We're seeing similar panic's when using brk():
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char **argv) {
brk(malloc(0x21000));
printf("no crash!\n");
return 0;
}
This one is non-deterministic, probably due to address space randomization?
Sometimes it fails with a dmesg warning: "sbrk: grow 10734837760 failed,
error = 12"
and occasionally it panics: "panic: malloc: out of space in kmem_map".
The panic happens in amap_alloc1() as before, but in the slot allocation:
amap->am_slots = mallocarray(totalslots, MALLOC_SLOT_UNIT, M_UVMAMAP,
waitf);
for example:
#0 panic (fmt=0xffffffff81949540 "malloc: out of space in kmem_map")
at ../../../../kern/subr_prf.c:181
#1 0xffffffff811d5828 in malloc (size=33890304, type=98, flags=1)
at ../../../../kern/kern_malloc.c:240
#2 0xffffffff811d6c89 in mallocarray (nmemb=2118144, size=16, type=98,
flags=1) at ../../../../kern/kern_malloc.c:730
#3 0xffffffff813aeaf0 in amap_alloc1 (slots=2117970, padslots=16, waitf=1)
at ../../../../uvm/uvm_amap.c:201
from
#6 0xffffffff813d4a81 in sys_obreak (p=0xffff800003934478,
v=0xffff800003942e60, retval=0xffff800003942eb0)
at ../../../../uvm/uvm_unix.c:85
85 error = uvm_map(&vm->vm_map, &old, new - old, NULL,
(gdb) p/x new
$3 = 0x109543f54000
The crash seems to happen in some memory configurations and not others.
I was able to reproduce this occasionally on a 64M and 128M vm, but not on
a
256M, 512M or 1024M VM. I only get crashes and dmesg output when running
as root.
Testing done on amd64 using 5.9-stable from yesterday.
--
Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com
