Jeremy Archer wrote: > I started to look at ref counting to convince myself that the db_bu field in > a cached dmu_impl_t object > is guaranteed to point at a valid arc_buf_t. > > I have seen a "deadbeef" crash on a busy system when zfs_write() is > pre-pagefaulting in > the file's pages. > > The page fault handler eventually winds its way to dbuf_hold_impl, who > manages to > find a cached dmu_impl_t record. This record however, points to a freed > arc_buf_t > via its b_data field. The field is not null, but it points to a freed object, > hence the > crash upon trying to lock the rwlock of the alleged arc_buf. > > Ref counting should prevent something like this, correct?
Correct. If you are running recent bits and have a core file please file a bug on this. -Mark
