Panic in vm_map_stack
Tom Judge
tom at tomjudge.com
Fri Mar 26 20:14:29 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Interesting this is in some custom code to calculate and track memory
usage in jails.
#0 sched_switch (td=0xffffff0004325370, newtd=0xffffffff804aeed8,
flags=Variable "flags" is not available.
)
at /usr/src/sys/kern/sched_ule.c:1944
#1 0x0000000000000000 in ?? ()
#2 0xffffffff804960a1 in mi_switch (flags=70407024, newtd=0x1)
at /usr/src/sys/kern/kern_synch.c:440
#3 0xffffffff804c24a0 in sleepq_timedwait (wchan=0xffffffff80a09748)
at /usr/src/sys/kern/subr_sleepqueue.c:615
#4 0xffffffff8049663d in _sleep (ident=0xffffffff80a09748, lock=0x0,
priority=83314928, wmesg=0xffffffff807c4219 "vmo_de", timo=1)
at /usr/src/sys/kern/kern_synch.c:222
#5 0xffffffff8064b5d4 in vm_object_deallocate (object=0xffffff07335f8c30)
at /usr/src/sys/vm/vm_object.c:512
#6 0xffffffff8064440e in vm_map_delete (map=0xffffff007f8191a0,
start=18446742980708383584, end=140737488355328)
at /usr/src/sys/vm/vm_map.c:2315
#7 0xffffffff806445df in vm_map_remove (map=0xffffff007f8191a0, start=0,
end=140737488355328) at /usr/src/sys/vm/vm_map.c:2423
#8 0xffffffff80644bb9 in vmspace_free (vm=0xffffff007f8191a0)
at /usr/src/sys/vm/vm_map.c:324
#9 0xffffffff80470403 in prison_memory (pr=0xffffff0004fa2000)
at /usr/src/sys/kern/kern_jail.c:756
#10 0xffffffff804705f8 in jpager_td (arg=Variable "arg" is not available.
) at /usr/src/sys/kern/kern_jail.c:192
#11 0xffffffff8046ad93 in fork_exit (callout=0xffffffff804705a0
<jpager_td>,
arg=0xffffff0004fa2000, frame=0xffffffffb8986c80)
- ---Type <return> to continue, or q <return> to quit---
at /usr/src/sys/kern/kern_fork.c:804
#12 0xffffffff806be49e in fork_trampoline ()
at /usr/src/sys/amd64/amd64/exception.S:455
This is the function, I am guessing that I need to unlock the proc
before calling vmspace_free ?
673 /* Given credential, return memory usage in bytes. */
674 void
675 prison_memory(struct prison *pr)
676 {
677 struct proc *p;
678 struct thread *td;
679 struct vmspace *vm;
680 long mem_used = 0;
681 long full_mem_used = 0;
682 long proc_res = 0;
683
684 /*
685 * TODO: this is a really bad way of doing the
686 * search, as we end up going across all processes
687 * for each jail. It'd be more efficient to just do
688 * this once in a period and update the relevant jail.
689 *
690 */
691 sx_slock(&allproc_lock);
692
693 FOREACH_PROC_IN_SYSTEM(p) {
694 int breakout;
695 proc_res=0;
696 vm = NULL;
697 if (PROC_TRYLOCK(p) == 0)
698 continue;
699 /*
700 * If this is a system or protected process, skip it.
701 */
702 if ((p->p_flag & P_SYSTEM) || (p->p_pid == 1) ||
703 (p->p_flag & P_PROTECTED) ||
704 (p->p_pid < 48)) {
705 PROC_UNLOCK(p);
706 continue;
707 }
708 /*
709 * If the process is in a non-running type state,
710 * don't touch it. Check all the threads individually.
711 */
712 breakout = 0;
713 FOREACH_THREAD_IN_PROC(p, td) {
714 thread_lock(td);
715 if (!TD_ON_RUNQ(td) &&
716 !TD_IS_RUNNING(td) &&
717 !TD_IS_SLEEPING(td)) {
718 thread_unlock(td);
719 breakout = 1;
720 break;
721 }
722 thread_unlock(td);
723 }
724 if (breakout) {
725 PROC_UNLOCK(p);
726 continue;
727 }
728
729 if (p->p_state == PRS_NEW ||
730 p->p_state == PRS_ZOMBIE ||
731 !jailed(p->p_ucred) ||
732 (pr != p->p_ucred->cr_prison) ||
733 !p->p_vmspace) {
734 PROC_UNLOCK(p);
735 continue;
736 }
737 /*
738 * get the process size
739 */
740 vm = vmspace_acquire_ref(p);
741 if (vm == NULL) {
742 PROC_UNLOCK(p);
743 continue;
744 }
745
746 if (!vm_map_trylock_read(&vm->vm_map)) {
747 vmspace_free(vm);
748 PROC_UNLOCK(p);
749 continue;
750 }
751 full_mem_used += vmspace_swap_count(vm);
752 vm_map_unlock_read(&vm->vm_map);
753 proc_res = vmspace_resident_count(vm);
754 full_mem_used += proc_res;
755 mem_used += proc_res;
756 vmspace_free(vm);
757 PROC_UNLOCK(p);
758 }
759 sx_sunlock(&allproc_lock);
760
761 mem_used *= PAGE_SIZE;
762 full_mem_used *= PAGE_SIZE;
763 /* Copy the current memory usage to the prison struct */
764 mtx_lock(&pr->pr_mtx);
765 pr->pr_mem_usage = mem_used;
766 pr->pr_full_mem_usage = full_mem_used;
767 mtx_unlock(&pr->pr_mtx);
768 }
769
Tom
Kostik Belousov wrote:
> On Fri, Mar 26, 2010 at 06:13:02PM +0000, Tom Judge wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi,
>>
>> I am seeing the following rare but re occurring panic in the
>> vm_map_stack code.
>>
>> I have the core file and symbols available should more information be
>> required.
>>
>> Tom
>>
>> - ----
>>
>>
>>> $ uname -a
>> FreeBSD XXX 7.1-RELEASE-p4 FreeBSD 7.1-RELEASE-p4 #0 @718:841: Mon Feb
>> 8 20:14:39 UTC 2010 tj at XXX:/usr/obj/usr/src/sys/XXXv8 amd64
>>
>>
>>> $ kgdb /boot/kernel/kernel /var/crash/vmcore.0
>> GNU gdb 6.1.1 [FreeBSD]
>> Copyright 2004 Free Software Foundation, Inc.
>> GDB is free software, covered by the GNU General Public License, and you are
>> welcome to change it and/or distribute copies of it under certain
>> conditions.
>> Type "show copying" to see the conditions.
>> There is absolutely no warranty for GDB. Type "show warranty" for details.
>> This GDB was configured as "amd64-marcel-freebsd"...
>>
>> Unread portion of the kernel message buffer:
>> Sleeping thread (tid 100119, pid 1554) owns a non-sleepable lock
>> panic: sleeping thread
>> cpuid = 0
>> Uptime: 44d17h36m22s
>> Physical memory: 32746 MB
>> Dumping 1467 MB: 1452 1436 1420 1404 1388 1372 1356 1340 1324 1308 1292
>> 1276 1260 1244 1228 1212 1196 1180 1164 1148 1132 1116 1100 1084 1068
>> 1052 1036 1020 1004 988 972 956 940 924 908 892 876 860 844 828 812 796
>> 780 764 748 732 716 700 684 668 652 636 620 604 588 572 556 540 524 508
>> 492 476 460 444 428 412 396 380 364 348 332 316 300 284 268 252 236 220
>> 204 188 172 156 140 124 108 92 76 60 44 28 12
>>
>> #0 doadump () at pcpu.h:195
>> 195 pcpu.h: No such file or directory.
>> in pcpu.h
>> (kgdb) bt
>> #0 doadump () at pcpu.h:195
>> #1 0x0000000000000004 in ?? ()
>> #2 0xffffffff8048e2a9 in boot (howto=260) at
>> /usr/src/sys/kern/kern_shutdown.c:418
>> #3 0xffffffff8048e6b2 in panic (fmt=0x104 <Address 0x104 out of
>> bounds>) at /usr/src/sys/kern/kern_shutdown.c:574
>> #4 0xffffffff804c4a95 in propagate_priority (td=Variable "td" is not
>> available.
>> ) at /usr/src/sys/kern/subr_turnstile.c:222
>> #5 0xffffffff804c58a5 in turnstile_wait (ts=Variable "ts" is not available.
>> ) at /usr/src/sys/kern/subr_turnstile.c:740
>> #6 0xffffffff804816af in _mtx_lock_sleep (m=0xffffff0654567118,
>> tid=18446742976254672896, opts=Variable "opts" is not available.
>> ) at /usr/src/sys/kern/kern_mutex.c:420
>> #7 0xffffffff80646057 in vm_map_stack (map=0xffffff000447cd00,
>> addrbos=140736951484416, max_ssize=536870912, prot=7 '\a', max=7 '\a',
>> cow=4096) at /usr/src/sys/vm/vm_map.c:2722
>> #8 0xffffffff80467115 in exec_new_vmspace (imgp=0xffffffffb92b4a10,
>> sv=0xffffffff809b0a40) at /usr/src/sys/kern/kern_exec.c:971
>> #9 0xffffffff8044e534 in exec_elf64_imgact (imgp=0xffffffffb92b4a10) at
>> /usr/src/sys/kern/imgact_elf.c:680
>> #10 0xffffffff80467532 in kern_execve (td=0xffffff007a978000,
>> args=0xffffffffb92b4b00, mac_p=Variable "mac_p" is not available.
>> ) at /usr/src/sys/kern/kern_exec.c:432
>> #11 0xffffffff80468477 in execve (td=0xffffff007a978000, uap=Variable
>> "uap" is not available.
>> ) at /usr/src/sys/kern/kern_exec.c:201
>> #12 0xffffffff806d8217 in syscall (frame=0xffffffffb92b4c80) at
>> /usr/src/sys/amd64/amd64/trap.c:907
>> #13 0xffffffff806be2db in Xfast_syscall () at
>> /usr/src/sys/amd64/amd64/exception.S:330
>> #14 0x000000080091bcec in ?? ()
>> Previous frame inner to this frame (corrupt stack?)
>> (kgdb)
>
> Switch to the thread 100119, and get a backtrace for it.
> You can look up the kgdb thread number by kernel tid by
> issuing "threads" command.
- --
TJU13-ARIN
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJLrRSYAAoJEMSwVS7lr0OdAjUH/2pOJl0r7sl79+rDgABt9QLw
IF+geLoM0Htb71xf8FJ6xXZ4rarclrzCx4I1ZJCgmkTE44EKx9929/e0pqDwGbZ+
O+lj+zYs3wrppo8u/GGicJYYyhMblIpVfr/OVvIEtC6otTFwo+scyeXg7VHL2qqG
HaMakCZwR65P1ydbTqz7aSWKay4l1SNq8uoeeaaE6ujVXmUEWYC231IsoirR8L4L
E5teJBlLoilK2rJN0vGvECMXiuvuT4hjraTJXOO99Tzge3BP663We3LI+o4+4Tam
eD6D2cOT2PdrTbvfzLZWCq+EAwolk8MKCZqGLzz5dkFtEIu4Q/JToOu4UEj9GQU=
=//on
-----END PGP SIGNATURE-----
More information about the freebsd-hackers
mailing list