Re: mmap( MAP_ANON) is broken on current. (was Still seeing Failed assertion: "p[i] == 0" on armv7 buildworld)

On Fri, Nov 21, 2025 at 09:54:23PM +0200, Konstantin Belousov wrote:
> On Fri, Nov 21, 2025 at 08:08:47PM +0100, Michal Meloun wrote:
> > First, many thanks for your efforts, but this check doesn't trigger when the
> > problem occurs
> > 
> Hm, ok.  This is a data point, in fact.
> 
> > 
> > To be more precise, testing case
> > on fresh kernel(d8bfcacd12aba73188c44a157c707908e275825d)
> > with PMAP_DEBUG defined in pmap-v6.c and with
> > trivial zero check for first page at this place ->
> > https://cgit.freebsd.org/src/tree/contrib/jemalloc/src/pages.c#n281
> > 
> > causes this failure:
> > 
> > __je_pages_map: addr: 0x0, ret: 0x3087b000, size: 4096, alignment: 4096,
> > prot: 0x00000003, flags: 0x0C001002
> > __je_pages_map: i: 0, p[i]: 0xFFFFFFFF, p: 0x3087b000
> > __je_pages_map: i: 23, p[i]: 0x308E5F94, p: 0x3087b000
> 
> Could you, please, when the failure is detected, spawn 'procstat -v <pid>'
> and dump the memory map of the process?  To be clear, I want to see all
> of this:
> - the address of the mapping returned by mmap
> - its size
> - the location of the first non-zero byte
> - memory map

Also, regardless of the output above, please try this as a wild guess:

diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c
index 5b4517d2bf0c..5c6ed51706bf 100644
--- a/sys/vm/vm_object.c
+++ b/sys/vm/vm_object.c
@@ -2222,7 +2222,7 @@ vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset,
 	 * Remove any pages that may still be in the object from a previous
 	 * deallocation.
 	 */
-	if (next_pindex < prev_object->size) {
+	if (true || next_pindex < prev_object->size) {
 		vm_object_page_remove(prev_object, next_pindex, next_pindex +
 		    next_size, 0);
 #if 0