With code that exercises contigmalloc, I can reliably induce a panic (page fault or GPF) in vm_reserv_alloc_contig. The immediate cause is a bad pointer around line 431 (without INVARIANTS), or failing the (rv->object == NULL) assertion.
After a little digging, I see that vm_reserv_alloc_contig calls vm_phys_alloc_contig with an allocpages value that is not a multiple of VM_LEVEL_0_NPAGES. This seems bad. Before the call to vm_phys_alloc_contig, I see the following values (via printf):
allocpages is set to minpages by the (msucc != NULL) case.
I'm not very familiar with the current VM system, and I unfortunately don't have a lot of time to study it, so I'll need some help from here. It's trivial to reproduce, and the system is set up for remote kgdb, so I can answer questions or try diagnostic code pretty quickly.
This is 10.0-RELEASE-p7 with no interesting changes in sys/vm.
This is already fixed in HEAD by r271351. I expect to MFC the change to 10.x in a few days. The fix will appear in 10.1.
Yesterday morning! What impeccable timing. Thank you, Alan.