Use after Free panic: ZFS?
Andriy Gapon
avg at FreeBSD.org
Wed Jan 30 12:55:07 UTC 2019
On 29/01/2019 16:43, Larry Rosenman wrote:
> panic: Memory modified after free 0xfffff807019ca980(32) val=0 @ 0xfffff807019ca980
>
> cpuid = 5
> time = 1548755136
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00f750c880
> vpanic() at vpanic+0x1b4/frame 0xfffffe00f750c8e0
> panic() at panic+0x43/frame 0xfffffe00f750c940
> trash_ctor() at trash_ctor+0x4c/frame 0xfffffe00f750c950
> uma_zalloc_arg() at uma_zalloc_arg+0x9df/frame 0xfffffe00f750c9e0
> uma_zfree_arg() at uma_zfree_arg+0x46a/frame 0xfffffe00f750ca40
> arc_buf_destroy_impl() at arc_buf_destroy_impl+0x133/frame 0xfffffe00f750ca80
> arc_buf_destroy() at arc_buf_destroy+0x17a/frame 0xfffffe00f750cab0
> dbuf_destroy() at dbuf_destroy+0x87/frame 0xfffffe00f750cb10
> dbuf_evict_one() at dbuf_evict_one+0x187/frame 0xfffffe00f750cb40
> dbuf_evict_thread() at dbuf_evict_thread+0x185/frame 0xfffffe00f750cbb0
> fork_exit() at fork_exit+0x84/frame 0xfffffe00f750cbf0
> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00f750cbf0
> --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
> Uptime: 3d16h49m14s
> Dumping 22587 out of 131028 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%
>
> __curthread () at ./machine/pcpu.h:230
> 230 __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (OFFSETOF_CURTHREAD));
> (kgdb) #0 __curthread () at ./machine/pcpu.h:230
> #1 doadump (textdump=<optimized out>)
> at /usr/src/sys/kern/kern_shutdown.c:371
> #2 0xffffffff80491760 in kern_reboot (howto=260)
> at /usr/src/sys/kern/kern_shutdown.c:451
> #3 0xffffffff80491bc0 in vpanic (fmt=<optimized out>, ap=0xfffffe00f750c920)
> at /usr/src/sys/kern/kern_shutdown.c:877
> #4 0xffffffff80491913 in panic (fmt=<unavailable>)
> at /usr/src/sys/kern/kern_shutdown.c:804
> #5 0xffffffff8071255c in trash_ctor (mem=<unavailable>, size=<unavailable>,
> arg=<optimized out>, flags=<optimized out>)
> at /usr/src/sys/vm/uma_dbg.c:82
> #6 0xffffffff8070cf4f in uma_zalloc_arg (zone=0xfffff8203ffdc000,
> udata=0x108, flags=1) at /usr/src/sys/vm/uma_core.c:2418
> #7 0xffffffff8070d69a in bucket_alloc (zone=<optimized out>,
> udata=<unavailable>, flags=<unavailable>)
> at /usr/src/sys/vm/uma_core.c:433
> #8 uma_zfree_arg (zone=0xfffff801059a0000, item=<optimized out>,
> udata=0xfffff81042431940) at /usr/src/sys/vm/uma_core.c:3153
The problem is with an item in an (internal) UMA bucket zone.
So, this is probably not ZFS specific.
--
Andriy Gapon
More information about the freebsd-current
mailing list