It's seems the re-org of the buffer code has a small bug...
When 'find_candidate()' is called, it may end up calling
'try_to_free_buffer()' (for buffers of a different size).
If try_to_free_buffer() finds that all the buffers on the page are
free, it removes the buffer headers from the queues and releases the page.
This can end up setting '*bhp' to NULL.
Back in find_candidate(), the loop is continued, and panics on "bh =
bh->b_next_free" (as bh has been set up NULL).
I've no idea what the correct fix is, but for a quick hack I do;
try_to_free_buffer(...);
if (!bh)
break;
I can reproduce the panic easily; a small read from the CD-ROM, and then
anything to push the buffer cache from the hard-disk.
Regards,
markhe
PS: Andrew, I've CC: you as your name now appears in the buffer code.
Perhaps you know the correct fix...?
------------------------------------------------------------------
Mark Hemment, Unix/C Software Engineer (Contractor)
markhe@nextd.demon.co.uk
------------------------------------------------------------------