Date: Thu, 22 Jun 2023 17:13:11 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 272151] panic: use-after-free tty race condition Message-ID: <bug-272151-227-F0xtXHFAHg@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-272151-227@https.bugs.freebsd.org/bugzilla/> References: <bug-272151-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272151 Kyle Evans <kevans@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dchagin@FreeBSD.org, | |kevans@freebsd.org, | |markj@FreeBSD.org --- Comment #1 from Kyle Evans <kevans@freebsd.org> --- I guess the implication is that we're hitting https://cgit.freebsd.org/src/tree/sys/kern/kern_event.c#n1732 with a NULL kn->kn_knlist, in which case the previous kn_list_lock() was effectively a = nop and we're not meeting the invariant described in kqueue(9): The knlist_*() family of functions are for managing knotes associated with an object. A knlist is not required, but is commonly used. If used, the knlist must be initialized with either knlist_init() or knlist_init_mtx(). The knlist structure may be embedded into the obje= ct structure. *The lock will be held over f_event calls.* Maybe dchagin@ or markj@ can comment a little further on this one. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-272151-227-F0xtXHFAHg>