Index: sys/vm/vm_fault.c =================================================================== --- sys/vm/vm_fault.c (revision 297486) +++ sys/vm/vm_fault.c (working copy) @@ -426,6 +426,8 @@ fast_failed: * If the object is dead, we stop here */ if (fs.object->flags & OBJ_DEAD) { +printf("%d vm_fault OBJ_DEAD %p\n", curproc->p_pid, fs.object); +stack_print(&fs.object->dead_stack); unlock_and_deallocate(&fs); return (KERN_PROTECTION_FAILURE); } Index: sys/vm/vm_object.c =================================================================== --- sys/vm/vm_object.c (revision 297486) +++ sys/vm/vm_object.c (working copy) @@ -265,6 +265,7 @@ _vm_object_allocate(objtype_t type, vm_pindex_t si #if VM_NRESERVLEVEL > 0 LIST_INIT(&object->rvq); #endif +stack_zero(&object->dead_stack); } /* Index: sys/vm/vm_object.h =================================================================== --- sys/vm/vm_object.h (revision 297486) +++ sys/vm/vm_object.h (working copy) @@ -74,6 +74,7 @@ #include +#include /* * Types defined: * @@ -110,8 +111,8 @@ struct vm_object { int shadow_count; /* how many objects that this is a shadow for */ vm_memattr_t memattr; /* default memory attribute for pages */ objtype_t type; /* type of pager */ - u_short flags; /* see below */ - u_short pg_color; /* (c) color of first page in obj */ + u_int flags; /* see below */ + u_int pg_color; /* (c) color of first page in obj */ u_int paging_in_progress; /* Paging (in or out) so don't collapse or destroy */ int resident_page_count; /* number of resident pages */ struct vm_object *backing_object; /* object that I'm a shadow of */ @@ -174,6 +175,7 @@ struct vm_object { } un_pager; struct ucred *cred; vm_ooffset_t charge; +struct stack dead_stack; }; /* @@ -253,6 +255,8 @@ static __inline void vm_object_set_flag(vm_object_t object, u_short bits) { +VM_OBJECT_ASSERT_WLOCKED(object); +if ((bits & OBJ_DEAD) != 0) stack_save(&object->dead_stack); object->flags |= bits; }