#9858: Ripping CDs -> page fault panic -----------------------------+---------------------------- Reporter: ttcoder | Owner: nobody Type: bug | Status: assigned Priority: high | Milestone: R1/beta1 Component: System/Kernel | Version: R1/Development Resolution: | Keywords: slab Blocked By: | Blocking: Has a Patch: 0 | Platform: All -----------------------------+---------------------------- Comment (by bonefish): The kernel `free()` does indeed fill the freed memory with "deadbeef". I don't think that is relevant in this case, though. From the back trace and the corresponding disassembly one can infer that in `list_remove_link()` the line {{{ link->next->prev = link->prev; }}} crashes. At this point `link` is in eax and `link->next` in ecx. Since ecx is a bad pointer, the {{{ mov %edx,0x4(%ecx) }}} instruction causes a page fault. The reason why the "deadbeef" in ecx is rotated, is that eax is not 4-byte aligned. `link` in this case refers to the head element of the `Team::dead_threads` list. The list element pointers should always be properly aligned. My conclusion is that either the list anchor (i.e. part of the `Team` structure) or one of the list elements has been corrupted. -- Ticket URL: <http://dev.haiku-os.org/ticket/9858#comment:20> Haiku <http://dev.haiku-os.org> Haiku - the operating system.