[Bug 227784] zfs: Fatal trap 9: general protection fault while in kernel mode on shutdown

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Aug 19 09:42:28 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227784

Vladimir Kondratyev <wulf at freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |wulf at freebsd.org

--- Comment #10 from Vladimir Kondratyev <wulf at freebsd.org> ---
(In reply to Andriy Gapon from comment #6)
> Do you still have the crash dump?
> If so, could you please provide full output of 'p *dd' ?

I still observe the panic everyday, so I have a crash dump:

(kgdb) frame 10
#10 0xffffffff8035f6dc in dsl_dir_evict_async (dbu=0xfffff80006b67400)
    at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dir.c:158
158             spa_async_close(dd->dd_pool->dp_spa, dd);

(kgdb) p *dd
$7 = {dd_dbu = {dbu_tqent = {tqent_task = {ta_link = {
          stqe_next = 0xfffff8000689b400}, ta_pending = 0, ta_priority = 0, 
        ta_func = 0xffffffff802f5410 <taskq_run_ent>, 
        ta_context = 0xfffff80006b67400}, 
      tqent_func = 0xffffffff8035f4e0 <dsl_dir_evict_async>, 
      tqent_arg = 0xfffff80006b67400}, dbu_evict_func_sync = 0x0, 
    dbu_evict_func_async = 0xffffffff8035f4e0 <dsl_dir_evict_async>, 
    dbu_clear_on_evict_dbufp = 0xfffff80006b67458}, dd_object = 12, 
  dd_pool = 0xfffff800066f5800, dd_dbuf = 0x0, dd_dirty_link = {tn_next = {
      0x0, 0x0, 0x0, 0x0}, tn_member = "\000\000\000"}, 
  dd_parent = 0xfffff80006b66c00, dd_lock = {lock_object = {
      lo_name = 0xffffffff80999c14 "dd->dd_lock", lo_flags = 577830912, 
      lo_data = 0, lo_witness = 0x0}, sx_lock = 1}, dd_props = {
    list_size = 56, list_offset = 0, list_head = {
      list_next = 0xfffff80006b674c0, list_prev = 0xfffff80006b674c0}}, 
  dd_snap_cmtime = {tv_sec = 1534644915, tv_nsec = 715064905}, 
  dd_origin_txg = 0, dd_tempreserved = {0, 0, 0, 0}, dd_space_towrite = {0, 0, 
    0, 0}, dd_myname = "$ORIGIN", '\000' <repeats 248 times>}

(kgdb) printf "%X\n", *(int *)dd->dd_pool
DEADC0DE

It looks like memory referenced by dd->dd_pool is already freed when
spa_async_close() is called.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-fs mailing list