Date: Thu, 4 Feb 1999 09:26:07 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Stephen McKay <syssgm@detir.qld.gov.au> Cc: freebsd-current@FreeBSD.ORG, syssgm@detir.qld.gov.au Subject: Re: panic: vm_object_qcollapse(): object mismatch Message-ID: <199902041726.JAA88650@apollo.backplane.com> References: <199902041300.XAA10590@nymph.detir.qld.gov.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hmmm. This looks like an out-an-out bug to me. The assertion is wrong.
It's scanning the backing_object and asserting that the pages in the
backing object are associated with object rather then backing_object.
This section of code only runs when paging is in progress on a
collapseable object AND there are also idle pages in that object.
The collapse condition is probably due to an exiting process ( typical
in a buildworld ).
( from vm/vm_object.c )
/*
* busy the page and move it from the backing store to the
* parent object.
*/
vm_page_busy(p);
KASSERT(p->object == object, ("vm_object_qcollapse(): object mismatch"));
^^^^^^^^^^
should be 'backing_object'
There is also an interrupt race. Since paging can be in progress,
pages in the object can be ripped out from under it so we have to
run at splbio() in the loop.
I will commit the fix.
-Matt
Matthew Dillon
<dillon@backplane.com>
:Hardware: 486DX2/66 16Mb ram, aha1542CF, 2x1Gb SCSI disks
:Software: 4.0-current 1-2 days old, softupdates
: (vm_map.c is at rev 1.146, for example)
:
:I was running 'make -j5 buildworld'. It swaps like crazy when I do this. :-)
:
:Here's what gdb -k tells me:
:
:...
:#9 0xf01425e0 in panic (
: fmt=0xf0225c1f "vm_object_qcollapse(): object mismatch")
: at ../../kern/kern_shutdown.c:446
:#10 0xf01e0772 in vm_object_qcollapse (object=0xf2f001d0)
: at ../../vm/vm_object.c:1011
:#11 0xf01e08d6 in vm_object_collapse (object=0xf2f001d0)
: at ../../vm/vm_object.c:1102
:#12 0xf01ddae2 in vm_map_copy_entry (src_map=0xf2f4aa00, dst_map=0xf2f4ad00,
: src_entry=0xf2ed0e10, dst_entry=0xf2f8edc0) at ../../vm/vm_map.c:2284
:#13 0xf01ddd73 in vmspace_fork (vm1=0xf2f4aa00) at ../../vm/vm_map.c:2411
:#14 0xf01da833 in vm_fork (p1=0xf2f7db20, p2=0xf2d751e0, flags=20)
: at ../../vm/vm_glue.c:231
:#15 0xf013d4f0 in fork1 (p1=0xf2f7db20, flags=20) at ../../kern/kern_fork.c:447
:#16 0xf013ce65 in fork (p=0xf2f7db20, uap=0xf3021f94)
: at ../../kern/kern_fork.c:99
:#17 0xf01fe783 in syscall (frame={tf_es = 134807599, tf_ds = -272695249,
: tf_edi = 134750909, tf_esi = 134935201, tf_ebp = -272643652,
: tf_isp = -217964572, tf_ebx = 4, tf_edx = 672250004, tf_ecx = 19,
: tf_eax = 2, tf_trapno = 12, tf_err = 2, tf_eip = 671826564, tf_cs = 31,
: tf_eflags = 662, tf_esp = -272651296, tf_ss = 47})
: at ../../i386/i386/trap.c:1100
:#18 0xf01f4e9c in Xint0x80_syscall ()
:...
:(kgdb) p *p
:$1 = {pageq = {tqe_next = 0xf02c5240, tqe_prev = 0xf02e4e00}, hnext = 0x0,
: listq = {tqe_next = 0xf02e59d0, tqe_prev = 0xf2f69cc8}, object = 0xf2f69cb0,
: pindex = 30, phys_addr = 15065088, queue = 4, flags = 1, pc = 0,
: wire_count = 0, hold_count = 0, act_count = 27 '\e', busy = 0 '\000',
: valid = 255 'ÿ', dirty = 255 'ÿ'}
:(kgdb) p object
:$2 = (struct vm_object *) 0xf2f001d0
:(kgdb) p *object
:$3 = {object_list = {tqe_next = 0xf2fdc2b8, tqe_prev = 0xf2f69c3c},
: shadow_head = {tqh_first = 0x0, tqh_last = 0xf2f001d8}, shadow_list = {
: tqe_next = 0x0, tqe_prev = 0xf2f69cb8}, memq = {tqh_first = 0xf02dbcb0,
: tqh_last = 0xf02cc86c}, generation = 11690, type = OBJT_DEFAULT,
: size = 32, ref_count = 2, shadow_count = 0, pg_color = 0,
: hash_rand = -136756254, flags = 8576, paging_in_progress = 0, behavior = 0,
: resident_page_count = 6, cache_count = 0, wire_count = 0,
: backing_object = 0xf2f69cb0, backing_object_offset = 0x0000000000000000,
: last_read = 0, pager_object_list = {tqe_next = 0xf2f69000,
: tqe_prev = 0xf0252f10}, handle = 0x0, un_pager = {vnp = {
: vnp_size = 0x0000000000000000}, devp = {devp_pglist = {tqh_first = 0x0,
: tqh_last = 0x0}}, swp = {swp_bcount = 0}}}
:(kgdb) p *(p->object)
:$4 = {object_list = {tqe_next = 0xf2f915e4, tqe_prev = 0xf30fd0e8},
: shadow_head = {tqh_first = 0xf2f001d0, tqh_last = 0xf2f001e0},
: shadow_list = {tqe_next = 0x0, tqe_prev = 0xf30fef04}, memq = {
: tqh_first = 0xf02e7170, tqh_last = 0xf02cff5c}, generation = 10219,
: type = OBJT_SWAP, size = 32, ref_count = 3, shadow_count = 1, pg_color = 0,
: hash_rand = -136000830, flags = 384, paging_in_progress = 0, behavior = 0,
: resident_page_count = 4, cache_count = 1, wire_count = 0,
: backing_object = 0x0, backing_object_offset = 0x0000000000000000,
: last_read = 29, pager_object_list = {tqe_next = 0xf30fad24,
: tqe_prev = 0xf30f0814}, handle = 0x0, un_pager = {vnp = {
: vnp_size = 0x0000000000000001}, devp = {devp_pglist = {tqh_first = 0x1,
: tqh_last = 0x0}}, swp = {swp_bcount = 1}}}
:
:I'll keep this dump around. What other details do people want?
:
:I'm not likely to even get to look at this let alone solve it. Bummer.
:
:Stephen.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902041726.JAA88650>