[Bug 293382] Dead lock and kernel crash around closefp_impl

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 11 Apr 2026 02:17:29 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293382

--- Comment #63 from Kristofer Peterson <kris@tranception.com> ---
I have attached kmod2.c (a kernel module) and call2.c (a program that invokes
kmod2.c).

kmod2.ko can be built with the following makefile.
-------- kmod2.mk --------
KMOD = kmod2
SRCS = kmod2.c
.include <bsd.kmod.mk>
--------------------------

call2 can be built with the following command line:
cc -o call2 call2.c -lthr

call2 assumes the syscall in kmod2 is assigned syscall number 210 on loading;
if this not the cases on your machine, edit call2.c accordingly.

This will run 1 thread, zeroed allocations, starting memory size of 64k, 32
iterations, increase of 4k each iteration:
$ call2 1 5 $((1<<16)) 32 4096

This will run 3 threads, not-zeroed allocations, starting memory size of 16M,
128 iterations, increase of 16k each iteration:
$ call2 3 5 $((1<<24)) 128 16384

dmesg will normally show lines such as:
memkpy/syscall: enter pid:32426 tid:117355 4 16777216 128 16384
memkpy/syscall: exit pid:32426 tid:117355 4 16777216 128 16384 ilog:516
index:515 tsc:5520429094997775 event:4

If the memory checks fail, dmesg output (with kern.msgbuf_show_timestamp="2")
will look like this:
[375862.366839] memkpy/syscall: enter pid:9651 tid:191508 4 33554432 128 16384
[375862.787488] memkpy/check_block: failed at ptr:0xfffffe10d50e4000
data:0xfffffe10d50a8000 size:35356672
...
[375863.168260] memkpy/check_block: failed at ptr:0xfffffe10d513d000
data:0xfffffe10d5138000 size:35651584
[375863.178042] memkpy/syscall: exit pid:9651 tid:191508 4 33554432 128 16384
ilog:516 index:515 tsc:1428744768499442 event:4

This is an unfinished work in progress but hopefully it is of some assistance.

-- 
You are receiving this mail because:
You are the assignee for the bug.