panic: Bad tailq NEXT (kqueue issue ?)

Matthew Dillon dillon at apollo.backplane.com
Mon Sep 6 09:24:45 PDT 2010


:> 
:> On the next boot, the system was able to save a core dump:
:> 
:> panic: Bad tailq NEXT(0xfffffffe5550e190->tqh_last) != NULL
:> 
:> Relevant files are available here:
:> http://www.wolfpond.org/crash.dfly/
:
:I believe this bug is a consequence of the recent kqueue work.
:
:The panic originates at line 600 of sys/kern/kern_event.c
:
:The relevant line is part of kern_event():
:	TAILQ_INSERT_TAIL(&kq->kq_knpend, &marker, kn_tqe);
:
:This function is marked MPSAFE; I'm running a SMP kernel on a Core 2 Duo CPU.
:
:So far, this panic occurs every few hours with the latest kernel.
:
:-- 
:Francois Tigeot

    Hmm.  The knote on the knpend list looks good except for its
    list linkage.  It is related to a pipe but that might not be the
    one messing it up.  I'm not sure how the situation can occur.

    Try the patch below.  All I can think of is that somehow the knote
    is being double-removed from the list due to knote_remove() blocking
    on kq_token.  If that is the case then this patch should cause it
    to panic earlier, where the actual double-remove is happening,
    instead of later.

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>

diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c
index 467b95a..d5fed13 100644
--- a/sys/kern/sys_pipe.c
+++ b/sys/kern/sys_pipe.c
@@ -1234,6 +1234,7 @@ filt_pipedetach(struct knote *kn)
 {
 	struct pipe *cpipe = (struct pipe *)kn->kn_hook;
 
+	kn->kn_hook = NULL;
 	knote_remove(&cpipe->pipe_kq.ki_note, kn);
 }
 





More information about the Bugs mailing list