From owner-freebsd-current@FreeBSD.ORG Fri Aug 22 17:33:31 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BA2EA1065672 for ; Fri, 22 Aug 2008 17:33:31 +0000 (UTC) (envelope-from kevinxlinuz@163.com) Received: from m13-64.163.com (m13-64.163.com [220.181.13.64]) by mx1.freebsd.org (Postfix) with SMTP id 0CAC58FC29 for ; Fri, 22 Aug 2008 17:33:30 +0000 (UTC) (envelope-from kevinxlinuz@163.com) Received: from 122.234.4.133 ( 122.234.4.133 [122.234.4.133] ) by ajax-webmail-wmsvr64 (Coremail) ; Sat, 23 Aug 2008 01:33:28 +0800 (CST) Date: Sat, 23 Aug 2008 01:33:28 +0800 (CST) From: kevinxlinuz To: freebsd-current@freebsd.org Message-ID: <11617822.2511219426408994.JavaMail.coremail@bj163app64.163.com> MIME-Version: 1.0 X-Originating-IP: [192.168.192.220 (122.234.4.133)] X-Priority: 3 X-Mailer: Coremail Webmail Server Version XT_Ux_snapshot build 080718(5706.1785.1782) Copyright (c) 2002-2008 www.mailtech.cn 163com X-CM-SenderInfo: pnhyx0x0ol03r26rljoofrz/1tbisxlYQkPUisU9+wABsv X-Coremail-Antispam: 1U50xBIdaVrnX8C62BYpTIE1TZKA3svLVAKvSnIqfZI6r4lFV CF04k20xvEw2I207IF0wCS07vEb7Iv0xC_Jr1lV2xY6c02F40E57IF67AEF4xIwI1lV2xY 6c02F40EFcxC0VAKzVAqx4xG6I80ewCS07vEYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lV2xY6c Ij6I8E87Iv67AKxVWUJVW8JwCS07vE7I0Y64k_MIAIbVCY1Ik26cxK620vw7xCY7WlV2xY 6xkI7II2jI8vz4vEwIxGrbIYCTnIWIevJa73U Content-Type: text/plain; charset=gbk Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: [BUG] I think sleepqueue need to be protected in sleepq_broadcast X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Aug 2008 17:33:31 -0000 Hi, I'm looking in the problem ( amd64/124200: kernel panic on mutex sleepq chain).It troubles me for a long time.I add a KASSERT in sleepq_broadcast() to check the sleepqueue's wait channel.At last it turn out that the sleepqueue's wait channel was changed before sleepq_resume_thread(). In sleepq_lookup(),We can easily find sq->sq_wchan == wchan.But after a short time,the sq->sq_wchan nolonger equal with wchan,so I think it was changed by other threads. sleepq_broadcast(void *wchan, int flags, int pri, int queue) { struct sleepqueue *sq; struct thread *td; int wakeup_swapper; CTR2(KTR_PROC, "sleepq_broadcast(%p, %d)", wchan, flags); KASSERT(wchan != NULL, ("%s: invalid NULL wait channel", __func__)); MPASS((queue >= 0) && (queue < NR_SLEEPQS)); sq = sleepq_lookup(wchan); if (sq == NULL) return (0); KASSERT(sq->sq_type == (flags & SLEEPQ_TYPE), ("%s: mismatch between sleep/wakeup and cv_*", __func__)); /* Resume all blocked threads on the sleep queue. */ wakeup_swapper = 0; while (!TAILQ_EMPTY(&sq->sq_blocked[queue])) { td = TAILQ_FIRST(&sq->sq_blocked[queue]); thread_lock(td); /* test */ KASSERT(sq->sq_wchan == wchan, ("%s:mismatch between wchan and sq_wchan in sq",__func__)); /* I find the panic here */ if (sleepq_resume_thread(sq, td, pri)) wakeup_swapper = 1; thread_unlock(td); } return (wakeup_swapper); } Thanks, kevin 2008/08/23