Date: Sat, 12 Dec 2015 15:58:20 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 205270] [zfs] Panic at shutdown in 11.0-CURRENT Message-ID: <bug-205270-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205270 Bug ID: 205270 Summary: [zfs] Panic at shutdown in 11.0-CURRENT Product: Base System Version: 11.0-CURRENT Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: 214748mv@gmail.com Sometimes I have the panic in the photo at shutdown: http://imgur.com/mXrgFLp Unfortunately this happens randomly. After a bit of investigation I have understood the panic cause: is an invalid offset. The original function in /sys/cddl/contrib/opensolaris/uts/common/fs/zfs/txg.c is: boolean_t txg_list_member(txg_list_t *tl, void *p, uint64_t txg) { int t = txg & TXG_MASK; txg_node_t *tn = (txg_node_t *)((char *)p + tl->tl_offset); return (tn->tn_member[t] != 0); } I have modified the function to print an uncommon or invalid tl->tl_offset : boolean_t txg_list_member(txg_list_t *tl, void *p, uint64_t txg) { size_t ofs = tl->tl_offset; { static int cnt=0; if ( (cnt++ % 1000) == 0 || (ofs != 88 && ofs != 984) ) printf("**** %d) tl->tl_offset %zu\n", cnt, ofs); } txg_node_t *tn = (txg_node_t *)((char *)p + ofs); return (tn->tn_member[txg & TXG_MASK] != 0); } I have received the panic again with an invalid tl->tl_offset of 16045693110842147038. In /val/log/messages I have: Dec 8 10:32:42 ativ kernel: Waiting (max 60 seconds) for system process `vnlru' to stop...done Dec 8 10:32:42 ativ kernel: Waiting (max 60 seconds) for system process `bufdaemon' to stop...done Dec 8 10:32:42 ativ kernel: Waiting (max 60 seconds) for system process `syncer' to stop... Dec 8 10:32:42 ativ kernel: Syncing disks, vnodes remaining...0 0 0 done Dec 8 10:32:42 ativ kernel: All buffers synced. Dec 8 10:32:42 ativ kernel: **** 9692) tl->tl_offset 384 Dec 8 10:32:42 ativ kernel: **** 9693) tl->tl_offset 384 Dec 8 10:32:42 ativ kernel: **** 9694) tl->tl_offset 384 Dec 8 10:32:42 ativ kernel: **** 9695) tl->tl_offset 384 Dec 8 10:32:42 ativ kernel: **** 9708) tl->tl_offset 384 Dec 8 10:32:42 ativ kernel: **** 9709) tl->tl_offset 384 Dec 8 10:32:42 ativ kernel: **** 9710) tl->tl_offset 384 Dec 8 10:32:42 ativ kernel: **** 9711) tl->tl_offset 384 Dec 8 10:32:42 ativ kernel: **** 9720) tl->tl_offset 384 Dec 8 10:32:42 ativ kernel: **** 9721) tl->tl_offset 384 Dec 8 10:32:42 ativ kernel: **** 9722) tl->tl_offset 384 Dec 8 10:32:42 ativ kernel: **** 9723) tl->tl_offset 384 Dec 8 10:32:42 ativ kernel: Uptime: 1h57m42s Dec 8 10:32:42 ativ kernel: **** 9736) tl->tl_offset 16045693110842147038 Dec 8 10:32:42 ativ kernel: Dec 8 10:32:42 ativ kernel: Dec 8 10:32:42 ativ kernel: Fatal trap 9: general protection fault while in kernel mode Dec 8 10:32:42 ativ kernel: cpuid = 2; apic id = 02 Dec 8 10:32:42 ativ kernel: instruction pointer = 0x20:0xffffffff8211b1cb Dec 8 10:32:42 ativ kernel: stack pointer = 0x28:0xfffffe0119525990 Dec 8 10:32:42 ativ kernel: frame pointer = 0x28:0xfffffe01195259c0 Dec 8 10:32:42 ativ kernel: code segment = base 0x0, limit 0xfffff, type 0x1b Dec 8 10:32:42 ativ kernel: = DPL 0, pres 1, long 1, def32 0, gran 1 Dec 8 10:32:42 ativ kernel: processor eflags = interrupt enabled, resume, IOPL = 0 Dec 8 10:32:42 ativ kernel: current process = 0 (dbu_evict) Probably the panic is caused by some memory already freed, the hex value of 16045693110842147038 is 0xdeadc0dedeadc0de. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-205270-8>