Full reproducer: root@mercat1:~ # sysctl vm.memguard.options=7 vm.memguard.options: 1 -> 7 root@mercat1:~ # panic: page 0xfffffe0037728000 is not freed cpuid = 7 time = 1666010877 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe10b9d95ba0 vpanic() at vpanic+0x151/frame 0xfffffe10b9d95bf0 panic() at panic+0x43/frame 0xfffffe10b9d95c50 vm_page_alloc_check() at vm_page_alloc_check+0xa4/frame 0xfffffe10b9d95c60 vm_page_alloc_noobj_domain() at vm_page_alloc_noobj_domain+0x267/frame 0xfffffe10b9d95cc0 vm_page_alloc_noobj() at vm_page_alloc_noobj+0x3b/frame 0xfffffe10b9d95d10 allocbuf() at allocbuf+0x668/frame 0xfffffe10b9d95d80 geteblk() at geteblk+0x7d/frame 0xfffffe10b9d95db0 ffs_bufwrite() at ffs_bufwrite+0x159/frame 0xfffffe10b9d95de0 vn_fsync_buf() at vn_fsync_buf+0x240/frame 0xfffffe10b9d95e40 VOP_FSYNC_APV() at VOP_FSYNC_APV+0x3c/frame 0xfffffe10b9d95e60 sched_sync() at sched_sync+0x426/frame 0xfffffe10b9d95ef0 fork_exit() at fork_exit+0x80/frame 0xfffffe10bfork_trampoline() at fork_trampoline+0xe/frame 0xfffffe10b9d95f30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 19 tid 100208 ] Stopped at kdb_enter+0x32: movq $0,0x129c193(%rip) db> x/s version version: FreeBSD 14.0-CURRENT #0 main-n258621-204a5f5800a0d: Mon Oct 17 14:43:34 CEST 2022\012 pho@mercat1.netperf.freebsd.org:/usr/src/sys/amd64/compile/PHO-MEMGUARD\012 db>
Created attachment 237459 [details] proposed patch The attached patch fixes the problem for me.
Works for me.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=2dba2288aa364c36c756770ac77590816b15d954 commit 2dba2288aa364c36c756770ac77590816b15d954 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2022-10-19 18:27:49 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2022-10-19 18:36:36 +0000 uma: Never pass cache zones to memguard Items allocated from cache zones cannot usefully be protected by memguard. PR: 267151 Reported and tested by: pho MFC after: 1 week sys/vm/uma_core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=5019af2e87438bb51c8d345e496418841b680e88 commit 5019af2e87438bb51c8d345e496418841b680e88 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2022-10-19 18:27:49 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2022-10-26 00:35:31 +0000 uma: Never pass cache zones to memguard Items allocated from cache zones cannot usefully be protected by memguard. PR: 267151 Reported and tested by: pho (cherry picked from commit 2dba2288aa364c36c756770ac77590816b15d954) sys/vm/uma_core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)