Date: Sat, 22 Nov 2025 18:53:15 +0200 From: Konstantin Belousov <kostikbel@gmail.com> To: Michal Meloun <mmel@freebsd.org> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: mmap( MAP_ANON) is broken on current. (was Still seeing Failed assertion: "p[i] == 0" on armv7 buildworld) Message-ID: <aSHqezcjIEXHeaIf@kib.kiev.ua> In-Reply-To: <b94a8938-91e5-41da-9686-03a62ab0142f@freebsd.org> References: <aSAq8Ds6nCA24YEI@kib.kiev.ua> <ab87cb06-0b54-431c-9529-1fa993e614ef@freebsd.org> <aSDDatRqKWZ3tUmt@kib.kiev.ua> <aSDFcWRx3vV86KvL@kib.kiev.ua> <07201c46-6fb4-4514-aa88-490830edb010@freebsd.org> <aSG_GJNR7L4Mx-e8@kib.kiev.ua> <aSHDPDsuG40k2TEZ@kib.kiev.ua> <603e75f8-7064-4fca-8520-282331c20ec0@freebsd.org> <aSHZiASbyd4rqPIV@kib.kiev.ua> <b94a8938-91e5-41da-9686-03a62ab0142f@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Nov 22, 2025 at 05:37:19PM +0100, Michal Meloun wrote:
>
>
> On 22.11.2025 16:40, Konstantin Belousov wrote:
> > On Sat, Nov 22, 2025 at 03:31:24PM +0100, Michal Meloun wrote:
> > > This patch KASSERTs almost immediately when the system enters multi-user
> > > mode while processing mmap() syscall:
> > >
> > > panic: vm_object_coalesce: obj 0xc73ddb28 next_pindex 0x13 next_size 0x5
> > > obj_size 0x176
> >
> > Yes, the assert was mis-placed. Please try this variant.
> >
> > commit 2b1a1bcd2926bd89b8422c665b0aa411e29c883b
> > Author: Konstantin Belousov <kib@FreeBSD.org>
> > Date: Sat Nov 22 16:02:50 2025 +0200
> >
> > vm_object_coalesce(): fix logic to detect coalesce possibility, simplify
> >
> > diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c
> > index 5b4517d2bf0c..9bb4e54edd96 100644
> > --- a/sys/vm/vm_object.c
> > +++ b/sys/vm/vm_object.c
> > @@ -2189,13 +2189,19 @@ vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset,
> > next_size >>= PAGE_SHIFT;
> > next_pindex = OFF_TO_IDX(prev_offset) + prev_size;
> > - if (prev_object->ref_count > 1 &&
> > - prev_object->size != next_pindex &&
> > + if (prev_object->ref_count > 1 ||
> > + prev_object->size != next_pindex ||
> > (prev_object->flags & OBJ_ONEMAPPING) == 0) {
> > VM_OBJECT_WUNLOCK(prev_object);
> > return (FALSE);
> > }
> > + KASSERT(next_pindex + next_size > prev_object->size,
> > + ("vm_object_coalesce: "
> > + "obj %p next_pindex %#jx next_size %#jx obj_size %#jx",
> > + prev_object, (uintmax_t)next_pindex, (uintmax_t)next_size,
> > + (uintmax_t)prev_object->size));
> > +
> > /*
> > * Account for the charge.
> > */
> > @@ -2222,26 +2228,13 @@ vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset,
> > * Remove any pages that may still be in the object from a previous
> > * deallocation.
> > */
> > - if (next_pindex < prev_object->size) {
> > - vm_object_page_remove(prev_object, next_pindex, next_pindex +
> > - next_size, 0);
> > -#if 0
> > - if (prev_object->cred != NULL) {
> > - KASSERT(prev_object->charge >=
> > - ptoa(prev_object->size - next_pindex),
> > - ("object %p overcharged 1 %jx %jx", prev_object,
> > - (uintmax_t)next_pindex, (uintmax_t)next_size));
> > - prev_object->charge -= ptoa(prev_object->size -
> > - next_pindex);
> > - }
> > -#endif
> > - }
> > + vm_object_page_remove(prev_object, next_pindex, next_pindex +
> > + next_size, 0);
> > /*
> > * Extend the object if necessary.
> > */
> > - if (next_pindex + next_size > prev_object->size)
> > - prev_object->size = next_pindex + next_size;
> > + prev_object->size = next_pindex + next_size;
> > VM_OBJECT_WUNLOCK(prev_object);
> > return (TRUE);
>
> Unfortunately, that didn't help. I will try the vm_map.c patch again for
> confirmation.
Would you please gather the same ddebugging info, with this patch applied?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aSHqezcjIEXHeaIf>