From e176896d9c8bd149ea83e21e03116e4f5453a9bc Mon Sep 17 00:00:00 2001
From: Rickard Green <rickard@erlang.org>
Date: Fri, 28 Jun 2024 23:06:53 +0200
Subject: [PATCH] [erts] Fix cpool_delete()

When setting modification marker on the 'prev' field of a carrier to
delete from a pool, we back off and wait for the content of the
field to receive expected value if it did not have that from the
beginning. Due to a copy-paste bug; when this happened, we waited on
a completely different memory location which caused the scheduler
thread doing this to get stuck forever. This is obviously a very
rare scenario, since this bug has been present for 11 years without
being reported.
---
 erts/emulator/beam/erl_alloc_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/erts/emulator/beam/erl_alloc_util.c b/erts/emulator/beam/erl_alloc_util.c
index 5ae78c715352..a59a4665b4e5 100644
--- a/erts/emulator/beam/erl_alloc_util.c
+++ b/erts/emulator/beam/erl_alloc_util.c
@@ -3479,7 +3479,7 @@ cpool_delete(Allctr_t *allctr, Allctr_t *prev_allctr, Carrier_t *crr)
 	b = 1;
 	do {
 	    b = backoff(b);
-	    tmp = cpool_read(&cpd2p->prev);
+	    tmp = cpool_read(&crr->cpool.prev);
 	} while (tmp != val);
     }