system freeze on objcache_get

Simon 'corecode' Schubert corecode at fs.ei.tum.de
Mon Jul 30 02:24:15 PDT 2007 

More details on that:  It just happened again.

This time I managed to get into kgdb.  Details follow:

(kgdb) bt
#0  lwkt_switch () at thread2.h:177
#1  0xc02fc071 in tsleep (ident=0xc66ce15c, flags=0, wmesg=0xc0583792 "objcache_get", timo=0)
   at /usr/src/src/sys/kern/kern_synch.c:473
#2  0xc02fc362 in msleep (ident=0x0, spin=0xc66ce168, flags=0, wmesg=0x0, timo=0)
   at /usr/src/src/sys/kern/kern_synch.c:602
#3  0xc02e5ad9 in objcache_get (oc=0xc66ce138, ocflags=2)
   at /usr/src/src/sys/kern/kern_objcache.c:432
#4  0xc02de60b in exec_copyin_args (args=0xed6edc50, 
   fname=0x2810a000 <Error reading address 0x2810a000: Bad address>, segflg=PATH_USERSPACE, 
   argv=0x28101af0, envv=0x28105700) at /usr/src/src/sys/kern/kern_exec.c:734
#5  0xc02de0b5 in sys_execve (uap=0xed6edcf8) at /usr/src/src/sys/kern/kern_exec.c:525
#6  0xc05265c9 in syscall2 (frame=0xed6edd40) at /usr/src/src/sys/platform/pc32/i386/trap.c:1340
#7  0xc050e025 in Xint0x80_syscall () at /usr/src/src/sys/platform/pc32/i386/exception.s:872

(kgdb) fra 4
#4  0xc02de60b in exec_copyin_args (args=0xed6edc50, 
   fname=0x2810a000 <Error reading address 0x2810a000: Bad address>, segflg=PATH_USERSPACE, 
   argv=0x28101af0, envv=0x28105700) at /usr/src/src/sys/kern/kern_exec.c:734
734             args->buf = objcache_get(exec_objcache, M_WAITOK);

(kgdb) p *exec_objcache
$2 = {name = 0xc64e07a0 "exec-args", ctor = 0xc02e542c <null_ctor>, dtor = 0xc02e5427 <null_dtor>, 
 privdata = 0x0, alloc = 0xc02e5b4b <objcache_malloc_alloc>, 
 free = 0xc02e5b6f <objcache_malloc_free>, allocator_args = 0xc65a1180, oc_next = {
   sle_next = 0xc66ce088}, exhausted = 1, depot = {{fullmagazines = {slh_first = 0x0}, 
     emptymagazines = {slh_first = 0x0}, magcapacity = 2, spin = {lock = 0}, 
     unallocated_objects = 0, waiting = 35, contested = 0}}, cache_percpu = 0xc66ce178}

#######################
First issue:  Why is magcapacity == 2?  Why are there no empty magazines?
#######################
(kgdb) p exec_objcache->cache_percpu[0]
$3 = {loaded_magazine = 0xc65008b8, previous_magazine = 0xc65008d0, gets_cumulative = 3092800, 
 gets_null = 0, puts_cumulative = 3092782, puts_othercluster = 0, waiting = 0}
(kgdb) p *exec_objcache->cache_percpu[0]->loaded_magazine
$5 = {rounds = 1, capacity = 2, cleaning = 0, nextmagazine = {sle_next = 0x0}, 
 objects = 0xc65008c8}
(kgdb) p *exec_objcache->cache_percpu[0]->previous_magazine
$6 = {rounds = 0, capacity = 2, cleaning = 0, nextmagazine = {sle_next = 0x0}, 
 objects = 0xc65008e0}

#######################
Seems the magazines are indeed just 2 rounds long.  However, the loaded magazine has a round in, so why didn't the process get woken up?
I'll look into the exec path, there might be a leak as well.

cheers
 simon

More information about the Bugs mailing list