Date: Fri, 21 Nov 2025 21:52:29 +0100 From: Michal Meloun <mmel@freebsd.org> To: Konstantin Belousov <kostikbel@gmail.com> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: mmap( MAP_ANON) is broken on current. (was Still seeing Failed assertion: "p[i] == 0" on armv7 buildworld) Message-ID: <5f042521-03d7-41c0-95a2-5711595d0f62@freebsd.org> In-Reply-To: <aSDFcWRx3vV86KvL@kib.kiev.ua> References: <8657a2f4-cb32-49a5-bbf6-cd5a4394c7be@FreeBSD.org> <aSAklF9D8haCAaNU@kib.kiev.ua> <aSAq8Ds6nCA24YEI@kib.kiev.ua> <ab87cb06-0b54-431c-9529-1fa993e614ef@freebsd.org> <aSDDatRqKWZ3tUmt@kib.kiev.ua> <aSDFcWRx3vV86KvL@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21.11.2025 21:02, Konstantin Belousov wrote: > On Fri, Nov 21, 2025 at 09:54:23PM +0200, Konstantin Belousov wrote: >> On Fri, Nov 21, 2025 at 08:08:47PM +0100, Michal Meloun wrote: >>> First, many thanks for your efforts, but this check doesn't trigger when the >>> problem occurs >>> >> Hm, ok. This is a data point, in fact. >> >>> >>> To be more precise, testing case >>> on fresh kernel(d8bfcacd12aba73188c44a157c707908e275825d) >>> with PMAP_DEBUG defined in pmap-v6.c and with >>> trivial zero check for first page at this place -> >>> https://cgit.freebsd.org/src/tree/contrib/jemalloc/src/pages.c#n281 >>> >>> causes this failure: >>> >>> __je_pages_map: addr: 0x0, ret: 0x3087b000, size: 4096, alignment: 4096, >>> prot: 0x00000003, flags: 0x0C001002 >>> __je_pages_map: i: 0, p[i]: 0xFFFFFFFF, p: 0x3087b000 >>> __je_pages_map: i: 23, p[i]: 0x308E5F94, p: 0x3087b000 >> >> Could you, please, when the failure is detected, spawn 'procstat -v <pid>' >> and dump the memory map of the process? To be clear, I want to see all >> of this: >> - the address of the mapping returned by mmap >> - its size >> - the location of the first non-zero byte >> - memory map > > Also, regardless of the output above, please try this as a wild guess: > > diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c > index 5b4517d2bf0c..5c6ed51706bf 100644 > --- a/sys/vm/vm_object.c > +++ b/sys/vm/vm_object.c > @@ -2222,7 +2222,7 @@ vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset, > * Remove any pages that may still be in the object from a previous > * deallocation. > */ > - if (next_pindex < prev_object->size) { > + if (true || next_pindex < prev_object->size) { > vm_object_page_remove(prev_object, next_pindex, next_pindex + > next_size, 0); > #if 0 Unfortunately, this does not help either. Give me a moment to collect the required procstat.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5f042521-03d7-41c0-95a2-5711595d0f62>