https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288985
--- Comment #1 from Thiago Macieira <[email protected]> --- I think this is the commit introducing the bug: https://github.com/freebsd/freebsd-src/commit/1d2fd8c9cf0fb796d8b7b7590288d3125398d445 https://reviews.freebsd.org/rG197997a4c36d8be5807688a4f973ebe8ae807a6e infp1 = outfp1 = NULL; if (inoffp != NULL) inoff = *inoffp; else infp1 = infp; ... if (infp1 != NULL || outfp1 != NULL) { ... foffsets_locked = true; } ... error = vn_copy_file_range(invp, &inoff, outvp, &outoff, &retlen, flags, infp->f_cred, outfp->f_cred, td); out: if (rl_rcookie != NULL) vn_rangelock_unlock(invp, rl_rcookie); if (rl_wcookie != NULL) vn_rangelock_unlock(outvp, rl_wcookie); if (foffsets_locked) { if (error == EINTR || error == ERESTART) { inoff = savinoff; outoff = savoutoff; } if (inoffp == NULL) foffset_unlock(infp, inoff, 0); else *inoffp = inoff; The patch changed the call to vn_copy_file_range() to take a pointer to the local variable inoff instead of the user pointer, so that function won't update any more and we need to do it after it returns. The tail code does that, but only if foffsets_locked == true, which it won't be for our case. -- You are receiving this mail because: You are the assignee for the bug.
