Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Nov 2025 17:24:12 -0800
From:      Mark Millard <marklmi@yahoo.com>
To:        freebsd-arm@freebsd.org, freebsd-current@freebsd.org
Subject:   Re: Still seeing Failed assertion: "p[i] == 0" on armv7 buildworld  [Notes from another example core dump: #2]
Message-ID:  <463AC500-C7C7-43FB-B5EF-332CEBA3D944@yahoo.com>
In-Reply-To: <D17E06B0-4591-45F2-8C46-70D94E371941@yahoo.com>
References:  <aOvTG-20QRJtJJwf@int21h> <CANCZdfrJ8rph_rkT3Mk-sNYKNspoV15SvHWLsahzS0HnULi4ww@mail.gmail.com> <aO068RrAehdiHOoZ@www.zefox.net> <aRUJPryA4Vmu8dDD@www.zefox.net> <4957be52-e57f-4f5f-9626-d0f706480fe1@FreeBSD.org> <87ldkai9lu.fsf@panix.com> <aRXuLTN4hkGykHIl@www.zefox.net> <877bvthymv.fsf@panix.com> <aRdJ5xYeKEmhuIgh@www.zefox.net> <ouy1pm0nued.fsf@panix3.panix.com> <aRtBYaaa0n3_lwar@www.zefox.net> <CAJ-Vmo=TbT7nD7rBrNnq3cutwMp9f7WXtQ-k9mUBne5ht4zGWg@mail.gmail.com> <13E753F4-84F8-4ADB-96B6-908897D6971C@yahoo.com> <3174F751-9853-4697-B0C0-98B54518A69F@yahoo.com> <E634EF40-545C-44D7-9050-83D18090F6EB@yahoo.com> <BA9E6753-F895-46C8-95F3-C3C8B1692033@yahoo.com> <A27FE12B-0074-4403-81F7-8A224CC96CC8@yahoo.com> <D17E06B0-4591-45F2-8C46-70D94E371941@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

I'm only sending notes from testing of how similar other failures appear
to the 2 lists. Folks can ask that I do otherwise for them if they want.

This one is for size 4096 (1 page). It looks like #0..#15 are similar to
the prior reports. #15 is for: arena_malloc

(gdb) bt
#0  thr_kill () at thr_kill.S:4
#1  0x2a08ef24 in __raise (s=6) at /usr/src/lib/libc/gen/raise.c:48
#2  0x2a145f38 in abort () at /usr/src/lib/libc/stdlib/abort.c:61
#3  0x2a196128 in ehooks_debug_zero_check (addr=addr@entry=0x2b9a0000, size=size@entry=4096) at /usr/src/contrib/jemalloc/include/jemalloc/internal/ehooks.h:170
#4  0x2a191f60 in ehooks_alloc (tsdn=0x2a2e4060, ehooks=0x2a600080, new_addr=0x0, size=<optimized out>, alignment=4096, zero=0xffff79af, commit=<optimized out>)
    at /usr/src/contrib/jemalloc/include/jemalloc/internal/ehooks.h:208
#5  __je_extent_alloc_wrapper (tsdn=tsdn@entry=0x2a2e4060, pac=0x2a601810, ehooks=<optimized out>, new_addr=<optimized out>, size=4096, alignment=4096, zero=true, commit=0xffff7a0f, 
    growing_retained=<optimized out>) at jemalloc_extent.c:1003
#6  0x2a1916e0 in __je_ecache_alloc_grow (tsdn=<optimized out>, tsdn@entry=0x2a2e4060, pac=pac@entry=0x2a601810, ehooks=ehooks@entry=0x2a600080, ecache=<optimized out>, ecache@entry=0x2a603dd0, 
    expand_edata=0x0, size=4096, alignment=4096, zero=<optimized out>, guarded=<optimized out>) at jemalloc_extent.c:126
#7  0x2a1c9680 in pac_alloc_real (tsdn=0x2a2e4060, pac=0x2a601810, ehooks=0x2a600080, size=4096, alignment=4096, zero=<optimized out>, guarded=false) at jemalloc_pac.c:124
#8  pac_alloc_impl (tsdn=tsdn@entry=0x2a2e4060, self=0x2a601810, size=size@entry=4096, alignment=4096, zero=<optimized out>, guarded=false, frequent_reuse=<optimized out>, 
    deferred_work_generated=<optimized out>) at jemalloc_pac.c:178
#9  0x2a1c7ae8 in pai_alloc (tsdn=0x2a2e4060, self=0x0, size=4096, alignment=2147483615, zero=<optimized out>, guarded=false, frequent_reuse=true, deferred_work_generated=<optimized out>)
    at /usr/src/contrib/jemalloc/include/jemalloc/internal/pai.h:43
#10 __je_pa_alloc (tsdn=tsdn@entry=0x2a2e4060, shard=shard@entry=0x2a601800, size=4096, alignment=<optimized out>, slab=true, szind=19, zero=<optimized out>, guarded=false, 
    deferred_work_generated=0xffff7ad7) at jemalloc_pa.c:139
#11 0x2a16b9f8 in arena_slab_alloc (tsdn=tsdn@entry=0x2a2e4060, arena=0x2a600540, binind=19, binshard=0, bin_info=0x2a21fdec <__je_bin_infos+912>) at jemalloc_arena.c:839
#12 0x2a16ac98 in __je_arena_cache_bin_fill_small (tsdn=0x2a2e4060, arena=0x2a600540, cache_bin=cache_bin@entry=0x2a2e4498, cache_bin_info=0x2a6004e6, binind=19, nfill=10) at jemalloc_arena.c:1034
#13 0x2a1b5694 in __je_tcache_alloc_small_hard (tsdn=0x0, tsdn@entry=0x2a2e4060, arena=0x0, arena@entry=0x2a600540, tcache=tcache@entry=0x2a2e42c8, cache_bin=cache_bin@entry=0x2a2e4498, binind=19, 
    tcache_success=0xffff7b87) at jemalloc_tcache.c:238
#14 0x2a16cef4 in tcache_alloc_small (tsd=<optimized out>, arena=0x2a600540, tcache=0x2a2e42c8, size=<optimized out>, binind=19, zero=false, slow_path=true)
    at /usr/src/contrib/jemalloc/include/jemalloc/internal/tcache_inlines.h:68
#15 arena_malloc (tsdn=<optimized out>, arena=<optimized out>, size=512, ind=19, zero=false, tcache=0x2a2e42c8, slow_path=true)
    at /usr/src/contrib/jemalloc/include/jemalloc/internal/arena_inlines_b.h:151
#16 0x2a16cb88 in __je_arena_palloc (tsdn=0x0, tsdn@entry=0x2a2e4060, arena=<optimized out>, usize=<optimized out>, usize@entry=512, alignment=alignment@entry=4, zero=false, tcache=0x2a2e42c8)
    at jemalloc_arena.c:1224
#17 0x2a16559c in ipallocztm (tsdn=0x2a2e4060, tsdn@entry=0x2a2e42c8, usize=512, alignment=4, zero=false, tcache=0x2a2e42c8, is_internal=false, arena=0x0)
    at /usr/src/contrib/jemalloc/include/jemalloc/internal/jemalloc_internal_inlines_c.h:80
#18 ipalloct (tsdn=0x0, tsdn@entry=0x2a2e4060, usize=512, alignment=4, zero=false, tcache=0x2a2e42c8, arena=0x0)
    at /usr/src/contrib/jemalloc/include/jemalloc/internal/jemalloc_internal_inlines_c.h:91
#19 0x2a1651f4 in imalloc_no_sample (sopts=0xffff7c7c, dopts=0xffff7c5c, tsd=0x2a2e4060, size=512, usize=512, ind=<optimized out>) at jemalloc_jemalloc.c:2398
#20 imalloc_body (sopts=0xffff7c7c, dopts=0xffff7c5c, tsd=0x2a2e4060) at jemalloc_jemalloc.c:2577
#21 0x2a156188 in imalloc (sopts=sopts@entry=0xffff7c7c, dopts=<optimized out>, dopts@entry=0xffff7c5c) at jemalloc_jemalloc.c:2693
#22 0x2a15677c in __aligned_alloc (alignment=4, size=512) at jemalloc_jemalloc.c:2821
#23 0x29e61a00 in std::__1::__libcpp_aligned_alloc[abi:se190107](unsigned int, unsigned int) (__alignment=4, __size=<optimized out>)
    at /usr/src/contrib/llvm-project/libcxx/include/__memory/aligned_alloc.h:43
#24 operator_new_aligned_impl (size=<optimized out>, alignment=4) at /usr/src/contrib/llvm-project/libcxx/src/new.cpp:129
#25 operator new (size=<optimized out>, alignment=<optimized out>) at /usr/src/contrib/llvm-project/libcxx/src/new.cpp:141
#26 0x223c87cc in allocateBuckets () at /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/DenseMap.h:915
#27 grow () at /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/DenseMap.h:849
#28 0x223c86fc in grow () at /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/DenseMap.h:580
#29 0x223c86fc in InsertIntoBucketImpl<llvm::Value*> () from /usr/lib/libprivateclang.so.19
#30 0x276ead50 in InsertIntoBucket<llvm::Value*, unsigned int> () at /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/DenseMap.h:590
#31 try_emplace<unsigned int> () at /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/DenseMap.h:247
#32 0x2957a02c in insert () at /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/DenseMap.h:228
#33 getOrCreateValueInfo () at /usr/src/contrib/llvm-project/llvm/lib/Transforms/Utils/PredicateInfo.cpp:737
#34 0x29579e28 in addInfoFor () at /usr/src/contrib/llvm-project/llvm/lib/Transforms/Utils/PredicateInfo.cpp:379
#35 0x2957a908 in processBranch () at /usr/src/contrib/llvm-project/llvm/lib/Transforms/Utils/PredicateInfo.cpp:462
#36 0x2957b3a4 in buildPredicateInfo () at /usr/src/contrib/llvm-project/llvm/lib/Transforms/Utils/PredicateInfo.cpp:511
#37 0x2957cc74 in PredicateInfo () at /usr/src/contrib/llvm-project/llvm/lib/Transforms/Utils/PredicateInfo.cpp:757
#38 0x29599084 in make_unique<llvm::PredicateInfo, llvm::Function&, llvm::DominatorTree&, llvm::AssumptionCache&> () at /usr/obj/usr/src/arm.armv7/tmp/usr/include/c++/v1/__memory/unique_ptr.h:634
#39 addPredicateInfo () at /usr/src/contrib/llvm-project/llvm/lib/Transforms/Utils/SCCPSolver.cpp:692
#40 addPredicateInfo () at /usr/src/contrib/llvm-project/llvm/lib/Transforms/Utils/SCCPSolver.cpp:2048
#41 0x28f4fc14 in runIPSCCP () at /usr/src/contrib/llvm-project/llvm/lib/Transforms/IPO/SCCP.cpp:130
#42 run () at /usr/src/contrib/llvm-project/llvm/lib/Transforms/IPO/SCCP.cpp:403
#43 0x27b85d14 in llvm::detail::PassModel<llvm::Module, llvm::IPSCCPPass, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) ()
    at /usr/src/contrib/llvm-project/llvm/include/llvm/IR/PassManagerInternal.h:90
#44 0x276ee244 in run () at /usr/src/contrib/llvm-project/llvm/include/llvm/IR/PassManagerImpl.h:81
--Type <RET> for more, q to quit, c to continue without paging--
#45 0x22174ffc in RunOptimizationPipeline () at /usr/src/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:1114
#46 0x2216cfb8 in EmitAssembly () at /usr/src/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:1179
#47 EmitBackendOutput () at /usr/src/contrib/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:1341
#48 0x225cbca0 in HandleTranslationUnit () at /usr/src/contrib/llvm-project/clang/lib/CodeGen/CodeGenAction.cpp:354
#49 0x22cff8e4 in ParseAST () at /usr/src/contrib/llvm-project/clang/lib/Parse/ParseAST.cpp:184
#50 0x22b5a7b8 in Execute () at /usr/src/contrib/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1078
#51 0x22adb800 in ExecuteAction () at /usr/src/contrib/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1061
#52 0x22bf6a90 in ExecuteCompilerInvocation () at /usr/src/contrib/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:280
#53 0x0002afc8 in cc1_main () at /usr/src/contrib/llvm-project/clang/tools/driver/cc1_main.cpp:284
#54 0x00038548 in ExecuteCC1Tool () at /usr/src/contrib/llvm-project/clang/tools/driver/driver.cpp:215
#55 0x227877ec in operator() () at /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:68
#56 operator() () at /usr/src/contrib/llvm-project/clang/lib/Driver/Job.cpp:440
#57 callback_fn<(lambda at /usr/src/contrib/llvm-project/clang/lib/Driver/Job.cpp:440:22)>(void) () at /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:45
#58 0x27d88624 in operator() () at /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:68
#59 RunSafely () at /usr/src/contrib/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:426
#60 0x22786e90 in Execute () at /usr/src/contrib/llvm-project/clang/lib/Driver/Job.cpp:440
#61 0x22748074 in ExecuteCommand () at /usr/src/contrib/llvm-project/clang/lib/Driver/Compilation.cpp:199
#62 0x227483d0 in ExecuteJobs () at /usr/src/contrib/llvm-project/clang/lib/Driver/Compilation.cpp:253
#63 0x22765bb8 in ExecuteCompilation () at /usr/src/contrib/llvm-project/clang/lib/Driver/Driver.cpp:1943
#64 0x00037ba4 in clang_main () at /usr/src/contrib/llvm-project/clang/tools/driver/driver.cpp:391
#65 0x000363a8 in main () at /usr/src/usr.bin/clang/clang/clang-driver.cpp:17


0x2b99fe90:	0x76202020	0x0a64696f	0x646e6523	0x200a6669
0x2b99fea0:	0x3e202020	0x3e203e20	0x2f2f0a3b	0x616c6320
0x2b99feb0:	0x662d676e	0x616d726f	0x6e6f2074	0x4c5f0a0a
--Type <RET> for more, q to quit, c to continue without paging--
0x2b99fec0:	0x50434249	0x4e455f50	0x414e5f44	0x5053454d
0x2b99fed0:	0x5f454341	0x0a445453	0x6e65230a	0x20666964
0x2b99fee0:	0x5f202f2f	0x4342494c	0x5f5f5050	0x5059545f
0x2b99fef0:	0x52545f45	0x53544941	0x4b414d5f	0x32335f45
0x2b99ff00:	0x5f34365f	0x315f524f	0x425f3832	0x485f5449
0x2b99ff10:	0xa5a5000a	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5
0x2b99ff20:	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5
0x2b99ff30:	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5
0x2b99ff40:	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5
. . .
0x2b99ffd0:	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5
0x2b99ffe0:	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5
0x2b99fff0:	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5	0xa5a5a5a5
(gdb) x /1024x ((size_t*)addr)+0
0x2b9a0000:	0x00000000	0x00000000	0x00000000	0x00000000
0x2b9a0010:	0x00000000	0x00000000	0x00000000	0x00000000
0x2b9a0020:	0x00000000	0x00000000	0x00000000	0x00000000
0x2b9a0030:	0x00000000	0x00000000	0x00000000	0x00000000
. . .
0x2b9a0850:	0x00000000	0x00000000	0x00000000	0x00000000
0x2b9a0860:	0x00000000	0x00000000	0x00000000	0x00000000
0x2b9a0870:	0x00000000	0x00000000	0x00000000	0x00000000
0x2b9a0880:	0x5a5a5a5a	0x5a5a5a5a	0x5a5a5a5a	0x5a5a5a5a
0x2b9a0890:	0x5a5a5a5a	0x5a5a5a5a	0x5a5a5a5a	0x5a5a5a5a
0x2b9a08a0:	0x5a5a5a5a	0x5a5a5a5a	0x5a5a5a5a	0x5a5a5a5a
. . .
0x2b9a0fd0:	0x5a5a5a5a	0x5a5a5a5a	0x5a5a5a5a	0x5a5a5a5a
0x2b9a0fe0:	0x5a5a5a5a	0x5a5a5a5a	0x5a5a5a5a	0x5a5a5a5a
0x2b9a0ff0:	0x5a5a5a5a	0x5a5a5a5a	0x5a5a5a5a	0x5a5a5a5a
(gdb) x /1024x ((size_t*)addr)+1024
0x2b9a1000:	Cannot access memory at address 0x2b9a1000


So: The page has a prefix of 0x00000000's and a
suffix of 0x5a5a5a5a's, with no distinct middle.

For #0..#15: The original example and the above
agree about:

#5  __je_extent_alloc_wrapper zero=true
#14 tcache_alloc_small        zero=false

(The others are optimized out.)


===
Mark Millard
marklmi at yahoo.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?463AC500-C7C7-43FB-B5EF-332CEBA3D944>