From nobody Sat Nov 22 20:20:28 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dDNkr6SVRz6HWPC for ; Sat, 22 Nov 2025 20:20:52 +0000 (UTC) (envelope-from marklmi@yahoo.com) Received: from sonic317-20.consmr.mail.gq1.yahoo.com (sonic317-20.consmr.mail.gq1.yahoo.com [98.137.66.146]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4dDNkr1qkpz45Zf for ; Sat, 22 Nov 2025 20:20:52 +0000 (UTC) (envelope-from marklmi@yahoo.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yahoo.com header.s=s2048 header.b=ejmK7bSL; dmarc=pass (policy=reject) header.from=yahoo.com; spf=pass (mx1.freebsd.org: domain of marklmi@yahoo.com designates 98.137.66.146 as permitted sender) smtp.mailfrom=marklmi@yahoo.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1763842845; bh=dWe6FZ9rcqGtIDPaYr3QrbUeCPdwJ9D0DzyPhTagriU=; h=From:Subject:Date:To:References:From:Subject:Reply-To; b=ejmK7bSLCqxPXsibKzfc7vaA+NrsVJCUxy4vOpZd5Gt+sLrg6X9yMrcUT8la26rLNDoGmS1sabcOW8yqqYOXrb0C/GMgeMMwLdugTQ0BpkAQlwx7C14mBpf2F+gZrP97a81VKEnwe17kFBh93pdZe6XGYchXy7SOOcBu9pTXFCLoyKC/LnfHtKj4jRHVivlWtnIBUrmTcVPx+7B80qOyNAofUPx606JKnwm9ocao6Jj6rDZU96tBu55C6DoxThVqZb5N+Adsm0NmfMcner18Mk8Ud/cfiAELikKr/wyq+97JFTD0J3SZv9SojWbcNJkklfgrderyXIv1J4+sI2Ia9A== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1763842845; bh=wZNb5hn8f6+YGnRKQ4//zW977MdDibV0sSpXpN+4l8t=; h=X-Sonic-MF:From:Subject:Date:To:From:Subject; b=nCWP3K2SbB9Gw6QLeg7sok+OlNu/N+KuehRgh/+s/Xku9hPESNPJrjPCOxZosZoOCYnHfossu9hjayDitM8AQ4iF13geuPzunKX1yOD27pDA8Mvypr9y+xsHS6+zqdma69Uzy6i+V7tp0T3XVELAt24u8x3RsxH185wjzu2Rd3idteRi+kUUXpThCB5cHR12kpKxZUCp3CnmXnxHStQhvMJ+7f/RHN748IfdJNY7pzVWIgvvo09wfSxjt19VFvVgorVB21yIr50FyTOdaelfFWW9ioEYjx7W8KCvbWjE6gY+cMoX2jQ3Veb9TtdE+XPNFMqVHXNSEVgTvsq2OCoTvw== X-YMail-OSG: jhkWOK4VM1mSarp7hsGfYd5azmEfb1vg60K7Gd8KJuGoyNMROCRzuffI4DXJ1qC uh9iWeBH_HtNM2slwrwI1RP.IPkDKUzlxfzlHE0W76RF9g_eu1AJmCTeTKRyJ_Q7gGgVt1jjL.wo pN0FZCyAzEDXd4op15MPR9YJU5Buxky19bNHOJIIJ.OCJw6Uj5cqSF9UCl9iV.qvOxY1I0.gtHRn B474zA7AF5cb1BlcsKbkMobRUklxRigriacvieJuqYmzKIIVzTu4CI47CmBP5JvEMNMjgh.3xmR4 Dp.AqZnB_tlzSUXx.ufH.EMg5AdXoM4P3AyuJOH2DPJ2ePCefMTcPxllSefCGZb.Cd_Ec2YgvXWW SoJEobAeOcLojeupus33f.uOZmu4_31xDFjzl0hj4yK9wy8f0phRa1ulKGkXy6RM0ez.m35iOgS3 zb5bbjSYiwsSAOvGZHy5wmnoQ7Hcg5SLc9Dso5oOzJ_WAqCzJkzLPK1bsPBoTD_H59MBenbOylno z6SD0j3dP2r2cOErE9TrWungLtRY4RiZz8jC.9Ehlilr6OBOZ9VN6TlR2WjNjxMHFIJHismIB8Tc di4ZMKYRlHx5kO84mk8wHrb6r2KCALoS06yFwL6RzMVwaAPyCeDRjS4kPXTrqackFhEVZNIeEX3L ULt4nndjUGbvLVgNIsYl5kSouUjeZ5wOYvgkRwlXjh7C12bwdd2uwcWWxG9yuv2FCUmTzEHewffw tVQj1pWgPmqajY4ljPwWAhDjJ.4fuucOis4RCauXClewzo8cG3XV7KCUCrMfsZ6Awizp2ztsikGh h_tpG.HwMc3DuFxX.mcSLITW6qEfXK_yesvZhGx0RF9TqqHyjrgYiHjfokVbmJ6fVAOqy3E5IKoJ W1jlXsoGpvl4VMdSCGk5.WN1UA4ZpLgR3ujA8p4VcxmGSwZPBpK3XlWhfSKFpUd9Wu9c8yFgvFgr iDGRhVTYi2drIZbYEDQ_OdU0PsyiwiTiHJ6gnBuA6xMfz4xAxWFyp34ajaDg6jP_Oo_DOPA8JZrn 9l2.RV38.YWgq_D_EBcgSkJPx8WWrRD9vHZiEwQUPHYzvSqxlMCHPCm5tLtio0JJaAGxrv5UIR0W QJhpmszSS6ey.RAHGgmJef3o24nsAYSEaAKlRCExKyPONWG6klFsDw8fGsK6GP8C7fck5vAfNDS. kqJdTaQDp7NuE4c.p_c2iOEt9qEMu_DFXviHTDSEB5mFgURMfoC231EQu6Tf3LFgI5Ti.uqbdUsd wwldmZaKr.M3Y86xsS_HOg4uiEkpq_XF2lcfcjEonlEqc6gZvKj7LWjfSzu5eEXk8XGIFojjEM38 uJjoEUK0kM50MClayeBJEMYTKSHL4QHGz50PtnERkOgxilAV1BuB86UdSG51O9mm6gkKEL_ANaoN 0SaV4Kug2Rbdo5EewUo8Z6wSSTx1ZpH8AC8MxoGv6Qt4Xfe2maqKt_ZOu5ilDD58Yh38m80HMiDF l5btreeDqfM0y_NpquaAk70DfD8us35QEtyWaWqNdBWmr6Bh3vpPW1Wx9EgiuIdwy7BrBXA5CNUC l10cTPm9ek5SFMD8VAmTbKKZJo60NyBsh3tPvOyBf6wW528ZK8DLLn.YDkwpf8KQtSuKFoXUTkvG 6VfQOn3ZldRjWsDTUI.sX4.pAOov3DIvrN0h.eTfOxhlpk5N3Eu5Y8EByi5fLIOXTZuNW_uk2JOH _uuqee4FS_L_XE2pgID6sDWXsE1FPJqgRMJIQDdTQFo3phXgB4V.6cRsH45LLYhCotQeel262wRY 91leplGbS_4YBG6WHV2FGm9AhlCbcy6RWvCBZgGb9yGqLcQs8rZ08RK0A1g9a2pxwZlYTNnUEM1R Hiefo3XJnjunwOSNOYoV4dEUl597ajbn7i48UDojeckdyyK_yrMZGq95BF2_Hz5sT3WB2cVXGf_k GzYEhei4MaXiO4XkZ7o2FjnytyuKYICqS713.IRRGKhWuyMjNHNwf7kQ7whhdYfo19pyWNMOEmSK 6apF2Ko0xS865PxHu7FXa6AXaPRzim1MKeN9Vh1pcdslbqA.1A41UEWpo.vuHel35BsvflQMIxKi BBthsiaZib8XWBxAOPI.3RsJIDNqrX6dLmEuzxFZucJTPndFc6SComQgPGLbh9xSsmMm1dsi1WbJ BIvuaStia31h8GTppARFHmYSzjaN69GhBoZCWVoyCE7MsZ.UkG3pQKd1Mi1xEpkS3qGpcxt5Iv0c 6dek4xSsfc8W8jR4A9u3eo6LsDW6ThZea387lGOyUcl5._euFwG33gtJK5ntavG.dK49m4dFBeDE - X-Sonic-MF: X-Sonic-ID: adf0261a-dd1e-4185-bba8-848e81c9dca3 Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.gq1.yahoo.com with HTTP; Sat, 22 Nov 2025 20:20:45 +0000 Received: by hermes--production-gq1-fdb64d996-snhd5 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 269559ad2821cb43eb78f5d99e485e6a; Sat, 22 Nov 2025 20:20:39 +0000 (UTC) From: Mark Millard Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.700.81\)) Subject: Re: mmap( MAP_ANON) is broken on current. (was Still seeing Failed assertion: "p[i] == 0" on armv7 buildworld) [i386 chroot still fails with vm_map.c and vm_object.c patches] Message-Id: Date: Sat, 22 Nov 2025 12:20:28 -0800 To: Konstantin Belousov , Michal Meloun , FreeBSD Current X-Mailer: Apple Mail (2.3826.700.81) References: X-Spamd-Bar: --- X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[yahoo.com,reject]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com]; R_DKIM_ALLOW(-0.20)[yahoo.com:s=s2048]; MIME_GOOD(-0.10)[text/plain]; FROM_HAS_DN(0.00)[]; TO_DN_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_TO(0.00)[gmail.com,freebsd.org]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; DWL_DNSWL_NONE(0.00)[yahoo.com:dkim]; FREEMAIL_FROM(0.00)[yahoo.com]; DKIM_TRACE(0.00)[yahoo.com:+]; ASN(0.00)[asn:36647, ipnet:98.137.64.0/20, country:US]; FREEMAIL_ENVFROM(0.00)[yahoo.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; APPLE_MAILER_COMMON(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[98.137.66.146:from]; RCVD_IN_DNSWL_NONE(0.00)[98.137.66.146:from] X-Rspamd-Queue-Id: 4dDNkr1qkpz45Zf Konstantin Belousov wrote on Date: Sat, 22 Nov 2025 18:45:32 UTC : > On Sat, Nov 22, 2025 at 07:01:03PM +0100, Michal Meloun wrote: > > > Would you please gather the same ddebugging info, with this patch = applied? > > Oups, sorry. > > In meantime, next round with he vm_map patch finished successfully. >=20 > It was still the case of coalescing previous entry and the mapping. >=20 > It is weird, the patch ensures that there is no pages in the object > backing the new region, and due to the ensured properties of the = object, > there should be no way to create pages under us. > I am almost sure that the provided patch is correct, but it might be > some additional cases that I miss. >=20 > Please apply the following debugging patch, it includes the vm_object' > part. Instead of allowing the corruption in userspace, kernel should > panic now. Can you confirm that? >=20 > diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c > index 6b09552c5fee..76808b5ad7f1 100644 > --- a/sys/vm/vm_map.c > +++ b/sys/vm/vm_map.c > @@ -1743,6 +1743,27 @@ vm_map_insert1(vm_map_t map, vm_object_t = object, vm_ooffset_t offset, > (vm_size_t)(prev_entry->end - prev_entry->start), > (vm_size_t)(end - prev_entry->end), cred !=3D NULL && > (protoeflags & MAP_ENTRY_NEEDS_COPY) =3D=3D 0)) { > + vm_object_t obj =3D prev_entry->object.vm_object; > + if (obj !=3D NULL) { > + struct pctrie_iter pages; > + vm_page_t p; > + > + vm_page_iter_init(&pages, obj); > + p =3D vm_radix_iter_lookup_ge(&pages, > + OFF_TO_IDX(prev_entry->offset + > + prev_entry->end - prev_entry->start)); > + if (p !=3D NULL) { > + KASSERT(p->pindex >=3D = OFF_TO_IDX(prev_entry->offset + > + prev_entry->end - prev_entry->start = + > + end - start), > + ("FOUND page %p pindex %#jx " > + "e %#jx %#jx %#jx %#jx", > + p, p->pindex, = (uintmax_t)prev_entry->offset, > + (uintmax_t)prev_entry->end, > + (uintmax_t)prev_entry->start, > + (uintmax_t)(end - start))); > + } > + } > /* > * We were able to extend the object. Determine if we > * can extend the previous map entry to include the > diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c > index 5b4517d2bf0c..9bb4e54edd96 100644 > --- a/sys/vm/vm_object.c > +++ b/sys/vm/vm_object.c > @@ -2189,13 +2189,19 @@ vm_object_coalesce(vm_object_t prev_object, = vm_ooffset_t prev_offset, > next_size >>=3D PAGE_SHIFT; > next_pindex =3D OFF_TO_IDX(prev_offset) + prev_size; > =20 > - if (prev_object->ref_count > 1 && > - prev_object->size !=3D next_pindex && > + if (prev_object->ref_count > 1 || > + prev_object->size !=3D next_pindex || > (prev_object->flags & OBJ_ONEMAPPING) =3D=3D 0) { > VM_OBJECT_WUNLOCK(prev_object); > return (FALSE); > } > =20 > + KASSERT(next_pindex + next_size > prev_object->size, > + ("vm_object_coalesce: " > + "obj %p next_pindex %#jx next_size %#jx obj_size %#jx", > + prev_object, (uintmax_t)next_pindex, (uintmax_t)next_size, > + (uintmax_t)prev_object->size)); > + > /* > * Account for the charge. > */ > @@ -2222,26 +2228,13 @@ vm_object_coalesce(vm_object_t prev_object, = vm_ooffset_t prev_offset, > * Remove any pages that may still be in the object from a = previous > * deallocation. > */ > - if (next_pindex < prev_object->size) { > - vm_object_page_remove(prev_object, next_pindex, = next_pindex + > - next_size, 0); > -#if 0 > - if (prev_object->cred !=3D NULL) { > - KASSERT(prev_object->charge >=3D > - ptoa(prev_object->size - next_pindex), > - ("object %p overcharged 1 %jx %jx", = prev_object, > - (uintmax_t)next_pindex, = (uintmax_t)next_size)); > - prev_object->charge -=3D ptoa(prev_object->size = - > - next_pindex); > - } > -#endif > - } > + vm_object_page_remove(prev_object, next_pindex, next_pindex + > + next_size, 0); > =20 > /* > * Extend the object if necessary. > */ > - if (next_pindex + next_size > prev_object->size) > - prev_object->size =3D next_pindex + next_size; > + prev_object->size =3D next_pindex + next_size; > =20 > VM_OBJECT_WUNLOCK(prev_object); > return (TRUE); For the i386 chroot test context, it still fails like before: . . . Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/ExtractAPI/ExtractAPIConsume= r.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/ExtractAPI/Serialization/Sym= bolGraphSerializer.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/ExtractAPI/TypedefUnderlying= TypeResolver.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/AffectedRangeManager.= pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/BreakableToken.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/ContinuationIndenter.= pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/DefinitionBlockSepara= tor.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/Format.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/FormatToken.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/FormatTokenLexer.pico= Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/IntegerLiteralSeparat= orFixer.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/MacroCallReconstructo= r.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/MacroExpander.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/NamespaceEndCommentsF= ixer.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/ObjCPropertyAttribute= OrderFixer.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/QualifierAlignmentFix= er.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/SortJavaScriptImports= .pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/TokenAnalyzer.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/TokenAnnotator.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/UnwrappedLineFormatte= r.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/UnwrappedLineParser.p= ico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/UsingDeclarationsSort= er.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Format/WhitespaceManager.pic= o Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/ASTConsumers.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/ASTMerge.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/ASTUnit.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/ChainedDiagnosticCo= nsumer.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/ChainedIncludesSour= ce.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/CompilerInstance.pi= co Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/CompilerInvocation.= pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/CreateInvocationFro= mCommandLine.pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/DependencyFile.pico= Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/DependencyGraph.pic= o Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/DiagnosticRenderer.= pico Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/FrontendAction.pico= Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/FrontendActions.pic= o Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/FrontendOptions.pic= o : = /usr/src/contrib/jemalloc/include/jemalloc/internal/ehooks.h:170: Failed = assertion: "p[i] =3D=3D 0" Building = /usr/obj/usr/src/i386.i386/lib/clang/libclang/Frontend/HeaderIncludeGen.pi= co Abort trap (core dumped) *** [ExtractAPI/ExtractAPIConsumer.pico] Error code 134 . . . For reference (from the amd64 boot context): # strings /boot/kernel.jemallocfailure/kernel | grep 'FOUND page %p = pindex %#jx' FOUND page %p pindex %#jx e %#jx %#jx %#jx %#jx # uname -apKU FreeBSD 7950X3D-UFS 16.0-CURRENT FreeBSD 16.0-CURRENT #3: Sat Nov 22 = 11:42:13 PST 2025 = root@7950X3D-UFS:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 amd64 = 1600004 1600004 The backtrace looks like: (lldb) bt * thread #1, name =3D 'c++', stop reason =3D signal SIGABRT * frame #0: 0x24bd378b libsys.so.7`__sys_thr_kill at thr_kill.S:4 frame #1: 0x2ab2231b libc.so.7`__raise(s=3D6) at raise.c:48:10 frame #2: 0x2abcc73b libc.so.7`abort at abort.c:61:8 frame #3: 0x2ac10440 = libc.so.7`ehooks_debug_zero_check(addr=3D, = size=3D) at ehooks.h:0 frame #4: 0x2ac0ccfa libc.so.7`__je_extent_alloc_wrapper [inlined] = ehooks_alloc(tsdn=3D, ehooks=3D, = new_addr=3D, size=3D, alignment=3D,= zero=3D0xffff7c7b, commit=3D) at ehooks.h:208:3 frame #5: 0x2ac0cc5a = libc.so.7`__je_extent_alloc_wrapper(tsdn=3D0x2adf90a0, pac=3D0x2b0015e4, = ehooks=3D0x2b000080, new_addr=3D0x00000000, size=3D20480, = alignment=3D4096, zero=3Dtrue, commit=3D0xffff7ce3, = growing_retained=3D) at jemalloc_extent.c:1003:15 frame #6: 0x2ac0c58e = libc.so.7`__je_ecache_alloc_grow(tsdn=3D0x2adf90a0, pac=3D0x2b0015e4, = ehooks=3D0x2b000080, ecache=3D0x2b0036d0, expand_edata=3D0x00000000, = size=3D20480, alignment=3D4096, zero=3D, = guarded=3D) at jemalloc_extent.c:126:11 frame #7: 0x2ac3c73f libc.so.7`pac_alloc_impl [inlined] = pac_alloc_real(tsdn=3D, pac=3D, = ehooks=3D, size=3D, alignment=3D4096, = zero=3D, guarded=3D) at jemalloc_pac.c:124:11 frame #8: 0x2ac3c696 libc.so.7`pac_alloc_impl(tsdn=3D0x2adf90a0, = self=3D0x2b0015e4, size=3D20480, alignment=3D4096, zero=3D, = guarded=3D, frequent_reuse=3D, = deferred_work_generated=3D) at jemalloc_pac.c:178:11 frame #9: 0x2ac3afe0 libc.so.7`__je_pa_alloc [inlined] = pai_alloc(tsdn=3D, self=3D, = size=3D, alignment=3D, zero=3D, = guarded=3D, frequent_reuse=3D, = deferred_work_generated=3D) at pai.h:43:9 frame #10: 0x2ac3afc9 libc.so.7`__je_pa_alloc(tsdn=3D0x2adf90a0, = shard=3D0x2b0015d8, size=3D20480, alignment=3D4096, slab=3D, = szind=3D25, zero=3D, guarded=3D, = deferred_work_generated=3D0xffff7dc7) at jemalloc_pa.c:139:11 frame #11: 0x2abec82b libc.so.7`arena_slab_alloc(tsdn=3D,= arena=3D, binind=3D25, binshard=3D0, bin_info=3D0x2ac71658) = at jemalloc_arena.c:839:18 frame #12: 0x2abebdaa = libc.so.7`__je_arena_cache_bin_fill_small(tsdn=3D0x2adf90a0, = arena=3D0x2b000500, cache_bin=3D0x2adf94e8, cache_bin_info=3D0x2b0004b2, = binind=3D25, nfill=3D10) at jemalloc_arena.c:1034:16 frame #13: 0x2ac2b737 = libc.so.7`__je_tcache_alloc_small_hard(tsdn=3D0x2adf90a0, = arena=3D0x2b000500, tcache=3D0x2adf92f0, cache_bin=3D0x2adf94e8, = binind=3D25, tcache_success=3D0xffff7e8b) at jemalloc_tcache.c:238:2 frame #14: 0x2abed8e3 libc.so.7`arena_malloc [inlined] = tcache_alloc_small(tsd=3D, arena=3D0x2b000500, = tcache=3D, size=3D, binind=3D, = zero=3D, slow_path=3Dtrue) at tcache_inlines.h:68:9 frame #15: 0x2abed83e libc.so.7`arena_malloc(tsdn=3D, = arena=3D, size=3D2560, ind=3D25, zero=3D, = tcache=3D0x2adf92f0, slow_path=3Dtrue) at arena_inlines_b.h:151:11 frame #16: 0x2abed610 libc.so.7`__je_arena_palloc(tsdn=3D0x2adf90a0, = arena=3D0x00000000, usize=3D2560, alignment=3D4, zero=3D, = tcache=3D0x2adf92f0) at jemalloc_arena.c:1224:9 frame #17: 0x2abe7838 libc.so.7`ipalloct [inlined] = ipallocztm(tsdn=3D, usize=3D2560, alignment=3D4, = zero=3D, tcache=3D0x2adf92f0, is_internal=3Dfalse, = arena=3D0x00000000) at jemalloc_internal_inlines_c.h:80:8 frame #18: 0x2abe7705 libc.so.7`ipalloct(tsdn=3D, = usize=3D2560, alignment=3D4, zero=3D, tcache=3D0x2adf92f0, = arena=3D0x00000000) at jemalloc_internal_inlines_c.h:91:9 frame #19: 0x2abe754c libc.so.7`imalloc_body [inlined] = imalloc_no_sample(sopts=3D0xffff7f9c, dopts=3D0xffff7f7c, = tsd=3D0x2adf90a0, size=3D2304, usize=3D2560, ind=3D0) at = jemalloc_jemalloc.c:2398:10 frame #20: 0x2abe753f libc.so.7`imalloc_body(sopts=3D, = dopts=3D, tsd=3D0x2adf90a0) at jemalloc_jemalloc.c:2577:16 frame #21: 0x2abdae88 libc.so.7`imalloc(sopts=3D, = dopts=3D) at tsd.h:0:2 frame #22: 0x2abdb3ef libc.so.7`__aligned_alloc(alignment=3D4, = size=3D2304) at jemalloc_jemalloc.c:2821:2 frame #23: 0x2aa69777 libc++.so.1`operator new(unsigned int, = std::align_val_t) [inlined] = std::__1::__libcpp_aligned_alloc[abi:se190107](__alignment=3D4, = __size=3D) at aligned_alloc.h:43:10 frame #24: 0x2aa69768 libc++.so.1`operator new(unsigned int, = std::align_val_t) [inlined] = operator_new_aligned_impl(size=3D, alignment=3D4) at = new.cpp:129:15 frame #25: 0x2aa69748 libc++.so.1`operator new(size=3D2304, = alignment=3D4) at new.cpp:141:13 frame #26: 0x28a7905b = libprivatellvm.so.19`llvm::allocate_buffer(unsigned int, unsigned int) = at MemAlloc.cpp:16:10 frame #27: 0x26fa313e libprivatellvm.so.19`::grow() [inlined] = allocateBuckets at DenseMap.h:915:9 frame #28: 0x26fa312d libprivatellvm.so.19`::grow() at = DenseMap.h:849:5 frame #29: 0x26fa30a5 = libprivatellvm.so.19`::InsertIntoBucketImpl >() [inlined] grow at DenseMap.h:580:36 frame #30: 0x26fa309e = libprivatellvm.so.19`::InsertIntoBucketImpl >() at DenseMap.h:0 frame #31: 0x26fa2f51 libprivatellvm.so.19`::FindAndConstruct() = [inlined] InsertIntoBucket > = at DenseMap.h:590:17 frame #32: 0x26fa2f48 libprivatellvm.so.19`::FindAndConstruct() at = DenseMap.h:381:13 frame #33: 0x26f9f3fe libprivatellvm.so.19`::initializeRPOT() = [inlined] operator[] at DenseMap.h:385:12 frame #34: 0x26f9f3f0 libprivatellvm.so.19`::initializeRPOT() at = BlockFrequencyInfoImpl.h:1173:5 frame #35: 0x26f99bbd libprivatellvm.so.19`::calculate() at = BlockFrequencyInfoImpl.h:1119:3 frame #36: 0x26f992a0 libprivatellvm.so.19`::calculate() at = BlockFrequencyInfo.cpp:189:8 frame #37: 0x26f9bc3a = libprivatellvm.so.19`llvm::BlockFrequencyAnalysis::run(llvm::Function&, = llvm::AnalysisManager&) at BlockFrequencyInfo.cpp:338:7 frame #38: 0x2880e51b libprivatellvm.so.19`::run() at = PassManagerInternal.h:320:14 frame #39: 0x283b7e8b libprivatellvm.so.19`::getResultImpl() at = PassManagerImpl.h:156:35 frame #40: 0x26f9c0a6 = libprivatellvm.so.19`::getResult() at = PassManager.h:409:9 frame #41: 0x29b202aa libprivatellvm.so.19`::run() at = Inliner.cpp:385:16 frame #42: 0x2882dbad = libprivatellvm.so.19`llvm::detail::PassModel, llvm::LazyCallGraph&, = llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, = llvm::AnalysisManager&, = llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) at = PassManagerInternal.h:90:17 frame #43: 0x26fd7933 libprivatellvm.so.19`::run() at = CGSCCPassManager.cpp:87:38 frame #44: 0x2881959d = libprivatellvm.so.19`llvm::detail::PassModel, = llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>, = llvm::AnalysisManager, = llvm::LazyCallGraph&, = llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, = llvm::AnalysisManager&, = llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) at = PassManagerInternal.h:90:17 frame #45: 0x26fda8e4 libprivatellvm.so.19`::run() at = CGSCCPassManager.cpp:413:38 frame #46: 0x28849d1d = libprivatellvm.so.19`llvm::detail::PassModel, = llvm::LazyCallGraph&, = llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, = llvm::AnalysisManager&, = llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) at = PassManagerInternal.h:90:17 frame #47: 0x26fd901f libprivatellvm.so.19`::run() at = CGSCCPassManager.cpp:274:44 frame #48: 0x288198a7 = libprivatellvm.so.19`llvm::detail::PassModel>::run(llvm::Module&, = llvm::AnalysisManager&) at PassManagerInternal.h:90:17 frame #49: 0x283b43bd libprivatellvm.so.19`::run() at = PassManagerImpl.h:81:38 frame #50: 0x29b224ef libprivatellvm.so.19`::run() at = Inliner.cpp:631:7 frame #51: 0x288235a7 = libprivatellvm.so.19`llvm::detail::PassModel>::run(llvm::Module&, = llvm::AnalysisManager&) at PassManagerInternal.h:90:17 frame #52: 0x283b43bd libprivatellvm.so.19`::run() at = PassManagerImpl.h:81:38 frame #53: 0x228e956a = libprivateclang.so.19`::RunOptimizationPipeline() at = BackendUtil.cpp:1114:9 frame #54: 0x228e000c libprivateclang.so.19`::EmitBackendOutput() = [inlined] EmitAssembly at BackendUtil.cpp:1179:3 frame #55: 0x228df8a5 libprivateclang.so.19`::EmitBackendOutput() at = BackendUtil.cpp:1341:13 frame #56: 0x22d84b4d = libprivateclang.so.19`::HandleTranslationUnit() at = CodeGenAction.cpp:354:3 frame #57: 0x234f63bd libprivateclang.so.19`::ParseAST() at = ParseAST.cpp:184:13 frame #58: 0x2335bdef libprivateclang.so.19`::ExecuteAction() at = FrontendAction.cpp:1192:3 frame #59: 0x22d8ad1d libprivateclang.so.19`::ExecuteAction() at = CodeGenAction.cpp:1144:30 frame #60: 0x2335b650 libprivateclang.so.19`::Execute() at = FrontendAction.cpp:1078:8 frame #61: 0x232bc3ac libprivateclang.so.19`::ExecuteAction() at = CompilerInstance.cpp:1061:33 frame #62: 0x233f3b7c = libprivateclang.so.19`::ExecuteCompilerInvocation() at = ExecuteCompilerInvocation.cpp:280:25 frame #63: 0x0040df8f c++`::cc1_main() at cc1_main.cpp:284:15 frame #64: 0x0041c927 c++`::ExecuteCC1Tool() at driver.cpp:215:12 frame #65: 0x22f460a6 libprivateclang.so.19`::callback_fn<(lambda at = /usr/src/contrib/llvm-project/clang/lib/Driver/Job.cpp:440:22)>() = [inlined] operator() at STLFunctionalExtras.h:68:12 frame #66: 0x22f46097 libprivateclang.so.19`::callback_fn<(lambda at = /usr/src/contrib/llvm-project/clang/lib/Driver/Job.cpp:440:22)>() = [inlined] operator() at Job.cpp:440:34 frame #67: 0x22f46094 libprivateclang.so.19`::callback_fn<(lambda at = /usr/src/contrib/llvm-project/clang/lib/Driver/Job.cpp:440:22)>() at = STLFunctionalExtras.h:45:12 frame #68: 0x28a3f834 libprivatellvm.so.19`::RunSafely() [inlined] = operator() at STLFunctionalExtras.h:68:12 frame #69: 0x28a3f82f libprivatellvm.so.19`::RunSafely() at = CrashRecoveryContext.cpp:426:3 frame #70: 0x22f456d4 libprivateclang.so.19`::Execute() at = Job.cpp:440:12 frame #71: 0x22f00688 libprivateclang.so.19`::ExecuteCommand() at = Compilation.cpp:199:15 frame #72: 0x22f0097e libprivateclang.so.19`::ExecuteJobs() at = Compilation.cpp:253:19 frame #73: 0x22f21e9c libprivateclang.so.19`::ExecuteCompilation() = at Driver.cpp:1943:5 frame #74: 0x0041bfdd c++`::clang_main() at driver.cpp:391:21 frame #75: 0x0041a387 c++`main at clang-driver.cpp:17:10 frame #76: 0x2aaf8820 libc.so.7`__libc_start1(argc=3D71, = argv=3D0xffffc28c, env=3D0xffffc3ac, cleanup=3D(ld-elf.so.1`rtld_nop_exit = at rtld.c:3602), mainX=3D(c++`main at clang-driver.cpp:15)) at = libc_start1.c:180:7 frame #77: 0x0040c438 c++`_start at crt1_s.S:84 =3D=3D=3D Mark Millard marklmi at yahoo.com