6.0BETA4: panic: unrhdr has 9 allocations

Rene Ladan r.c.ladan at student.tue.nl
Mon Sep 12 08:59:52 PDT 2005 

Some kgdb'ing :

On Mon, Sep 12, 2005 at 02:40:40PM +0200, Rene Ladan wrote:
> 
> FreeBSD 6.0-BETA4 #10: Sun Sep  4 22:19:26 CEST 2005 /usr/obj/usr/src/sys/RENE 
> 
[snip instructions]

[snip trap stuff/missing symbols]

> #22 0xc053dab5 in panic (fmt=0xc070380c "unrhdr has %u allocations")
>     at /usr/src/sys/kern/kern_shutdown.c:537
> 	td = (struct thread *) 0xc1de5180
> 	bootopt = 256
> 	newpanic = 1
> 	ap = 0xcf174c14 "\t"
> 	buf = "unrhdr has 9 allocations", '\0' <repeats 231 times>
> #23 0xc0565e62 in delete_unrhdr (uh=0x0) at /usr/src/sys/kern/subr_unit.c:321
(kgdb) frame 23
#23 0xc0565e62 in delete_unrhdr (uh=0x0) at /usr/src/sys/kern/subr_unit.c:321
321		KASSERT(uh->busy == 0, ("unrhdr has %u allocations", uh->busy));
(kgdb) l *0xc0565e62
0xc0565e62 is in delete_unrhdr (/usr/src/sys/kern/subr_unit.c:322).
317	delete_unrhdr(struct unrhdr *uh)
318	{
319	
320		check_unrhdr(uh, __LINE__);
321		KASSERT(uh->busy == 0, ("unrhdr has %u allocations", uh->busy));
322		KASSERT(uh->alloc == 0, ("UNR memory leak in delete_unrhdr"));
323		Free(uh);
324	}
325	
326	static __inline int
(kgdb) print uh
$1 = (struct unrhdr *) 0x0

NULL pointer derefence !  Which means that the value '9' in the panic
messge has no meaning.

[snip missing symbols]
> #34 0xc059dbab in vfs_unregister (vfc=0xc26457a0)
>     at /usr/src/sys/kern/vfs_init.c:265
> 	vfsp = (struct vfsconf *) 0xc2645840
> 	error = 0
> 	maxtypenum = 0
(kgdb) frame 34
#34 0xc059dbab in vfs_unregister (vfc=0xc26457a0)
    at /usr/src/sys/kern/vfs_init.c:265
265			error = (*vfc->vfc_vfsops->vfs_uninit)(vfsp);
(kgdb) l *0xc059dbab
0xc059dbab is in vfs_unregister (/usr/src/sys/kern/vfs_init.c:267).
262		if (vfsp->vfc_refcount)
263			return EBUSY;
264		if (vfc->vfc_vfsops->vfs_uninit != NULL) {
265			error = (*vfc->vfc_vfsops->vfs_uninit)(vfsp);
266			if (error)
267				return (error);
268		}
269		TAILQ_REMOVE(&vfsconf, vfsp, vfc_list);
270		maxtypenum = VFS_GENERIC;
271		TAILQ_FOREACH(vfsp, &vfsconf, vfc_list)
(kgdb) print vfc
$2 = (struct vfsconf *) 0xc26457a0
(kgdb) print *vfc
$3 = {vfc_version = 426115360, 
  vfc_name = "procfs\000\000\000\000\000\000\000\000\000", 
  vfc_vfsops = 0xc26457e0, vfc_typenum = 5, vfc_refcount = 0, 
  vfc_flags = 524288, vfc_opts = 0x0, vfc_list = {tqe_next = 0x0, 
    tqe_prev = 0xc07373c8}}
(kgdb) print vfc->vfc_vfsops
$4 = (struct vfsops *) 0xc26457e0
(kgdb) print *vfc->vfc_vfsops
$5 = {vfs_mount = 0xc2644020, vfs_cmount = 0, vfs_unmount = 0xc271f3b0, 
  vfs_root = 0xc271f3f0, vfs_quotactl = 0xc059c7f0 <vfs_stdquotactl>, 
  vfs_statfs = 0xc271f420, vfs_sync = 0xc059ca00 <vfs_stdnosync>, 
  vfs_vget = 0xc059ca10 <vfs_stdvget>, 
  vfs_fhtovp = 0xc059ca20 <vfs_stdfhtovp>, 
  vfs_checkexp = 0xc059d270 <vfs_stdcheckexp>, 
  vfs_vptofh = 0xc059c7e0 <vfs_stdvptofh>, vfs_init = 0xc2644050, 
  vfs_uninit = 0xc2644070, vfs_extattrctl = 0xc059ca50 <vfs_stdextattrctl>, 
  vfs_sysctl = 0xc059ca90 <vfs_stdsysctl>}
(kgdb) print *vfc->vfc_vfsops->vfs_uninit
$6 = {int (struct vfsconf *)} 0xc2644070
(kgdb) print *vfsp->vfc_vfsops->vfs_uninit
$10 = {vfc_version = 1668248176, 
  vfc_name = "fs", '\0' <repeats 11 times>, "=dÂ", vfc_vfsops = 0xc2644010, 
  vfc_typenum = -1038294528, vfc_refcount = -1066149436, 
  vfc_flags = -1032710148, vfc_opts = 0xc27217fc, vfc_list = {
    tqe_next = 0x30000, tqe_prev = 0xc19f16dc}}
(kgdb) print *vfsp->vfc_vfsops
$11 = {vfs_mount = 0x89c03155, vfs_cmount = 0x89c35de5, 
  vfs_unmount = 0x27bc8df6, vfs_root = 0, vfs_quotactl = 0x83e58955, 
  vfs_statfs = 0x4c70cec, vfs_sync = 0x64584024, vfs_vget = 0xc458bc2, 
  vfs_fhtovp = 0x8244489, vfs_checkexp = 0x8908458b, vfs_vptofh = 0xe8042444, 
  vfs_init = 0xdb2a0, vfs_uninit = 0xb48dc3c9, vfs_extattrctl = 0x26, 
  vfs_sysctl = 0x27bc8d00}
(kgdb) print *vfsp->vfc_vfsops->vfs_uninit
Cannot access memory at address 0xb48dc3c9

Huh?  Something has gone out of kernel memory?

Regards,
Rene
-- 
GPG fingerprint = 5FFA 3959 3377 C697 8428  24D0 BF3E F4A9 AE33 5DCC

"It won't fit on the line."
		-- me, 2001
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050912/7788fa36/attachment.bin

More information about the freebsd-stable mailing list