Project

General

Profile

Actions

Bug #2338

closed

vm_pageout_active_scan panic

Added by vsrinivas over 12 years ago. Updated over 12 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
03/26/2012
Due date:
% Done:

0%

Estimated time:

Description

A panic was seen on x86-64 where vm_pageout_active_scan() had removed a page from the active queue and found the object pointer nulled. The offending code section is roughly at line 1245 of vm_pageout.c (vm_pageout_active_scan(); we have found & busied the page, unlocked the queues; testing refcount).

(panic seen by sephe@)

1) vm_pageout_scan_active got an active page off of PQ_ACTIVE. The
page was referenced, busy, PG_CLEANCHKed, and PG_NEED_COMMITed. The
page's m->object field was NULL, but m->pindex was not, pointing to a
recent vm_page_remove() {which does not erase pindex}.

2) At first glance, it looks like vm_pageout_scan_active() and
vm_page_remove() might have a race; specifically:

vm_pageout_scan_active
...
  • Lock page queue for page we selected
  • Try to busy page (PG_BUSY set)
  • If successful, unlock page queue for the page and the
    page spinlock too
  • yield()
vm_page_remove()
  • hold the vm_object for the pg
    This should be safe, because
    the page was PG_BUSY. But
    perhaps one caller is not
    correctly busying the page?
  • spinlock the page
  • remove the page from the obj
  • spinunlock the page
  • drop the object
  • find m->object NULL ! Surprise!

Related issues 1 (0 open1 closed)

Related to Bug #2336: 3.0.3 catchall Resolved03/26/2012

Actions
Actions

Also available in: Atom PDF