[DragonFlyBSD - Bug #2338] vm_pageout_active_scan panic

Venkatesh Srinivas via Redmine bugtracker-admin at leaf.dragonflybsd.org
Mon Mar 26 11:06:04 PDT 2012


Issue #2338 has been reported by Venkatesh Srinivas.

----------------------------------------
Bug #2338: vm_pageout_active_scan panic
http://bugs.dragonflybsd.org/issues/2338

Author: Venkatesh Srinivas
Status: New
Priority: Normal
Assignee: 
Category: 
Target version: 


A panic was seen on x86-64 where vm_pageout_active_scan() had removed a page from the active queue and found the object pointer nulled. The offending code section is roughly at line 1245 of vm_pageout.c (vm_pageout_active_scan(); we have found & busied the page, unlocked the queues; testing refcount).

(panic seen by sephe@)

1) vm_pageout_scan_active got an active page off of PQ_ACTIVE. The
page was referenced, busy, PG_CLEANCHKed, and PG_NEED_COMMITed. The
page's m->object field was NULL, but m->pindex was not, pointing to a
recent vm_page_remove() {which does not erase pindex}.

2) At first glance, it looks like vm_pageout_scan_active() and
vm_page_remove() might have a race; specifically:

vm_pageout_scan_active
...
* Lock page queue for page we selected
* Try to busy page (PG_BUSY set)
* If successful, unlock page queue for the page and the
 page spinlock too
* yield()

               vm_page_remove()

               * hold the vm_object for the pg
                 This should be safe, because
                 the page was PG_BUSY. But
                 perhaps one caller is not
                 correctly busying the page?

               * spinlock the page
               * remove the page from the obj
               * spinunlock the page
               * drop the object

*  find m->object NULL ! Surprise!



-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account





More information about the Bugs mailing list