kernel panic with ZFS & VM subsystems: refcount == 1

From: Eitan Adler <lists_at_eitanadler.com>
Date: Sun, 10 May 2015 12:57:55 -0700
I left my computer on overnight and came back to find it sitting in
ddb.  Here is the backtrace and a little more information.  Let me
know what other debugging information I can provide.  I have vmcore.1
and /boot/kernel


FreeBSD gravity.local 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r282701:
Sat May  9 18:16:45 PDT 2015
eitan_at_gravity.local:/usr/obj/usr/src/sys/EADLER  amd64

gdb$ b
gdb$ bt
#0  doadump (textdump=Unhandled dwarf expression opcode 0x93
) at pcpu.h:221
#1  0xffffffff80353f86 in db_fncall (dummy1=<value optimized out>,
dummy2=<value optimized out>, dummy3=<value optimized out>,
dummy4=<value optimized out>) at /usr/src/sys/ddb/db_command.c:568
#2  0xffffffff80353c6c in db_command (cmd_table=0x0) at
/usr/src/sys/ddb/db_command.c:440
#3  0xffffffff803539d4 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:493
#4  0xffffffff80356510 in db_trap (type=<value optimized out>,
code=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/ddb/db_main.c:251
#5  0xffffffff80948f0e in kdb_trap (type=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/kern/subr_kdb.c:654
#6  0xffffffff80d2262b in trap (frame=0xfffffe0232d601e0) at
/usr/src/sys/amd64/amd64/trap.c:540
#7  0xffffffff80d03302 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:235
#8  0xffffffff809485fe in kdb_enter (why=0xffffffff80fbf391 "panic",
msg=0x80 <Address 0x80 out of bounds>) at cpufunc.h:63
#9  0xffffffff8090c1b9 in vpanic (fmt=<value optimized out>, ap=<value
optimized out>) at /usr/src/sys/kern/kern_shutdown.c:737
#10 0xffffffff8090c002 in kassert_panic (fmt=<value optimized out>) at
/usr/src/sys/kern/kern_shutdown.c:634
#11 0xffffffff80bb03ea in vm_object_zdtor (mem=0xfffff8019f407400,
size=<value optimized out>, arg=0xfffffe0232d60190) at
/usr/src/sys/vm/vm_object.c:169
#12 0xffffffff80b9d3d0 in uma_zfree_arg (zone=0xfffff8023f5de680,
item=0xfffff8019f407400, udata=0x0) at /usr/src/sys/vm/uma_core.c:2723
#13 0xffffffff80bc378e in vnode_pager_alloc
(handle=0xfffff8017bdb23b0, size=0xe000, prot=Unhandled dwarf
expression opcode 0x93
) at /usr/src/sys/vm/vnode_pager.c:240
#14 0xffffffff80bc4051 in vnode_create_vobject (vp=0xfffff8017bdb23b0,
isize=<value optimized out>, td=0xfffff800896ba940) at
/usr/src/sys/vm/vnode_pager.c:144
#15 0xffffffff81c80050 in zfs_freebsd_open (ap=0xfffffe0232d60668) at
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c:6049
#16 0xffffffff80e62a81 in VOP_OPEN_APV (vop=<value optimized out>,
a=<value optimized out>) at vnode_if.c:467
#17 0xffffffff809d1372 in vn_open_vnode (vp=0xfffff8017bdb23b0,
fmode=Unhandled dwarf expression opcode 0x93
) at vnode_if.h:196
#18 0xffffffff809d0f24 in vn_open_cred (ndp=0xfffffe0232d60880,
flagp=0xfffffe0232d6095c, cmode=0x0, vn_open_flags=0xfffff800,
cred=0xfffffe0232d60190, fp=0x0) at /usr/src/sys/kern/vfs_vnops.c:264
#19 0xffffffff809ca327 in kern_openat (td=0xfffff800896ba940,
fd=0xffffff9c, path=0x800daca1f <Address 0x800daca1f out of bounds>,
pathseg=UIO_USERSPACE, flags=Cannot access memory at address 0x80
) at /usr/src/sys/kern/vfs_syscalls.c:1090
#20 0xffffffff80d2354f in amd64_syscall (td=0xfffff800896ba940,
traced=0x0) at subr_syscall.c:133
#21 0xffffffff80d035eb in Xfast_syscall () at
/usr/src/sys/amd64/amd64/exception.S:395
#22 0x0000000800d98c7a in ?? ()
Previous frame inner to this frame (corrupt stack?)
Current language:  auto; currently minimal

gdb$ info frame
Stack level 10, frame at 0xfffffe0232d603b0:
 rip = 0xffffffff8090c002 in kassert_panic
(/usr/src/sys/kern/kern_shutdown.c:634); saved rip 0xffffffff
80bb03ea
                                  called by frame at
0xfffffe0232d603d0, caller of frame at 0xfffffe0232d60340
 source language minimal.
 Arglist at 0xfffffe0232d603a0, args: fmt=<value optimized out>
 Locals at 0xfffffe0232d603a0, Previous frame's sp is 0xfffffe0232d603b0
 Saved registers:
  rax at 0xfffffe0232d60210, rbx at 0xfffffe0232d60388, rcx at
0xfffffe0232d601f8, rdx at 0xfffffe0232d6
01f0, rsi at 0xfffffe0232d601e8, rdi at 0xfffffe0232d601e0, rbp at
0xfffffe0232d603a0, r8 at 0xfffffe0232d60200, r9 at
0xfffffe0232d60208, r10 at 0xfffffe0232d60228, r11 at
0xfffffe0232d60230, r12 at 0xfffffe0232d60318, r13 at
0xfffffe0232d60240, r14 at 0xfffffe0232d60390, r15 at
0xfffffe0232d60398, rip at 0xfffffe0232d603a8, eflags at
0xfffffe0232d60288, cs at 0xfffffe0232d60280, ss at 0xfffffe0232d60298
       gdb$ up
#11 0xffffffff80bb03ea in vm_object_zdtor (mem=0xfffff8019f407400,
size=<value optimized out>, arg=0xfff
ffe0232d60190) at /usr/src/sys/vm/vm_object.c:169
                                 169
KASSERT(object->ref_count == 0,
gdb$ info frame
Stack level 11, frame at 0xfffffe0232d603d0:
 rip = 0xffffffff80bb03ea in vm_object_zdtor
(/usr/src/sys/vm/vm_object.c:169); saved rip 0xffffffff80b9
d3d0
                                  called by frame at
0xfffffe0232d60430, caller of frame at 0xfffffe0232d603b0
 source language minimal.
 Arglist at 0xfffffe0232d603c0, args: mem=0xfffff8019f407400,
size=<value optimized out>, arg=0xfffffe02
32d60190
                                  Locals at 0xfffffe0232d603c0,
Previous frame's sp is 0xfffffe0232d603d0
 Saved registers:
  rax at 0xfffffe0232d60210, rbx at 0xfffffe0232d603b8, rcx at
0xfffffe0232d601f8, rdx at 0xfffffe0232d6
01f0, rsi at 0xfffffe0232d601e8, rdi at 0xfffffe0232d601e0, rbp at
0xfffffe0232d603c0, r8 at 0xfffffe0232d60200, r9 at
0xfffffe0232d60208, r10 at 0xfffffe0232d60228, r11 at
0xfffffe0232d60230, r12 at 0xfffffe0232d60318, r13 at
0xfffffe0232d60240, r14 at 0xfffffe0232d60390, r15 at
0xfffffe0232d60398, rip at 0xfffffe0232d603c8, eflags at
0xfffffe0232d60288, cs at 0xfffffe0232d60280, ss at 0xfffffe0232d60298



-- 
Eitan Adler
Received on Sun May 10 2015 - 17:58:28 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:57 UTC