Bug #2266
closed
panic during shutdown
100%
Description
it panics during shutdown on vop_write+0x110 at movl 0x44(%edx),edx
http://dl.dropbox.com/u/22827045/IMG_0239.JPG
http://dl.dropbox.com/u/22827045/IMG_0240.JPG
http://dl.dropbox.com/u/22827045/IMG_0242.JPG
uname -a
DragonFly lap.diff.org 2.13-DEVELOPMENT DragonFly v2.13.0.709.g50e40-DEVELOPMENT #17: Mon Dec 26 23:03:55 CET 2011 fer@lap.diff.org:/usr/obj/mnt2/src/sys/GENERIC i386
Updated by vsrinivas over 12 years ago
Hi,
It looks like the system accessed the address 0xdeadc122, which is 0xdeadc0de + 0x44; deadcode is filled in to free()d kernel memory.
The particular dereference that generated this invalid address was the extraction of the mountpoint from the vnode structure in vop_write. This means that vop_write was using an already-kfree()d vnode, which is bad news.
Updated by jaydg about 12 years ago
I've experienced the same problem:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; lapic.id = 00000000
fault virtual address = 0xdeadc122
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc028913f
stack pointer = 0x10:0xd62cc6c8
frame pointer = 0x10:0xd62cc7d0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 1 (init)
current thread = pri 31
<- SMP: XXX
kernel: type 12 trap, code=0
CPU0 stopping CPUs: 0x00000000
stopped
I have a crash dump available. It's a rather bulky 105MB xz compressed tar ball.
Updated by vsrinivas about 12 years ago
Could you upload the kernel & core to someplace we can access? It'd be great help!
Updated by ftigeot about 12 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 50
Possibly fixed by commit cf7ad7d148d126095d2261798f8f289a0d170959
Updated by ftigeot about 12 years ago
- Status changed from In Progress to Closed
- % Done changed from 50 to 100
Confirmed fixed as of today