Date: Sat, 22 Nov 2025 09:37:15 -0800 From: Mark Millard <marklmi@yahoo.com> To: Michal Meloun <mmel@freebsd.org>, Konstantin Belousov <kostikbel@gmail.com>, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: mmap( MAP_ANON) is broken on current. (was Still seeing Failed assertion: "p[i] == 0" on armv7 buildworld) Message-ID: <7435C4D0-94AF-41FA-B9A0-2E5091F5A727@yahoo.com> References: <7435C4D0-94AF-41FA-B9A0-2E5091F5A727.ref@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Michal Meloun <mmel_at_freebsd.org> wrote on
Date: Sat, 22 Nov 2025 16:37:19 UTC :
> On 22.11.2025 16:40, Konstantin Belousov wrote:
> > On Sat, Nov 22, 2025 at 03:31:24PM +0100, Michal Meloun wrote:
> >> This patch KASSERTs almost immediately when the system enters multi-user
> >> mode while processing mmap() syscall:
> >>
> >> panic: vm_object_coalesce: obj 0xc73ddb28 next_pindex 0x13 next_size 0x5
> >> obj_size 0x176
> >
> > Yes, the assert was mis-placed. Please try this variant.
> >
> > commit 2b1a1bcd2926bd89b8422c665b0aa411e29c883b
> > Author: Konstantin Belousov <kib@FreeBSD.org>
> > Date: Sat Nov 22 16:02:50 2025 +0200
> >
> > vm_object_coalesce(): fix logic to detect coalesce possibility, simplify
> >
> > diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c
> > index 5b4517d2bf0c..9bb4e54edd96 100644
> > --- a/sys/vm/vm_object.c
> > +++ b/sys/vm/vm_object.c
> > @@ -2189,13 +2189,19 @@ vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset,
> > next_size >>= PAGE_SHIFT;
> > next_pindex = OFF_TO_IDX(prev_offset) + prev_size;
> >
> > - if (prev_object->ref_count > 1 &&
> > - prev_object->size != next_pindex &&
> > + if (prev_object->ref_count > 1 ||
> > + prev_object->size != next_pindex ||
> > (prev_object->flags & OBJ_ONEMAPPING) == 0) {
> > VM_OBJECT_WUNLOCK(prev_object);
> > return (FALSE);
> > }
> >
> > + KASSERT(next_pindex + next_size > prev_object->size,
> > + ("vm_object_coalesce: "
> > + "obj %p next_pindex %#jx next_size %#jx obj_size %#jx",
> > + prev_object, (uintmax_t)next_pindex, (uintmax_t)next_size,
> > + (uintmax_t)prev_object->size));
> > +
> > /*
> > * Account for the charge.
> > */
> > @@ -2222,26 +2228,13 @@ vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset,
> > * Remove any pages that may still be in the object from a previous
> > * deallocation.
> > */
> > - if (next_pindex < prev_object->size) {
> > - vm_object_page_remove(prev_object, next_pindex, next_pindex +
> > - next_size, 0);
> > -#if 0
> > - if (prev_object->cred != NULL) {
> > - KASSERT(prev_object->charge >=
> > - ptoa(prev_object->size - next_pindex),
> > - ("object %p overcharged 1 %jx %jx", prev_object,
> > - (uintmax_t)next_pindex, (uintmax_t)next_size));
> > - prev_object->charge -= ptoa(prev_object->size -
> > - next_pindex);
> > - }
> > -#endif
> > - }
> > + vm_object_page_remove(prev_object, next_pindex, next_pindex +
> > + next_size, 0);
> >
> > /*
> > * Extend the object if necessary.
> > */
> > - if (next_pindex + next_size > prev_object->size)
> > - prev_object->size = next_pindex + next_size;
> > + prev_object->size = next_pindex + next_size;
> >
> > VM_OBJECT_WUNLOCK(prev_object);
> > return (TRUE);
>
> Unfortunately, that didn't help. I will try the vm_map.c patch again
> for confirmation.
On amd64 I could not complete a boot: the KASSERT failed for equality
instead of > : "next_pindex Oxf next_size 0x4 obj_size 0x19"
QUOTE (from a prior message to the list):
No serial console so a summary from a picture
(expect typos):
. . .
ue0: link state changed to UP
panic: vm_object_coalesce: obj Oxfffff800090a27c0 next_pindex Oxf next_size 0x4 obj_size 0x19
. . .
vm_object_coalesce
vm_map_insert1
vm_map_find_locked
pipespace_new
pipe_paircreate
kern_pipe
sys_pipe2
amd64_syscall
fast_syscall_common
syscall
END QUOTE
===
Mark Millard
marklmi at yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7435C4D0-94AF-41FA-B9A0-2E5091F5A727>