From nobody@FreeBSD.org  Mon Nov 10 02:16:56 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AA096106568C
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 10 Nov 2008 02:16:56 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 986BB8FC18
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 10 Nov 2008 02:16:56 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id mAA2GtCn001530
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 10 Nov 2008 02:16:55 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id mAA2GteE001529;
	Mon, 10 Nov 2008 02:16:55 GMT
	(envelope-from nobody)
Message-Id: <200811100216.mAA2GteE001529@www.freebsd.org>
Date: Mon, 10 Nov 2008 02:16:55 GMT
From: Jian Qiu <qj@huawei.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: AMD64 kernel panic if INVARIANTS and DEBUG_MEMGUARD DEBUG_REDZONE are enabled
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         128744
>Category:       kern
>Synopsis:       [patch] [panic] AMD64 kernel panic if INVARIANTS and DEBUG_MEMGUARD DEBUG_REDZONE are enabled
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    emaste
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 10 02:20:03 UTC 2008
>Closed-Date:    Wed Jan 21 15:05:14 UTC 2009
>Last-Modified:  Wed Jan 21 15:10:01 UTC 2009
>Originator:     Jian Qiu
>Release:        7.1-BETA2
>Organization:
Huawei Technology
>Environment:
FreeBSD testAMD64 7.1-BETA2 FreeBSD 7.1-BETA2 #0: Mon Nov 10 04:57:12 CST 2008
qj@hostAMD64:/usr/home/qj/gobi/compile/sys/amd64/compile/GENERIC  amd64

>Description:
When compiled the kernel with the following options:

options         INVARIANTS
options         INVARIANT_SUPPORT
options         DEBUG_MEMGUARD
options         DEBUG_REDZONE

The following kernel panic messages were reported:

FreeBSD 7.1-BETA2 #0: Mon Nov 10 05:13:21 CST 2008
    qj@hostAMD64:/usr/home/qj/gobi/compile/sys/amd64/compile/GENERIC
WARNING: WITNESS option enabled, expect reduced performance.
MEMGUARD DEBUGGING ALLOCATOR INITIALIZED:
        MEMGUARD map base: 0xffffffff80e22000
        MEMGUARD map limit: 0xffffffff815f7000
        MEMGUARD map size: 8212480 (Bytes)
Memory modified after free 0xffffff000105bd00(248) val=4 @ 0xffffff000105bdd0
panic: Most recently used by none

cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
panic() at panic+0x182
mtrash_ctor() at mtrash_ctor+0x84
uma_zalloc_arg() at uma_zalloc_arg+0x2db
malloc() at malloc+0xb6
init_dynamic_kenv() at init_dynamic_kenv+0x6d
mi_startup() at mi_startup+0x59
btext() at btext+0x2c
KDB: enter: panic
[thread pid 0 tid 0 ]
Stopped at      kdb_enter_why+0x3d:     movq    $0,0x5fe498(%rip)



But after I removed the lines of DEBUG_MEMGUARD and DEBUG_REDZONE, the compiled kernel could boot into the system smoothly.

I do not know whether FreeBSD allows the two set of options enabled simultaneouly. But it should be noted that when I compiled the kernel with the same configuration for a i386 system, the kernel panic did not occur. So this issue should be specific for arch AMD64.
>How-To-Repeat:
Compiled kernel with the following options for arch AMD64:

options         INVARIANTS
options         INVARIANT_SUPPORT
options         DEBUG_MEMGUARD
options         DEBUG_REDZONE

>Fix:
Remove 

options         DEBUG_MEMGUARD
options         DEBUG_REDZONE


Date: Sun, 28 Dec 2008 21:15:14 +0200
From: Jaakko Heinonen <jh@saunalahti.fi>
To: qj@huawei.com
Subject: Re: [panic] AMD64 kernel panic if INVARIANTS and DEBUG_MEMGUARD
	DEBUG_REDZONE are enabled

 Hi,
 
 This redzone(9) bug has been fixed in head (r181693) but not MFCd to
 RELENG_7.
 
 ------------------------------------------------------------------------
 r181693 | emaste | 2008-08-13 20:32:48 +0300 (Wed, 13 Aug 2008) | 6 lines
 
 Fix REDZONE(9) on amd64 and perhaps other 64 bit targets -- ensure the space
 that redzone adds to the allocation for storing its metadata is at least as
 large as the metadata that it will store there.
 
 Submitted by:   Nima Misaghian
 
 ------------------------------------------------------------------------
 
 You can use this patch on RELENG_7:
 
 --- patch begins here ---
 Index: sys/vm/redzone.c
 ===================================================================
 --- sys/vm/redzone.c	(revision 186539)
 +++ sys/vm/redzone.c	(working copy)
 @@ -54,6 +54,8 @@ static u_long
  redzone_roundup(u_long n)
  {
  
 +	if (n < REDZONE_HSIZE)
 +		n = REDZONE_HSIZE;
  	if (n <= 128)
  		return (128);
  	else if (n <= 256)
 --- patch ends here ---
 
 -- 
 Jaakko
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: vwe 
State-Changed-When: Sun Jan 18 22:50:35 UTC 2009 
State-Changed-Why:  
according to svn, stable/7 is missing the fix used in HEAD 


Responsible-Changed-From-To: freebsd-bugs->emaste 
Responsible-Changed-By: vwe 
Responsible-Changed-When: Sun Jan 18 22:50:35 UTC 2009 
Responsible-Changed-Why:  
Ed, can you please check and MFC your change (commit 181693)? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=128744 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/128744: commit references a PR
Date: Tue, 20 Jan 2009 22:34:51 +0000 (UTC)

 Author: emaste
 Date: Tue Jan 20 22:34:38 2009
 New Revision: 187496
 URL: http://svn.freebsd.org/changeset/base/187496
 
 Log:
   MFC r181693:
   
     Fix REDZONE(9) on amd64 and perhaps other 64 bit targets -- ensure the
     space that redzone adds to the allocation for storing its metadata is at
     least as large as the metadata that it will store there.
   
   PR:     kern/128744
 
 Modified:
   stable/7/sys/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
   stable/7/sys/dev/ath/ath_hal/   (props changed)
   stable/7/sys/dev/cxgb/   (props changed)
   stable/7/sys/vm/redzone.c
 
 Modified: stable/7/sys/vm/redzone.c
 ==============================================================================
 --- stable/7/sys/vm/redzone.c	Tue Jan 20 22:26:09 2009	(r187495)
 +++ stable/7/sys/vm/redzone.c	Tue Jan 20 22:34:38 2009	(r187496)
 @@ -54,6 +54,8 @@ static u_long
  redzone_roundup(u_long n)
  {
  
 +	if (n < REDZONE_HSIZE)
 +		n = REDZONE_HSIZE;
  	if (n <= 128)
  		return (128);
  	else if (n <= 256)
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: analyzed->closed 
State-Changed-By: emaste 
State-Changed-When: Wed Jan 21 15:04:28 UTC 2009 
State-Changed-Why:  
Merged to stable/7 and stable/6 now 


http://www.freebsd.org/cgi/query-pr.cgi?pr=128744 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/128744: commit references a PR
Date: Wed, 21 Jan 2009 15:04:33 +0000 (UTC)

 Author: emaste
 Date: Wed Jan 21 15:04:06 2009
 New Revision: 187530
 URL: http://svn.freebsd.org/changeset/base/187530
 
 Log:
   MFC r181693:
   
     Fix REDZONE(9) on amd64 and perhaps other 64 bit targets -- ensure the
     space that redzone adds to the allocation for storing its metadata is at
     least as large as the metadata that it will store there.
   
   PR:     kern/128744
 
 Modified:
   stable/6/sys/   (props changed)
   stable/6/sys/vm/redzone.c
 
 Modified: stable/6/sys/vm/redzone.c
 ==============================================================================
 --- stable/6/sys/vm/redzone.c	Wed Jan 21 15:01:36 2009	(r187529)
 +++ stable/6/sys/vm/redzone.c	Wed Jan 21 15:04:06 2009	(r187530)
 @@ -54,6 +54,8 @@ static u_long
  redzone_roundup(u_long n)
  {
  
 +	if (n < REDZONE_HSIZE)
 +		n = REDZONE_HSIZE;
  	if (n <= 128)
  		return (128);
  	else if (n <= 256)
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
