Opened 5 years ago

Closed 5 years ago

#10498 closed bug (duplicate)

KDL : "got an in use page" (+ later page fault) in heap_allocate_from_bin()

Reported by: ttcoder Owned by: axeld
Priority: normal Milestone: R1
Component: System/Kernel Version: R1/Development
Keywords: Cc:
Blocked By: #5474 Blocking:
Has a Patch: no Platform: All

Description

Just got two KDLs back-to-back, the first was a got an in use page (..) from the free page list panic.

Occured while I was trying to reproduce some of the other KDLs; my attempts involved rebooting to two different partitions, one with a PM Haiku and this older one.. where it occured a couple minutes after boot, launching soundplay and reading my email in W+.

Filing in case it's of interest despite occuring on an old hrev45824.

Attachments (2)

GotPageInuseKDL_1_got-in-use.jpg (222.3 KB) - added by ttcoder 5 years ago.
The original "page in use in free pages" panic
GotPageInuseKDL_2_vm-page-fault.jpg (269.9 KB) - added by ttcoder 5 years ago.
The page-fault that occured after a "continue"

Download all attachments as: .zip

Change History (5)

Changed 5 years ago by ttcoder

The original "page in use in free pages" panic

Changed 5 years ago by ttcoder

The page-fault that occured after a "continue"

comment:1 Changed 5 years ago by ttcoder

I'm filing this as 1) the paging code has seemingly not changed much in the 6 months since that old hrev.

And 2) there is something interesting about the sequence of events: I tried to continue out of this panic, and immediately went to a more familiar "vm_page_fault" KDL.

Asking the kernel to continue working with an obviously corrupt paging subsystem was asking for an immediate re-crash so I'm not surprised it KDL'ed again.. However the fact that the second KDL was a NULL pointer dereference gave me an idea: I'm curious if the other KDLs people are tracking down these days could be related ? I seem to remember Ingo commenting on one of the kernel crash tickets recently and mentionning "maybe a page was used twice" as a possible scenario..

That's it for the grist of it.. Following up with my (probably aimless) toying/hacking..:

====

The first KDL ("in use page") occurs in an app_server thread.

The second KDL (in a SoundPlay thread) is a page fault on mov 0x8(ebx), eax. Where ebx is pulled by dereferencing relative to ecx, which is set to 0x82203000. That value is quite higher than the frame address..? Maybe it's normal because it's not referring to the frame but to something else like the heap I guess....

At any rate, the association between both KDLs is visible in the involved pointers: the in-use page from the free page list is 0x82203040 in the first panic; and in the second (vm_page_fault) the dereferencing of 0x8 occurs because a NULL pointer was used from a similar location,0x82203000.

P.S. I have a couple even more "exotic" KDLs if you guys are game.. They are from a fairly old hrev46004 but refer to things like VAnonymousCache.. merge with incompatible cache requested ..etc.

comment:2 Changed 5 years ago by ttcoder

Digging a little, seems I had a useful intuition to type continue after the first KDL to obtain a second KDL, since that second KDL corresponds very much to #9641 and #8028. Maybe this ticket can be used as supplemental information for the latter two and closed as duplicate (i.e. the people victim of the other two did not get the "got in use page" message like I did, maybe those tickets will be easier to debug with that new piece of info).

Also, the hrev I'm using is newer than the one for these 2 tickets (though clearly not up-to-date).

Last edited 5 years ago by ttcoder (previous) (diff)

comment:3 Changed 5 years ago by bonefish

Blocked By: 5474 added
Resolution: duplicate
Status: newclosed

Duplicate of #5474.

Note: See TracTickets for help on using tickets.