[Bug 293382] Dead lock and kernel crash around closefp_impl

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 293382] Dead lock and kernel crash around closefp_impl"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 10 Apr 2026 12:27:21 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293382

--- Comment #56 from Kyle Evans <kevans@freebsd.org> ---
(In reply to Konstantin Belousov from comment #55)

Their investigation is still ongoing and they haven't proven that it's erms
yet, but here are their observations:

At https://cgit.freebsd.org/src/tree/sys/kern/kern_descrip.c#n2028 in
fdgrowtable() ntable is allocated and ntable->fdt_nfiles is assigned.  Before
the memcpy, fdt_nfiles can be observed to be the correct value.   A sample from
their latest known panic was 7133184 bytes, and they note that the destination
is never page unaligned (0xfffffe0423607008 in this last one) as a
maybe-relevant fact for their case.

Immediately after the memcpy into ntable->fdt_ofiles, the start of `ntable`
appears to be damaged -- fdt_nfiles is suddenly zeroed out, and in this last
sample the damage was to the tune of ~2 pages at the beginning zeroed out as
well.  They noted that a significant number of entries at the end of the old
table were zeroed out, so it may be the case that the damage is actually those
overwriting the beginning.

-- 
You are receiving this mail because:
You are the assignee for the bug.