FreeBSD 6.0 panic: kmem_malloc(16384): kmem_map too small: 172728320 total allocated

Fabian Keil freebsd-listen at fabiankeil.de
Wed Dec 14 04:28:24 PST 2005 

I triggered a few reproducible panics on FreeBSD 6.0-STABLE.

I created a ramdisk with:
 
        /sbin/mdconfig -a -t malloc -s 256M -u 10
        /sbin/newfs -U /dev/md10
        /sbin/mount /dev/md10 /mnt/ramdisk

The system has "avail memory = 515932160 (492 MB)"
and 1GB swap space.

While copying to /mnt/ramdisk trough ftp localhost
it got:

root at africanqueen ~/crashdump #kgdb kernel-GENERIC.debug vmcore.3
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
[...]
Unread portion of the kernel message buffer:
panic: kmem_malloc(16384): kmem_map too small: 172728320 total allocated
Uptime: 2m57s
Dumping 511 MB (2 chunks)
  chunk 0: 1MB (158 pages) ... ok
  chunk 1: 511MB (130800 pages) 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:165
#1  0xc063a4ee in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xc063a784 in panic (fmt=0xc0880846 "kmem_malloc(%ld): kmem_map too small: %ld total allocated")
    at /usr/src/sys/kern/kern_shutdown.c:555
#3  0xc07a44bd in kmem_malloc (map=0xc10430c0, size=16384, flags=1026) at /usr/src/sys/vm/vm_kern.c:299
#4  0xc079c0c6 in page_alloc (zone=0x0, bytes=16384, pflag=0x0, wait=1026) at /usr/src/sys/vm/uma_core.c:958
#5  0xc079e41f in uma_large_malloc (size=16384, wait=1026) at /usr/src/sys/vm/uma_core.c:2702
#6  0xc0630085 in malloc (size=16384, mtp=0xc08ffe40, flags=1026) at /usr/src/sys/kern/kern_malloc.c:329
#7  0xc078365e in softdep_disk_io_initiation (bp=0xcd899658) at /usr/src/sys/ufs/ffs/ffs_softdep.c:3630
#8  0xc078b1fe in ffs_geom_strategy (bo=0xc3593e90, bp=0xcd899658) at buf.h:422
#9  0xc0796869 in ufs_strategy (ap=0x0) at /usr/src/sys/ufs/ufs/ufs_vnops.c:1926
#10 0xc081c645 in VOP_STRATEGY_APV (vop=0xc09012a0, a=0xdd93ec0c) at vnode_if.c:1796
#11 0xc06841d0 in bufstrategy (bo=0xc35f7720, bp=0x0) at vnode_if.h:928
#12 0xc067eda8 in bufwrite (bp=0xcd899658) at buf.h:415
#13 0xc067f397 in bawrite (bp=0x0) at buf.h:399
#14 0xc078b53d in ffs_syncvnode (vp=0xc35f7660, waitfor=1) at /usr/src/sys/ufs/ffs/ffs_vnops.c:256
#15 0xc078b28e in ffs_fsync (ap=0xdd93ecc0) at /usr/src/sys/ufs/ffs/ffs_vnops.c:179
#16 0xc081c05c in VOP_FSYNC_APV (vop=0x0, a=0x0) at vnode_if.c:1020
#17 0xc0698278 in fsync (td=0xc3460d80, uap=0x0) at vnode_if.h:537
#18 0xc080b6eb in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 64, tf_esi = 134572032, tf_ebp = -1077940680, tf_isp = -5775079 
96, tf_ebx = 134561920, tf_edx = 1, tf_ecx = 6, tf_eax = 95, tf_trapno = 0, tf_err = 2, tf_eip = 672366947, tf_cs = 
 51, tf_eflags = 662, tf_esp = -1077945572, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:981
#19 0xc07fa57f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
#20 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)


By simply copying to /mnt/ramdisk with cp I got:

root at africanqueen ~/crashdump #kgdb kernel-GENERIC.debug vmcore.4
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
[...]
Unread portion of the kernel message buffer:
g_vfs_done():md10[WRITE(offset=206372864, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=206503936, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=206635008, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=206766080, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=206897152, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=207028224, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=207159296, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=207290368, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=207421440, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=207552512, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=207683584, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=207814656, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=207945728, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=208076800, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=208207872, length=131072)]error = 28
g_vfs_done():md10[WRITE(offset=208338944, length=131072)]error = 28
panic: kmem_malloc(4096): kmem_map too small: 172728320 total allocated
Uptime: 11m23s
Dumping 511 MB (2 chunks)
  chunk 0: 1MB (158 pages) ... ok
  chunk 1: 511MB (130800 pages) 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165     pcpu.h: No such file or directory.
        in pcpu.h
#0  doadump () at pcpu.h:165
#1  0xc063a4ee in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xc063a784 in panic (fmt=0xc0880846 "kmem_malloc(%ld): kmem_map too small: %ld total allocated")
    at /usr/src/sys/kern/kern_shutdown.c:555
#3  0xc07a44bd in kmem_malloc (map=0xc10430c0, size=4096, flags=1026) at /usr/src/sys/vm/vm_kern.c:299
#4  0xc079c0c6 in page_alloc (zone=0xc104d800, bytes=4096, pflag=0x0, wait=1026) at /usr/src/sys/vm/uma_core.c:958
#5  0xc079bbfd in slab_zalloc (zone=0xc104d800, wait=1026) at /usr/src/sys/vm/uma_core.c:823
#6  0xc079d39c in uma_zone_slab (zone=0xc104d800, flags=1282) at /usr/src/sys/vm/uma_core.c:2025
#7  0xc079d5b8 in uma_zalloc_bucket (zone=0xc104d800, flags=1282) at /usr/src/sys/vm/uma_core.c:2134
#8  0xc079d22d in uma_zalloc_arg (zone=0xc104d800, udata=0x0, flags=1282) at /usr/src/sys/vm/uma_core.c:1942
#9  0xc0630042 in malloc (size=64, mtp=0xc08ffec0, flags=1282) at uma.h:275
#10 0xc077fff5 in newallocindir (ip=0xc924a6b4, ptrno=0, newblkno=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/ufs/ffs/ffs_softdep.c:1818
#11 0xc0780060 in softdep_setup_allocindir_page (ip=0xc924a6b4, lbn=4410, bp=0xcd82e550, ptrno=302, 
    newblkno=101840, oldblkno=0, nbp=0xcd7c4118) at /usr/src/sys/ufs/ffs/ffs_softdep.c:1847
#12 0xc0776562 in ffs_balloc_ufs2 (vp=0xc37a7220, startoffset=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/ufs/ffs/ffs_balloc.c:822
#13 0xc078be30 in ffs_write (ap=0xdeb8fbec) at /usr/src/sys/ufs/ffs/ffs_vnops.c:662
#14 0xc081bdbe in VOP_WRITE_APV (vop=0xc0900d60, a=0xdeb8fbec) at vnode_if.c:698
#15 0xc069c336 in vn_write (fp=0xc3573a68, uio=0xdeb8fcbc, active_cred=0xc35f7c80, flags=0, td=0xc374dc00)
    at vnode_if.h:372
#16 0xc065bb1b in dofilewrite (td=0xc374dc00, fd=4, fp=0xc3573a68, auio=0xdeb8fcbc, offset=Unhandled dwarf expression opcode 0x93
) at file.h:246
#17 0xc065b9bf in kern_writev (td=0xc374dc00, fd=4, auio=0xdeb8fcbc) at /usr/src/sys/kern/sys_generic.c:402
#18 0xc065b8e5 in write (td=0xc374dc00, uap=0x0) at /usr/src/sys/kern/sys_generic.c:326
#19 0xc080b6eb in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134526528, tf_esi = 65536, tf_ebp = -1077941656, tf_isp = -558301852, tf_ebx = 65536, tf_edx = 0, tf_ecx = 134607176, tf_eax = 4, tf_trapno = 32, tf_err = 2, tf_eip = 672311759, tf_cs = 51, tf_eflags = 518, tf_esp = -1077941732, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:981

#20 0xc07fa57f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
#21 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)

For the last two panics I used GENERIC, sources are from yesterday.

Fabian
-- 
http://www.fabiankeil.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20051214/4c0185da/signature.bin

More information about the freebsd-stable mailing list