Date: Thu, 8 Mar 2001 08:00:03 -0800 (PST) From: Ian Dowse <iedowse@maths.tcd.ie> To: freebsd-bugs@FreeBSD.org Subject: Re: i386/25603: mmap + fork = panic: vm_object_deallocate: object deallocated too may times: 0 Message-ID: <200103081600.f28G03u08817@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR i386/25603; it has been noted by GNATS. From: Ian Dowse <iedowse@maths.tcd.ie> To: nis@pc3.geta.hatoyama.hitachi.co.jp Cc: FreeBSD-gnats-submit@freebsd.org, dillon@freebsd.org, iedowse@maths.tcd.ie Subject: Re: i386/25603: mmap + fork = panic: vm_object_deallocate: object deallocated too may times: 0 Date: Thu, 08 Mar 2001 15:54:13 +0000 In message <200103080633.f286XnB02074@pc3.geta.hatoyama.hitachi.co.jp>, Shingo Nishioka writes: > > The code blow causes a "panic: vm_object_deallocate: object deallocated > too may times: 0" The following patch seems to solve this problem, though I have no idea whether or not it is correct, and I've only done minimal testing. It seems that when a shadow object is created in vmspace_fork(), only one of the two object references gets transferred to the shadow object. Matt? Anyone? Ian Index: vm_map.c =================================================================== RCS file: /dump/FreeBSD-CVS/src/sys/vm/vm_map.c,v retrieving revision 1.194 diff -u -r1.194 vm_map.c --- vm_map.c 2001/02/04 06:19:28 1.194 +++ vm_map.c 2001/03/08 15:47:42 @@ -2155,6 +2155,10 @@ &old_entry->offset, atop(old_entry->end - old_entry->start)); old_entry->eflags &= ~MAP_ENTRY_NEEDS_COPY; + /* Transfer the original reference too. */ + vm_object_reference( + old_entry->object.vm_object); + vm_object_deallocate(object); object = old_entry->object.vm_object; } vm_object_clear_flag(object, OBJ_ONEMAPPING); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103081600.f28G03u08817>