Bug 267151

Summary:

[memguard] page 0xfffffe0037728000 is not freed

Product:

Base System

Reporter:

Peter Holm <pho>

Component:

kern

Assignee:

Mark Johnston <markj>

Status:

Closed FIXED

Severity:

Affects Only Me

CC:

markj

Priority:

---

Keywords:

crash

Version:

CURRENT

Hardware:

amd64

OS:

Any

Attachments:

Description	Flags
proposed patch	none

Description Peter Holm freebsd_committer

2022-10-17 15:26:40 UTC

Full reproducer:

root@mercat1:~ # sysctl vm.memguard.options=7
vm.memguard.options: 1 -> 7
root@mercat1:~ # panic: page 0xfffffe0037728000 is not freed
cpuid = 7
time = 1666010877
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe10b9d95ba0
vpanic() at vpanic+0x151/frame 0xfffffe10b9d95bf0
panic() at panic+0x43/frame 0xfffffe10b9d95c50
vm_page_alloc_check() at vm_page_alloc_check+0xa4/frame 0xfffffe10b9d95c60
vm_page_alloc_noobj_domain() at vm_page_alloc_noobj_domain+0x267/frame 0xfffffe10b9d95cc0
vm_page_alloc_noobj() at vm_page_alloc_noobj+0x3b/frame 0xfffffe10b9d95d10
allocbuf() at allocbuf+0x668/frame 0xfffffe10b9d95d80
geteblk() at geteblk+0x7d/frame 0xfffffe10b9d95db0
ffs_bufwrite() at ffs_bufwrite+0x159/frame 0xfffffe10b9d95de0
vn_fsync_buf() at vn_fsync_buf+0x240/frame 0xfffffe10b9d95e40
VOP_FSYNC_APV() at VOP_FSYNC_APV+0x3c/frame 0xfffffe10b9d95e60
sched_sync() at sched_sync+0x426/frame 0xfffffe10b9d95ef0
fork_exit() at fork_exit+0x80/frame 0xfffffe10bfork_trampoline() at fork_trampoline+0xe/frame 0xfffffe10b9d95f30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 19 tid 100208 ]
Stopped at      kdb_enter+0x32: movq    $0,0x129c193(%rip)
db> x/s version
version:        FreeBSD 14.0-CURRENT #0 main-n258621-204a5f5800a0d: Mon Oct 17 14:43:34 CEST 2022\012    pho@mercat1.netperf.freebsd.org:/usr/src/sys/amd64/compile/PHO-MEMGUARD\012
db>

Comment 1 Mark Johnston freebsd_committer

2022-10-19 15:05:19 UTC

Created attachment 237459 [details]
proposed patch

The attached patch fixes the problem for me.

Comment 2 Peter Holm freebsd_committer

2022-10-19 18:09:43 UTC

Works for me.

Comment 3 commit-hook freebsd_committer

2022-10-19 18:38:41 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=2dba2288aa364c36c756770ac77590816b15d954

commit 2dba2288aa364c36c756770ac77590816b15d954
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-10-19 18:27:49 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-10-19 18:36:36 +0000

    uma: Never pass cache zones to memguard

    Items allocated from cache zones cannot usefully be protected by
    memguard.

    PR:             267151
    Reported and tested by: pho
    MFC after:      1 week

 sys/vm/uma_core.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comment 4 commit-hook freebsd_committer

2022-10-26 00:36:43 UTC

A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=5019af2e87438bb51c8d345e496418841b680e88

commit 5019af2e87438bb51c8d345e496418841b680e88
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-10-19 18:27:49 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-10-26 00:35:31 +0000

    uma: Never pass cache zones to memguard

    Items allocated from cache zones cannot usefully be protected by
    memguard.

    PR:             267151
    Reported and tested by: pho

    (cherry picked from commit 2dba2288aa364c36c756770ac77590816b15d954)

 sys/vm/uma_core.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)