FreeBSD Mail Archives

Date:      Wed, 14 Dec 2005 13:25:30 +0100
From:      Fabian Keil <freebsd-listen@fabiankeil.de>
To:        freebsd-stable@freebsd.org
Subject:   FreeBSD 6.0 panic: kmem_malloc(16384): kmem_map too small: 172728320 total allocated
Message-ID:  <20051214132530.3b6daecd@TP51.local>

next in thread | raw e-mail | index | archive | help

--Sig_d+Z+FPTJW7+CfAB5byqEFfU
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

I triggered a few reproducible panics on FreeBSD 6.0-STABLE.

I created a ramdisk with:
=20
        /sbin/mdconfig -a -t malloc -s 256M -u 10
        /sbin/newfs -U /dev/md10
        /sbin/mount /dev/md10 /mnt/ramdisk

The system has "avail memory =3D 515932160 (492 MB)"
and 1GB swap space.

While copying to /mnt/ramdisk trough ftp localhost
it got:

root@africanqueen ~/crashdump #kgdb kernel-GENERIC.debug vmcore.3
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:=
 Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
[...]
Unread portion of the kernel message buffer:
panic: kmem_malloc(16384): kmem_map too small: 172728320 total allocated
Uptime: 2m57s
Dumping 511 MB (2 chunks)
  chunk 0: 1MB (158 pages) ... ok
  chunk 1: 511MB (130800 pages) 495 479 463 447 431 415 399 383 367 351 335=
 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:165
#1  0xc063a4ee in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:3=
99
#2  0xc063a784 in panic (fmt=3D0xc0880846 "kmem_malloc(%ld): kmem_map too s=
mall: %ld total allocated")
    at /usr/src/sys/kern/kern_shutdown.c:555
#3  0xc07a44bd in kmem_malloc (map=3D0xc10430c0, size=3D16384, flags=3D1026=
) at /usr/src/sys/vm/vm_kern.c:299
#4  0xc079c0c6 in page_alloc (zone=3D0x0, bytes=3D16384, pflag=3D0x0, wait=
=3D1026) at /usr/src/sys/vm/uma_core.c:958
#5  0xc079e41f in uma_large_malloc (size=3D16384, wait=3D1026) at /usr/src/=
sys/vm/uma_core.c:2702
#6  0xc0630085 in malloc (size=3D16384, mtp=3D0xc08ffe40, flags=3D1026) at =
/usr/src/sys/kern/kern_malloc.c:329
#7  0xc078365e in softdep_disk_io_initiation (bp=3D0xcd899658) at /usr/src/=
sys/ufs/ffs/ffs_softdep.c:3630
#8  0xc078b1fe in ffs_geom_strategy (bo=3D0xc3593e90, bp=3D0xcd899658) at b=
uf.h:422
#9  0xc0796869 in ufs_strategy (ap=3D0x0) at /usr/src/sys/ufs/ufs/ufs_vnops=
.c:1926
#10 0xc081c645 in VOP_STRATEGY_APV (vop=3D0xc09012a0, a=3D0xdd93ec0c) at vn=
ode_if.c:1796
#11 0xc06841d0 in bufstrategy (bo=3D0xc35f7720, bp=3D0x0) at vnode_if.h:928
#12 0xc067eda8 in bufwrite (bp=3D0xcd899658) at buf.h:415
#13 0xc067f397 in bawrite (bp=3D0x0) at buf.h:399
#14 0xc078b53d in ffs_syncvnode (vp=3D0xc35f7660, waitfor=3D1) at /usr/src/=
sys/ufs/ffs/ffs_vnops.c:256
#15 0xc078b28e in ffs_fsync (ap=3D0xdd93ecc0) at /usr/src/sys/ufs/ffs/ffs_v=
nops.c:179
#16 0xc081c05c in VOP_FSYNC_APV (vop=3D0x0, a=3D0x0) at vnode_if.c:1020
#17 0xc0698278 in fsync (td=3D0xc3460d80, uap=3D0x0) at vnode_if.h:537
#18 0xc080b6eb in syscall (frame=3D
      {tf_fs =3D 59, tf_es =3D 59, tf_ds =3D 59, tf_edi =3D 64, tf_esi =3D =
134572032, tf_ebp =3D -1077940680, tf_isp =3D -5775079=20
96, tf_ebx =3D 134561920, tf_edx =3D 1, tf_ecx =3D 6, tf_eax =3D 95, tf_tra=
pno =3D 0, tf_err =3D 2, tf_eip =3D 672366947, tf_cs =3D=20
 51, tf_eflags =3D 662, tf_esp =3D -1077945572, tf_ss =3D 59}) at /usr/src/=
sys/i386/i386/trap.c:981
#19 0xc07fa57f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s=
:200
#20 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)


By simply copying to /mnt/ramdisk with cp I got:

root@africanqueen ~/crashdump #kgdb kernel-GENERIC.debug vmcore.4
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:=
 Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
[...]
Unread portion of the kernel message buffer:
g_vfs_done():md10[WRITE(offset=3D206372864, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D206503936, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D206635008, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D206766080, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D206897152, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D207028224, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D207159296, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D207290368, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D207421440, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D207552512, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D207683584, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D207814656, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D207945728, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D208076800, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D208207872, length=3D131072)]error =3D 28
g_vfs_done():md10[WRITE(offset=3D208338944, length=3D131072)]error =3D 28
panic: kmem_malloc(4096): kmem_map too small: 172728320 total allocated
Uptime: 11m23s
Dumping 511 MB (2 chunks)
  chunk 0: 1MB (158 pages) ... ok
  chunk 1: 511MB (130800 pages) 495 479 463 447 431 415 399 383 367 351 335=
 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165     pcpu.h: No such file or directory.
        in pcpu.h
#0  doadump () at pcpu.h:165
#1  0xc063a4ee in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:3=
99
#2  0xc063a784 in panic (fmt=3D0xc0880846 "kmem_malloc(%ld): kmem_map too s=
mall: %ld total allocated")
    at /usr/src/sys/kern/kern_shutdown.c:555
#3  0xc07a44bd in kmem_malloc (map=3D0xc10430c0, size=3D4096, flags=3D1026)=
 at /usr/src/sys/vm/vm_kern.c:299
#4  0xc079c0c6 in page_alloc (zone=3D0xc104d800, bytes=3D4096, pflag=3D0x0,=
 wait=3D1026) at /usr/src/sys/vm/uma_core.c:958
#5  0xc079bbfd in slab_zalloc (zone=3D0xc104d800, wait=3D1026) at /usr/src/=
sys/vm/uma_core.c:823
#6  0xc079d39c in uma_zone_slab (zone=3D0xc104d800, flags=3D1282) at /usr/s=
rc/sys/vm/uma_core.c:2025
#7  0xc079d5b8 in uma_zalloc_bucket (zone=3D0xc104d800, flags=3D1282) at /u=
sr/src/sys/vm/uma_core.c:2134
#8  0xc079d22d in uma_zalloc_arg (zone=3D0xc104d800, udata=3D0x0, flags=3D1=
282) at /usr/src/sys/vm/uma_core.c:1942
#9  0xc0630042 in malloc (size=3D64, mtp=3D0xc08ffec0, flags=3D1282) at uma=
.h:275
#10 0xc077fff5 in newallocindir (ip=3D0xc924a6b4, ptrno=3D0, newblkno=3DUnh=
andled dwarf expression opcode 0x93
) at /usr/src/sys/ufs/ffs/ffs_softdep.c:1818
#11 0xc0780060 in softdep_setup_allocindir_page (ip=3D0xc924a6b4, lbn=3D441=
0, bp=3D0xcd82e550, ptrno=3D302,=20
    newblkno=3D101840, oldblkno=3D0, nbp=3D0xcd7c4118) at /usr/src/sys/ufs/=
ffs/ffs_softdep.c:1847
#12 0xc0776562 in ffs_balloc_ufs2 (vp=3D0xc37a7220, startoffset=3DUnhandled=
 dwarf expression opcode 0x93
) at /usr/src/sys/ufs/ffs/ffs_balloc.c:822
#13 0xc078be30 in ffs_write (ap=3D0xdeb8fbec) at /usr/src/sys/ufs/ffs/ffs_v=
nops.c:662
#14 0xc081bdbe in VOP_WRITE_APV (vop=3D0xc0900d60, a=3D0xdeb8fbec) at vnode=
_if.c:698
#15 0xc069c336 in vn_write (fp=3D0xc3573a68, uio=3D0xdeb8fcbc, active_cred=
=3D0xc35f7c80, flags=3D0, td=3D0xc374dc00)
    at vnode_if.h:372
#16 0xc065bb1b in dofilewrite (td=3D0xc374dc00, fd=3D4, fp=3D0xc3573a68, au=
io=3D0xdeb8fcbc, offset=3DUnhandled dwarf expression opcode 0x93
) at file.h:246
#17 0xc065b9bf in kern_writev (td=3D0xc374dc00, fd=3D4, auio=3D0xdeb8fcbc) =
at /usr/src/sys/kern/sys_generic.c:402
#18 0xc065b8e5 in write (td=3D0xc374dc00, uap=3D0x0) at /usr/src/sys/kern/s=
ys_generic.c:326
#19 0xc080b6eb in syscall (frame=3D
      {tf_fs =3D 59, tf_es =3D 59, tf_ds =3D 59, tf_edi =3D 134526528, tf_e=
si =3D 65536, tf_ebp =3D -1077941656, tf_isp =3D -558301852, tf_ebx =3D 655=
36, tf_edx =3D 0, tf_ecx =3D 134607176, tf_eax =3D 4, tf_trapno =3D 32, tf_=
err =3D 2, tf_eip =3D 672311759, tf_cs =3D 51, tf_eflags =3D 518, tf_esp =
=3D -1077941732, tf_ss =3D 59}) at /usr/src/sys/i386/i386/trap.c:981

#20 0xc07fa57f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s=
:200
#21 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)

For the last two panics I used GENERIC, sources are from yesterday.

Fabian
--=20
http://www.fabiankeil.de/

--Sig_d+Z+FPTJW7+CfAB5byqEFfU
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFDoA8/jV8GA4rMKUQRAshnAJ9CINROSxs/e7S44sJsx/ARr+a+2ACfZTm5
t8ChCwSxNPuYmE+EMKn6+jA=
=dwnD
-----END PGP SIGNATURE-----

--Sig_d+Z+FPTJW7+CfAB5byqEFfU--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051214132530.3b6daecd>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation