Panic on kern_event.c

From: Sylvain GALLIANO <sg_at_efficientip.com>
Date: Tue, 6 Nov 2018 10:50:06 +0100
Hi,

I got random panic on Current & 11.2-STABLE on kern_event.c

Panic occur in syslog-ng (logging at high rate) with the folloging lines:

  Panic String: Bad tailq NEXT(0xfffff80039ae7a38->tqh_last) != NULL
  Panic String: Bad tailq head 0xfffff80039f1a238 first->prev != head

It's look like knote_enqueue try to add and existings knote on TAILQ
(confirmed by following patch).

logs after apply patch:
XXX knote 0xfffff8012e3d33c0 already in tailq  status:1 kq_count:1  [0
0xfffff800327d3538]  2671
XXX knote 0xfffff80032861780 already in tailq  status:1 kq_count:1  [0
0xfffff80032457938]  2671


===================================================================
--- sys/kern/kern_event.c       (revision 340175)
+++ sys/kern/kern_event.c       (working copy)
_at__at_ -2661,10 +2661,18 _at__at_
 knote_enqueue(struct knote *kn)
 {
        struct kqueue *kq = kn->kn_kq;
+       struct knote *ttkn;

        KQ_OWNED(kn->kn_kq);
        KASSERT((kn->kn_status & KN_QUEUED) == 0, ("knote already queued"));

+       TAILQ_FOREACH(ttkn, &kq->kq_head, kn_tqe) {
+         if (ttkn == kn) {
+           printf("XXX knote %p already in tailq  status:%x kq_count:%d
[%p %p]
%u\n",kn,kn->kn_status,kq->kq_count,kn->kn_tqe.tqe_next,kn->kn_tqe.tqe_prev,__LINE__);
+           return;
+         }
+       }
+
        TAILQ_INSERT_TAIL(&kq->kq_head, kn, kn_tqe);
        kn->kn_status |= KN_QUEUED;
        kq->kq_count++;



Regards
Sylvain
Received on Tue Nov 06 2018 - 08:50:21 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:19 UTC