Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Mar 2026 02:52:56 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 293382] Dead lock and kernel crash around closefp_impl
Message-ID:  <bug-293382-227-KcgaufeXPR@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-293382-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293382

--- Comment #21 from Konstantin Belousov <kib@FreeBSD.org> ---
(In reply to Paul from comment #19)
*kn is filled with '0xdeadc0de' which is the pattern for the freed memory in
debugging kernels.

In fact, my patch had a bug, it leaked the kq lock on each flux restart, but it
seems
that you did not hit it, which is interesting.  I put the updated patch, with
some
additional assert, at the end of my reply.  The assert might be more
interesting
than the other part of the patch.

I do ask you to switch to HEAD with all debugging enabled.

(In reply to Kyle Evans from comment #20)
You might be quite right, and might be we should do what you suggest.
Still, it cannot be an issue that is reported there because copy on fork is
not in 14 (at least as far as I remember).

diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c
index e8e670d39d09..38928a68dd94 100644
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c
@@ -2830,19 +2830,20 @@ knote_fdclose(struct thread *td, int fd)
         * We shouldn't have to worry about new kevents appearing on fd
         * since filedesc is locked.
         */
+again:
        TAILQ_FOREACH(kq, &fdp->fd_kqlist, kq_list) {
                KQ_LOCK(kq);
-
-again:
                influx = 0;
                while (kq->kq_knlistsize > fd &&
                    (kn = SLIST_FIRST(&kq->kq_knlist[fd])) != NULL) {
+                       MPASS(kn->kn_kq == kq);
                        if (kn_in_flux(kn)) {
                                /* someone else might be waiting on our knote
*/
                                if (influx)
                                        wakeup(kq);
                                kq->kq_state |= KQ_FLUXWAIT;
-                               msleep(kq, &kq->kq_lock, PSOCK, "kqflxwt", 0);
+                               msleep(kq, &kq->kq_lock, PSOCK | PDROP,
+                                   "kqflxwt", 0);
                                goto again;
                        }
                        kn_enter_flux(kn);

-- 
You are receiving this mail because:
You are the assignee for the bug.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-293382-227-KcgaufeXPR>