Date: Tue, 22 Feb 2005 16:27:11 +0200 From: Ruslan Ermilov <ru@FreeBSD.org> To: Bosko Milekic <bmilekic@FreeBSD.org>, Alan Cox <alc@FreeBSD.org> Cc: Peter Grehan <grehan@FreeBSD.org> Subject: Re: mutex lock assertion panic in vm_page_free() on sparc64 Message-ID: <20050222142710.GA42507@ip.net.ua> In-Reply-To: <20050222110318.GA41460@ip.net.ua> References: <20050222110318.GA41460@ip.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
--T4sUOijqQbZv57TR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Feb 22, 2005 at 01:03:18PM +0200, Ruslan Ermilov wrote:
> Hi,
>=20
> I'm repeatedly getting the following panic (three-four times a day)
> on sparc64 running a fresh -CURRENT, building world:
>=20
> db> show msgbuf
> panic: mutex vm object not owned at /usr/src/sys/vm/vm_page.c:608
> cpuid =3D 0
> KDB: enter: panic
> exclusive sleep mutex vm page queue mutex r =3D 0 (0xc04be700) locked @ /=
usr/src/sys/sparc64/sparc64/vm_machdep.c:483
> exclusive sleep mutex UMA lock r =3D 0 (0xc04bdcc0) locked @ /usr/src/sys=
/vm/uma_core.c:1485
> exclusive sleep mutex Giant r =3D 0 (0xc0422728) locked @ /usr/src/sys/vm=
/vm_pageout.c:666
> db> where
> Tracing pid 7 tid 100016 td 0xfffff80067c0c720
> panic() at panic+0x16c
> _mtx_assert() at _mtx_assert+0x6c
> vm_page_remove() at vm_page_remove+0x34
> vm_page_free_toq() at vm_page_free_toq+0xb8
> vm_page_free() at vm_page_free+0x10
> uma_small_free() at uma_small_free+0x54
> zone_drain() at zone_drain+0x2e8
> zone_foreach() at zone_foreach+0x3c
> uma_reclaim() at uma_reclaim+0x10
> vm_pageout_scan() at vm_pageout_scan+0x13c
> vm_pageout() at vm_pageout+0x3e8
> fork_exit() at fork_exit+0x9c
> fork_trampoline() at fork_trampoline+0x8
>=20
I have no idea if this is the correct fix or not, but the necessary
vm_object_t locking is certainly missing in uma_small_free() on all
architectures implementing it (alpha, amd64, ia64, powerpc, and
sparc64).
%%%
Index: vm_machdep.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/ncvs/src/sys/sparc64/sparc64/vm_machdep.c,v
retrieving revision 1.71
diff -u -r1.71 vm_machdep.c
--- vm_machdep.c 19 Jan 2005 18:24:07 -0000 1.71
+++ vm_machdep.c 22 Feb 2005 14:21:12 -0000
@@ -67,6 +67,7 @@
#include <vm/pmap.h>
#include <vm/vm_kern.h>
#include <vm/vm_map.h>
+#include <vm/vm_object.h>
#include <vm/vm_page.h>
#include <vm/vm_pageout.h>
#include <vm/vm_param.h>
@@ -477,10 +478,14 @@
uma_small_free(void *mem, int size, u_int8_t flags)
{
vm_page_t m;
+ vm_object_t object;
=20
PMAP_STATS_INC(uma_nsmall_free);
m =3D PHYS_TO_VM_PAGE(TLB_DIRECT_TO_PHYS((vm_offset_t)mem));
+ object =3D m->object;
+ VM_OBJECT_LOCK(object);
vm_page_lock_queues();
vm_page_free(m);
vm_page_unlock_queues();
+ VM_OBJECT_UNLOCK(object);
}
%%%
Cheers,
--=20
Ruslan Ermilov
ru@FreeBSD.org
FreeBSD committer
--T4sUOijqQbZv57TR
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFCG0E+qRfpzJluFF4RAn1WAJ9qaN3eV/l1nUIXt8GTLjHrs5rMcgCeKYVt
eX/nqMSHH9H3doBQMdJgig0=
=XR+f
-----END PGP SIGNATURE-----
--T4sUOijqQbZv57TR--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050222142710.GA42507>