On Wed, 18 Feb 2026 at 10:05, Yehor Malikov <[email protected]> wrote: > > From: Yehor Malikov <[email protected]> > > The fdset_event_dispatch thread runs in a loop checking the destroy > flag after each epoll_wait iteration. During process exit, > rte_eal_cleanup() frees hugepage memory while the fdset thread is > still running. Since the fdset structure was allocated with > rte_zmalloc() (hugepage-backed), accessing it after rte_eal_cleanup() > causes use-after-free. > > Switch fdset allocation from rte_zmalloc/rte_free to libc > calloc/free. The fdset is a control-path structure that does not > need hugepage memory. Using libc allocation ensures the fdset > remains valid after rte_eal_cleanup() releases hugepages. > > Fixes: e68a6feaa3b3 ("vhost: improve fdset initialization") Cc: [email protected]
> > Signed-off-by: Yehor Malikov <[email protected]> Thanks for the fix. Acked-by: David Marchand <[email protected]> -- David Marchand
