Date: Fri, 03 Apr 2026 14:30:22 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 294039] databases/postgresql14-server: jemalloc crashes triggered by autovacuum Message-ID: <bug-294039-227-xjhuCYPnq4@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-294039-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294039 Mark Johnston <markj@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open --- Comment #9 from Mark Johnston <markj@FreeBSD.org> --- I see a case where we can restart the fault handler without resetting m_needs_zeroing: if vm_fault_object() encounters a busy page in a backing object, it will call vm_fault_busy_sleep(), which resets fault state using a custom routine. If a page allocation had previously set m_needs_zeroing = false, and the newly allocated page was reclaimed while restarting the fault handler, then we'll allocate a new page using the stale m_needs_zeroing value. A minimal patch to fix this is: diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 64580c34c0a0..cf20304706ad 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -1436,6 +1436,7 @@ vm_fault_busy_sleep(struct faultstate *fs) VM_OBJECT_UNLOCK(fs->object); VM_CNT_INC(v_intrans); vm_object_deallocate(fs->first_object); + fs->m_needs_zeroing = true; } Peter, I wonder if you could test this with the original patch re-applied? -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-294039-227-xjhuCYPnq4>