[Bug 204426] Processes terminating cannot access memory
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Apr 1 14:43:05 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204426
--- Comment #80 from Konstantin Belousov <kib at FreeBSD.org> ---
(In reply to Robert Blayzor from comment #79)
The page fault was not handled since some object in the shadow chain which
backs the faulted region, has the OBJ_DEAD flag set. I do not see why would
this state valid for the object in question. There is another PR 204764, where
the same flag is set for a vnode object and the manifestation of the problem is
different. Instead of vm_fault, the object was found by vnode_create_vobject(),
which sleeps forever waiting for the object termination to finish. Since the
flag was not set by the termination conditions, termination does not happen and
lookup is stuck forever.
Right now, I have no idea why does this happen. Either we have a bug in VM by
spuriously setting the flag (but code reading does not support this
possibility), or some random memory access happens and corrupts the vm object
memory. I do not know.
I attached some additions to the debugging patch, which both asserts that the
object is write-locked when object->flags are modified, and also it slightly
changes the layout of struct vm_object. So if the issue is VM bug, most likely
unlocked modifications, it could be catched. Or, if the problem is the memory
corruption, it should migrate to other place.
Still, it is only speculation. Please make sure that you have INVARIANTS and
WITNESS in your kernel config enabled.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-threads
mailing list