Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#50 closed bug (fixed)

Bluescreen after boot [PANIC: free()]

Reported by: adeynichenko@… Owned by: axeld
Priority: normal Milestone: R1
Component: System/Kernel Version:
Keywords: Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All

Description

KDL after boot with message:

PANIC: free(): address 0x803b7b80 already exists in bin free list.

Attachments (1)

bootlog.txt (41.0 KB ) - added by adeynichenko@… 14 years ago.
bootlog.txt

Download all attachments as: .zip

Change History (20)

comment:1 by korli, 14 years ago

confirmed: reproduced when doing "find /dev" twice

loaded driver /boot/beos/system/add-ons/kernel/drivers/dev/net/net_stack_driver PANIC: free(): address 0x80405970 already exists in bin free list

Welcome to Kernel Debugging Land... Running on CPU 0 kdebug> sc iframe 0x81b07fac (end = 0x81b08000) stack trace for thread 0x49 "find"

kernel stack: 0x81b06000 to 0x81b08000

user stack: 0x7efe7000 to 0x7ffe7000

frame caller <image>:function + offset 81b077e4 (+ 48) 80073ae1 <kernel>:kernel_debugger_loop + 0x0109 81b07814 (+ 32) 80073ff6 <kernel>:kernel_debugger + 0x0092 81b07834 (+ 176) 80073f5a <kernel>:panic + 0x0036 81b078e4 (+ 64) 800258a2 <kernel>:free + 0x017e 81b07924 (+ 48) 8002f5ac <kernel>:free_strings_array + 0x0028 81b07954 (+1104) 80031926 <kernel>:_user_exec + 0x00e6 81b07da4 (+ 352) 8002d77b <kernel>:syscall_dispatcher + 0x041f 81b07f04 (+ 160) 80078ba3 <kernel>:i386_handle_trap + 0x0243 iframe at 0x81b07fac

eax 0x18 ebx 0x30b658 ecx 0x5 edx 0x7ffe6bac esi 0x7ffe7008 edi 0x1b ebp 0x7ffe6cf4 esp 0x81b07fdc eip 0x2b3c8f eflags 0x10217 vector: 0x63, error code: 0x0

7ffe6cf4 -- read fault

comment:2 by korli, 14 years ago

Status: newassigned

comment:3 by korli, 14 years ago

Note 1 : clearly elf_load_user_image() is returning B_NO_MORE_FDS which makes us returning to _user_exec, and thus calling free_strings_array again, even if args were freed already by "free_team_arg(teamArgs)" in team_create_thread_start(). This case should be handled more gracefully.

Note 2 : the bug doesn't appear when settings DEFAULT_FD_TABLE_SIZE to 256 in headers/private/kernel/vfs.h. Here we actually hit a table size limit. Question: is the kernel leaking FDs or the limit is too low anyway ?

by adeynichenko@…, 14 years ago

Attachment: bootlog.txt added

bootlog.txt

comment:4 by korli, 14 years ago

Tested ok with this diff (which doesn't fix the "Too many open files" for elf_load_user_image() ) :

Index: src/system/kernel/team.c =================================================================== --- src/system/kernel/team.c (revision 14255) +++ src/system/kernel/team.c (working copy) @@ -1008,8 +1008,6 @@

TRACE(("team_create_thread_start: loading elf binary '%s'\n", path));

  • free_team_arg(teamArgs);

-

ToDo: don't use fixed paths! err = elf_load_user_image("/boot/beos/system/lib/rld.so", team, 0,

&entry);

if (err < B_OK) {

@@ -1021,6 +1019,7 @@

TRACE(("team_create_thread_start: loaded elf. entry = 0x%lx\n", entry));

+ free_team_arg(teamArgs);

team->state = TEAM_STATE_NORMAL;

jump to the entry point in user space

comment:5 by korli, 14 years ago

Tested ok with this diff (which doesn't fix the "Too many open files" for elf_load_user_image() ) :

Index: src/system/kernel/team.c =================================================================== --- src/system/kernel/team.c (revision 14255) +++ src/system/kernel/team.c (working copy) @@ -1008,8 +1008,6 @@

TRACE(("team_create_thread_start: loading elf binary '%s'\n", path));

  • free_team_arg(teamArgs);

-

ToDo: don't use fixed paths! err = elf_load_user_image("/boot/beos/system/lib/rld.so", team, 0,

&entry);

if (err < B_OK) {

@@ -1021,6 +1019,7 @@

TRACE(("team_create_thread_start: loaded elf. entry = 0x%lx\n", entry));

+ free_team_arg(teamArgs);

team->state = TEAM_STATE_NORMAL;

jump to the entry point in user space

comment:6 by adeynichenko@…, 14 years ago

Resolution: fixed

comment:7 by adeynichenko@…, 14 years ago

KDL fixed

comment:8 by adeynichenko@…, 14 years ago

Status: assignedclosed

comment:9 by adeynichenko@…, 14 years ago

Status: closedreopened

comment:10 by adeynichenko@…, 14 years ago

Resolution: fixed

comment:11 by adeynichenko@…, 14 years ago

Status: reopenednew

comment:12 by adeynichenko@…, 14 years ago

Owner: changed from axeld to korli@…

comment:13 by korli, 14 years ago

Axel, please review this bug

comment:14 by korli, 14 years ago

Owner: changed from korli@… to axeld

comment:15 by korli, 14 years ago

Status: newassigned

comment:16 by axeld, 14 years ago

Bug has been fixed, and the kernel was leaking FDs: see hrev14303 and hrev14305.

comment:17 by axeld, 14 years ago

Resolution: fixed

comment:18 by axeld, 14 years ago

Status: assignedclosed

comment:19 by korli, 14 years ago

Tested OK

Note: See TracTickets for help on using tickets.