Bug #2338
closed
vm_pageout_active_scan panic
0%
Description
A panic was seen on x86-64 where vm_pageout_active_scan() had removed a page from the active queue and found the object pointer nulled. The offending code section is roughly at line 1245 of vm_pageout.c (vm_pageout_active_scan(); we have found & busied the page, unlocked the queues; testing refcount).
(panic seen by sephe@)
1) vm_pageout_scan_active got an active page off of PQ_ACTIVE. The
page was referenced, busy, PG_CLEANCHKed, and PG_NEED_COMMITed. The
page's m->object field was NULL, but m->pindex was not, pointing to a
recent vm_page_remove() {which does not erase pindex}.
2) At first glance, it looks like vm_pageout_scan_active() and
vm_page_remove() might have a race; specifically:
...
- Lock page queue for page we selected
- Try to busy page (PG_BUSY set)
- If successful, unlock page queue for the page and the
page spinlock too - yield()
vm_page_remove()- hold the vm_object for the pg
This should be safe, because
the page was PG_BUSY. But
perhaps one caller is not
correctly busying the page?
- spinlock the page
- remove the page from the obj
- spinunlock the page
- drop the object
- find m->object NULL ! Surprise!
Updated by vsrinivas about 12 years ago
Commit 19cd98ea71f56117435402874beedbdf6d399b52 in master should deal with this bug. Has survived some testing on -master on testbox, among others.
Basically, vm_page_unwire could put pages with null objects onto the act/inact queues legitimately. This patch allows the scanouts to deal with null-object pages.
Updated by vsrinivas almost 12 years ago
- Status changed from In Progress to Resolved
I think this bug has been resolved by commit 2a9bfc81fff48191a76fdf894657083e091df58a.