The problem was in the handling of munlock(addr, 0). The zero length case
wasn't detected, resulting in an iterator being started after its end
point. :-/
The diff below fixes the code to have munlock() return success when len==0
and adds an assertion to catch the iterators getting screwed up by other
means. With this, I was unable to get bitcoind to crash my system.
Philip
Index: uvm/uvm_map.c
===================================================================
RCS file: /cvs/src/sys/uvm/uvm_map.c,v
retrieving revision 1.153
diff -u -p -r1.153 uvm_map.c
--- uvm/uvm_map.c 19 Apr 2012 12:42:03 -0000 1.153
+++ uvm/uvm_map.c 31 May 2012 04:30:19 -0000
@@ -2054,6 +2054,8 @@ uvm_map_pageable(struct vm_map *map, vad
if (start > end)
return EINVAL;
+ if (start == end)
+ return 0; /* nothing to do */
if (start < map->min_offset)
return EFAULT; /* why? see first XXX below */
if (end > map->max_offset)
@@ -2106,8 +2108,10 @@ uvm_map_pageable(struct vm_map *map, vad
error = EINVAL;
goto out;
}
- } else
+ } else {
+ KASSERT(last != first);
last = RB_PREV(uvm_map_addr, &map->addr, last);
+ }
/*
* Wire/unwire pages here.
