[Bug 272151] panic: use-after-free tty race condition

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 22 Jun 2023 17:13:11 UTC

Kyle Evans <kevans@freebsd.org> changed:

           What    |Removed                     |Added
                 CC|                            |dchagin@FreeBSD.org,
                   |                            |kevans@freebsd.org,
                   |                            |markj@FreeBSD.org

--- Comment #1 from Kyle Evans <kevans@freebsd.org> ---
I guess the implication is that we're hitting
https://cgit.freebsd.org/src/tree/sys/kern/kern_event.c#n1732 with a NULL
kn->kn_knlist, in which case the previous kn_list_lock() was effectively a nop
and we're not meeting the invariant described in kqueue(9):

     The knlist_*() family of functions are for managing knotes associated
     with an object.  A knlist is not required, but is commonly used.  If
     used, the knlist must be initialized with either knlist_init() or
     knlist_init_mtx().  The knlist structure may be embedded into the object
     structure.  *The lock will be held over f_event calls.*

Maybe dchagin@ or markj@ can comment a little further on this one.

You are receiving this mail because:
You are the assignee for the bug.