Date: Tue, 17 Mar 2026 19:16:15 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 293382] Dead lock and kernel crash around closefp_impl Message-ID: <bug-293382-227-btTtKFrC7C@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-293382-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293382 --- Comment #17 from Konstantin Belousov <kib@FreeBSD.org> --- (In reply to Paul from comment #16) If believing the guessed location for kq, and there is a reason to believe because the lock name looks right, it seems that the kq was drained/closed in parallel with closing the fd. This might explain why the knote dereferenced was garbage. Besides trying the HEAD, you could try to apply the following rude patch. If it helps, I might consider using a sentinel to resume iteration instead of restarting from scratch, after the kq relock. diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c index e8e670d39d09..4bbd9063b6ef 100644 --- a/sys/kern/kern_event.c +++ b/sys/kern/kern_event.c @@ -2830,10 +2830,9 @@ knote_fdclose(struct thread *td, int fd) * We shouldn't have to worry about new kevents appearing on fd * since filedesc is locked. */ +again: TAILQ_FOREACH(kq, &fdp->fd_kqlist, kq_list) { KQ_LOCK(kq); - -again: influx = 0; while (kq->kq_knlistsize > fd && (kn = SLIST_FIRST(&kq->kq_knlist[fd])) != NULL) { -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-293382-227-btTtKFrC7C>