kern/86107: panic: unrhdr has N allocations, NULL derefence

Rene Ladan r.c.ladan at student.tue.nl
Wed Sep 14 03:50:09 PDT 2005 

>Number:         86107
>Category:       kern
>Synopsis:       panic: unrhdr has N allocations, NULL derefence
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 14 10:50:08 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Rene Ladan
>Release:        FreeBSD 6.0-BETA4 i386
>Organization:
>Environment:
FreeBSD 6.0-BETA4 #10: Sun Sep  4 22:19:26 CEST 2005
root at 82-168-75-155-bbxl.xdsl.tiscali.nl:/usr/obj/usr/src/sys/RENE
WARNING: WITNESS option enabled, expect reduced performance.
Preloaded elf kernel "/boot/kernel/kernel" at 0xc08cf000.
Preloaded elf module "/boot/modules/bioschar.ko" at 0xc08cf160.
Preloaded elf module "/boot/kernel/acpi.ko" at 0xc08cf210.
CPU: Intel Celeron (497.56-MHz 686-class CPU)
Origin = "GenuineIntel"  Id = 0x683  Stepping = 3
Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
real memory  = 201261056 (191 MB)
avail memory = 187432960 (178 MB)
bios32: Found BIOS32 Service Directory header at 0xc00f63a0
bios32: Entry = 0xfd8a6 (c00fd8a6)  Rev = 0  Len = 1
pcibios: PCI BIOS entry at 0xfd890+0x134
pnpbios: Found PnP BIOS data at 0xc00f63d0
pnpbios: Entry = f0000:aa9f  Rev = 1.0
...
(device part of dmesg)

>Description:
panic: unrhdr has 9 allocations
KDB: stack backtrace:
kdb_backtrace(c070066b,c0766c40,c070380c,cf174c14,100) at 0xc055b5ce = kdb_backtrace+0x2e
panic(c070380c,9,cf174c30,c271f54a,c21dfa80) at 0xc053da97 = panic+0xb7
delete_unrhdr(c21dfa80,c07659dc,c26457a0,c26457a0,cf174c40) at 0xc0565e62 = delete_unrhdr+0x22
pfs_uninit(c2645840,c26457a0,cf174c54,c059dbab,c26457a0) at 0xc271f54a = pfs_uninit+0x1a
_procfs_uninit(c26457a0,c1d56c00,c1d56c00,cf174c60,c059dc5c) at 0xc2644089 = _procfs_uninit+0x19
vfs_unregister(c26457a0,cf174c78,c05326e0,c1d56c00,1) at 0xc059dbab = vfs_unregister+0x3b
vfs_modevent(c1d56c00,1,c26457a0) at 0xc059dc5c = vfs_modevent+0x3c
module_unload(c1d56c00,0,1fb,0,0) at 0xc05326e0 = module_unload+0x60
linker_file_unload(c1645200,0,c06fe1ae,327,0) at 0xc052c2e7 = linker_file_unload+0x87
kern_kldunload(c1de5180,6,0,cf174d30,c06bea50) at 0xc052cc5a = kern_kldunload+0x9a
kldunloadf(c1de5180,cf174d04,8,422,2) at 0xc052ccfc = kldunloadf+0x2c
syscall(3b,3b,3b,6,bfbfede2) at 0xc06bea50 = syscall+0x2c0
Xint0x80_syscall() at 0xc06ab77f = Xint0x80_syscall+0x1f
--- syscall (444, FreeBSD ELF32, kldunloadf), eip = 0x280c479f, esp = 0xbfbfe85c, ebp = 0xbfbfecc8 ---
KDB: enter: panic
Dumping 191 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 191MB (48880 pages) 175 159 143 127 111 95 79 63 47 31 15 ... ok

See also the thread at http://lists.freebsd.org/pipermail/freebsd-stable/2005-September/018246.html

>How-To-Repeat:
on a 6.0-BETA4 :
<have a kernel without PROCFS/PSEUDOFS>
# mount_procfs procfs /proc
(this loads pseudofs.ko and procfs.ko)
...
# umount /proc
(procfs.ko and pseudofs.ko still loaded)
# kldunload procfs
(this trigger the panic)
>Fix:
unknown
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list