[Bug 293382] Dead lock and kernel crash around closefp_impl

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293382

Kristofer Peterson <kris@tranception.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kris@tranception.com

--- Comment #60 from Kristofer Peterson <kris@tranception.com> ---
Hi, I don't know if this is related but a while ago I experienced kernel panics
under 14.3 and 15.0 on AMD EPYC 9274F and 9375F boxes with 768GB RAM running a
multithreaded app with a large number of open files (some sockets but mostly
memory mapped files) and a high rate of file descriptor "churn" (mmap'd files
are frequently created, written, unmapped and deleted). The panics occurred
during fork/exec calls and examination of the crash dumps showed corrupted file
tables.

When running debug kernels, the one place that has consistently come up in the
kernel panics is do_fork/fdcopy/fdgrowtable, where fdgrowtable is repeatedly
called to create and expand a file table as other threads in the parent
continue to open new files. fdgrowtable repeatedly allocates and copies an ever
increasing file table until eventually fdt_nfiles at the start of the growing
table is read back inexplicably as zero which fails the KASSERT at the start of
fdgrowtable. The file tables are typically in the range of 250k to 500k entries
in size when this happens which, given that the entries are 48 bytes in size,
means the memory allocations and copies are on the order of several megabytes.

I have written a small kernel module and a test program that repeatedly
allocates, fills, copies, checks and frees memory which I will shortly attach
to this bug report.

I have only seen this problem with AMD Zen4 & Zen5 EPYC machines, I have not
been able to reproduce this on older CPUs.

-- 
You are receiving this mail because:
You are the assignee for the bug.