kern/102737: Panic at SMP kernel

hunreal hunreal at gmail.com
Fri Sep 1 03:40:17 UTC 2006 

>Number:         102737
>Category:       kern
>Synopsis:       Panic at SMP kernel
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 01 03:40:16 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     hunreal
>Release:        6.1-STABLE
>Organization:
>Environment:
FreeBSD work 6.1-STABLE FreeBSD 6.1-STABLE #0: Fri Sep  1 09:25:15 CST 2006     root at work:/usr/src/sys/i386/compile/SMP  i386

>Description:
OS panic while running SMP kernel, but work fine while non-SMP kernel.
It is a Web Server with Apache 2.2.3 worker MPM, PHP 5.1.6.
I have been tried 6.1-RELEASE, 6.1-STABLE, both are the same problem.
Attached kernel coredump backtrace,

Script started on Fri Sep  1 11:23:56 2006
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:
vm_page_free: pindex(25), busy(0), PG_BUSY(0), hold(0)
panic: vm_page_free: freeing free page
cpuid = 1
Uptime: 1h10m58s
Dumping 1023 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 1023MB (261872 pages) 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:165
#1  0xc04f827d in boot (howto=260) at ../../../kern/kern_shutdown.c:409
#2  0xc04f85a5 in panic (fmt=0xc066a970 "vm_page_free: freeing free page") at ../../../kern/kern_shutdown.c:565
#3  0xc05f3c73 in vm_page_free_toq (m=0xc0fc2428) at ../../../vm/vm_page.c:1091
#4  0xc05f32a5 in vm_page_free (m=0xc0fc2428) at ../../../vm/vm_page.c:471
#5  0xc05f0b71 in vm_object_terminate (object=0xc70d3528) at ../../../vm/vm_object.c:638
#6  0xc05f0a4b in vm_object_deallocate (object=0xc70d3528) at ../../../vm/vm_object.c:571
#7  0xc05ed4da in vm_map_entry_delete (map=0xc55524a0, entry=0xc5d3861c) at ../../../vm/vm_map.c:2280
#8  0xc05ed6a7 in vm_map_delete (map=0xc55524a0, start=3318975476, end=3217031168) at ../../../vm/vm_map.c:2373
#9  0xc05eb246 in vmspace_exit (td=0xc4c8c900) at ../../../vm/vm_map.c:308
#10 0xc04ded1a in exit1 (td=0xc4c8c900, rv=0) at ../../../kern/kern_exit.c:282
#11 0xc04de7c0 in sys_exit (td=0xc4c8c900, uap=0x0) at ../../../kern/kern_exit.c:97
#12 0xc062665b in syscall (frame=
      {tf_fs = 59, tf_es = -1078001605, tf_ds = -1078001605, tf_edi = 135216128, tf_esi = 135680080, tf_ebp = -1077942056, tf_isp = -418689692, tf_ebx = 673361280, tf_edx = 0, tf_ecx = 100176, tf_eax = 1, tf_trapno = 12, tf_err = 2, tf_eip = 673299207, tf_cs = 51, tf_eflags = 658, tf_esp = -1077942084, tf_ss = 59}) at ../../../i386/i386/trap.c:981
#13 0xc061282f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
#14 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) bt full
#0  doadump () at pcpu.h:165
No locals.
#1  0xc04f827d in boot (howto=260) at ../../../kern/kern_shutdown.c:409
	first_buf_printf = 1
#2  0xc04f85a5 in panic (fmt=0xc066a970 "vm_page_free: freeing free page") at ../../../kern/kern_shutdown.c:565
	td = (struct thread *) 0xc4c8c900
	bootopt = 260
	newpanic = 0
	ap = 0xc4c8c900 "\030\224\\培齖231?
	buf = "vm_page_free: freeing free page", '\0' <repeats 224 times>
#3  0xc05f3c73 in vm_page_free_toq (m=0xc0fc2428) at ../../../vm/vm_page.c:1091
	pq = (struct vpgqueues *) 0x4
#4  0xc05f32a5 in vm_page_free (m=0xc0fc2428) at ../../../vm/vm_page.c:471
No locals.
#5  0xc05f0b71 in vm_object_terminate (object=0xc70d3528) at ../../../vm/vm_object.c:638
	p = 0x0
#6  0xc05f0a4b in vm_object_deallocate (object=0xc70d3528) at ../../../vm/vm_object.c:571
	vfslocked = 0
	temp = 0x0
#7  0xc05ed4da in vm_map_entry_delete (map=0xc55524a0, entry=0xc5d3861c) at ../../../vm/vm_map.c:2280
	object = 0xc70d3528
	offidxstart = 0
	offidxend = 32
	count = 32
#8  0xc05ed6a7 in vm_map_delete (map=0xc55524a0, start=3318975476, end=3217031168) at ../../../vm/vm_map.c:2373
	next = 0xc5d38bf4
	entry = 0xc5d3861c
	first_entry = 0xc55524a0
#9  0xc05eb246 in vmspace_exit (td=0xc4c8c900) at ../../../vm/vm_map.c:308
	refcnt = 1
	vm = (struct vmspace *) 0xc55524a0
	p = (struct proc *) 0xc55c9418
#10 0xc04ded1a in exit1 (td=0xc4c8c900, rv=0) at ../../../kern/kern_exit.c:282
	p = (struct proc *) 0xc55c9418
	nq = (struct proc *) 0x0
	q = (struct proc *) 0xc4922b00
	tp = (struct tty *) 0xc05eb34f
	ttyvp = (struct vnode *) 0x0
	vtmp = (struct vnode *) 0xc4922b00
	tracevp = (struct vnode *) 0xc4922b00
	tracecred = (struct ucred *) 0x0
	plim = (struct plimit *) 0xc4922b00
---Type <return> to continue, or q <return> to quit---
	locked = 0
#11 0xc04de7c0 in sys_exit (td=0xc4c8c900, uap=0x0) at ../../../kern/kern_exit.c:97
No locals.
#12 0xc062665b in syscall (frame=
      {tf_fs = 59, tf_es = -1078001605, tf_ds = -1078001605, tf_edi = 135216128, tf_esi = 135680080, tf_ebp = -1077942056, tf_isp = -418689692, tf_ebx = 673361280, tf_edx = 0, tf_ecx = 100176, tf_eax = 1, tf_trapno = 12, tf_err = 2, tf_eip = 673299207, tf_cs = 51, tf_eflags = 658, tf_esp = -1077942084, tf_ss = 59}) at ../../../i386/i386/trap.c:981
	params = 0xbfbfe8c0 <Address 0xbfbfe8c0 out of bounds>
	callp = (struct sysent *) 0xc0684ecc
	td = (struct thread *) 0xc4c8c900
	p = (struct proc *) 0xc55c9418
	orig_tf_eflags = 658
	sticks = 1
	error = 0
	narg = 1
	args = {0, -418689736, 1, -1077944324, 12, 0, 1, -983788520}
	code = 1
#13 0xc061282f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
No locals.
#14 0x00000033 in ?? ()
No symbol table info available.
(kgdb) 
Script done on Fri Sep  1 11:24:20 2006

>How-To-Repeat:
Build kernel with SMP support then reboot and start apache2. It panic at any moment.
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list