panic: Bad tailq NEXT (kqueue issue ?)
Matthew Dillon
dillon at apollo.backplane.com
Mon Sep 6 09:24:45 PDT 2010
:>
:> On the next boot, the system was able to save a core dump:
:>
:> panic: Bad tailq NEXT(0xfffffffe5550e190->tqh_last) != NULL
:>
:> Relevant files are available here:
:> http://www.wolfpond.org/crash.dfly/
:
:I believe this bug is a consequence of the recent kqueue work.
:
:The panic originates at line 600 of sys/kern/kern_event.c
:
:The relevant line is part of kern_event():
: TAILQ_INSERT_TAIL(&kq->kq_knpend, &marker, kn_tqe);
:
:This function is marked MPSAFE; I'm running a SMP kernel on a Core 2 Duo CPU.
:
:So far, this panic occurs every few hours with the latest kernel.
:
:--
:Francois Tigeot
Hmm. The knote on the knpend list looks good except for its
list linkage. It is related to a pipe but that might not be the
one messing it up. I'm not sure how the situation can occur.
Try the patch below. All I can think of is that somehow the knote
is being double-removed from the list due to knote_remove() blocking
on kq_token. If that is the case then this patch should cause it
to panic earlier, where the actual double-remove is happening,
instead of later.
-Matt
Matthew Dillon
<dillon at backplane.com>
diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c
index 467b95a..d5fed13 100644
--- a/sys/kern/sys_pipe.c
+++ b/sys/kern/sys_pipe.c
@@ -1234,6 +1234,7 @@ filt_pipedetach(struct knote *kn)
{
struct pipe *cpipe = (struct pipe *)kn->kn_hook;
+ kn->kn_hook = NULL;
knote_remove(&cpipe->pipe_kq.ki_note, kn);
}
More information about the Bugs
mailing list