Date: Sat, 14 Dec 2002 17:05:21 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Jake Burkholder <jake@locore.ca> Cc: "Brian F. Feldman" <green@FreeBSD.ORG>, John Baldwin <jhb@FreeBSD.ORG>, Kris Kennaway <kris@obsecurity.org>, current@FreeBSD.ORG, alpha@FreeBSD.ORG Subject: Re: UMA panic under load Message-ID: <200212150105.gBF15LiN060144@apollo.backplane.com> References: <XFMail.20021212113400.jhb@FreeBSD.org> <200212150037.gBF0bVSM014040@green.bikeshed.org> <20021214201446.F93389@locore.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
:P_WEXIT is set, so the process won't get swapped out. The problem is that
:the vmspace refcnt is 0 when swapout_procs is called, since it was
:decremented in exit1. The refcnt is incremented before p_flag is tested
:for P_WEXIT, the swapout is skipped because its found to be set, and then
:vmspace_free is called which decrements the refcnt to 0 and prematurely
:frees the vmspace. Decrementing the refcnt in exit1 breaks the normal
:refernce count semantics because the vmspace is not being freed then.
:
:Jake
Yup, I see it. We could just move the P_WEXIT test but I wonder how
many other places the vmspace might be bumped and then released. The
real bug appears to be in exit1().
I seem to recall we hit this situation a few months ago. I thought
it had been fixed.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212150105.gBF15LiN060144>