From owner-freebsd-current@FreeBSD.ORG Thu Jan 20 22:45:02 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C095316A4CE for ; Thu, 20 Jan 2005 22:45:02 +0000 (GMT) Received: from mail3.dreamscape.com (mail3.dreamscape.com [206.64.128.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3DBA743D45 for ; Thu, 20 Jan 2005 22:45:02 +0000 (GMT) (envelope-from krentel@dreamscape.com) Received: from blue.mwk.domain (syr-mdm-04-216-171-177-130.dreamscape.com [216.171.177.130]) by mail3.dreamscape.com (8.12.9/8.12.9) with ESMTP id j0KMisVL014023; Thu, 20 Jan 2005 17:44:57 -0500 (EST) Received: from blue.mwk.domain (localhost [127.0.0.1]) by blue.mwk.domain (8.12.9p2/8.12.9) with ESMTP id j0KMlvJH032907; Thu, 20 Jan 2005 17:47:58 -0500 (EST) (envelope-from krentel@blue.mwk.domain) Message-Id: <200501202247.j0KMlvJH032907@blue.mwk.domain> To: Kris Kennaway , freebsd-current@freebsd.org In-Reply-To: Your message of "Tue, 18 Jan 2005 23:02:20 CST." <20050119050220.GU3194@noel.cs.rice.edu> Date: Thu, 20 Jan 2005 17:47:57 -0500 From: "Mark W. Krentel" X-Mailman-Approved-At: Fri, 21 Jan 2005 12:34:44 +0000 cc: Alan Cox Subject: Re: fstat triggered INVARIANTS panic in memrw() X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 22:45:02 -0000 First, let me check that your panic requires three things to trigger: (1) heavy load, in your case ports building, (2) INVARIANTS compiled into the kernel, and (3) many calls to fstat(1). Is that right? Also, you're running 6.0-current on an x86 SMP machine? Can you bound the problem between two dates, that is, you compiled kernel/world on date X and it was ok, and updated on date Y and it panicked? Are you changing the default kernel address space (3 Gig user and 1 Gig kernel) via KVA_PAGES? Following Alan's diagnosis, I added some printf()s to check the arguments to kernacc() and vm_map_check_protection(). I didn't get a panic, but I can confirm that kernacc() is being called with arguments that constitute address wrap. My tests were on a single-CPU P3-933. I ran buildworld along with a loop of fstat(1)s, and the address wrap happened within seconds. It required both (1) and (3) above, INVARIANTS may be a red herring, I'm not sure. How long did it take for your machine to panic? Mine didn't panic, but maybe I didn't run the test long enough, or maybe I don't have enough open files. Anyway, try this patch, see if it avoids the panic for you. --Mark Index: vm_glue.c =================================================================== RCS file: /data/ncvs/src/sys/vm/vm_glue.c,v retrieving revision 1.209 diff -u -r1.209 vm_glue.c --- vm_glue.c 7 Jan 2005 02:29:27 -0000 1.209 +++ vm_glue.c 20 Jan 2005 22:01:21 -0000 @@ -133,6 +133,11 @@ KASSERT((rw & ~VM_PROT_ALL) == 0, ("illegal ``rw'' argument to kernacc (%x)\n", rw)); + + if ((vm_offset_t)addr + len > kernel_map->max_offset || + (vm_offset_t)addr + len < (vm_offset_t)addr) + return (FALSE); + prot = rw; saddr = trunc_page((vm_offset_t)addr); eaddr = round_page((vm_offset_t)addr + len);