Fatal trap 9: general protection fault while in kernel mode

Apr 23 2018, 7:37 AM
[164936] Uptime: 1d21h48m56s
[164937] Fatal trap 9: general protection fault while in kernel mode
[164937] cpuid = 8; apic id = 08
[164937] instruction pointer = 0x20:0xffffffff80b70534
[164937] stack pointer = 0x28:0xfffffe009f13f950
[164937] frame pointer = 0x28:0xfffffe009f13f980
[164937] code segment = base 0x0, limit 0xfffff, type 0x1b
[164937] = DPL 0, pres 1, long 1, def32 0, gran 1
[164937] processor eflags = interrupt enabled, resume, IOPL = 0
[164937] current process = 0 (dbu_evict)
__curthread () at ./machine/pcpu.h:230
230 __asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) bt
#0 __curthread () at ./machine/pcpu.h:230
#1 doadump (textdump=0x1) at /srv/src/fbsd/head/sys/kern/kern_shutdown.c:361
#2 0xffffffff80435f4c in db_fncall_generic (addr=<optimized out>, rv=<optimized out>, nargs=<optimized out>, args=<optimized out>)
at /srv/src/fbsd/head/sys/ddb/db_command.c:609
#3 db_fncall (dummy1=<optimized out>, dummy2=<optimized out>, dummy3=<optimized out>, dummy4=<optimized out>) at /srv/src/fbsd/head/sys/ddb/db_command.c:657
#4 0xffffffff80435a89 in db_command (last_cmdp=<optimized out>, cmd_table=<optimized out>, dopager=<optimized out>)
at /srv/src/fbsd/head/sys/ddb/db_command.c:481
#5 0xffffffff80435804 in db_command_loop () at /srv/src/fbsd/head/sys/ddb/db_command.c:534
#6 0xffffffff80438a3f in db_trap (type=<optimized out>, code=<optimized out>) at /srv/src/fbsd/head/sys/ddb/db_main.c:250
#7 0xffffffff80bad613 in kdb_trap (type=0x9, code=0x0, tf=<optimized out>) at /srv/src/fbsd/head/sys/kern/subr_kdb.c:697
#8 0xffffffff810271c1 in trap_fatal (frame=0xfffffe009f13f890, eva=0x0) at /srv/src/fbsd/head/sys/amd64/amd64/trap.c:819
#9 0xffffffff8102683d in trap (frame=0xfffffe009f13f890) at /srv/src/fbsd/head/sys/amd64/amd64/trap.c:200
#10 <signal handler called>
#11 _sx_xlock (sx=0xdeadc0dedeadd47e, opts=0x0, file=0xffffffff82784d62 "/srv/src/fbsd/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/refcount.c",
line=0xa2) at /srv/src/fbsd/head/sys/kern/kern_sx.c:320
#12 0xffffffff8269dcaa in refcount_remove_many (rc=0xdeadc0dedeadd47e, number=0x1, holder=0xfffff8004333c400)
at /srv/src/fbsd/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/refcount.c:162
#13 0xffffffff8267245c in dsl_dir_evict_async (dbu=0xfffff8004333c400) at /srv/src/fbsd/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dir.c:158
#14 0xffffffff80bc0abc in taskqueue_run_locked (queue=0xfffff80039092300) at /srv/src/fbsd/head/sys/kern/subr_taskqueue.c:465
#15 0xffffffff80bc1888 in taskqueue_thread_loop (arg=<optimized out>) at /srv/src/fbsd/head/sys/kern/subr_taskqueue.c:757
#16 0xffffffff80b28344 in fork_exit (callout=0xffffffff80bc1800 <taskqueue_thread_loop>, arg=0xfffff800041860c0, frame=0xfffffe009f13fac0)
at /srv/src/fbsd/head/sys/kern/kern_fork.c:1039
#17 <signal handler called>
#11 _sx_xlock (sx=0xdeadc0dedeadd47e, opts=0x0, file=0xffffffff82784d62 "/srv/src/fbsd/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/refcount.c",
line=0xa2) at /srv/src/fbsd/head/sys/kern/kern_sx.c:320
320 KASSERT(sx->sx_lock != SX_LOCK_DESTROYED,
(kgdb) p sx
$1 = (struct sx *) 0xdeadc0dedeadd47e
(kgdb) frame
Stack level 11, frame at 0xfffffe009f13f990:
rip = 0xffffffff80b70534 in _sx_xlock (/srv/src/fbsd/head/sys/kern/kern_sx.c:320); saved rip = 0xffffffff8269dcaa
called by frame at 0xfffffe009f13f9d0, caller of frame at 0xfffffe009f13f950
source language c.
Arglist at 0xfffffe009f13f980, args: sx=0xdeadc0dedeadd47e, opts=0x0,
file=0xffffffff82784d62 "/srv/src/fbsd/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/refcount.c", line=0xa2
Locals at 0xfffffe009f13f980, Previous frame's sp is 0xfffffe009f13f990
Saved registers:
rbx at 0xfffffe009f13f958, rbp at 0xfffffe009f13f980, r12 at 0xfffffe009f13f960, r13 at 0xfffffe009f13f968, r14 at 0xfffffe009f13f970,
r15 at 0xfffffe009f13f978, rip at 0xfffffe009f13f988
sx = 0xdeadc0dedeadd47e
opts = 0x0
file = 0xffffffff82784d62 "/srv/src/fbsd/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/refcount.c"
line = 0xa2
error = <error reading variable error (Cannot access memory at address 0x0)>
x = <optimized out>
tid = <optimized out>
(kgdb) frame
Stack level 12, frame at 0xfffffe009f13f9d0:
rip = 0xffffffff8269dcaa in refcount_remove_many
(/srv/src/fbsd/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/refcount.c:162); saved rip = 0xffffffff8267245c
called by frame at 0xfffffe009f13f9f0, caller of frame at 0xfffffe009f13f990
source language c.
Arglist at 0xfffffe009f13f9c0, args: rc=0xdeadc0dedeadd47e, number=0x1,
Locals at 0xfffffe009f13f9c0, Previous frame's sp is 0xfffffe009f13f9d0
Saved registers:
rbx at 0xfffffe009f13f998, rbp at 0xfffffe009f13f9c0,
r12 at 0xfffffe009f13f9a0, r13 at 0xfffffe009f13f9a8,
r14 at 0xfffffe009f13f9b0, r15 at 0xfffffe009f13f9b8,
rip at 0xfffffe009f13f9c8
rc = 0xdeadc0dedeadd47e
number = 0x1
holder = 0xfffff8004333c400
ref = <optimized out>
count = <optimized out>
(kgdb) frame
Stack level 13, frame at 0xfffffe009f13f9f0:
rip = 0xffffffff8267245c in dsl_dir_evict_async
(/srv/src/fbsd/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dir.c:158); saved rip = 0xffffffff80bc0abc
called by frame at 0xfffffe009f13fa50, caller of frame at 0xfffffe009f13f9d0
source language c.
Arglist at 0xfffffe009f13f9e0, args: dbu=0xfffff8004333c400
Locals at 0xfffffe009f13f9e0, Previous frame's sp is 0xfffffe009f13f9f0
Saved registers:
rbx at 0xfffffe009f13f9d0, rbp at 0xfffffe009f13f9e0,
r14 at 0xfffffe009f13f9d8, rip at 0xfffffe009f13f9e8
dbu = 0xfffff8004333c400
dd = 0xfffff8004333c400
t = <error reading variable t (Cannot access memory at address 0x3)>
dp = <optimized out>
(kgdb) p *dd->dd_pool
$4 = {
dp_spa = 0xdeadc0dedeadc0de,
dp_meta_objset = 0xdeadc0dedeadc0de,
dp_root_dir = 0xdeadc0dedeadc0de,
dp_mos_dir = 0xdeadc0dedeadc0de,
dp_free_dir = 0xdeadc0dedeadc0de,
dp_leak_dir = 0xdeadc0dedeadc0de,
dp_origin_snap = 0xdeadc0dedeadc0de,
dp_root_dir_obj = 0xdeadc0dedeadc0de,
dp_vnrele_taskq = 0xdeadc0dedeadc0de,
dp_meta_rootbp = {
blk_dva = {{
dva_word = {0xdeadc0dedeadc0de,
dva_word = {0xdeadc0dedeadc0de,
dva_word = {0xdeadc0dedeadc0de,
blk_prop = 0xdeadc0dedeadc0de,
blk_pad = {0xdeadc0dedeadc0de,
blk_phys_birth = 0xdeadc0dedeadc0de,

I have a similar crash at $JOB. Occured during shutdown