#6237 closed bug (fixed)
PANIC: ASSERT FAILED (src/system/kernel/slab/MemoryManager.cpp:973): chunkPointer; remaining: 1/3, area: 0x90800000, meta chunk: 0 on r37262
| Reported by: | anevilyak | Owned by: | bonefish |
|---|---|---|---|
| Priority: | normal | Milestone: | R1 |
| Component: | System/Kernel | Version: | R1/Development |
| Keywords: | slab memory manager | Cc: | axeld, henrimoi@… |
| Blocked By: | Blocking: | #8030, #9010 | |
| Platform: | All |
Description
Occurs during boot. Debug info as follows:
kdebug> bt
stack trace for thread 62 "net_server"
kernel stack: 0x81765000 to 0x81769000
user stack: 0x7efef000 to 0x7ffef000
frame caller <image>:function + offset
0 817687d8 (+ 32) 80077f81 <kernel_x86> invoke_command_trampoline(void*: 0x81768858) + 0x0015
1 817687f8 (+ 12) 800f6342 <kernel_x86>:arch_debug_call_with_fault_handler + 0x001b
2 81768804 (+ 48) 80075a14 <kernel_x86>:debug_call_with_fault_handler + 0x0053
3 81768834 (+ 64) 800782fe <kernel_x86>:invoke_debugger_command + 0x00bb
4 81768874 (+ 48) 8007841b <kernel_x86> invoke_pipe_segment(debugger_command_pipe*: 0x2, int32: 0, char*: NULL) + 0x0083
5 817688a4 (+ 32) 800784e3 <kernel_x86>:invoke_debugger_command_pipe + 0x008b
6 817688c4 (+ 128) 8007c4ca <kernel_x86> ExpressionParser<0x817689b4>::_ParseCommandPipe(int&: 0x817689b0) + 0x0ae8
7 81768944 (+ 80) 8007eefe <kernel_x86> ExpressionParser<0x817689b4>::EvaluateCommand(char const*: 0x801589c0 "bt", int&: 0x817689b0) + 0x0822
8 81768994 (+ 192) 8007fbce <kernel_x86>:evaluate_debug_command + 0x0084
9 81768a54 (+ 64) 80076ab1 <kernel_x86> kernel_debugger_loop(char const*: 0x0 "<NULL>", char const*: 0x80141734 "ASSERT FAILED (%s:%d): %s; remaining: %lu/%lu, area: %p, meta chunk: %ld
", char*: 0x81768ac4, int32: -2146997173) + 0x0302
10 81768a94 (+ 48) 80076c69 <kernel_x86> kernel_debugger_internal(char const*: 0x0 "<NULL>", char const*: 0x81768c5c "", char*: 0x81768ae4, int32: -2146996679) + 0x0110
11 81768ac4 (+ 32) 80076e4c <kernel_x86>:panic + 0x0023
12 81768ae4 (+ 80) 800ccdaa <kernel_x86> MemoryManager<0x8016a558>::_GetChunks(DoublyLinkedList<MemoryManager::MetaChunk, DoublyLinkedListStandardGetLink<MemoryManager::MetaChunk> >*: 0x1000, uint32: 0x3 (3), uint32: 0x81768c14, MemoryManager::MetaChunk*&: 0x81768c10, MemoryManager::Chunk*&: NULL) + 0x018e
13 81768b34 (+ 112) 800ccee7 <kernel_x86> MemoryManager<0x1000>::_AllocateChunks(uint32: 0x3 (3), uint32: 0x0 (0), uint32: 0x81768c14, MemoryManager::MetaChunk*&: 0x81768c10, MemoryManager::Chunk*&: 0x9083b0a0) + 0x0061
14 81768ba4 (+ 128) 800cd323 <kernel_x86> MemoryManager<0x2260>::AllocateRaw(uint32: 0x0 (0), uint32: 0x81768c54, void*&: 0x800c9ab4) + 0x0107
15 81768c24 (+ 64) 800c9add <kernel_x86> block_alloc(uint32: 0x2260 (8800), uint32: 0x0 (0), uint32: 0x0 (0)) + 0x007f
16 81768c64 (+ 32) 800c9bd1 <kernel_x86>:malloc + 0x0012
17 81768c84 (+ 160) 8004fbf5 <kernel_x86>:load_kernel_add_on + 0x05d1
18 81768d24 (+ 288) 80093cf0 <kernel_x86>:legacy_driver_probe + 0x0589
19 81768e44 (+ 64) 8008f8ca <kernel_x86> scan_for_drivers_if_needed(devfs_vnode*: 0x80d7fba0) + 0x00e8
20 81768e84 (+ 64) 8008f954 <kernel_x86> devfs_open_dir(fs_volume*: 0x82207450, fs_vnode*: 0x9083b4b0, void**: 0x81768ef4) + 0x0049
21 81768ec4 (+ 64) 800b5862 <kernel_x86> open_dir_vnode(vnode*: NULL, false) + 0x0027
22 81768f04 (+ 32) 800beeec <kernel_x86> dir_open(int32: -1867977984, char*: 0x401, false) + 0x0039
23 81768f24 (+ 32) 800befc7 <kernel_x86>:_user_open_dir + 0x00a1
24 81768f44 (+ 100) 800f7541 <kernel_x86>:handle_syscall + 0x00be
user iframe at 0x81768fa8 (end = 0x81769000)
eax 0x66 ebx 0x456330 ecx 0x7ffee6bc edx 0xffff0114
esi 0x0 edi 0x210efd ebp 0x7ffee6e8 esp 0x81768fdc
eip 0xffff0114 eflags 0x212 user esp 0x7ffee6bc
vector: 0x63, error code: 0x0
25 81768fa8 (+ 0) ffff0114 <commpage>:commpage_syscall + 0x0004
26 7ffee6e8 (+ 48) 00391c6e <libbe.so> BDirectory::BDirectory(char const*: 0x7ffee89c "¨EE") + 0x0050
27 7ffee718 (+ 560) 0020990f <_APP_> NetServer<0x7ffeed78>::_ConfigureDevices(int32: 3, char const*: 0x210efd "/dev/net", BMessage*: NULL) + 0x002d
28 7ffee948 (+ 272) 00209cfa <_APP_> NetServer<0x7ffeed78>::_BringUpInterfaces() + 0x01e8
29 7ffeea58 (+ 96) 00209d7d <_APP_> NetServer<0x7ffeed78>::ReadyToRun() + 0x0049
30 7ffeeab8 (+ 544) 002b7dea <libbe.so> BApplication<0x7ffeed78>::DispatchMessage(BMessage*: 0x1801ab40, BHandler*: 0x7ffeed78) + 0x0348
31 7ffeecd8 (+ 64) 002c2927 <libbe.so> BLooper<0x7ffeed78>::task_looper() + 0x0205
32 7ffeed18 (+ 48) 002b839a <libbe.so> BApplication<0x7ffeed78>::Run() + 0x0064
33 7ffeed48 (+ 544) 002086f7 <_APP_>:main + 0x0076
34 7ffeef68 (+ 52) 002075cd <_APP_>:_start + 0x0051
35 7ffeef9c (+ 64) 0010534f </boot/system/runtime_loader@0x00100000>:unknown + 0x534f
36 7ffeefdc (+ 0) 7ffeefec 1562:net_server_main_stack@0x7efef000 + 0xffffec
kdebug> area 0x90800000
AREA: 0x82381060
name: 'slab area'
owner: 0x1
id: 0xb3
base: 0x90800000
size: 0x800000
protection: 0x10
wiring: 0x1
memory_type: 0x0
cache: 0x820089a0
cache_type: null
cache_offset: 0x0
cache_next: 0x00000000
cache_prev: 0x00000000
page mappings: 0
kdebug> slab_area -c 0x90800000
chunk base cache object size cache name
0 0x90803000 --- small meta chunk: 116/ 125 used, 119 - 124 free ------------
0 0x90803000 0x820031f0 32 block allocator: 32
1 0x90804000 0x82006dc0 384 block allocator: 384
2 0x90805000 0x82006dc0 384 block allocator: 384
3 0x90806000 0x820034c0 80 block allocator: 80
4 0x90807000 0x82003880 160 block allocator: 160
5 0x90808000 0x820031f0 32 block allocator: 32
6 0x90809000 0x82003100 24 block allocator: 24
7 0x9080a000 raw allocation up to 0x9082cfff
42 0x9082d000 raw allocation up to 0x9082ffff
45 0x90830000 0x820032e0 48 block allocator: 48
46 0x90831000 0x82003000 16 block allocator: 16
47 0x90832000 0x820035b0 96 block allocator: 96
48 0x90833000 0x82006dc0 384 block allocator: 384
49 0x90834000 0x82006dc0 384 block allocator: 384
50 0x90835000 0x820034c0 80 block allocator: 80
51 0x90836000 0x82003880 160 block allocator: 160
52 0x90837000 0x82003880 160 block allocator: 160
53 0x90838000 0x82003880 160 block allocator: 160
54 0x90839000 0x82006dc0 384 block allocator: 384
55 0x9083a000 0x820032e0 48 block allocator: 48
56 0x9083b000 0x820034c0 80 block allocator: 80
57 0x9083c000 0x820032e0 48 block allocator: 48
58 0x9083d000 0x820035b0 96 block allocator: 96
59 0x9083e000 0x82006dc0 384 block allocator: 384
60 0x9083f000 0x820031f0 32 block allocator: 32
61 0x90840000 0x82003880 160 block allocator: 160
62 0x90841000 0x82006dc0 384 block allocator: 384
63 0x90842000 0x82003c40 320 block allocator: 320
64 0x90843000 0x820034c0 80 block allocator: 80
65 0x90844000 0x82003880 160 block allocator: 160
66 0x90845000 0x82006dc0 384 block allocator: 384
67 0x90846000 0x820034c0 80 block allocator: 80
68 0x90847000 0x82003790 128 block allocator: 128
69 0x90848000 0x82003880 160 block allocator: 160
70 0x90849000 0x820034c0 80 block allocator: 80
71 0x9084a000 0x82006dc0 384 block allocator: 384
72 0x9084b000 0x820035b0 96 block allocator: 96
73 0x9084c000 0x82003880 160 block allocator: 160
74 0x9084d000 0x82006dc0 384 block allocator: 384
75 0x9084e000 0x82003100 24 block allocator: 24
76 0x9084f000 0x82003000 16 block allocator: 16
77 0x90850000 0x820032e0 48 block allocator: 48
78 0x90851000 raw allocation up to 0x90853fff
81 0x90854000 raw allocation up to 0x90858fff
86 0x90859000 0x82006dc0 384 block allocator: 384
87 0x9085a000 0x82006dc0 384 block allocator: 384
88 0x9085b000 0x82006dc0 384 block allocator: 384
89 0x9085c000 0x82003880 160 block allocator: 160
90 0x9085d000 0x820035b0 96 block allocator: 96
91 0x9085e000 0x820033d0 64 block allocator: 64
92 0x9085f000 raw allocation up to 0x90861fff
95 0x90862000 0x82006dc0 384 block allocator: 384
96 0x90863000 0x820034c0 80 block allocator: 80
97 0x90864000 0x82006dc0 384 block allocator: 384
98 0x90865000 0x82003880 160 block allocator: 160
99 0x90866000 0x82006dc0 384 block allocator: 384
100 0x90867000 0x82006dc0 384 block allocator: 384
101 0x90868000 0x820032e0 48 block allocator: 48
102 0x90869000 0x82006dc0 384 block allocator: 384
103 0x9086a000 0x820034c0 80 block allocator: 80
104 0x9086b000 0x820035b0 96 block allocator: 96
105 0x9086c000 0x82006dc0 384 block allocator: 384
110 0x90871000 0x82003c40 320 block allocator: 320
111 0x90872000 0x820033d0 64 block allocator: 64
112 0x90873000 raw allocation up to 0x90879fff
121 0x9087c000 0x82003790 128 block allocator: 128
1 0x90880000 --- large meta chunk: 1/ 1 used, 1 - 0 free ------------
0 0x90880000 0x80b7ec80 2048 block cache buffers
2 0x90900000 --- large meta chunk: 1/ 1 used, 1 - 0 free ------------
0 0x90900000 0x80b7ec80 2048 block cache buffers
3 0x90980000 --- large meta chunk: 1/ 1 used, 1 - 0 free ------------
0 0x90980000 0x80b7ec80 2048 block cache buffers
4 0x90a00000 --- large meta chunk: 1/ 1 used, 1 - 0 free ------------
0 0x90a00000 0x80b7ec80 2048 block cache buffers
5 0x90a80000 --- medium meta chunk: 1/ 8 used, 1 - 7 free ------------
0 0x90a80000 0x82006500 1280 block allocator: 1280
6 0x90b00000 --- empty meta chunk --------------------------------------------
7 0x90b80000 --- empty meta chunk --------------------------------------------
8 0x90c00000 --- empty meta chunk --------------------------------------------
9 0x90c80000 --- empty meta chunk --------------------------------------------
10 0x90d00000 --- empty meta chunk --------------------------------------------
11 0x90d80000 --- empty meta chunk --------------------------------------------
12 0x90e00000 --- empty meta chunk --------------------------------------------
13 0x90e80000 --- empty meta chunk --------------------------------------------
14 0x90f00000 --- empty meta chunk --------------------------------------------
15 0x90f80000 --- empty meta chunk --------------------------------------------
kdebug>
Will see if SMP or anything else affects it and report back. Let me know if there's anything else I can dig up from the debugger.
Attachments (1)
Change History (20)
follow-up: 2 comment:1 by , 14 years ago
follow-up: 3 comment:2 by , 14 years ago
Replying to anevilyak:
Seems it's not reliably reproducible either, just rebooted about 10 times with the same exact code and haven't seen it again.
There isn't anything substantial in the MemoryManager that has changed in the last months. Only small adjustments due to VM interface changes. This looks like a structural bug though: The algorithm didn't find one of the three chunks it was allocating in the free chunk list. According to the slab_area output the contiguous free chunk range hint for the first meta chunk is the chunks 119 - 124. And according to the chunk listing they actually are free. I looked through the code, but I couldn't find any problem. The free list maintenance looks fine and it is only accessed while locked, so there can't be any race conditions either.
I guess for testing purposes I could add an aggressive free list check after any operation. Will add that to my TODO list.
follow-up: 4 comment:3 by , 14 years ago
Replying to bonefish:
There isn't anything substantial in the MemoryManager that has changed in the last months. Only small adjustments due to VM interface changes. This looks like a
Indeed, first time I've seen it and I've been using that slab memory manager option pretty much since you introduced it.
I guess for testing purposes I could add an aggressive free list check after any operation. Will add that to my TODO list.
Will keep an eye out. On the off chance I run into it again meanwhile, is there any other slab-related info that'd be helpful from the debugger or is the area output about as useful as we'll get?
comment:4 by , 14 years ago
Replying to anevilyak:
Will keep an eye out. On the off chance I run into it again meanwhile, is there any other slab-related info that'd be helpful from the debugger or is the area output about as useful as we'll get?
Without tracing (SLAB_MEMORY_MANAGER_TRACING), I'm afraid, there isn't anymore interesting info one can get. With tracing enabled, all operations on the concerned meta chunk (the tracing data contain the meta chunk address instead of the index, though) would be of interest. Might be quite a few, though.
follow-up: 6 comment:5 by , 14 years ago
| Keywords: | slab memory manager added |
|---|---|
| Status: | new → in-progress |
I could reproduce the panic once after several boots. Will poke around a bit...
comment:6 by , 14 years ago
| Cc: | added |
|---|
Replying to bonefish:
I could reproduce the panic once after several boots. Will poke around a bit...
Despite dozens of tries on all three of my machines (Core i7, Core 2 Due, P4) I didn't see panic even one more time. I tried with and without tracing, and with and without the paranoid checks I introduced in hrev37360. I even implemented a bit of allocator stress testing (not checked in), which didn't trigger the problem either.
So if one of you guys who can reproduce the bug more reliably could enable DEBUG_SLAB_MEMORY_MANAGER_PARANOID_CHECKS and see what happens, that would be helpful.
comment:7 by , 14 years ago
Paranoia settings and slab mem manager tracing enabled, will let you know if/when I see it again.
comment:8 by , 14 years ago
The two settings so far reliably defeated the problem, unfortunately. Before, 80+% of all boots resulted in the panic :-/
comment:9 by , 14 years ago
I haven't seen it so far either with those settings, though in fairness, I've only ever encountered it once myself so far anyways.
comment:10 by , 13 years ago
| Status: | in-progress → assigned |
|---|
comment:11 by , 13 years ago
Still haven't seen this one, shall we close it, and just reopen if I happen to encounter it again?
comment:12 by , 13 years ago
If Axel, who seemed to be able to reproduce the issue most reliably, agrees, closing is fine by me as well.
comment:13 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
I'm not sure if my current version enables any extra tracing; I would assume it doesn't, and I haven't seen this bug since ages. So I guess closing it shouldn't harm :-)
comment:14 by , 13 years ago
| Cc: | added |
|---|---|
| Resolution: | fixed |
| Status: | closed → reopened |
I can reproduce this on alpha 3. Trying to install from a cd with an anyboot image it KDLs about halfway through the installation.
I’ll attach a syslog from the installation attempt; I should be able to build Haiku if there are any tracing options to be enabled.
by , 13 years ago
| Attachment: | syslog-alpha3.txt added |
|---|
Syslog captured using the save feature in the bootloader
comment:15 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
comment:18 by , 12 years ago
| Blocking: | 8030 added |
|---|
Seems it's not reliably reproducible either, just rebooted about 10 times with the same exact code and haven't seen it again.