On Mon, 7 Oct 2002, Terry Lambert wrote:
> Stefan Farfeleder wrote:
> >
> > I'm confused why marker - if it was removed by TAILQ_REMOVE - hasn't
> > kn_tqe.tqe_next and kn_tqe.tqe_prev set to (void *)-1.
because that only happens if the debug code in queue.h is enabled, which
it is not..
>
> OK, what this means is that the marker queue entry was removed
> by something else going in there.
>
> THis shouldn't happen.
>
> Try adding this before the initialization of the marker data:
>
> bzero(&marker, sizeof(marker));
>
> That should keep it from matching any removal criteria. THe only
> way this could keep crashing after this mod is if the queue is
> being destroyed out from under you.
>
> The implication here is that the queue should be protected by the
> object lock for the object for which the pointer to the queue
> instance is an element.
>
> Fixing this would be very hard (IMO).
>
> The next step (assuming it still panics) is to add:
>
> #define KQ_FREE 0x80
>
> ...and set it into kq_state on a kqueue that has been freed and/or
> deallocated somewhere (then check to see if it's set, after the
> panic). Ugly, but it will tell you whether or not that's what's
> happening (scanning a dead queue).
>
> The worst case is scanning a dead queue quose memory has been
> reused for some other purpose. 8-(.
>
> I can't personally repeat the problem, so you're elected to do
> the legwork on this one. 8-(.
>
> -- Terry
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-current" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
