f8FGawe01383
	for FreeBSD-gnats-submit@freebsd.org; Sat, 15 Sep 2001 18:36:58 +0200 (CEST)
	(envelope-from mux)
Message-Id: <200109151636.f8FGawe01383@noos.fr>
Date: Sat, 15 Sep 2001 18:36:58 +0200 (CEST)
From: Maxime Henrion <mux@qualys.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] panic: static sysctl oid too high: 684 - when unloading snd_es137x.ko
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         30592
>Category:       kern
>Synopsis:       [PATCH] panic: static sysctl oid too high: 684 - when unloading snd_es137x.ko
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    roam
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 15 09:40:00 PDT 2001
>Closed-Date:    Wed Oct 26 00:17:36 GMT 2005
>Last-Modified:  Wed Oct 26 00:17:36 GMT 2005
>Originator:     Maxime Henrion
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD nebula.cybercable.fr 5.0-CURRENT FreeBSD 5.0-CURRENT #103: Sat Sep 15 18:03:06 CEST 2001 mux@nebula.cybercable.fr:/usr/src/sys/i386/compile/NEBULA i386

>Description:

panic: static sysctl oid too high: 684

(kgdb) bt
[...]
#10 0xc0189716 in sysctl_register_oid (oidp=0xc19710c0)
    at ../../../kern/kern_sysctl.c:127
#11 0xc01897f8 in sysctl_ctx_free (clist=0xc0cd3c68)
    at ../../../kern/kern_sysctl.c:192
(kgdb) list
191             while (e1 != NULL) {
192                     sysctl_register_oid(e1->entry);
193                     e1 = TAILQ_PREV(e1, sysctl_ctx_list, link);
194             }
(kgdb) print *e1->entry
$1 = {oid_parent = 0xc033d040, oid_link = {sle_next = 0x0}, oid_number = 684,
  oid_kind = -2113929215, oid_arg1 = 0xc0cd8540, oid_arg2 = 0,
  oid_name = 0xc0cd8550 "pcm0", oid_handler = 0, oid_fmt = 0xc0338b3d "N",
  oid_refcnt = 1}
(kgdb) printf "%x\n",e1->entry->oid_kind
82000001
 ^
 CTLFLAG_DYN

From src/sys/kern/kern_sysctl.c in sysctl_ctx_free() :
        /*
         * First perform a "dry run" to check if it's ok to remove oids.
         * XXX FIXME
         * XXX This algorithm is a hack. But I don't know any
         * XXX better solution for now...
         */

It appears in the comments of sysctl_ctx_free() that this function is a
hack.  It seems it sometimes has to re-register an oid, and sometimes
tries to re-register dynamic sysctls.  In that case it doesn't change
the oid_number of the oid, and just call sysctl_register_oid() which
panics because it is too high.

I'm not able to properly fix this function right now, because I don't
understand the reasons of this hack, however I can provide a patch
that sets the oid_number to OID_AUTO if it was greater or equal to
CTL_AUTO_START.  With this patch applied, I can now happily load and
unload my sound modules several times.

>How-To-Repeat:
	# kldunload snd_es137x

>Fix:

Note: It would perhaps be better to test oid_kind against CTLFLAG_DYN
instead of looking at the oid_number.

--- patch begins here ---
--- /usr/src/sys/kern/kern_sysctl.c	Fri Sep 14 21:01:08 2001
+++ kern_sysctl.c	Sat Sep 15 18:00:30 2001
@@ -189,6 +189,8 @@
 	else
 		e1 = TAILQ_LAST(clist, sysctl_ctx_list);
 	while (e1 != NULL) {
+		if (e1->entry->oid_number >= CTL_AUTO_START)
+			e1->entry->oid_number = OID_AUTO;
 		sysctl_register_oid(e1->entry);
 		e1 = TAILQ_PREV(e1, sysctl_ctx_list, link);
 	}
--- patch ends here ---


>Release-Note:
>Audit-Trail:

From: Maxime Henrion <mux@noos.fr>
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: kern/30592: [PATCH] panic: static sysctl oid too high: 684 - when unloading snd_es137x
Date: Sat, 15 Sep 2001 19:11:14 +0200

 	Hi,
 
 After reading sysctl_ctx_free(9), I now think my patch is bad.  It
 clearly says that the oid_number is not changed to preserve the order of
 oids in the tree and sysctl_register_oid() will not panic because it
 will reuse the existing oid.
 
 That means that in my case, the oid was really deleted and I don't knwo
 why.  I hope someone more aware than me will be able to fix it and I
 will continue to dig into this.
 
 Maxime Henrion
 -- 
 Don't be fooled by cheap finnish imitations ; BSD is the One True Code
 Key fingerprint = F9B6 1D5A 4963 331C 88FC  CA6A AB50 1EF2 8CBE 99D6
 Public Key : http://www.epita.fr/~henrio_m/
Responsible-Changed-From-To: freebsd-bugs->roam 
Responsible-Changed-By: roam 
Responsible-Changed-When: Sun Sep 16 01:28:06 PDT 2001 
Responsible-Changed-Why:  
I introduced this panic in rev. 1.112. 
I'm sitting on a patch discussed in -current and -audit, awaiting 
aproval from Andrzej Bialecki <abial@FreeBSD.org>; howevr I think 
I will commit it today. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=30592 
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Wed Oct 26 00:14:42 GMT 2005 
State-Changed-Why:  
Apparently fixed in version 1.117, 2001/10/12. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=30592 
>Unformatted:
