illumos gate

While assisting some folks in IRC with epoll debugging, I encountered some strange polldat_t data:

> ffffff90f536d640::print vnode_t v_data | ::print sonode_t so_poll_list.ph_list | ::list polldat_t pd_next | ::print polldat_t
{
    pd_fd = 0x13
    pd_events = 0
    pd_fp = 0
    pd_php = 0xffffff6edad94938
    pd_thread = 0
    pd_pcache = 0xffffff731a5fd4e8
    pd_next = 0xffffff731a2a2c08
    pd_hashnext = 0
    pd_count = 0
    pd_nsets = 0
    pd_ref = 0
    pd_portev = 0
    pd_epolldata = 0xfa87786200000013
}
{
    pd_fd = 0x13
    pd_events = 0
    pd_fp = 0
    pd_php = 0xffffff6edad94938
    pd_thread = 0
    pd_pcache = 0xffffff70dfe76dc0
    pd_next = 0xffffff4a9f228790
    pd_hashnext = 0
    pd_count = 0
    pd_nsets = 0
    pd_ref = 0
    pd_portev = 0
    pd_epolldata = 0x61d78d800000013
}
{
    pd_fd = 0x13
    pd_events = 0
    pd_fp = 0
    pd_php = 0xffffff6edad94938
    pd_thread = 0
    pd_pcache = 0xffffff39025d07e8
    pd_next = 0
    pd_hashnext = 0
    pd_count = 0
    pd_nsets = 0
    pd_ref = 0
    pd_portev = 0
    pd_epolldata = 0xfab5570900000013
}

Here are polldat_t entries residing in the pollhead list of an active socket. Note that pd_events and pd_fp are both zeroed out. Looking through the logic in devpoll, this zeroing typically only occurs when the polldat_t is also removed from the pollhead. The pollhead removal logic appears to be flawed in several places.

These polldat_t entries don't cause much harm. They should be skipped for pollwakeup. If the caller modifies the fd association, the entry would be overwritten or deleted. The primary issue is confusing during debugging.