[rust/rqd] Fix memory bug on OOM killed frames (#2093)

When a frame is killed due to OOM, it is possible the that thread that
collects stats before reporting back races the frame wrapping process
and gather stats for the frame when some of its procs have died, leading
to a incorrect reading of memory for the given frame.

# How the bug manifests:

For successful frames:**
1. Frame runs → processes accumulate memory → `refresh_procs` updates
stats normally
2. Frame completes naturally → all processes exit cleanly together
3. Final stats are captured before the cache is cleared
4. **Memory reported correctly**

**For killed frames (OOM):**
1. Frame detected using too much memory (e.g., 12GB actual usage)
2. `kill_session()` is called → child processes start dying
3. **Next `refresh_procs()` cycle happens** (this runs every report
interval)
4. `session_processes.clear()` **wipes out all the cached process data**
including the high memory readings
5. When rebuilding cache, zombie/dying processes are skipped
6. **Only the session leader remains** (in zombie state or about to
become one)
7. `collect_proc_stats()` now reads **only the session leader's memory**
(typically very small, just the shell wrapper)
8. **Massively underreported memory** (e.g., reports 1GB instead of
12GB)

Author: DiegoTavares

rust/crates/rqd/src/frame/running_frame.rs

@@ -11,6 +11,7 @@ use std::{
     fmt::Display,
     path::Path,
     process::ExitStatus,
+    sync::atomic::{AtomicBool, Ordering},
     sync::{Arc, RwLock},
 };
 use std::{process::Stdio, thread};
@@ -59,6 +60,9 @@ pub struct RunningFrame {
     pub entrypoint_file_path: String,
     state: RwLock<FrameState>,
     should_remove_from_cache: RwLock<bool>,
+    #[serde(skip_serializing)]
+    #[serde(skip_deserializing)]
+    stats_frozen: AtomicBool,
 }
 
 #[derive(Serialize, Deserialize, Debug)]
@@ -177,6 +181,7 @@ impl RunningFrame {
                 launch_thread_handle: None,
             })),
             should_remove_from_cache: RwLock::new(false),
+            stats_frozen: AtomicBool::new(false),
         }
     }
 
@@ -226,6 +231,11 @@ impl RunningFrame {
     }
 
     pub fn update_frame_stats(&self, proc_stats: ProcessStats) {
+        // Don't update stats if they've been frozen (e.g., when frame is being killed for OOM)
+        if self.stats_frozen.load(Ordering::SeqCst) {
+            return;
+        }
+
         self.frame_stats
             .write()
             .unwrap_or_else(|poisoned| poisoned.into_inner())
@@ -1041,6 +1051,8 @@ impl RunningFrame {
 
         // Replace snapshot config with the new config:
         frame.config = config;
+        // Initialize stats_frozen (skipped during deserialization)
+        frame.stats_frozen = AtomicBool::new(false);
 
         let pid = frame.pid();
 
@@ -1258,6 +1270,17 @@ Render Frame Completed
             .read()
             .unwrap_or_else(|poisoned| poisoned.into_inner())
     }
+
+    /// Freezes the frame statistics to prevent further updates.
+    ///
+    /// This is typically called when a frame is being killed for OOM (out of memory),
+    /// to capture the accurate memory measurement at the moment of kill detection
+    /// and prevent corruption from reading zombie/dying processes.
+    ///
+    /// Once frozen, calls to `update_frame_stats()` will be ignored.
+    pub fn freeze_stats(&self) {
+        self.stats_frozen.store(true, Ordering::SeqCst);
+    }
 }
 
 #[cfg(test)]

rust/crates/rqd/src/system/machine.rs

@@ -408,6 +408,10 @@ impl MachineMonitor {
                 // Attempt to kill selected frames.
                 // Logic will ignore kill errors and try again on the next iteration
                 for frame in frames_to_kill {
+                    // Freeze stats before killing to capture accurate memory measurement.
+                    // This prevents corruption from reading zombie/dying processes after kill signal.
+                    frame.freeze_stats();
+
                     if let Ok(manager) = manager::instance().await {
                         info!("Requesting a kill for {}", &frame);
                         let kill_result = manager