Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 01 Apr 2016 14:43:05 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-threads@FreeBSD.org
Subject:   [Bug 204426] Processes terminating cannot access memory
Message-ID:  <bug-204426-16-s0tt5EVdKN@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-204426-16@https.bugs.freebsd.org/bugzilla/>
References:  <bug-204426-16@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D204426

--- Comment #80 from Konstantin Belousov <kib@FreeBSD.org> ---
(In reply to Robert Blayzor from comment #79)
The page fault was not handled since some object in the shadow chain which
backs the faulted region, has the OBJ_DEAD flag set.  I do not see why would
this state valid for the object in question.  There is another PR 204764, w=
here
the same flag is set for a vnode object and the manifestation of the proble=
m is
different. Instead of vm_fault, the object was found by vnode_create_vobjec=
t(),
which sleeps forever waiting for the object termination to finish.  Since t=
he
flag was not set by the termination conditions, termination does not happen=
 and
lookup is stuck forever.

Right now, I have no idea why does this happen.  Either we have a bug in VM=
 by
spuriously setting the flag (but code reading does not support this
possibility), or some random memory access happens and corrupts the vm obje=
ct
memory.  I do not know.

I attached some additions to the debugging patch, which both asserts that t=
he
object is write-locked when object->flags are modified, and also it slightly
changes the layout of struct vm_object.  So if the issue is VM bug, most li=
kely
unlocked modifications, it could be catched.  Or, if the problem is the mem=
ory
corruption, it should migrate to other place.

Still, it is only speculation.  Please make sure that you have INVARIANTS a=
nd
WITNESS in your kernel config enabled.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-204426-16-s0tt5EVdKN>