Bug #2338
vm_pageout_active_scan panic
| Status: | Resolved | Start date: | 03/26/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - |
Description
A panic was seen on x86-64 where vm_pageout_active_scan() had removed a page from the active queue and found the object pointer nulled. The offending code section is roughly at line 1245 of vm_pageout.c (vm_pageout_active_scan(); we have found & busied the page, unlocked the queues; testing refcount).
(panic seen by sephe@)
1) vm_pageout_scan_active got an active page off of PQ_ACTIVE. The
page was referenced, busy, PG_CLEANCHKed, and PG_NEED_COMMITed. The
page's m->object field was NULL, but m->pindex was not, pointing to a
recent vm_page_remove() {which does not erase pindex}.
2) At first glance, it looks like vm_pageout_scan_active() and
vm_page_remove() might have a race; specifically:
vm_pageout_scan_active
...
* Lock page queue for page we selected
* Try to busy page (PG_BUSY set)
* If successful, unlock page queue for the page and the
page spinlock too
* yield()
vm_page_remove()
* hold the vm_object for the pg
This should be safe, because
the page was PG_BUSY. But
perhaps one caller is not
correctly busying the page?
* spinlock the page
* remove the page from the obj
* spinunlock the page
* drop the object
* find m->object NULL ! Surprise!
Related todos
Related issues
History
Updated by vsrinivas about 1 year ago
Commit 19cd98ea71f56117435402874beedbdf6d399b52 in master should deal with this bug. Has survived some testing on -master on testbox, among others.
Basically, vm_page_unwire could put pages with null objects onto the act/inact queues legitimately. This patch allows the scanouts to deal with null-object pages.
Updated by vsrinivas about 1 year ago
- Status changed from New to In Progress
Updated by vsrinivas about 1 year ago
- Status changed from In Progress to Resolved
I think this bug has been resolved by commit 2a9bfc81fff48191a76fdf894657083e091df58a.