[haiku-bugs] Re: [Haiku] #8123: PANIC: object_cache: tried to free invalid object pointer
- From: "ahenriksson" <trac@xxxxxxxxxxxx>
- Date: Thu, 19 Jul 2012 12:25:37 -0000
#8123: PANIC: object_cache: tried to free invalid object pointer
-----------------------------+----------------------------
Reporter: beos_zealot | Owner: mmlr
Type: bug | Status: assigned
Priority: normal | Milestone: R1
Component: System/Kernel | Version: R1/Development
Resolution: | Keywords: slab deadbeef
Blocked By: | Blocking:
Has a Patch: 1 | Platform: x86
-----------------------------+----------------------------
Comment (by ahenriksson):
I've encountered this as well, or at least something very similar. The
problem is in the block cache, when a cached_block with is_dirty = true,
discard = false, transaction = NULL and ref_count = 0 is added to the
unused_blocks list. This can happen when a transaction is aborted, or when
the block cache is used without a transaction.
When RemoveUnusedBlocks() free's a block with these properties, it will
call BlockWriter::WriteBlock(), which eventually leads to the block being
re-added to the list in _BlockDone(). When execution returns to
RemoveUnusedBlocks(), the block is free'd. So at this point we have a
free'd block in the unused_blocks list, waiting to cause a crash.
reproduce.patch contains code to reproduce the crash, and
check_unused.patch is my attempt at fixing the problem. As far as I can
tell, cached_block::unused basically means "is this block in unused_list",
so checking for that tells _BlockDone() that it was called from
RemoveUnusedBlocks() and should not re-add the block.
--
Ticket URL: <http://dev.haiku-os.org/ticket/8123#comment:4>
Haiku <http://dev.haiku-os.org>
Haiku - the operating system.
Other related posts:
