Panic in callout_reset()
John Baldwin
jhb at freebsd.org
Mon Jul 16 14:57:55 UTC 2007
On Tuesday 19 June 2007 03:12:03 pm Peter Jeremy wrote:
> Running: FreeBSD 7.0-CURRENT #5: Sat Jun 9 18:29:40 EST 2007
> root at server.vk2pj.dyndns.org:/var/obj/k7/usr/src/sys/server
> Panic String: Bad tailq NEXT(0xcce421a8->tqh_last) != NULL
>
> #0 doadump () at pcpu.h:195
> #1 0xc04524a9 in db_fncall (dummy1=0xc0576aa2, dummy2=0x0, dummy3=0x1,
dummy4=0xd3b23a3c "")
> at /usr/src/sys/ddb/db_command.c:486
> #2 0xc0452a15 in db_command_loop () at /usr/src/sys/ddb/db_command.c:401
> #3 0xc0454195 in db_trap (type=0x3, code=0x0)
at /usr/src/sys/ddb/db_main.c:222
> #4 0xc0576943 in kdb_trap (type=0x3, code=0x0, tf=0xd3b23bd4)
at /usr/src/sys/kern/subr_kdb.c:502
> #5 0xc06d4d4b in trap (frame=0xd3b23bd4)
at /usr/src/sys/i386/i386/trap.c:620
> #6 0xc06c21db in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #7 0xc0576aa2 in kdb_enter (msg=0xc0719d31 "panic") at cpufunc.h:60
> #8 0xc0550035 in panic (fmt=0xc06fdb26 "Bad tailq NEXT(%p->tqh_last) !=
NULL")
> at /usr/src/sys/kern/kern_shutdown.c:547
> #9 0xc056180a in callout_reset (c=0xc07ec000, to_ticks=0xa, ftn=0xc063fd30
<nfsrv_timer>, arg=0x0)
> at /usr/src/sys/kern/kern_timeout.c:477
> #10 0xc063fde4 in nfsrv_timer (arg=0x0)
at /usr/src/sys/nfsserver/nfs_srvsock.c:815
> #11 0xc0561f1e in softclock (dummy=0x0)
at /usr/src/sys/kern/kern_timeout.c:280
> #12 0xc0534485 in ithread_loop (arg=0xc2926670)
at /usr/src/sys/kern/kern_intr.c:1036
> #13 0xc0531a57 in fork_exit (callout=0xc05342d0 <ithread_loop>,
arg=0xc2926670, frame=0xd3b23d38)
> at /usr/src/sys/kern/kern_fork.c:787
> #14 0xc06c2250 in fork_trampoline ()
at /usr/src/sys/i386/i386/exception.s:205
>
> 'c' in callout_reset looks like:
> (kgdb) p *c
> $1 = {
> c_links = {
> sle = {
> sle_next = 0xc07e5e08
> },
> tqe = {
> tqe_next = 0xc07e5e08,
> tqe_prev = 0xcce42158
> }
> },
> c_time = 0x3230ae73,
> c_arg = 0x0,
> c_func = 0xc063fd30 <nfsrv_timer>,
> c_mtx = 0x0,
> c_flags = 0x16
> }
>
> (kgdb) p *$1.c_links.tqe.tqe_next
> $3 = {
> c_links = {
> sle = {
> sle_next = 0x0
> },
> tqe = {
> tqe_next = 0x0,
> tqe_prev = 0xcce42158
> }
> },
> c_time = 0x3230ae69,
> c_arg = 0x0,
> c_func = 0xc0605f80 <tcp_isn_tick>,
> c_mtx = 0x0,
> c_flags = 0x16
> }
> (kgdb) p *$1.c_links.tqe.tqe_prev
> $5 = (struct callout *) 0xc07e5e08
>
> Any suggestions?
The panic is because the callout is already on a list. Maybe try moving the
NFSD_UNLOCK() in nfsrv_timer() after the callout_reset().
--
John Baldwin
More information about the freebsd-current
mailing list