From nobody Mon Mar 23 09:52:56 2026 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ffT4S26RJz6VkSP for ; Mon, 23 Mar 2026 09:52:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ffT4S1Rr8z3LvD for ; Mon, 23 Mar 2026 09:52:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774259576; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SDu6dugCuIv4z+TpVvnGDjGCrvLEmVlks2XyPzipnw8=; b=OVpylijQWMpoxFXVwqsvhK3sq82w1Sj1VXwKgBYw/UL07zNcLheeRpYH3i7jqgpwtwBtyQ MZLaahiA3VGmYwuR+VUSqsdMxFR0KssnyGvl3VQ3aOw1LlsKbjvhzOAQvBjiXQJ7E4/cUS m/s2QqaqwHU7vx0GQhp1ktooTQWZGQb0/NZEDexLFK2kDaNKCHjR5bGPWq60QQNTbxObes gVWJ6Cl6YYkUWgyzLflJdRsw/NfokMilK8yP4soWH5tRb3wPMVI42tTa12tB4hAFKO2hoi gAAmyRZeMZSTcOrkoiyAEh8hEM4plUQL88ECm7BxQPoSP1BoJ3vSV2cMe/kjJQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774259576; a=rsa-sha256; cv=none; b=huK0J6gg953+WqvVxuq/bG0oJpKdzD7Q55GB9KgWHwL0W8tV8aijXDESloDENyEZTqZJMp b/jcCeZMFMvUpR7f6Fzp0jqkILYZCeyFD5TVj3Ri8NE1TTVv25dfJ4uSd6A40wvFQMXs0G X6yD8O89r/VDnQBvtR3gKiUY0LSQ/u85m2zP8MqK9p/22LHIwCcCa8u1SEgpqM74BUCdNT 0o16+FKay6D1twHH7jCVoicZRFnaNtjOB3NRq96hwuKHZh5a69EMe2hfbooMyOLW7wChOM H3rlNxSqhi3rrUo/Za2AteHARePYt0V4X15iGNkNuK2cHJ2zhdAd+m1kpvAe4g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774259576; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SDu6dugCuIv4z+TpVvnGDjGCrvLEmVlks2XyPzipnw8=; b=RmZJtEFUQp5ucqapDcrjl3tid14fv59SgxgNhFkxgqhHlDNgiaOX8IS2Vx/6f8OPzaC/3L qylLFjFYQcw3I+kNRrHDO3cVWZTukIYlTlczRpmOxzTDE8gokLwSN5FdMbSl1cf9Y26qm0 yjgOmdvS4VzEwhC/hK3fC1jdsQA4wuoeCS/Ixzx2D0H6GqlYSAAKHcC7OlWLqIOvoPM7Iv AxwD6YJtfVZLaRJpt4roGuwa3NuEUvxaEo4efKenBIASjkMsyafllciPhFLJqQ/Uua/8i+ gM+N669WJMnbS3r9MJWuv831tXlaLmTfmDTkqxeZfXEXTAi462yAgxseG+GkNg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ffT4S13HmzjlQ for ; Mon, 23 Mar 2026 09:52:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 62N9quiJ055747 for ; Mon, 23 Mar 2026 09:52:56 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 62N9quh4055746 for bugs@FreeBSD.org; Mon, 23 Mar 2026 09:52:56 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 293382] Dead lock and kernel crash around closefp_impl Date: Mon, 23 Mar 2026 09:52:56 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.3-STABLE X-Bugzilla-Keywords: crash X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: devgs@ukr.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D293382 --- Comment #22 from Paul --- Hi, Just in case, we have tested new patch with our current kernel version, and= it panicked. So we've finally switched to HEAD, as suggested earlier (we understand that this simplifies things a lot). And basically the same thing happened there. It's about the new assert, added in the latest patch. Unread portion of the kernel message buffer: panic: Assertion kn->kn_kq =3D=3D kq failed at /usr/src/sys/kern/kern_event= .c:2852 cpuid =3D 8 time =3D 1774258230 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0699ccb= bd0 vpanic() at vpanic+0x136/frame 0xfffffe0699ccbd00 panic() at panic+0x43/frame 0xfffffe0699ccbd60 knote_fdclose() at knote_fdclose+0x236/frame 0xfffffe0699ccbdc0 closefp_impl() at closefp_impl+0xa8/frame 0xfffffe0699ccbe00 amd64_syscall() at amd64_syscall+0x169/frame 0xfffffe0699ccbf30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0699ccbf30 --- syscall (6, FreeBSD ELF64, close), rip =3D 0x82d4a332a, rsp =3D 0x85dfa= 6b98, rbp =3D 0x85dfa6bb0 --- KDB: enter: panic (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57 #1 doadump (textdump=3D0) at /usr/src/sys/kern/kern_shutdown.c:399 #2 0xffffffff804b60a8 in db_fncall_generic (nargs=3D0, args=3D0xfffffe0699= ccb5f0, addr=3D, rv=3D) at /usr/src/sys/ddb/db_comman= d.c:631 #3 db_fncall (dummy1=3D, dummy2=3D, dummy3=3D, dummy4=3D) at /usr/src/sys/ddb/db_command.c:679 #4 0xffffffff804b5b2d in db_command (last_cmdp=3D, cmd_table=3D, dopager=3Dfalse) at /usr/src/sys/ddb/db_comman= d.c:508 #5 0xffffffff804b5c76 in db_command_script (command=3Dcommand@entry=3D0xffffffff81bd7722 "call doadump") at /usr/src/sys/ddb/db_command.c:573 #6 0xffffffff804bba58 in db_script_exec (scriptname=3Dscriptname@entry=3D0xfffffe0699ccb7c0 "kdb.enter.panic", warnifnotfound=3Dwarnifnotfound@entry=3D0) at /usr/src/sys/ddb/db_script.c:= 301 #7 0xffffffff804bb952 in db_script_kdbenter (eventname=3D) = at /usr/src/sys/ddb/db_script.c:323 #8 0xffffffff804b91e1 in db_trap (type=3D, code=3D) at /usr/src/sys/ddb/db_main.c:266 #9 0xffffffff80c1ce5f in kdb_trap (type=3Dtype@entry=3D3, code=3Dcode@entr= y=3D0, tf=3Dtf@entry=3D0xfffffe0699ccbb10) at /usr/src/sys/kern/subr_kdb.c:790 #10 0xffffffff8112a96d in trap (frame=3D) at /usr/src/sys/amd64/amd64/trap.c:675 #11 #12 kdb_enter (why=3D, msg=3D) at /usr/src/sys/kern/subr_kdb.c:556 #13 0xffffffff80bc9ddb in vpanic (fmt=3D0xffffffff812ec6bb "Assertion %s fa= iled at %s:%d", ap=3Dap@entry=3D0xfffffe0699ccbd40) at /usr/src/sys/kern/kern_shutdown.c:962 #14 0xffffffff80bc9c43 in panic (fmt=3D0xffffffff81da2290 "\254\214!\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:887 #15 0xffffffff80b6bc76 in knote_fdclose (td=3Dtd@entry=3D0xff0100018d9b4000, fd=3Dfd@entry=3D161249) at /usr/src/sys/kern/kern_event.c:2852 #16 0xffffffff80b63468 in closefp_impl (fdp=3D0xfffffe0693882000, fd=3D1612= 49, fp=3D0xff010002dd9fb230, td=3D0xff0100018d9b4000, audit=3Dtrue) at /usr/src/sys/kern/kern_descrip.c:1413 #17 0xffffffff8112b739 in syscallenter (td=3D0xff0100018d9b4000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:193 #18 amd64_syscall (td=3D0xff0100018d9b4000, traced=3D0) at /usr/src/sys/amd64/amd64/trap.c:1244 #19 #20 0x000000082d4a332a in ?? () Backtrace stopped: Cannot access memory at address 0x85dfa6b98 (kgdb) fr 15 #15 0xffffffff80b6bc76 in knote_fdclose (td=3Dtd@entry=3D0xff0100018d9b4000, fd=3Dfd@entry=3D161249) at /usr/src/sys/kern/kern_event.c:2852 2852 MPASS(kn->kn_kq =3D=3D kq); (kgdb) p *kn $1 =3D { kn_link =3D { sle_next =3D 0xdeadc0dedeadc0de }, kn_selnext =3D { sle_next =3D 0xdeadc0dedeadc0de }, kn_knlist =3D 0xdeadc0dedeadc0de, kn_tqe =3D { tqe_next =3D 0xdeadc0dedeadc0de, tqe_prev =3D 0xdeadc0dedeadc0de }, kn_kq =3D 0xdeadc0dedeadc0de, kn_kevent =3D { ident =3D 16045693110842147038, filter =3D -16162, flags =3D 57005, fflags =3D 3735929054, data =3D -2401050962867404578, udata =3D 0xdeadc0dedeadc0de, ext =3D {16045693110842147038, 16045693110842147038, 160456931108421470= 38, 16045693110842147038} }, kn_hook =3D 0xdeadc0dedeadc0de, kn_hookid =3D -559038242, kn_status =3D -559038242, kn_influx =3D -559038242, kn_sfflags =3D 3735929054, kn_sdata =3D -2401050962867404578, kn_ptr =3D { p_fp =3D 0xdeadc0dedeadc0de, p_proc =3D 0xdeadc0dedeadc0de, p_aio =3D 0xdeadc0dedeadc0de, p_lio =3D 0xdeadc0dedeadc0de, p_prison =3D 0xdeadc0dedeadc0de, p_v =3D 0xdeadc0dedeadc0de }, kn_fop =3D 0xdeadc0dedeadc0de } (kgdb) p *kq value has been optimized out (kgdb) i r rax 0x12 18 rbx 0x275e1 161249 rcx 0xba5f4feebeda7d64 -5017203573044642460 rdx 0xffffffff813451fb -2127277573 rsi 0xfffffe0699ccba90 -2170673120624 rdi 0xffffffff81da2290 -2116410736 rbp 0xfffffe0699ccbdc0 0xfffffe0699ccbdc0 rsp 0xfffffe0699ccbd70 0xfffffe0699ccbd70 r8 0x12 18 r9 0x20 32 r10 0x0 0 r11 0x0 0 r12 0xff010001bdd19b18 -71776111581619432 r13 0xff0100488988c0a0 -71775807516131168 r14 0x275e1 161249 r15 0xff010001bdd19b00 -71776111581619456 rip 0xffffffff80b6bc76 0xffffffff80b6bc76 eflags 0x86 [ PF SF ] cs 0x20 32 ss 0x28 40 ds es fs gs fs_base gs_base (kgdb) p *((struct kqueue*)$r15) $2 =3D { kq_lock =3D { lock_object =3D { lo_name =3D 0xffffffff8133f15f "kqueue", lo_flags =3D 21168128, lo_data =3D 0, lo_witness =3D 0xff0100804bd8db80 }, mtx_lock =3D 18374967961319063552 }, kq_refcnt =3D 0, kq_list =3D { tqe_next =3D 0xff0100014c3afe00, tqe_prev =3D 0xff010001075a7528 }, kq_head =3D { tqh_first =3D 0x0, tqh_last =3D 0xff010001bdd19b38 }, kq_count =3D 0, kq_sel =3D { si_tdlist =3D { tqh_first =3D 0x0, tqh_last =3D 0x0 }, si_note =3D { kl_list =3D { slh_first =3D 0x0 }, kl_lock =3D 0xffffffff80b6b3a0 , kl_unlock =3D 0xffffffff80b6b3c0 , kl_assert_lock =3D 0xffffffff80b6b3e0 , kl_lockarg =3D 0xff010001bdd19b00, kl_autodestroy =3D 0 }, si_mtx =3D 0x0 }, kq_sigio =3D 0x0, kq_fdp =3D 0xfffffe0693882000, kq_state =3D 0, kq_knlistsize =3D 695296, kq_knlist =3D 0xfffffe0a76665000, kq_knhashmask =3D 0, kq_knhash =3D 0x0, kq_task =3D { ta_link =3D { stqe_next =3D 0x0 }, ta_pending =3D 0, ta_priority =3D 0 '\000', ta_flags =3D 0 '\000', ta_func =3D 0xffffffff80b6db40 , ta_context =3D 0xff010001bdd19b00 }, kq_cred =3D 0xff01000107bc5780, kq_forksrc =3D 0x0 } Please, tell us if you need anything else. --=20 You are receiving this mail because: You are the assignee for the bug.=