https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293382
--- Comment #17 from Konstantin Belousov <[email protected]> --- (In reply to Paul from comment #16) If believing the guessed location for kq, and there is a reason to believe because the lock name looks right, it seems that the kq was drained/closed in parallel with closing the fd. This might explain why the knote dereferenced was garbage. Besides trying the HEAD, you could try to apply the following rude patch. If it helps, I might consider using a sentinel to resume iteration instead of restarting from scratch, after the kq relock. diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c index e8e670d39d09..4bbd9063b6ef 100644 --- a/sys/kern/kern_event.c +++ b/sys/kern/kern_event.c @@ -2830,10 +2830,9 @@ knote_fdclose(struct thread *td, int fd) * We shouldn't have to worry about new kevents appearing on fd * since filedesc is locked. */ +again: TAILQ_FOREACH(kq, &fdp->fd_kqlist, kq_list) { KQ_LOCK(kq); - -again: influx = 0; while (kq->kq_knlistsize > fd && (kn = SLIST_FIRST(&kq->kq_knlist[fd])) != NULL) { -- You are receiving this mail because: You are the assignee for the bug.
