Date: Fri, 10 Apr 2026 12:27:21 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 293382] Dead lock and kernel crash around closefp_impl Message-ID: <bug-293382-227-E6idsbUEOY@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-293382-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293382 --- Comment #56 from Kyle Evans <kevans@freebsd.org> --- (In reply to Konstantin Belousov from comment #55) Their investigation is still ongoing and they haven't proven that it's erms yet, but here are their observations: At https://cgit.freebsd.org/src/tree/sys/kern/kern_descrip.c#n2028 in fdgrowtable() ntable is allocated and ntable->fdt_nfiles is assigned. Before the memcpy, fdt_nfiles can be observed to be the correct value. A sample from their latest known panic was 7133184 bytes, and they note that the destination is never page unaligned (0xfffffe0423607008 in this last one) as a maybe-relevant fact for their case. Immediately after the memcpy into ntable->fdt_ofiles, the start of `ntable` appears to be damaged -- fdt_nfiles is suddenly zeroed out, and in this last sample the damage was to the tune of ~2 pages at the beginning zeroed out as well. They noted that a significant number of entries at the end of the old table were zeroed out, so it may be the case that the damage is actually those overwriting the beginning. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-293382-227-E6idsbUEOY>