[issue1950] socket panic
Samuel J. Greear (via DragonFly issue tracker)
sinknull at leaf.dragonflybsd.org
Fri Jan 7 23:13:15 PST 2011
Samuel J. Greear <sjg at evilcode.net> added the comment:
Both of Peter's panics from inside knote() are the result of a corrupt SLIST
kn_next.sle_next pointer in the knote in question.
(kgdb) frame
#9 0xc01999d0 in knote (list=0xd993de64, hint=0) at
/usr/src/sys/kern/kern_event.c:1303
1303 SLIST_FOREACH(kn, list, kn_next) {
(kgdb) p *list->slh_first
$9 = {kn_link = {sle_next = 0xdd5c9008}, kn_kqlink = {tqe_next = 0xdd5ca490,
tqe_prev = 0x10000}, kn_next = {
sle_next = 0x3}, kn_tqe = {tqe_next = 0xd76f0008, tqe_prev = 0xc045312c},
kn_kq = 0x34, kn_kevent = {ident = 1241,
filter = 0, flags = 0, fflags = 1241, data = 0, udata = 0xd995c638},
kn_status = 39, kn_sfflags = 0,
kn_sdata = -644321272, kn_ptr = {p_fp = 0xd99c9160, p_proc = 0xd99c9160},
kn_fop = 0x0, kn_hook = 0x0}
(kgdb) frame
#9 0xc018afc0 in knote (list=0xf236e364, hint=0) at
/usr/src/sys/kern/kern_event.c:1301
1301 lwkt_gettoken(&kq_token);
(kgdb) p *list->slh_first
$4 = {kn_link = {sle_next = 0xdeaf4e70}, kn_kqlink = {tqe_next = 0xde96b690,
tqe_prev = 0x10000}, kn_next = {
sle_next = 0x1003}, kn_tqe = {tqe_next = 0xdffd2708, tqe_prev = 0xc03c0060},
kn_kq = 0x1, kn_kevent = {ident = 0,
filter = 0, flags = 0, fflags = 0, data = 0, udata = 0xd5e124f8}, kn_status
= 39, kn_sfflags = 0,
kn_sdata = -972652552, kn_ptr = {p_fp = 0xd9e43d28, p_proc = 0xd9e43d28},
kn_fop = 0x0, kn_hook = 0x0}
Interestingly the filterops for both knotes is null and the pointer to their
parent kq is invalid. I'm not sure where these might be falling through the
cracks and being mangled in such a fashion and still being knote()'d.
----------
status: unread -> chatting
_____________________________________________________
DragonFly issue tracker <bugs at lists.dragonflybsd.org>
<http://bugs.dragonflybsd.org/issue1950>
_____________________________________________________
More information about the Bugs
mailing list