Bug 193565 - panic in vm_reserv_alloc_contig
Summary: panic in vm_reserv_alloc_contig
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.0-RELEASE
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-bugs (Nobody)
Depends on:
Reported: 2014-09-11 15:38 UTC by eric
Modified: 2014-09-11 16:03 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description eric 2014-09-11 15:38:10 UTC
With code that exercises contigmalloc, I can reliably induce a panic (page fault or GPF) in vm_reserv_alloc_contig.  The immediate cause is a bad pointer around line 431 (without INVARIANTS), or failing the (rv->object == NULL) assertion.

After a little digging, I see that vm_reserv_alloc_contig calls vm_phys_alloc_contig with an allocpages value that is not a multiple of VM_LEVEL_0_NPAGES.  This seems bad.  Before the call to vm_phys_alloc_contig, I see the following values (via printf):

VM_RESERV_INDEX(object, pindex)=0

allocpages is set to minpages by the (msucc != NULL) case.

I'm not very familiar with the current VM system, and I unfortunately don't have a lot of time to study it, so I'll need some help from here.  It's trivial to reproduce, and the system is set up for remote kgdb, so I can answer questions or try diagnostic code pretty quickly.

This is 10.0-RELEASE-p7 with no interesting changes in sys/vm.
Comment 1 Alan Cox freebsd_committer 2014-09-11 15:46:58 UTC
This is already fixed in HEAD by r271351.  I expect to MFC the change to 10.x in a few days.  The fix will appear in 10.1.
Comment 2 eric 2014-09-11 16:03:54 UTC
Yesterday morning!  What impeccable timing.  Thank you, Alan.