267151 – [memguard] page 0xfffffe0037728000 is not freed

Bug 267151 - [memguard] page 0xfffffe0037728000 is not freed

Summary: [memguard] page 0xfffffe0037728000 is not freed

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	amd64 Any

Importance:	--- Affects Only Me
Assignee:	Mark Johnston

URL:
Keywords:	crash

Depends on:
Blocks:

Reported:	2022-10-17 15:26 UTC by Peter Holm
Modified:	2022-10-26 00:37 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
proposed patch (374 bytes, patch) 2022-10-19 15:05 UTC, Mark Johnston	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Holm freebsd_committer

2022-10-17 15:26:40 UTC

Full reproducer:

root@mercat1:~ # sysctl vm.memguard.options=7
vm.memguard.options: 1 -> 7
root@mercat1:~ # panic: page 0xfffffe0037728000 is not freed
cpuid = 7
time = 1666010877
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe10b9d95ba0
vpanic() at vpanic+0x151/frame 0xfffffe10b9d95bf0
panic() at panic+0x43/frame 0xfffffe10b9d95c50
vm_page_alloc_check() at vm_page_alloc_check+0xa4/frame 0xfffffe10b9d95c60
vm_page_alloc_noobj_domain() at vm_page_alloc_noobj_domain+0x267/frame 0xfffffe10b9d95cc0
vm_page_alloc_noobj() at vm_page_alloc_noobj+0x3b/frame 0xfffffe10b9d95d10
allocbuf() at allocbuf+0x668/frame 0xfffffe10b9d95d80
geteblk() at geteblk+0x7d/frame 0xfffffe10b9d95db0
ffs_bufwrite() at ffs_bufwrite+0x159/frame 0xfffffe10b9d95de0
vn_fsync_buf() at vn_fsync_buf+0x240/frame 0xfffffe10b9d95e40
VOP_FSYNC_APV() at VOP_FSYNC_APV+0x3c/frame 0xfffffe10b9d95e60
sched_sync() at sched_sync+0x426/frame 0xfffffe10b9d95ef0
fork_exit() at fork_exit+0x80/frame 0xfffffe10bfork_trampoline() at fork_trampoline+0xe/frame 0xfffffe10b9d95f30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 19 tid 100208 ]
Stopped at      kdb_enter+0x32: movq    $0,0x129c193(%rip)
db> x/s version
version:        FreeBSD 14.0-CURRENT #0 main-n258621-204a5f5800a0d: Mon Oct 17 14:43:34 CEST 2022\012    pho@mercat1.netperf.freebsd.org:/usr/src/sys/amd64/compile/PHO-MEMGUARD\012
db>

Comment 1 Mark Johnston freebsd_committer

2022-10-19 15:05:19 UTC

Created attachment 237459 [details]
proposed patch

The attached patch fixes the problem for me.

Comment 2 Peter Holm freebsd_committer

2022-10-19 18:09:43 UTC

Works for me.

Comment 3 commit-hook freebsd_committer

2022-10-19 18:38:41 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=2dba2288aa364c36c756770ac77590816b15d954

commit 2dba2288aa364c36c756770ac77590816b15d954
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-10-19 18:27:49 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-10-19 18:36:36 +0000

    uma: Never pass cache zones to memguard

    Items allocated from cache zones cannot usefully be protected by
    memguard.

    PR:             267151
    Reported and tested by: pho
    MFC after:      1 week

 sys/vm/uma_core.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comment 4 commit-hook freebsd_committer

2022-10-26 00:36:43 UTC

A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=5019af2e87438bb51c8d345e496418841b680e88

commit 5019af2e87438bb51c8d345e496418841b680e88
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-10-19 18:27:49 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-10-26 00:35:31 +0000

    uma: Never pass cache zones to memguard

    Items allocated from cache zones cannot usefully be protected by
    memguard.

    PR:             267151
    Reported and tested by: pho

    (cherry picked from commit 2dba2288aa364c36c756770ac77590816b15d954)

 sys/vm/uma_core.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)