From owner-freebsd-bugs@FreeBSD.ORG Fri Sep 1 03:40:17 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C03916A4DE for ; Fri, 1 Sep 2006 03:40:17 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B9FE943D4C for ; Fri, 1 Sep 2006 03:40:16 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k813eGKO062094 for ; Fri, 1 Sep 2006 03:40:16 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k813eGQn062093; Fri, 1 Sep 2006 03:40:16 GMT (envelope-from gnats) Resent-Date: Fri, 1 Sep 2006 03:40:16 GMT Resent-Message-Id: <200609010340.k813eGQn062093@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, hunreal Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2DD916A4DD for ; Fri, 1 Sep 2006 03:35:59 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EA4543D46 for ; Fri, 1 Sep 2006 03:35:59 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k813Zxac017671 for ; Fri, 1 Sep 2006 03:35:59 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id k813ZxOR017670; Fri, 1 Sep 2006 03:35:59 GMT (envelope-from nobody) Message-Id: <200609010335.k813ZxOR017670@www.freebsd.org> Date: Fri, 1 Sep 2006 03:35:59 GMT From: hunreal To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: kern/102737: Panic at SMP kernel X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Sep 2006 03:40:17 -0000 >Number: 102737 >Category: kern >Synopsis: Panic at SMP kernel >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Sep 01 03:40:16 GMT 2006 >Closed-Date: >Last-Modified: >Originator: hunreal >Release: 6.1-STABLE >Organization: >Environment: FreeBSD work 6.1-STABLE FreeBSD 6.1-STABLE #0: Fri Sep 1 09:25:15 CST 2006 root@work:/usr/src/sys/i386/compile/SMP i386 >Description: OS panic while running SMP kernel, but work fine while non-SMP kernel. It is a Web Server with Apache 2.2.3 worker MPM, PHP 5.1.6. I have been tried 6.1-RELEASE, 6.1-STABLE, both are the same problem. Attached kernel coredump backtrace, Script started on Fri Sep 1 11:23:56 2006 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: vm_page_free: pindex(25), busy(0), PG_BUSY(0), hold(0) panic: vm_page_free: freeing free page cpuid = 1 Uptime: 1h10m58s Dumping 1023 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 1023MB (261872 pages) 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 pcpu.h: No such file or directory. in pcpu.h (kgdb) where #0 doadump () at pcpu.h:165 #1 0xc04f827d in boot (howto=260) at ../../../kern/kern_shutdown.c:409 #2 0xc04f85a5 in panic (fmt=0xc066a970 "vm_page_free: freeing free page") at ../../../kern/kern_shutdown.c:565 #3 0xc05f3c73 in vm_page_free_toq (m=0xc0fc2428) at ../../../vm/vm_page.c:1091 #4 0xc05f32a5 in vm_page_free (m=0xc0fc2428) at ../../../vm/vm_page.c:471 #5 0xc05f0b71 in vm_object_terminate (object=0xc70d3528) at ../../../vm/vm_object.c:638 #6 0xc05f0a4b in vm_object_deallocate (object=0xc70d3528) at ../../../vm/vm_object.c:571 #7 0xc05ed4da in vm_map_entry_delete (map=0xc55524a0, entry=0xc5d3861c) at ../../../vm/vm_map.c:2280 #8 0xc05ed6a7 in vm_map_delete (map=0xc55524a0, start=3318975476, end=3217031168) at ../../../vm/vm_map.c:2373 #9 0xc05eb246 in vmspace_exit (td=0xc4c8c900) at ../../../vm/vm_map.c:308 #10 0xc04ded1a in exit1 (td=0xc4c8c900, rv=0) at ../../../kern/kern_exit.c:282 #11 0xc04de7c0 in sys_exit (td=0xc4c8c900, uap=0x0) at ../../../kern/kern_exit.c:97 #12 0xc062665b in syscall (frame= {tf_fs = 59, tf_es = -1078001605, tf_ds = -1078001605, tf_edi = 135216128, tf_esi = 135680080, tf_ebp = -1077942056, tf_isp = -418689692, tf_ebx = 673361280, tf_edx = 0, tf_ecx = 100176, tf_eax = 1, tf_trapno = 12, tf_err = 2, tf_eip = 673299207, tf_cs = 51, tf_eflags = 658, tf_esp = -1077942084, tf_ss = 59}) at ../../../i386/i386/trap.c:981 #13 0xc061282f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200 #14 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) bt full #0 doadump () at pcpu.h:165 No locals. #1 0xc04f827d in boot (howto=260) at ../../../kern/kern_shutdown.c:409 first_buf_printf = 1 #2 0xc04f85a5 in panic (fmt=0xc066a970 "vm_page_free: freeing free page") at ../../../kern/kern_shutdown.c:565 td = (struct thread *) 0xc4c8c900 bootopt = 260 newpanic = 0 ap = 0xc4c8c900 "\030\224\\培齖231? buf = "vm_page_free: freeing free page", '\0' #3 0xc05f3c73 in vm_page_free_toq (m=0xc0fc2428) at ../../../vm/vm_page.c:1091 pq = (struct vpgqueues *) 0x4 #4 0xc05f32a5 in vm_page_free (m=0xc0fc2428) at ../../../vm/vm_page.c:471 No locals. #5 0xc05f0b71 in vm_object_terminate (object=0xc70d3528) at ../../../vm/vm_object.c:638 p = 0x0 #6 0xc05f0a4b in vm_object_deallocate (object=0xc70d3528) at ../../../vm/vm_object.c:571 vfslocked = 0 temp = 0x0 #7 0xc05ed4da in vm_map_entry_delete (map=0xc55524a0, entry=0xc5d3861c) at ../../../vm/vm_map.c:2280 object = 0xc70d3528 offidxstart = 0 offidxend = 32 count = 32 #8 0xc05ed6a7 in vm_map_delete (map=0xc55524a0, start=3318975476, end=3217031168) at ../../../vm/vm_map.c:2373 next = 0xc5d38bf4 entry = 0xc5d3861c first_entry = 0xc55524a0 #9 0xc05eb246 in vmspace_exit (td=0xc4c8c900) at ../../../vm/vm_map.c:308 refcnt = 1 vm = (struct vmspace *) 0xc55524a0 p = (struct proc *) 0xc55c9418 #10 0xc04ded1a in exit1 (td=0xc4c8c900, rv=0) at ../../../kern/kern_exit.c:282 p = (struct proc *) 0xc55c9418 nq = (struct proc *) 0x0 q = (struct proc *) 0xc4922b00 tp = (struct tty *) 0xc05eb34f ttyvp = (struct vnode *) 0x0 vtmp = (struct vnode *) 0xc4922b00 tracevp = (struct vnode *) 0xc4922b00 tracecred = (struct ucred *) 0x0 plim = (struct plimit *) 0xc4922b00 ---Type to continue, or q to quit--- locked = 0 #11 0xc04de7c0 in sys_exit (td=0xc4c8c900, uap=0x0) at ../../../kern/kern_exit.c:97 No locals. #12 0xc062665b in syscall (frame= {tf_fs = 59, tf_es = -1078001605, tf_ds = -1078001605, tf_edi = 135216128, tf_esi = 135680080, tf_ebp = -1077942056, tf_isp = -418689692, tf_ebx = 673361280, tf_edx = 0, tf_ecx = 100176, tf_eax = 1, tf_trapno = 12, tf_err = 2, tf_eip = 673299207, tf_cs = 51, tf_eflags = 658, tf_esp = -1077942084, tf_ss = 59}) at ../../../i386/i386/trap.c:981 params = 0xbfbfe8c0
callp = (struct sysent *) 0xc0684ecc td = (struct thread *) 0xc4c8c900 p = (struct proc *) 0xc55c9418 orig_tf_eflags = 658 sticks = 1 error = 0 narg = 1 args = {0, -418689736, 1, -1077944324, 12, 0, 1, -983788520} code = 1 #13 0xc061282f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200 No locals. #14 0x00000033 in ?? () No symbol table info available. (kgdb) Script done on Fri Sep 1 11:24:20 2006 >How-To-Repeat: Build kernel with SMP support then reboot and start apache2. It panic at any moment. >Fix: >Release-Note: >Audit-Trail: >Unformatted: