From owner-freebsd-current@freebsd.org Tue May 29 16:38:30 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E4859EF742E for ; Tue, 29 May 2018 16:38:29 +0000 (UTC) (envelope-from agapon@gmail.com) Received: from mail-wr0-f193.google.com (mail-wr0-f193.google.com [209.85.128.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4E5FC73B4B; Tue, 29 May 2018 16:38:29 +0000 (UTC) (envelope-from agapon@gmail.com) Received: by mail-wr0-f193.google.com with SMTP id j1-v6so26626083wrm.1; Tue, 29 May 2018 09:38:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=uO9v9Yw8m91uvXXCMeJsr24QMNk8LB8HYbFTru++qMU=; b=rGGMoNeisCLBahX2sgua/+SKAweHEnXItTwbqBb5TfD7Pc1OuGyEx67RMc8HMUF2Sp 0z4soCACcKw+BDhZfabERoMZBOnSi3bnCZ9hKA1NhlwipFa4d+Tw4hRq/pKmvOLbgBem cru9kZmaHm/54dyUHPj9lsAg8ZIne2y06Dkrlgh7dpSqtKrgqfYx8qnMdG0X5lbEUE+y TBKuW5SPmi5uVGUgnlseZtnHdFdxyGWhwRSRboHpmeuMhJ2Ye+ESxgir/vR1MvKV/fGy Kwtb39Kgu+5WFowCdCN43V2g+vZmitPcyD5axbh6zLmxARyOhle4euR50a0W57jipS+N BvgA== X-Gm-Message-State: ALKqPwd0pJRlv1ibe5MjfXpRxjkOV2ymSoUY3B1CU8kv8GdfVBQn1WaA P/px+SyXaNE7v7gLnhn8zynOLHKQ X-Google-Smtp-Source: ADUXVKLbKc+e3m7kZjINOq5PGTSBJ2UML5fZ+OyxwyV1ckP7GIoDzanQc0kCU6WneFSTpmESfuH7nA== X-Received: by 2002:a19:3b0e:: with SMTP id i14-v6mr9612660lfa.48.1527611901502; Tue, 29 May 2018 09:38:21 -0700 (PDT) Received: from [192.168.0.88] (east.meadow.volia.net. [93.72.151.96]) by smtp.googlemail.com with ESMTPSA id o9-v6sm1573844lfk.2.2018.05.29.09.38.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 29 May 2018 09:38:20 -0700 (PDT) Subject: Re: Bad link elm in vm_object_terminate [Was: crash on process exit.. current at about r332467] To: Mark Johnston Cc: freebsd-current , Julian Elischer , Bryan Drewery References: <9479e941-39be-e6e2-869e-aac475c5e33a@freebsd.org> <9bf4b2b0-65a2-90ef-c8c0-3022e80bc149@FreeBSD.org> <20180529162217.GA99109@raichu> From: Andriy Gapon Openpgp: preference=signencrypt Autocrypt: addr=avg@FreeBSD.org; prefer-encrypt=mutual; keydata= xsFNBFm4LIgBEADNB/3lT7f15UKeQ52xCFQx/GqHkSxEdVyLFZTmY3KyNPQGBtyvVyBfprJ7 mAeXZWfhat6cKNRAGZcL5EmewdQuUfQfBdYmKjbw3a9GFDsDNuhDA2QwFt8BmkiVMRYyvI7l N0eVzszWCUgdc3qqM6qqcgBaqsVmJluwpvwp4ZBXmch5BgDDDb1MPO8AZ2QZfIQmplkj8Y6Z AiNMknkmgaekIINSJX8IzRzKD5WwMsin70psE8dpL/iBsA2cpJGzWMObVTtCxeDKlBCNqM1i gTXta1ukdUT7JgLEFZk9ceYQQMJJtUwzWu1UHfZn0Fs29HTqawfWPSZVbulbrnu5q55R4PlQ /xURkWQUTyDpqUvb4JK371zhepXiXDwrrpnyyZABm3SFLkk2bHlheeKU6Yql4pcmSVym1AS4 dV8y0oHAfdlSCF6tpOPf2+K9nW1CFA8b/tw4oJBTtfZ1kxXOMdyZU5fiG7xb1qDgpQKgHUX8 7Rd2T1UVLVeuhYlXNw2F+a2ucY+cMoqz3LtpksUiBppJhw099gEXehcN2JbUZ2TueJdt1FdS ztnZmsHUXLxrRBtGwqnFL7GSd6snpGIKuuL305iaOGODbb9c7ne1JqBbkw1wh8ci6vvwGlzx rexzimRaBzJxlkjNfMx8WpCvYebGMydNoeEtkWldtjTNVsUAtQARAQABzR5BbmRyaXkgR2Fw b24gPGF2Z0BGcmVlQlNELm9yZz7CwZQEEwEIAD4WIQS+LEO7ngQnXA4Bjr538m7TUc1yjwUC WbgsiAIbIwUJBaOagAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRB38m7TUc1yj+JAEACV l9AK/nOWAt/9cufV2fRj0hdOqB1aCshtSrwHk/exXsDa4/FkmegxXQGY+3GWX3deIyesbVRL rYdtdK0dqJyT1SBqXK1h3/at9rxr9GQA6KWOxTjUFURsU7ok/6SIlm8uLRPNKO+yq0GDjgaO LzN+xykuBA0FlhQAXJnpZLcVfPJdWv7sSHGedL5ln8P8rxR+XnmsA5TUaaPcbhTB+mG+iKFj GghASDSfGqLWFPBlX/fpXikBDZ1gvOr8nyMY9nXhgfXpq3B6QCRYKPy58ChrZ5weeJZ29b7/ QdEO8NFNWHjSD9meiLdWQaqo9Y7uUxN3wySc/YUZxtS0bhAd8zJdNPsJYG8sXgKjeBQMVGuT eCAJFEYJqbwWvIXMfVWop4+O4xB+z2YE3jAbG/9tB/GSnQdVSj3G8MS80iLS58frnt+RSEw/ psahrfh0dh6SFHttE049xYiC+cM8J27Aaf0i9RflyITq57NuJm+AHJoU9SQUkIF0nc6lfA+o JRiyRlHZHKoRQkIg4aiKaZSWjQYRl5Txl0IZUP1dSWMX4s3XTMurC/pnja45dge/4ESOtJ9R 8XuIWg45Oq6MeIWdjKddGhRj3OohsltKgkEU3eLKYtB6qRTQypHHUawCXz88uYt5e3w4V16H lCpSTZV/EVHnNe45FVBlvK7k7HFfDDkryM7BTQRZuCyIARAAlq0slcsVboY/+IUJdcbEiJRW be9HKVz4SUchq0z9MZPX/0dcnvz/gkyYA+OuM78dNS7Mbby5dTvOqfpLJfCuhaNYOhlE0wY+ 1T6Tf1f4c/uA3U/YiadukQ3+6TJuYGAdRZD5EqYFIkreARTVWg87N9g0fT9BEqLw9lJtEGDY EWUE7L++B8o4uu3LQFEYxcrb4K/WKmgtmFcm77s0IKDrfcX4doV92QTIpLiRxcOmCC/OCYuO jB1oaaqXQzZrCutXRK0L5XN1Y1PYjIrEzHMIXmCDlLYnpFkK+itlXwlE2ZQxkfMruCWdQXye syl2fynAe8hvp7Mms9qU2r2K9EcJiR5N1t1C2/kTKNUhcRv7Yd/vwusK7BqJbhlng5ZgRx0m WxdntU/JLEntz3QBsBsWM9Y9wf2V4tLv6/DuDBta781RsCB/UrU2zNuOEkSixlUiHxw1dccI 6CVlaWkkJBxmHX22GdDFrcjvwMNIbbyfQLuBq6IOh8nvu9vuItup7qemDG3Ms6TVwA7BD3j+ 3fGprtyW8Fd/RR2bW2+LWkMrqHffAr6Y6V3h5kd2G9Q8ZWpEJk+LG6Mk3fhZhmCnHhDu6CwN MeUvxXDVO+fqc3JjFm5OxhmfVeJKrbCEUJyM8ESWLoNHLqjywdZga4Q7P12g8DUQ1mRxYg/L HgZY3zfKOqcAEQEAAcLBfAQYAQgAJhYhBL4sQ7ueBCdcDgGOvnfybtNRzXKPBQJZuCyIAhsM BQkFo5qAAAoJEHfybtNRzXKPBVwQAKfFy9P7N3OsLDMB56A4Kf+ZT+d5cIx0Yiaf4n6w7m3i ImHHHk9FIetI4Xe54a2IXh4Bq5UkAGY0667eIs+Z1Ea6I2i27Sdo7DxGwq09Qnm/Y65ADvXs 3aBvokCcm7FsM1wky395m8xUos1681oV5oxgqeRI8/76qy0hD9WR65UW+HQgZRIcIjSel9vR XDaD2HLGPTTGr7u4v00UeTMs6qvPsa2PJagogrKY8RXdFtXvweQFz78NbXhluwix2Tb9ETPk LIpDrtzV73CaE2aqBG/KrboXT2C67BgFtnk7T7Y7iKq4/XvEdDWscz2wws91BOXuMMd4c/c4 OmGW9m3RBLufFrOag1q5yUS9QbFfyqL6dftJP3Zq/xe+mr7sbWbhPVCQFrH3r26mpmy841ym dwQnNcsbIGiBASBSKksOvIDYKa2Wy8htPmWFTEOPRpFXdGQ27awcjjnB42nngyCK5ukZDHi6 w0qK5DNQQCkiweevCIC6wc3p67jl1EMFY5+z+zdTPb3h7LeVnGqW0qBQl99vVFgzLxchKcl0 R/paSFgwqXCZhAKMuUHncJuynDOP7z5LirUeFI8qsBAJi1rXpQoLJTVcW72swZ42IdPiboqx NbTMiNOiE36GqMcTPfKylCbF45JNX4nF9ElM0E+Y8gi4cizJYBRr2FBJgay0b9Cp Message-ID: <8ac5295c-d915-2994-6bcd-bc5a1a68f075@FreeBSD.org> Date: Tue, 29 May 2018 19:38:19 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180529162217.GA99109@raichu> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2018 16:38:30 -0000 On 29/05/2018 19:22, Mark Johnston wrote: > On Tue, May 29, 2018 at 04:50:14PM +0300, Andriy Gapon wrote: >> On 23/04/2018 17:50, Julian Elischer wrote: >>> back trace at:  http://www.freebsd.org/~julian/bob-crash.png >>> >>> If anyone wants to take a look.. >>> >>> In the exit syscall, while deallocating a vm object. >>> >>> I haven't see references to a similar crash in the last 10 days or so.. But if >>> it rings any bells... >> >> We have just got another one: >> panic: Bad link elm 0xfffff80cc3938360 prev->next != elm >> >> Matching disassembled code to C code, it seems that the crash is somewhere in >> vm_object_terminate_pages (inlined into vm_object_terminate), probably in one of >> TAILQ_REMOVE-s there: >> if (p->queue != PQ_NONE) { >> KASSERT(p->queue < PQ_COUNT, ("vm_object_terminate: " >> "page %p is not queued", p)); >> pq1 = vm_page_pagequeue(p); >> if (pq != pq1) { >> if (pq != NULL) { >> vm_pagequeue_cnt_add(pq, dequeued); >> vm_pagequeue_unlock(pq); >> } >> pq = pq1; >> vm_pagequeue_lock(pq); >> dequeued = 0; >> } >> p->queue = PQ_NONE; >> TAILQ_REMOVE(&pq->pq_pl, p, plinks.q); >> dequeued--; >> } >> if (vm_page_free_prep(p, true)) >> continue; >> unlist: >> TAILQ_REMOVE(&object->memq, p, listq); >> } >> >> >> Please note that this is the code before r332974 Improve VM page queue scalability. >> I am not sure if r332974 + r333256 would fix the problem or if it just would get >> moved to a different place. >> >> Does this ring a bell to anyone who tinkered with that part of the VM code recently? > > This doesn't look familiar to me and I doubt that r332974 fixed the > underlying problem, whatever it is. I see. >> Looking a little bit further, I think that object->memq somehow got corrupted. >> memq contains just two elements and the reported element is not there. > > Based on the debugging session, it would be interesting to know if there > were any other threads somehow manipulating the (dead) object at the > time of the panic. I will check for this. > Among the panics that you observed, is it the same application that is > causing the crash in each case? I have two crash dumps right now and in both cases it's sh exec-ing grep. But I cannot imagine what could be so special about that. Actually, I see that the shell ran a long pipeline with many grep-s in it, so there were many exec-s and exits of grep, perhaps some of them concurrent. -- Andriy Gapon