Date: Mon, 27 Oct 2025 12:25:11 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 290571] [zfs] panic: Memory modified after free 0xfffffe0184c00000(8192) val=80bef961b6c4beea @ 0xfffffe0184c00000 Message-ID: <bug-290571-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290571 Bug ID: 290571 Summary: [zfs] panic: Memory modified after free 0xfffffe0184c00000(8192) val=80bef961b6c4beea @ 0xfffffe0184c00000 Product: Base System Version: 14.3-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: vova@fbsd.ru running stable/14-087fc6ae0a8c, amd64 with debug configuration (std.debug): I've got a panic while zfs scrub process (cannot connect to any specific actions in system): panic: Memory modified after free 0xfffffe0184c00000(8192) val=80bef961b6c4beea @ 0xfffffe0184c00000 (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57 #1 doadump (textdump=textdump@entry=1) at /usr/src/sys/kern/kern_shutdown.c:405 #2 0xffffffff80b0d420 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:523 #3 0xffffffff80b0d939 in vpanic (fmt=0xffffffff811f4698 "Memory modified after free %p(%d) val=%lx @ %p\n", ap=ap@entry=0xfffffe039c2acab0) at /usr/src/sys/kern/kern_shutdown.c:967 #4 0xffffffff80b0d6c3 in panic (fmt=<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:891 #5 0xffffffff80ebeb33 in trash_ctor (mem=<unavailable>, size=<unavailable>, arg=<optimized out>, flags=<optimized out>) at /usr/src/sys/vm/uma_dbg.c:78 #6 0xffffffff80eb71d6 in item_ctor (zone=0xfffffe010982c800, uz_flags=1101070336, size=8192, udata=0xfffff80005079040, flags=2, item=0xfffffe0184c00000) at /usr/src/sys/vm/uma_core.c:3471 #7 0xffffffff82526ab3 in kmem_cache_alloc (cache=<unavailable>, flags=<unavailable>, flags@entry=2) at /usr/src/sys/contrib/openzfs/module/os/freebsd/spl/spl_kmem.c:194 #8 0xffffffff8273f6a7 in zio_data_buf_alloc (size=8192) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:394 #9 0xffffffff825681f5 in abd_alloc_linear (size=8192, is_metadata=0) at /usr/src/sys/contrib/openzfs/module/zfs/abd.c:226 #10 0xffffffff8274a5fd in zio_vdev_io_start (zio=0xfffffe01631f0300) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:3942 #11 0xffffffff82742208 in __zio_execute (zio=<optimized out>) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:2350 #12 zio_nowait (zio=<optimized out>) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:2437 #13 0xffffffff82685717 in vdev_mirror_io_start (zio=0xfffffe0163998ac0) at /usr/src/sys/contrib/openzfs/module/zfs/vdev_mirror.c:645 #14 0xffffffff8274a8d3 in zio_vdev_io_start (zio=0xfffffe0163998ac0) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:3917 #15 0xffffffff82742208 in __zio_execute (zio=<optimized out>) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:2350 #16 zio_nowait (zio=<optimized out>) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:2437 #17 0xffffffff8260f783 in scan_exec_io (dp=<optimized out>, bp=0xfffff8000565b800, bp@entry=0xfffffe039c2acd00, zio_flags=-2048, zb=0xe20c2de000, zb@entry=0xfffff80563a70590, queue=queue@entry=0xfffff8000565b800) at /usr/src/sys/contrib/openzfs/module/zfs/dsl_scan.c:4862 #18 0xffffffff82613d1f in scan_io_queue_issue (queue=0xfffff8000565b800, io_list=0xfffffe039c2acd90) at /usr/src/sys/contrib/openzfs/module/zfs/dsl_scan.c:3224 #19 scan_io_queues_run_one (arg=0xfffff8000565b800) at /usr/src/sys/contrib/openzfs/module/zfs/dsl_scan.c:3440 #20 0xffffffff82529ac7 in taskq_run (arg=0xfffff8056eacca80, pending=<unavailable>) at /usr/src/sys/contrib/openzfs/module/os/freebsd/spl/spl_taskq.c:311 #21 0xffffffff80b75392 in taskqueue_run_locked (queue=queue@entry=0xfffff80018c00b00) at /usr/src/sys/kern/subr_taskqueue.c:518 #22 0xffffffff80b76283 in taskqueue_thread_loop (arg=arg@entry=0xfffff8005f59e2a0) at /usr/src/sys/kern/subr_taskqueue.c:830 #23 0xffffffff80ac0022 in fork_exit (callout=0xffffffff80b761b0 <taskqueue_thread_loop>, arg=0xfffff8005f59e2a0, frame=0xfffffe039c2acf40) at /usr/src/sys/kern/kern_fork.c:1153 #24 <signal handler called> #25 0x000000082b5da59a in ?? () Backtrace stopped: Cannot access memory at address 0x82d889a88 (kgdb) from core.txt: __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57 57 __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu, (kgdb) #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57 td = <optimized out> #1 doadump (textdump=textdump@entry=1) at /usr/src/sys/kern/kern_shutdown.c:405 error = 0 coredump = <optimized out> #2 0xffffffff80b0d420 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:523 once = 0 __pc = 0x0 #3 0xffffffff80b0d939 in vpanic ( fmt=0xffffffff811f4698 "Memory modified after free %p(%d) val=%lx @ %p\n", ap=ap@entry=0xfffffe039c2acab0) at /usr/src/sys/kern/kern_shutdown.c:967 buf = "Memory modified after free 0xfffffe0184c00000(8192) val=80bef961b6c4beea @ 0xfffffe0184c00000\n", '\000' <repeats 161 times> __pc = 0x0 __pc = 0x0 __pc = 0x0 other_cpus = {__bits = {3583, 0 <repeats 15 times>}} td = 0xfffff8021c8c0000 bootopt = <unavailable> newpanic = <optimized out> #4 0xffffffff80b0d6c3 in panic (fmt=<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:891 ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0xfffffe039c2acae0, reg_save_area = 0xfffffe039c2aca80}} #5 0xffffffff80ebeb33 in trash_ctor (mem=<unavailable>, size=<unavailable>, arg=<optimized out>, flags=<optimized out>) at /usr/src/sys/vm/uma_dbg.c:78 p = <unavailable> e = <optimized out> #6 0xffffffff80eb71d6 in item_ctor (zone=0xfffffe010982c800, uz_flags=1101070336, size=8192, udata=0xfffff80005079040, flags=2, item=0xfffffe0184c00000) at /usr/src/sys/vm/uma_core.c:3471 skipdbg = false #7 0xffffffff82526ab3 in kmem_cache_alloc (cache=<unavailable>, flags=<unavailable>, flags@entry=2) at /usr/src/sys/contrib/openzfs/module/os/freebsd/spl/spl_kmem.c:194 No locals. #8 0xffffffff8273f6a7 in zio_data_buf_alloc (size=8192) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:394 c = 15 p = <optimized out> #9 0xffffffff825681f5 in abd_alloc_linear (size=8192, is_metadata=0) at /usr/src/sys/contrib/openzfs/module/zfs/abd.c:226 abd = 0xfffff801c6ff1b00 #10 0xffffffff8274a5fd in zio_vdev_io_start (zio=0xfffffe01631f0300) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:3942 asize = 8192 abuf = <optimized out> spa = <optimized out> vd = 0xfffffe01595cc000 align = 4096 #11 0xffffffff82742208 in __zio_execute (zio=<optimized out>) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:2350 stage = ZIO_STAGE_VDEV_IO_START pipeline = <optimized out> #12 zio_nowait (zio=<optimized out>) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:2437 __pc = 0x0 #13 0xffffffff82685717 in vdev_mirror_io_start (zio=0xfffffe0163998ac0) at /usr/src/sys/contrib/openzfs/module/zfs/vdev_mirror.c:645 first = 1 mm = 0xfffff805de6d1800 c = 0 children = <optimized out> mc = <optimized out> #14 0xffffffff8274a8d3 in zio_vdev_io_start (zio=0xfffffe0163998ac0) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:3917 spa = <optimized out> vd = 0x0 align = <optimized out> #15 0xffffffff82742208 in __zio_execute (zio=<optimized out>) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:2350 stage = ZIO_STAGE_VDEV_IO_START pipeline = <optimized out> #16 zio_nowait (zio=<optimized out>) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:2437 __pc = 0x0 #17 0xffffffff8260f783 in scan_exec_io (dp=<optimized out>, bp=0xfffff8000565b800, bp@entry=0xfffffe039c2acd00, zio_flags=-2048, zb=0xe20c2de000, zb@entry=0xfffff80563a70590, queue=queue@entry=0xfffff8000565b800) at /usr/src/sys/contrib/openzfs/module/zfs/dsl_scan.c:4862 spa = <optimized out> scn = <optimized out> size = 443097089 data = 0xfffffe01595cf0b8 pio = <optimized out> #18 0xffffffff82613d1f in scan_io_queue_issue (queue=0xfffff8000565b800, io_list=0xfffffe039c2acd90) at /usr/src/sys/contrib/openzfs/module/zfs/dsl_scan.c:3224 bp = {blk_dva = {{dva_word = {32, 1896283680}}, {dva_word = {0, 0}}, { dva_word = {0, 0}}}, blk_prop = 9228727766584328203, blk_pad = { 0, 0}, blk_phys_birth = 0, blk_birth = 23493233, blk_fill = 1, blk_cksum = {zc_word = {2732426329680, 2235912509430093, 1137159171823244639, 7255303492256605651}}} scn = 0xfffff8000e99d400 suspended = 0 sio = <optimized out> #19 scan_io_queues_run_one (arg=0xfffff8000565b800) at /usr/src/sys/contrib/openzfs/module/zfs/dsl_scan.c:3440 first_sio = <optimized out> last_sio = <optimized out> seg_start = 970866941952 seg_end = 970898120704 more_left = <optimized out> sio_list = {list_size = 120, list_offset = 96, list_head = { list_next = 0xfffff80563a705b0, list_prev = 0xfffff80563a74858}} queue = 0xfffff8000565b800 q_lock = 0xfffffe01595cf0b8 suspended = <optimized out> zio = 0xfffffe044d7d4ac0 rs = <optimized out> sio = <optimized out> #20 0xffffffff82529ac7 in taskq_run (arg=0xfffff8056eacca80, pending=<unavailable>) at /usr/src/sys/contrib/openzfs/module/os/freebsd/spl/spl_taskq.c:311 task = 0xfffff8056eacca80 #21 0xffffffff80b75392 in taskqueue_run_locked ( queue=queue@entry=0xfffff80018c00b00) at /usr/src/sys/kern/subr_taskqueue.c:518 et = {et_link = {tqe_next = 0xffffffff812183c3, tqe_prev = 0x0}, et_td = 0x0, et_section = {bucket = 2166642066}, et_old_priority = 255 '\377'} tb = {tb_running = 0xfffff8056eacca80, tb_seq = 2239, tb_canceling = false, tb_link = {le_next = 0x0, le_prev = 0xfffff80018c00b10}} in_net_epoch = false pending = 1 task = <optimized out> #22 0xffffffff80b76283 in taskqueue_thread_loop ( arg=arg@entry=0xfffff8005f59e2a0) at /usr/src/sys/kern/subr_taskqueue.c:830 tqp = <optimized out> tq = 0xfffff80018c00b00 #23 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b761b0 <taskqueue_thread_loop>, arg=0xfffff8005f59e2a0, frame=0xfffffe039c2acf40) at /usr/src/sys/kern/kern_fork.c:1153 __pc = 0x0 __pc = 0x0 td = 0xfffff8021c8c0000 p = 0xfffffe00e2473060 dtd = <optimized out> #24 <signal handler called> No locals. #25 0x000000082b5da59a in ?? () No symbol table info available. Backtrace stopped: Cannot access memory at address 0x82d889a88 (kgdb) (kgdb) Tracing command "idle\000l", '\000' <repeats 13 times> pid 11 tid 100003 (CPU 0) #0 cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1530 #1 0xffffffff81009388 in ipi_nmi_handler () at /usr/src/sys/x86/x86/mp_x86.c:1487 #2 0xffffffff810406a6 in trap (frame=0xffffffff81cef340 <nmi0_stack+3888>) at /usr/src/sys/amd64/amd64/trap.c:248 #3 <signal handler called> #4 0xffffffff80ffe764 in cpu_idle_mwait (sbt=<optimized out>) at /usr/src/sys/x86/x86/cpu_machdep.c:618 #5 cpu_idle (busy=<optimized out>) at /usr/src/sys/x86/x86/cpu_machdep.c:659 #6 0xffffffff80b43e34 in sched_idletd (dummy=dummy@entry=0x0) at /usr/src/sys/kern/sched_ule.c:3202 #7 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b43910 <sched_idletd>, arg=0x0, frame=0xfffffe0035de8f40) at /usr/src/sys/kern/kern_fork.c:1153 #8 <signal handler called> #9 0x0644dc750a04dc71 in ?? () Backtrace stopped: Cannot access memory at address 0xa1734739ad33473d Tracing command "idle\000l", '\000' <repeats 13 times> pid 11 tid 100004 (CPU 1) #0 cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1530 #1 0xffffffff81009388 in ipi_nmi_handler () at /usr/src/sys/x86/x86/mp_x86.c:1487 #2 0xffffffff810406a6 in trap (frame=0xfffffe003a4bcf30) at /usr/src/sys/amd64/amd64/trap.c:248 #3 <signal handler called> #4 0xffffffff80ffe764 in cpu_idle_mwait (sbt=<optimized out>) at /usr/src/sys/x86/x86/cpu_machdep.c:618 #5 cpu_idle (busy=<optimized out>) at /usr/src/sys/x86/x86/cpu_machdep.c:659 #6 0xffffffff80b43e34 in sched_idletd (dummy=dummy@entry=0x0) at /usr/src/sys/kern/sched_ule.c:3202 #7 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b43910 <sched_idletd>, arg=0x0, frame=0xfffffe0035de3f40) at /usr/src/sys/kern/kern_fork.c:1153 #8 <signal handler called> #9 0x420a3de64e4a3de2 in ?? () Backtrace stopped: Cannot access memory at address 0xe53da6aae97da6ae Tracing command "idle\000l", '\000' <repeats 13 times> pid 11 tid 100005 (CPU 2) #0 cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1530 #1 0xffffffff81009388 in ipi_nmi_handler () at /usr/src/sys/x86/x86/mp_x86.c:1487 #2 0xffffffff810406a6 in trap (frame=0xfffffe003a4cbf30) at /usr/src/sys/amd64/amd64/trap.c:248 #3 <signal handler called> #4 0xffffffff80ffe764 in cpu_idle_mwait (sbt=<optimized out>) at /usr/src/sys/x86/x86/cpu_machdep.c:618 #5 cpu_idle (busy=<optimized out>) at /usr/src/sys/x86/x86/cpu_machdep.c:659 #6 0xffffffff80b43e34 in sched_idletd (dummy=dummy@entry=0x0) at /usr/src/sys/kern/sched_ule.c:3202 #7 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b43910 <sched_idletd>, arg=0x0, frame=0xfffffe0035df2f40) at /usr/src/sys/kern/kern_fork.c:1153 #8 <signal handler called> #9 0x272655f72b6655f3 in ?? () Backtrace stopped: Cannot access memory at address 0x8011cebb8c51ce9f Tracing command "idle\000l", '\000' <repeats 13 times> pid 11 tid 100006 (CPU 3) #0 cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1530 #1 0xffffffff81009388 in ipi_nmi_handler () at /usr/src/sys/x86/x86/mp_x86.c:1487 #2 0xffffffff810406a6 in trap (frame=0xfffffe003a4daf30) at /usr/src/sys/amd64/amd64/trap.c:248 #3 <signal handler called> #4 acpi_cpu_idle_mwait (mwait_hint=0) at /usr/src/sys/x86/x86/cpu_machdep.c:294 #5 0xffffffff804c3052 in acpi_cpu_idle (sbt=<optimized out>) at /usr/src/sys/dev/acpica/acpi_cpu.c:1160 #6 0xffffffff80ffe640 in cpu_idle_acpi (sbt=170000625) at /usr/src/sys/x86/x86/cpu_machdep.c:590 #7 0xffffffff80ffe716 in cpu_idle (busy=0) at /usr/src/sys/x86/x86/cpu_machdep.c:679 #8 0xffffffff80b43e34 in sched_idletd (dummy=dummy@entry=0x0) at /usr/src/sys/kern/sched_ule.c:3202 #9 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b43910 <sched_idletd>, arg=0x0, frame=0xfffffe0035dedf40) at /usr/src/sys/kern/kern_fork.c:1153 #10 <signal handler called> #11 0xdb55c4f6d715c4f2 in ?? () Backtrace stopped: Cannot access memory at address 0x7c625fba70225fbe Tracing command "idle\000l", '\000' <repeats 13 times> pid 11 tid 100007 (CPU 4) #0 cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1530 #1 0xffffffff81009388 in ipi_nmi_handler () at /usr/src/sys/x86/x86/mp_x86.c:1487 #2 0xffffffff810406a6 in trap (frame=0xfffffe003a4e9f30) at /usr/src/sys/amd64/amd64/trap.c:248 #3 <signal handler called> #4 acpi_cpu_idle_mwait (mwait_hint=0) at /usr/src/sys/x86/x86/cpu_machdep.c:294 #5 0xffffffff804c3052 in acpi_cpu_idle (sbt=<optimized out>) at /usr/src/sys/dev/acpica/acpi_cpu.c:1160 #6 0xffffffff80ffe640 in cpu_idle_acpi (sbt=460954287) at /usr/src/sys/x86/x86/cpu_machdep.c:590 #7 0xffffffff80ffe716 in cpu_idle (busy=0) at /usr/src/sys/x86/x86/cpu_machdep.c:679 #8 0xffffffff80b43e34 in sched_idletd (dummy=dummy@entry=0x0) at /usr/src/sys/kern/sched_ule.c:3202 #9 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b43910 <sched_idletd>, arg=0x0, frame=0xfffffe0035dfcf40) at /usr/src/sys/kern/kern_fork.c:1153 #10 <signal handler called> #11 0xbe79ace7b239ace3 in ?? () Backtrace stopped: Cannot access memory at address 0x194e37ab150e37af Tracing command "idle\000l", '\000' <repeats 13 times> pid 11 tid 100008 (CPU 5) #0 cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1530 #1 0xffffffff81009388 in ipi_nmi_handler () at /usr/src/sys/x86/x86/mp_x86.c:1487 #2 0xffffffff810406a6 in trap (frame=0xfffffe003a4f8f30) at /usr/src/sys/amd64/amd64/trap.c:248 #3 <signal handler called> #4 acpi_cpu_idle_mwait (mwait_hint=0) at /usr/src/sys/x86/x86/cpu_machdep.c:294 #5 0xffffffff804c3052 in acpi_cpu_idle (sbt=<optimized out>) at /usr/src/sys/dev/acpica/acpi_cpu.c:1160 #6 0xffffffff80ffe640 in cpu_idle_acpi (sbt=602573982) at /usr/src/sys/x86/x86/cpu_machdep.c:590 #7 0xffffffff80ffe716 in cpu_idle (busy=0) at /usr/src/sys/x86/x86/cpu_machdep.c:679 #8 0xffffffff80b43e34 in sched_idletd (dummy=dummy@entry=0x0) at /usr/src/sys/kern/sched_ule.c:3202 #9 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b43910 <sched_idletd>, arg=0x0, frame=0xfffffe0035df7f40) at /usr/src/sys/kern/kern_fork.c:1153 #10 <signal handler called> #11 0xfa374d74f6774d70 in ?? () Backtrace stopped: Cannot access memory at address 0x5d00d6385140d63c Tracing command "idle\000l", '\000' <repeats 13 times> pid 11 tid 100009 (CPU 6) #0 cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1530 #1 0xffffffff81009388 in ipi_nmi_handler () at /usr/src/sys/x86/x86/mp_x86.c:1487 #2 0xffffffff810406a6 in trap (frame=0xfffffe003a507f30) at /usr/src/sys/amd64/amd64/trap.c:248 #3 <signal handler called> #4 0xffffffff80ffe764 in cpu_idle_mwait (sbt=<optimized out>) at /usr/src/sys/x86/x86/cpu_machdep.c:618 #5 cpu_idle (busy=<optimized out>) at /usr/src/sys/x86/x86/cpu_machdep.c:659 #6 0xffffffff80b43e34 in sched_idletd (dummy=dummy@entry=0x0) at /usr/src/sys/kern/sched_ule.c:3202 #7 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b43910 <sched_idletd>, arg=0x0, frame=0xfffffe00e2035f40) at /usr/src/sys/kern/kern_fork.c:1153 #8 <signal handler called> #9 0x9b20d62a9760d62e in ?? () Backtrace stopped: Cannot access memory at address 0x3c17816630574d62 Tracing command "idle\000l", '\000' <repeats 13 times> pid 11 tid 100010 (CPU 7) #0 cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1530 #1 0xffffffff81009388 in ipi_nmi_handler () at /usr/src/sys/x86/x86/mp_x86.c:1487 #2 0xffffffff810406a6 in trap (frame=0xfffffe003a516f30) at /usr/src/sys/amd64/amd64/trap.c:248 #3 <signal handler called> #4 acpi_cpu_idle_mwait (mwait_hint=0) at /usr/src/sys/x86/x86/cpu_machdep.c:294 #5 0xffffffff804c3052 in acpi_cpu_idle (sbt=<optimized out>) at /usr/src/sys/dev/acpica/acpi_cpu.c:1160 #6 0xffffffff80ffe640 in cpu_idle_acpi (sbt=117142668) at /usr/src/sys/x86/x86/cpu_machdep.c:590 #7 0xffffffff80ffe716 in cpu_idle (busy=0) at /usr/src/sys/x86/x86/cpu_machdep.c:679 #8 0xffffffff80b43e34 in sched_idletd (dummy=dummy@entry=0x0) at /usr/src/sys/kern/sched_ule.c:3202 #9 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b43910 <sched_idletd>, arg=0x0, frame=0xfffffe00e2030f40) at /usr/src/sys/kern/kern_fork.c:1153 #10 <signal handler called> #11 0x4631cea94a71cead in ?? () Backtrace stopped: Cannot access memory at address 0xe10655e5ed4655e1 Tracing command "idle\000l", '\000' <repeats 13 times> pid 11 tid 100011 (CPU 8) #0 cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1530 #1 0xffffffff81009388 in ipi_nmi_handler () at /usr/src/sys/x86/x86/mp_x86.c:1487 #2 0xffffffff810406a6 in trap (frame=0xfffffe003a525f30) at /usr/src/sys/amd64/amd64/trap.c:248 #3 <signal handler called> #4 0xffffffff80ffe764 in cpu_idle_mwait (sbt=<optimized out>) at /usr/src/sys/x86/x86/cpu_machdep.c:618 #5 cpu_idle (busy=<optimized out>) at /usr/src/sys/x86/x86/cpu_machdep.c:659 #6 0xffffffff80b43e34 in sched_idletd (dummy=dummy@entry=0x0) at /usr/src/sys/kern/sched_ule.c:3202 #7 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b43910 <sched_idletd>, arg=0x0, frame=0xfffffe00e203ff40) at /usr/src/sys/kern/kern_fork.c:1153 #8 <signal handler called> #9 0x8c805fac80c05fa8 in ?? () Backtrace stopped: Cannot access memory at address 0x2bb7c4e027f7c4e4 Tracing command "zfskern", '\000' <repeats 12 times> pid 6 tid 101790 (CPU 9) #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57 #1 doadump (textdump=textdump@entry=1) at /usr/src/sys/kern/kern_shutdown.c:405 #2 0xffffffff80b0d420 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:523 #3 0xffffffff80b0d939 in vpanic ( fmt=0xffffffff811f4698 "Memory modified after free %p(%d) val=%lx @ %p\n", ap=ap@entry=0xfffffe039c2acab0) at /usr/src/sys/kern/kern_shutdown.c:967 #4 0xffffffff80b0d6c3 in panic (fmt=<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:891 #5 0xffffffff80ebeb33 in trash_ctor (mem=<unavailable>, size=<unavailable>, arg=<optimized out>, flags=<optimized out>) at /usr/src/sys/vm/uma_dbg.c:78 #6 0xffffffff80eb71d6 in item_ctor (zone=0xfffffe010982c800, uz_flags=1101070336, size=8192, udata=0xfffff80005079040, flags=2, item=0xfffffe0184c00000) at /usr/src/sys/vm/uma_core.c:3471 #7 0xffffffff82526ab3 in kmem_cache_alloc (cache=<unavailable>, flags=<unavailable>, flags@entry=2) at /usr/src/sys/contrib/openzfs/module/os/freebsd/spl/spl_kmem.c:194 #8 0xffffffff8273f6a7 in zio_data_buf_alloc (size=8192) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:394 #9 0xffffffff825681f5 in abd_alloc_linear (size=8192, is_metadata=0) at /usr/src/sys/contrib/openzfs/module/zfs/abd.c:226 #10 0xffffffff8274a5fd in zio_vdev_io_start (zio=0xfffffe01631f0300) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:3942 #11 0xffffffff82742208 in __zio_execute (zio=<optimized out>) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:2350 #12 zio_nowait (zio=<optimized out>) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:2437 #13 0xffffffff82685717 in vdev_mirror_io_start (zio=0xfffffe0163998ac0) at /usr/src/sys/contrib/openzfs/module/zfs/vdev_mirror.c:645 #14 0xffffffff8274a8d3 in zio_vdev_io_start (zio=0xfffffe0163998ac0) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:3917 #15 0xffffffff82742208 in __zio_execute (zio=<optimized out>) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:2350 #16 zio_nowait (zio=<optimized out>) at /usr/src/sys/contrib/openzfs/module/zfs/zio.c:2437 #17 0xffffffff8260f783 in scan_exec_io (dp=<optimized out>, bp=0xfffff8000565b800, bp@entry=0xfffffe039c2acd00, zio_flags=-2048, zb=0xe20c2de000, zb@entry=0xfffff80563a70590, queue=queue@entry=0xfffff8000565b800) at /usr/src/sys/contrib/openzfs/module/zfs/dsl_scan.c:4862 #18 0xffffffff82613d1f in scan_io_queue_issue (queue=0xfffff8000565b800, io_list=0xfffffe039c2acd90) at /usr/src/sys/contrib/openzfs/module/zfs/dsl_scan.c:3224 #19 scan_io_queues_run_one (arg=0xfffff8000565b800) at /usr/src/sys/contrib/openzfs/module/zfs/dsl_scan.c:3440 #20 0xffffffff82529ac7 in taskq_run (arg=0xfffff8056eacca80, pending=<unavailable>) at /usr/src/sys/contrib/openzfs/module/os/freebsd/spl/spl_taskq.c:311 #21 0xffffffff80b75392 in taskqueue_run_locked ( queue=queue@entry=0xfffff80018c00b00) at /usr/src/sys/kern/subr_taskqueue.c:518 #22 0xffffffff80b76283 in taskqueue_thread_loop ( arg=arg@entry=0xfffff8005f59e2a0) at /usr/src/sys/kern/subr_taskqueue.c:830 #23 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b761b0 <taskqueue_thread_loop>, arg=0xfffff8005f59e2a0, frame=0xfffffe039c2acf40) at /usr/src/sys/kern/kern_fork.c:1153 #24 <signal handler called> #25 0x000000082b5da59a in ?? () Backtrace stopped: Cannot access memory at address 0x82d889a88 Tracing command "idle\000l", '\000' <repeats 13 times> pid 11 tid 100013 (CPU 10) #0 cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1530 #1 0xffffffff81009388 in ipi_nmi_handler () at /usr/src/sys/x86/x86/mp_x86.c:1487 #2 0xffffffff810406a6 in trap (frame=0xfffffe003a543f30) at /usr/src/sys/amd64/amd64/trap.c:248 #3 <signal handler called> #4 acpi_cpu_idle_mwait (mwait_hint=0) at /usr/src/sys/x86/x86/cpu_machdep.c:294 #5 0xffffffff804c3052 in acpi_cpu_idle (sbt=<optimized out>) at /usr/src/sys/dev/acpica/acpi_cpu.c:1160 #6 0xffffffff80ffe640 in cpu_idle_acpi (sbt=162698271) at /usr/src/sys/x86/x86/cpu_machdep.c:590 #7 0xffffffff80ffe716 in cpu_idle (busy=0) at /usr/src/sys/x86/x86/cpu_machdep.c:679 #8 0xffffffff80b43e34 in sched_idletd (dummy=dummy@entry=0x0) at /usr/src/sys/kern/sched_ule.c:3202 #9 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b43910 <sched_idletd>, arg=0x0, frame=0xfffffe00e2049f40) at /usr/src/sys/kern/kern_fork.c:1153 #10 <signal handler called> #11 0x595d94db551d94df in ?? () Backtrace stopped: Cannot access memory at address 0xfe6a0f97f22a0f93 Tracing command "idle\000l", '\000' <repeats 13 times> pid 11 tid 100014 (CPU 11) #0 cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1530 #1 0xffffffff81009388 in ipi_nmi_handler () at /usr/src/sys/x86/x86/mp_x86.c:1487 #2 0xffffffff810406a6 in trap (frame=0xfffffe003a552f30) at /usr/src/sys/amd64/amd64/trap.c:248 #3 <signal handler called> #4 acpi_cpu_idle_mwait (mwait_hint=0) at /usr/src/sys/x86/x86/cpu_machdep.c:294 #5 0xffffffff804c3052 in acpi_cpu_idle (sbt=<optimized out>) at /usr/src/sys/dev/acpica/acpi_cpu.c:1160 #6 0xffffffff80ffe640 in cpu_idle_acpi (sbt=451953162) at /usr/src/sys/x86/x86/cpu_machdep.c:590 #7 0xffffffff80ffe716 in cpu_idle (busy=0) at /usr/src/sys/x86/x86/cpu_machdep.c:679 #8 0xffffffff80b43e34 in sched_idletd (dummy=dummy@entry=0x0) at /usr/src/sys/kern/sched_ule.c:3202 #9 0xffffffff80ac0022 in fork_exit ( callout=0xffffffff80b43910 <sched_idletd>, arg=0x0, frame=0xfffffe00e2044f40) at /usr/src/sys/kern/kern_fork.c:1153 #10 <signal handler called> #11 0x51dc976e5d9c976a in ?? () Backtrace stopped: Cannot access memory at address 0xf6e30c22faab0c26 (kgdb) -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-290571-227>