[BUG] I think sleepqueue need to be protected in sleepq_broadcast

kevinxlinuz kevinxlinuz at 163.com
Fri Aug 22 17:33:31 UTC 2008

  I'm looking in the problem ( amd64/124200: kernel panic on mutex sleepq chain).It troubles me for a long time.I add a KASSERT in sleepq_broadcast() to check the sleepqueue's wait channel.At last it turn out that the sleepqueue's wait channel was changed before sleepq_resume_thread().
  In sleepq_lookup(),We can easily find sq->sq_wchan == wchan.But after a short time,the sq->sq_wchan nolonger equal with wchan,so I think it was changed by other threads.

 sleepq_broadcast(void *wchan, int flags, int pri, int queue)
        struct sleepqueue *sq;
        struct thread *td;
        int wakeup_swapper;

        CTR2(KTR_PROC, "sleepq_broadcast(%p, %d)", wchan, flags);
        KASSERT(wchan != NULL, ("%s: invalid NULL wait channel", __func__));
        MPASS((queue >= 0) && (queue < NR_SLEEPQS));
        sq = sleepq_lookup(wchan);
        if (sq == NULL)
                return (0);
        KASSERT(sq->sq_type == (flags & SLEEPQ_TYPE),
            ("%s: mismatch between sleep/wakeup and cv_*", __func__));

        /* Resume all blocked threads on the sleep queue. */
        wakeup_swapper = 0;
        while (!TAILQ_EMPTY(&sq->sq_blocked[queue])) {
                td = TAILQ_FIRST(&sq->sq_blocked[queue]);
        /*       test     */
                KASSERT(sq->sq_wchan == wchan,
                      ("%s:mismatch between wchan and sq_wchan in sq",__func__));
        /* I find the panic here */
                if (sleepq_resume_thread(sq, td, pri))
                        wakeup_swapper = 1;
        return (wakeup_swapper);

kevin  2008/08/23

More information about the freebsd-current mailing list