From owner-freebsd-stable@FreeBSD.ORG  Wed Jul 23 10:34:29 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 14E7C37B47C
	for <freebsd-stable@freebsd.org>;
	Wed, 23 Jul 2003 10:34:28 -0700 (PDT)
Received: from vnode.vmunix.com (vnode.vmunix.com [64.7.135.41])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A771A43FDD
	for <freebsd-stable@freebsd.org>;
	Wed, 23 Jul 2003 10:34:27 -0700 (PDT)
	(envelope-from gabor@vmunix.com)
Received: by vnode.vmunix.com (Postfix, from userid 1004)
	id 41938A1A56; Wed, 23 Jul 2003 17:34:27 +0000 (GMT)
Date: Wed, 23 Jul 2003 13:34:27 -0400
From: Gabor <gabor@vmunix.com>
To: freebsd-stable@freebsd.org
Message-ID: <20030723173427.GA72876@vmunix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
X-Operating-System: FreeBSD 4.7-STABLE
Subject: malloc does not return null when out of memory
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jul 2003 17:34:29 -0000

We have a little soekris box running freebsd that uses racoon for key
management.  It's used for setting up an ipsec tunnel.  I noticed that
one of these devices lost the tunnel this morning.  I looked in the
log and saw this

Jul 23 01:37:57 m0n0wall /kernel: pid 80 (racoon), uid 0, was killed: out of swap space

I reproduced this problem using this code.

#include <stdlib.h>
int
main(int argc, char **argv)
{
        char *p;
        int cnt = 0;

        while (1) {
                p = malloc(100000);
                printf("%d %p\n", ++cnt, p);
                if (p)
                        memset(p, 0, 100000);
                else
                        break;
        }
        return 0;
}

Here is the tail end of the output.  It dies when trying to poke at
the memory using memset.  If I just malloc without the memset, it
never even dies.

210 0x94b5000
211 0x94ce000
212 0x94e7000
213 0x9500000
214 0x9519000
215 0x9532000
216 0x954b000
217 0x9564000
218 0x957d000
219 0x9596000
220 0x95af000
221 0x95c8000
Killed

The kernel for this has the NO_SWAPPING option enabled since there is
essentially no disk, it boots from a CF.