[Bug 293382] Dead lock and kernel crash around closefp_impl

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 293382] Dead lock and kernel crash around closefp_impl"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 17 Mar 2026 09:48:52 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293382

--- Comment #14 from Paul <devgs@ukr.net> ---
Sadly, it crashed again.

Fatal trap 9: general protection fault while in kernel mode
cpuid = 28; apic id = 70
instruction pointer     = 0x20:0xffffffff80b5915d
stack pointer           = 0x28:0xfffffe0718b5ed70
frame pointer           = 0x28:0xfffffe0718b5ed70
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 2968 (asy:http:s)
rdi: deadc0dedeadc0f6 rsi: 0000000000000004 rdx: ffffffff811ab239
rcx: 0000000000000121  r8: 0000000000000001  r9: ffffffff81e1efc8
rax: fffff80586c4e740 rbx: 000000000004a19a rbp: fffffe0718b5ed70
r10: 0000000000000000 r11: 0000000000000004 r12: fffff801090cad18
r13: fffff83937739f00 r14: 000000000004a19a r15: fffff801090cad00
trap number             = 9
panic: general protection fault
cpuid = 28
time = 1773739454
KDB: stack backtrace:
...


(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:405
#2  0xffffffff804a4718 in db_fncall_generic (nargs=0, args=0xfffffe0718b5e520,
addr=<optimized out>, rv=<optimized out>) at /usr/src/sys/ddb/db_command.c:626
#3  db_fncall (dummy1=<optimized out>, dummy2=<optimized out>,
dummy3=<optimized out>, dummy4=<optimized out>) at
/usr/src/sys/ddb/db_command.c:674
#4  0xffffffff804a418d in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=false) at /usr/src/sys/ddb/db_command.c:504
#5  0xffffffff804a42d6 in db_command_script
(command=command@entry=0xffffffff81bba6e2 <db_recursion_data+18> "call
doadump") at /usr/src/sys/ddb/db_command.c:569
#6  0xffffffff804a9578 in db_script_exec
(scriptname=scriptname@entry=0xfffffe0718b5e6f0 "kdb.enter.panic",
warnifnotfound=warnifnotfound@entry=0) at /usr/src/sys/ddb/db_script.c:302
#7  0xffffffff804a9472 in db_script_kdbenter (eventname=<optimized out>) at
/usr/src/sys/ddb/db_script.c:324
#8  0xffffffff804a7531 in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:267
#9  0xffffffff80bd09b0 in kdb_trap (type=type@entry=3, code=code@entry=0,
tf=tf@entry=0xfffffe0718b5ea30) at /usr/src/sys/kern/subr_kdb.c:790
#10 0xffffffff810b3a07 in trap (frame=0xfffffe0718b5ea30) at
/usr/src/sys/amd64/amd64/trap.c:639
#11 <signal handler called>
#12 kdb_enter (why=<optimized out>, msg=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:556
#13 0xffffffff80b7fc8d in vpanic (fmt=0xffffffff81237367 "%s",
ap=ap@entry=0xfffffe0718b5ec60) at /usr/src/sys/kern/kern_shutdown.c:953
#14 0xffffffff80b7fa53 in panic (fmt=0xffffffff81d853a0 <cnputs_mtx>
"\233\327\031\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:891
#15 0xffffffff810b40b8 in trap_fatal (frame=0xfffffe0718b5ecb0, eva=<optimized
out>) at /usr/src/sys/amd64/amd64/trap.c:1000
#16 <signal handler called>
#17 __mtx_assert (c=0xdeadc0dedeadc0f6, what=what@entry=4,
file=0xffffffff811ab239 "/usr/src/sys/kern/kern_event.c", line=line@entry=289)
at /usr/src/sys/kern/kern_mutex.c:1091
#18 0xffffffff80b25c9e in kn_enter_flux (kn=<optimized out>) at
/usr/src/sys/kern/kern_event.c:289
#19 knote_fdclose (td=td@entry=0xfffff80586c4e740, fd=fd@entry=303514) at
/usr/src/sys/kern/kern_event.c:2704
#20 0xffffffff80b1dbd6 in closefp_impl (fdp=0xfffffe07143ca920, fd=303514,
fp=0xfffff82112ac8e10, td=0xfffff80586c4e740, audit=true) at
/usr/src/sys/kern/kern_descrip.c:1320
#21 0xffffffff810b4f0a in syscallenter (td=0xfffff80586c4e740) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:193
#22 amd64_syscall (td=0xfffff80586c4e740, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1241
#23 <signal handler called>
#24 0x000000082c76832a in ?? ()
Backtrace stopped: Cannot access memory at address 0x8624d1b98

(kgdb) fr 18
#18 0xffffffff80b25c9e in kn_enter_flux (kn=<optimized out>) at
/usr/src/sys/kern/kern_event.c:289
289             KQ_OWNED(kn->kn_kq);
(kgdb) p *kn->kn_kq
value has been optimized out
(kgdb) up
#19 knote_fdclose (td=td@entry=0xfffff80586c4e740, fd=fd@entry=303514) at
/usr/src/sys/kern/kern_event.c:2704
2704                            kn_enter_flux(kn);
(kgdb) p *kn
$2 = {
  kn_link = {
    sle_next = 0xdeadc0dedeadc0de
  },
  kn_selnext = {
    sle_next = 0xdeadc0dedeadc0de
  },
  kn_knlist = 0xdeadc0dedeadc0de,
  kn_tqe = {
    tqe_next = 0xdeadc0dedeadc0de,
    tqe_prev = 0xdeadc0dedeadc0de
  },
  kn_kq = 0xdeadc0dedeadc0de,
  kn_kevent = {
    ident = 16045693110842147038,
    filter = -16162,
    flags = 57005,
    fflags = 3735929054,
    data = -2401050962867404578,
    udata = 0xdeadc0dedeadc0de,
    ext = {16045693110842147038, 16045693110842147038, 16045693110842147038,
16045693110842147038}
  },
  kn_hook = 0xdeadc0dedeadc0de,
  kn_hookid = -559038242,
  kn_status = -559038242,
  kn_influx = -559038242,
  kn_sfflags = -559038242,
  kn_sdata = -2401050962867404578,
  kn_ptr = {
    p_fp = 0xdeadc0dedeadc0de,
    p_proc = 0xdeadc0dedeadc0de,
    p_aio = 0xdeadc0dedeadc0de,
    p_lio = 0xdeadc0dedeadc0de,
    p_v = 0xdeadc0dedeadc0de
  },
  kn_fop = 0xdeadc0dedeadc0de
}
(kgdb) p *kn->kn_kq
Cannot access memory at address 0xdeadc0dedeadc0de
(kgdb) 
#19 knote_fdclose (td=td@entry=0xfffff80586c4e740, fd=fd@entry=303514) at
/usr/src/sys/kern/kern_event.c:2704
2704                            kn_enter_flux(kn);
(kgdb) up
#20 0xffffffff80b1dbd6 in closefp_impl (fdp=0xfffffe07143ca920, fd=303514,
fp=0xfffff82112ac8e10, td=0xfffff80586c4e740, audit=true) at
/usr/src/sys/kern/kern_descrip.c:1320
1320                    knote_fdclose(td, fd);
(kgdb) p *fp
$4 = {
  f_flag = 7,
  f_count = 1,
  f_data = 0xfffff868aabeb000,
  f_ops = 0xffffffff81436808 <socketops>,
  f_vnode = 0x0,
  f_cred = 0xfffff804a3517700,
  f_type = 2,
  f_vflags = 0,
  {
    f_seqcount = {0, 0},
    f_pipegen = 0
  },
  f_nextoff = {0, 0},
  f_vnun = {
    fvn_cdevpriv = 0x0,
    fvn_advice = 0x0
  },
  f_offset = 0
}
(kgdb) p *fdp
$5 = {
  fd_files = 0xfffffe0836e00000,
  fd_map = 0xfffffe080448a000,
  fd_freefile = 3,
  fd_refcnt = 1,
  fd_holdcnt = 1,
  fd_sx = {
    lock_object = {
      lo_name = 0xffffffff812b4244 "filedesc structure",
      lo_flags = 36896768,
      lo_data = 0,
      lo_witness = 0xfffff8804bd94380
    },
    sx_lock = 18446735301352417088
  },
  fd_kqlist = {
    tqh_first = 0xfffff80150f62d00,
    tqh_last = 0xfffff801090b5628
  },
  fd_holdleaderscount = 0,
  fd_holdleaderswakeup = 0
}


Please, tell us, if more useful data can be extracted from this dump.

-- 
You are receiving this mail because:
You are the assignee for the bug.