#50 closed bug (fixed)
Bluescreen after boot [PANIC: free()]
| Reported by: | Owned by: | axeld | |
|---|---|---|---|
| Priority: | normal | Milestone: | R1 |
| Component: | System/Kernel | Version: | |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
KDL after boot with message:
PANIC: free(): address 0x803b7b80 already exists in bin free list.
Attachments (1)
Change History (20)
comment:1 by , 19 years ago
comment:2 by , 19 years ago
| Status: | new → assigned |
|---|
comment:3 by , 19 years ago
Note 1 : clearly elf_load_user_image() is returning B_NO_MORE_FDS which makes us returning to _user_exec, and thus calling free_strings_array again, even if args were freed already by "free_team_arg(teamArgs)" in team_create_thread_start(). This case should be handled more gracefully.
Note 2 : the bug doesn't appear when settings DEFAULT_FD_TABLE_SIZE to 256 in headers/private/kernel/vfs.h. Here we actually hit a table size limit. Question: is the kernel leaking FDs or the limit is too low anyway ?
comment:4 by , 19 years ago
Tested ok with this diff (which doesn't fix the "Too many open files" for elf_load_user_image() ) :
Index: src/system/kernel/team.c =================================================================== --- src/system/kernel/team.c (revision 14255) +++ src/system/kernel/team.c (working copy) @@ -1008,8 +1008,6 @@
TRACE(("team_create_thread_start: loading elf binary '%s'\n", path));
- free_team_arg(teamArgs);
-
ToDo: don't use fixed paths! err = elf_load_user_image("/boot/beos/system/lib/rld.so", team, 0,
&entry);
if (err < B_OK) {
@@ -1021,6 +1019,7 @@
TRACE(("team_create_thread_start: loaded elf. entry = 0x%lx\n", entry));
+ free_team_arg(teamArgs);
team->state = TEAM_STATE_NORMAL;
jump to the entry point in user space
comment:5 by , 19 years ago
Tested ok with this diff (which doesn't fix the "Too many open files" for elf_load_user_image() ) :
Index: src/system/kernel/team.c =================================================================== --- src/system/kernel/team.c (revision 14255) +++ src/system/kernel/team.c (working copy) @@ -1008,8 +1008,6 @@
TRACE(("team_create_thread_start: loading elf binary '%s'\n", path));
- free_team_arg(teamArgs);
-
ToDo: don't use fixed paths! err = elf_load_user_image("/boot/beos/system/lib/rld.so", team, 0,
&entry);
if (err < B_OK) {
@@ -1021,6 +1019,7 @@
TRACE(("team_create_thread_start: loaded elf. entry = 0x%lx\n", entry));
+ free_team_arg(teamArgs);
team->state = TEAM_STATE_NORMAL;
jump to the entry point in user space
comment:6 by , 19 years ago
| Resolution: | → fixed |
|---|
comment:8 by , 19 years ago
| Status: | assigned → closed |
|---|
comment:9 by , 19 years ago
| Status: | closed → reopened |
|---|
comment:10 by , 19 years ago
| Resolution: | fixed |
|---|
comment:11 by , 19 years ago
| Status: | reopened → new |
|---|
comment:12 by , 19 years ago
| Owner: | changed from to |
|---|
comment:14 by , 19 years ago
| Owner: | changed from to |
|---|
comment:15 by , 19 years ago
| Status: | new → assigned |
|---|
comment:16 by , 19 years ago
comment:17 by , 19 years ago
| Resolution: | → fixed |
|---|
comment:18 by , 19 years ago
| Status: | assigned → closed |
|---|
confirmed: reproduced when doing "find /dev" twice
loaded driver /boot/beos/system/add-ons/kernel/drivers/dev/net/net_stack_driver PANIC: free(): address 0x80405970 already exists in bin free list
Welcome to Kernel Debugging Land... Running on CPU 0 kdebug> sc iframe 0x81b07fac (end = 0x81b08000) stack trace for thread 0x49 "find"
frame caller <image>:function + offset 81b077e4 (+ 48) 80073ae1 <kernel>:kernel_debugger_loop + 0x0109 81b07814 (+ 32) 80073ff6 <kernel>:kernel_debugger + 0x0092 81b07834 (+ 176) 80073f5a <kernel>:panic + 0x0036 81b078e4 (+ 64) 800258a2 <kernel>:free + 0x017e 81b07924 (+ 48) 8002f5ac <kernel>:free_strings_array + 0x0028 81b07954 (+1104) 80031926 <kernel>:_user_exec + 0x00e6 81b07da4 (+ 352) 8002d77b <kernel>:syscall_dispatcher + 0x041f 81b07f04 (+ 160) 80078ba3 <kernel>:i386_handle_trap + 0x0243 iframe at 0x81b07fac
7ffe6cf4 -- read fault