From owner-freebsd-current@FreeBSD.ORG  Thu Sep 25 01:24:51 2014
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4020769D
 for <current@FreeBSD.org>; Thu, 25 Sep 2014 01:24:51 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 208FF8E8
 for <current@FreeBSD.org>; Thu, 25 Sep 2014 01:24:51 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s8P1OpIb003577
 for <current@FreeBSD.org>; Thu, 25 Sep 2014 01:24:51 GMT
 (envelope-from bdrewery@freefall.freebsd.org)
Received: (from bdrewery@localhost)
 by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s8P1Oo20003576
 for current@FreeBSD.org; Thu, 25 Sep 2014 01:24:50 GMT
 (envelope-from bdrewery)
Received: (qmail 43933 invoked from network); 24 Sep 2014 20:24:49 -0500
Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24)
 by sweb.xzibition.com with ESMTPA; 24 Sep 2014 20:24:49 -0500
Message-ID: <54236ED9.5040005@FreeBSD.org>
Date: Wed, 24 Sep 2014 20:24:41 -0500
From: Bryan Drewery <bdrewery@FreeBSD.org>
Organization: FreeBSD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:31.0) Gecko/20100101 Thunderbird/31.1.1
MIME-Version: 1.0
To: current@FreeBSD.org
Subject: memguard(9) panics in proc_reap with vm.memguard.options=3
OpenPGP: id=6E4697CF;
	url=http://www.shatow.net/bryan/bryan2.asc
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="sSU653x32KFDOGHvIcDsswV0KF29w8wmD"
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Sep 2014 01:24:51 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--sSU653x32KFDOGHvIcDsswV0KF29w8wmD
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

> #11 0xffffffff80976e12 in vmem_xfree (vm=3D0xffffffff816d2200, addr=3D1=
8446741889258000384, size=3D0) at /usr/src/sys/kern/subr_vmem.c:1237
> #12 0xffffffff80bafbe0 in memguard_free (ptr=3D<value optimized out>) a=
t /usr/src/sys/vm/memguard.c:421
> #13 0xffffffff80904191 in free (addr=3D0xfffffe03648a9000, mtp=3D<value=
 optimized out>) at /usr/src/sys/kern/kern_malloc.c:554
> #14 0xffffffff808e733f in proc_reap (td=3D<value optimized out>, p=3D0x=
fffff80bf043c000, status=3D<value optimized out>, options=3D<value optimi=
zed out>) at /usr/src/sys/kern/kern_exit.c:882
> #15 0xffffffff808e784a in proc_to_reap (td=3D0xfffff8021d499000, p=3D0x=
fffff80bf043c000, idtype=3D<value optimized out>, id=3D<value optimized o=
ut>, status=3D0xfffffe35559bc914, options=3D55,

The assert is "size > 0".

I enabled vm.memguard.options=3D3 while the system was running. From
reading is_memguard_addr() I assume it should be safe to do so. Only new
allocations should be passed through memguard_free().  This panic seems
to happen easily.

This comment in sys/vm/memguard.c memguard_free() makes me think
something is stale:

> /*
>  * This requires carnal knowledge of the implementation of
>  * kmem_free(), but since we've already replaced kmem_malloc()
>  * above, it's not really any worse.  We want to use the
>  * vm_map lock to serialize updates to memguard_wasted, since
>  * we had the lock at increment.
>  */
> kmem_unback(kmem_object, addr, size);
> if (sizev > size)
>         addr -=3D PAGE_SIZE;
> vmem_xfree(memguard_arena, addr, sizev);

By the way, I can't get the kernel to even boot with
vm.memguard.options=3D3. It panics very early in device probing IIRC.

--=20
Regards,
Bryan Drewery


--sSU653x32KFDOGHvIcDsswV0KF29w8wmD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)

iQEcBAEBAgAGBQJUI27ZAAoJEDXXcbtuRpfP02MH+wTIaIYWKq5ZgmDH4coZgJAQ
oJLyskOl9Im97CHakXrE2whcrLvTtEtSr8bhWPVKmuSGZLTZsevgAt4d1UEhzJA/
86WjHgNJmRJWQzdUidvpxlKJFCmmuwUgxBKMq0sa8TlNfrq2NcX1+zGXX4TZYaM7
7hQY91xUmQldYZ9UoJJ6T1mB/63/ZKAV+jqaw8mwhlyEsU7XZDcZ828k7/ipIZdx
42HzKYh8SsI3nWraTqMGvYLjV6sZu7AR+F90ftSnCn1l+GMFBFaSwr16JYnea4I2
HXE0KGx8KEXxSL27rJkqa3oenwqAhBlGRZ/C4FQwjvYVqbd7fIjA/qa3dqbxcUc=
=an3J
-----END PGP SIGNATURE-----

--sSU653x32KFDOGHvIcDsswV0KF29w8wmD--