Date: Sun, 19 Aug 2018 09:42:25 +0000 From: bugzilla-noreply@freebsd.org To: fs@FreeBSD.org Subject: [Bug 227784] zfs: Fatal trap 9: general protection fault while in kernel mode on shutdown Message-ID: <bug-227784-3630-MrjFgY74VK@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-227784-3630@https.bugs.freebsd.org/bugzilla/> References: <bug-227784-3630@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D227784 Vladimir Kondratyev <wulf@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wulf@freebsd.org --- Comment #10 from Vladimir Kondratyev <wulf@freebsd.org> --- (In reply to Andriy Gapon from comment #6) > Do you still have the crash dump? > If so, could you please provide full output of 'p *dd' ? I still observe the panic everyday, so I have a crash dump: (kgdb) frame 10 #10 0xffffffff8035f6dc in dsl_dir_evict_async (dbu=3D0xfffff80006b67400) at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dir.c:158 158 spa_async_close(dd->dd_pool->dp_spa, dd); (kgdb) p *dd $7 =3D {dd_dbu =3D {dbu_tqent =3D {tqent_task =3D {ta_link =3D { stqe_next =3D 0xfffff8000689b400}, ta_pending =3D 0, ta_priority = =3D 0,=20 ta_func =3D 0xffffffff802f5410 <taskq_run_ent>,=20 ta_context =3D 0xfffff80006b67400},=20 tqent_func =3D 0xffffffff8035f4e0 <dsl_dir_evict_async>,=20 tqent_arg =3D 0xfffff80006b67400}, dbu_evict_func_sync =3D 0x0,=20 dbu_evict_func_async =3D 0xffffffff8035f4e0 <dsl_dir_evict_async>,=20 dbu_clear_on_evict_dbufp =3D 0xfffff80006b67458}, dd_object =3D 12,=20 dd_pool =3D 0xfffff800066f5800, dd_dbuf =3D 0x0, dd_dirty_link =3D {tn_ne= xt =3D { 0x0, 0x0, 0x0, 0x0}, tn_member =3D "\000\000\000"},=20 dd_parent =3D 0xfffff80006b66c00, dd_lock =3D {lock_object =3D { lo_name =3D 0xffffffff80999c14 "dd->dd_lock", lo_flags =3D 577830912,= =20 lo_data =3D 0, lo_witness =3D 0x0}, sx_lock =3D 1}, dd_props =3D { list_size =3D 56, list_offset =3D 0, list_head =3D { list_next =3D 0xfffff80006b674c0, list_prev =3D 0xfffff80006b674c0}},= =20 dd_snap_cmtime =3D {tv_sec =3D 1534644915, tv_nsec =3D 715064905},=20 dd_origin_txg =3D 0, dd_tempreserved =3D {0, 0, 0, 0}, dd_space_towrite = =3D {0, 0,=20 0, 0}, dd_myname =3D "$ORIGIN", '\000' <repeats 248 times>} (kgdb) printf "%X\n", *(int *)dd->dd_pool DEADC0DE It looks like memory referenced by dd->dd_pool is already freed when spa_async_close() is called. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-227784-3630-MrjFgY74VK>