kern/51016: kernel panic: ufsdirhash_lookup: bad offset in hash array

Aleksey Ovcharenko alexovch at ic.kharkov.ua
Tue Sep 9 08:22:12 PDT 2003


Hi, again!

I have tested my pc hardware on very different crash-tests (the only for 
Windows, don't have it for FreeBSD) and everytihing was working fine 9 days 
non-stop at 40+ Celsium degree.

But after switching to FreeBSD crashes have begone again. Can't ever reproduce 
it, just happened suddenly.

I changed my drive cable to UDMA-33 - didn't help, crash was this message like 
"panic on no-panic entry" etc.

Then I change motheboard, chipset etc., nope, crashes again and again.
Here we go:

IdlePTD at phsyical address 0x00329000
initial pcb at physical address 0x00297460
panicstr: general protection fault
panic messages:
---
Fatal trap 9: general protection fault while in kernel mode
instruction pointer     = 0x8:0xc01f9d2f
stack pointer           = 0x10:0xe71bdcb0
frame pointer           = 0x10:0xe71bdcb4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 3746 (find)
interrupt mask          = none
trap number             = 9
panic: general protection fault
---
syncing disks... 48 22 22 22
done
Uptime: 16h18m38s

#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
487             if (dumping++) {
(kgdb) where
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0xc014f830 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2  0xc014fc64 in poweroff_wait (junk=0xc026a4ac, howto=-1071210555) at 
/usr/src/sys/kern/kern_shutdown.c:595
#3  0xc022db0b in trap_fatal (frame=0xe71bdc70, eva=0) at 
/usr/src/sys/i386/i386/trap.c:974
#4  0xc022d4e7 in trap (frame={tf_fs = -851116016, tf_es = 16, tf_ds = 16, 
tf_edi = 512, tf_esi = -848367104, tf_ebp = -417604428,
      tf_isp = -417604452, tf_ebx = -854001920, tf_edx = -1, tf_ecx = 4, 
tf_eax = 372, tf_trapno = 9, tf_err = 0, tf_eip = -1071669969,
      tf_cs = 8, tf_eflags = 66050, tf_esp = 0, tf_ss = -417604360}) at 
/usr/src/sys/i386/i386/trap.c:636
#5  0xc01f9d2f in zalloc (z=0xcd18f700) at /usr/src/sys/vm/vm_zone.c:70
#6  0xc01e9c1b in ufsdirhash_build (ip=0xcd45b100) at 
/usr/src/sys/ufs/ufs/ufs_dirhash.c:166
#7  0xc01e41da in ufs_lookup (ap=0xe71bddb8) at 
/usr/src/sys/ufs/ufs/ufs_lookup.c:196
#8  0xc01e99d1 in ufs_vnoperate (ap=0xe71bddb8) at 
/usr/src/sys/ufs/ufs/ufs_vnops.c:2376
#9  0xc0179d02 in vfs_cache_lookup (ap=0xe71bde10) at vnode_if.h:77
#10 0xc01e99d1 in ufs_vnoperate (ap=0xe71bde10) at 
/usr/src/sys/ufs/ufs/ufs_vnops.c:2376
#11 0xc017ccf5 in lookup (ndp=0xe71bde8c) at vnode_if.h:52
#12 0xc017c7e0 in namei (ndp=0xe71bde8c) at /usr/src/sys/kern/vfs_lookup.c:153
#13 0xc0182619 in lstat (p=0xe6f728a0, uap=0xe71bdf80) at 
/usr/src/sys/kern/vfs_syscalls.c:1824
#14 0xc022dd71 in syscall2 (frame={tf_fs = 134545455, tf_es = 47, tf_ds = 
-1078001617, tf_edi = 134576128, tf_esi = 134576200,
      tf_ebp = -1077937436, tf_isp = -417603628, tf_ebx = 672089996, tf_edx = 
3, tf_ecx = 134576192, tf_eax = 190, tf_trapno = 7,
      tf_err = 2, tf_eip = 671765056, tf_cs = 31, tf_eflags = 659, tf_esp = 
-1077937576, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1175
#15 0xc0221e35 in Xint0x80_syscall ()
#16 0x280a1871 in ?? ()
#17 0x280a10ee in ?? ()
#18 0x8049732 in ?? ()
#19 0x804b9f8 in ?? ()
#20 0x80493ce in ?? ()
(kgdb) up 6
#6  0xc01e9c1b in ufsdirhash_build (ip=0xcd45b100) at 
/usr/src/sys/ufs/ufs/ufs_dirhash.c:166
166                     if ((dh->dh_hash[i] = zalloc(ufsdirhash_zone)) == 
NULL)
(kgdb) list
161             MALLOC(dh->dh_blkfree, u_int8_t *, nblocks * 
sizeof(dh->dh_blkfree[0]),
162                 M_DIRHASH, M_NOWAIT);
163             if (dh->dh_hash == NULL || dh->dh_blkfree == NULL)
164                     goto fail;
165             for (i = 0; i < narrays; i++) {
166                     if ((dh->dh_hash[i] = zalloc(ufsdirhash_zone)) == 
NULL)
167                             goto fail;
168                     for (j = 0; j < DH_NBLKOFF; j++)
169                             dh->dh_hash[i][j] = DIRHASH_EMPTY;
170             }
(kgdb) up 5
#11 0xc017ccf5 in lookup (ndp=0xe71bde8c) at vnode_if.h:52
52              rc = VCALL(dvp, VOFFSET(vop_lookup), &a);
(kgdb) list
47              int rc;
48              a.a_desc = VDESC(vop_lookup);
49              a.a_dvp = dvp;
50              a.a_vpp = vpp;
51              a.a_cnp = cnp;
52              rc = VCALL(dvp, VOFFSET(vop_lookup), &a);
53              return (rc);
54      }
55      struct vop_cachedlookup_args {
56              struct vnodeop_desc *a_desc;
(kgdb)

The only way to stop those crashes is to turn off dirhash, so it sounds like 
kernel bug. I'll glad to help to find it, just tell me how.

-- 
Sincerely Yours, Aleksey Ovcharenko


More information about the freebsd-bugs mailing list