kern/51016: kernel panic: ufsdirhash_lookup: bad offset in hash array

Aleksey Ovcharenko alexovch at ic.kharkov.ua
Tue Sep 9 08:30:23 PDT 2003 

The following reply was made to PR kern/51016; it has been noted by GNATS.

From: Aleksey Ovcharenko <alexovch at ic.kharkov.ua>
To: freebsd-bugs at FreeBSD.org
Cc: Kris Kennaway <kris at FreeBSD.org>,
	<freebsd-gnats-submit at FreeBSD.org>
Subject: Re: kern/51016: kernel panic: ufsdirhash_lookup: bad offset in hash array
Date: Tue, 9 Sep 2003 18:22:23 +0300

 Hi, again!
 
 I have tested my pc hardware on very different crash-tests (the only for 
 Windows, don't have it for FreeBSD) and everytihing was working fine 9 days 
 non-stop at 40+ Celsium degree.
 
 But after switching to FreeBSD crashes have begone again. Can't ever reproduce 
 it, just happened suddenly.
 
 I changed my drive cable to UDMA-33 - didn't help, crash was this message like 
 "panic on no-panic entry" etc.
 
 Then I change motheboard, chipset etc., nope, crashes again and again.
 Here we go:
 
 IdlePTD at phsyical address 0x00329000
 initial pcb at physical address 0x00297460
 panicstr: general protection fault
 panic messages:
 ---
 Fatal trap 9: general protection fault while in kernel mode
 instruction pointer     = 0x8:0xc01f9d2f
 stack pointer           = 0x10:0xe71bdcb0
 frame pointer           = 0x10:0xe71bdcb4
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 3746 (find)
 interrupt mask          = none
 trap number             = 9
 panic: general protection fault
 ---
 syncing disks... 48 22 22 22
 done
 Uptime: 16h18m38s
 
 #0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
 487             if (dumping++) {
 (kgdb) where
 #0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
 #1  0xc014f830 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
 #2  0xc014fc64 in poweroff_wait (junk=0xc026a4ac, howto=-1071210555) at 
 /usr/src/sys/kern/kern_shutdown.c:595
 #3  0xc022db0b in trap_fatal (frame=0xe71bdc70, eva=0) at 
 /usr/src/sys/i386/i386/trap.c:974
 #4  0xc022d4e7 in trap (frame={tf_fs = -851116016, tf_es = 16, tf_ds = 16, 
 tf_edi = 512, tf_esi = -848367104, tf_ebp = -417604428,
       tf_isp = -417604452, tf_ebx = -854001920, tf_edx = -1, tf_ecx = 4, 
 tf_eax = 372, tf_trapno = 9, tf_err = 0, tf_eip = -1071669969,
       tf_cs = 8, tf_eflags = 66050, tf_esp = 0, tf_ss = -417604360}) at 
 /usr/src/sys/i386/i386/trap.c:636
 #5  0xc01f9d2f in zalloc (z=0xcd18f700) at /usr/src/sys/vm/vm_zone.c:70
 #6  0xc01e9c1b in ufsdirhash_build (ip=0xcd45b100) at 
 /usr/src/sys/ufs/ufs/ufs_dirhash.c:166
 #7  0xc01e41da in ufs_lookup (ap=0xe71bddb8) at 
 /usr/src/sys/ufs/ufs/ufs_lookup.c:196
 #8  0xc01e99d1 in ufs_vnoperate (ap=0xe71bddb8) at 
 /usr/src/sys/ufs/ufs/ufs_vnops.c:2376
 #9  0xc0179d02 in vfs_cache_lookup (ap=0xe71bde10) at vnode_if.h:77
 #10 0xc01e99d1 in ufs_vnoperate (ap=0xe71bde10) at 
 /usr/src/sys/ufs/ufs/ufs_vnops.c:2376
 #11 0xc017ccf5 in lookup (ndp=0xe71bde8c) at vnode_if.h:52
 #12 0xc017c7e0 in namei (ndp=0xe71bde8c) at /usr/src/sys/kern/vfs_lookup.c:153
 #13 0xc0182619 in lstat (p=0xe6f728a0, uap=0xe71bdf80) at 
 /usr/src/sys/kern/vfs_syscalls.c:1824
 #14 0xc022dd71 in syscall2 (frame={tf_fs = 134545455, tf_es = 47, tf_ds = 
 -1078001617, tf_edi = 134576128, tf_esi = 134576200,
       tf_ebp = -1077937436, tf_isp = -417603628, tf_ebx = 672089996, tf_edx = 
 3, tf_ecx = 134576192, tf_eax = 190, tf_trapno = 7,
       tf_err = 2, tf_eip = 671765056, tf_cs = 31, tf_eflags = 659, tf_esp = 
 -1077937576, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1175
 #15 0xc0221e35 in Xint0x80_syscall ()
 #16 0x280a1871 in ?? ()
 #17 0x280a10ee in ?? ()
 #18 0x8049732 in ?? ()
 #19 0x804b9f8 in ?? ()
 #20 0x80493ce in ?? ()
 (kgdb) up 6
 #6  0xc01e9c1b in ufsdirhash_build (ip=0xcd45b100) at 
 /usr/src/sys/ufs/ufs/ufs_dirhash.c:166
 166                     if ((dh->dh_hash[i] = zalloc(ufsdirhash_zone)) == 
 NULL)
 (kgdb) list
 161             MALLOC(dh->dh_blkfree, u_int8_t *, nblocks * 
 sizeof(dh->dh_blkfree[0]),
 162                 M_DIRHASH, M_NOWAIT);
 163             if (dh->dh_hash == NULL || dh->dh_blkfree == NULL)
 164                     goto fail;
 165             for (i = 0; i < narrays; i++) {
 166                     if ((dh->dh_hash[i] = zalloc(ufsdirhash_zone)) == 
 NULL)
 167                             goto fail;
 168                     for (j = 0; j < DH_NBLKOFF; j++)
 169                             dh->dh_hash[i][j] = DIRHASH_EMPTY;
 170             }
 (kgdb) up 5
 #11 0xc017ccf5 in lookup (ndp=0xe71bde8c) at vnode_if.h:52
 52              rc = VCALL(dvp, VOFFSET(vop_lookup), &a);
 (kgdb) list
 47              int rc;
 48              a.a_desc = VDESC(vop_lookup);
 49              a.a_dvp = dvp;
 50              a.a_vpp = vpp;
 51              a.a_cnp = cnp;
 52              rc = VCALL(dvp, VOFFSET(vop_lookup), &a);
 53              return (rc);
 54      }
 55      struct vop_cachedlookup_args {
 56              struct vnodeop_desc *a_desc;
 (kgdb)
 
 The only way to stop those crashes is to turn off dirhash, so it sounds like 
 kernel bug. I'll glad to help to find it, just tell me how.
 
 -- 
 Sincerely Yours, Aleksey Ovcharenko

More information about the freebsd-bugs mailing list