Reproductible kernel crash (2.1.1)

Philippe Troin Fri, 5 Feb 1999 02:45:50 -0500
Philippe Troin <[EMAIL PROTECTED]> writes:

Run the enclosed crashme program with a big number of concurrent
processes while doing a lot of inode access like in:

  $ crashme 10 &
  $ while true; do find / > /dev/null; done &

And you'll get:
 1) A lot of "Warning: dev (03:07) tty->count(0) != #fd's(2) in
    do_tty_hangup"
 2) A few Warning: null TTY for (03:01) in tty_fasync 
 3) And finally a couple of this oopses (or worse) (you might have to
    wait a few minutes for these)

==================== Begin Oops ====================
Unable to handle kernel NULL pointer dereference at virtual address 00000000
current->tss.cr3 = 05be1000, %cr3 = 05be1000
*pde = 00000000
Oops: 0002
CPU:    1
EIP:    0010:[<c019d926>]
EFLAGS: 00010282
eax: c7fc1020   ebx: 00000001   ecx: 00000009   edx: 00000001
esi: c7fc1020   edi: 00000000   ebp: 00000000   esp: c7dfbe4c
ds: 0018   es: 0018   ss: 0018
Process find (pid: 196, process nr: 21, stackpage=c7dfb000)
Stack: c7e8fd40 c7dfbe84 c7fc1000 00000000 c011172e c7fc1000 00000000 c7dfa000 
       c7e8fd40 c7dfa000 c7e8fd40 00000000 00000001 c0242020 00000000 c0127601 
       00000002 c3df18e0 00000000 00000000 c7dfa000 c7e8fd6c c013d406 c7e8fd40 
Call Trace: [<c011172e>] [<c0127601>] [<c013d406>] [<c013af19>] [<c011c3e3>] 
[<c011c607>] [<c012f810>] 
       [<c012f688>] [<c013ae50>] [<c0108c00>] 
Code: f3 a5 a1 c4 c3 27 c0 8b 74 24 10 39 86 c8 00 00 00 74 5b 8b 

>>EIP: c019d926 <do_tty_hangup+14a/2d0>
Trace: c011172e <schedule+d2/360>
Trace: c0127601 <__wait_on_buffer+c9/12c>
Trace: c013d406 <ext2_bread+e2/114>
Trace: c013af19 <ext2_readdir+c9/584>
Trace: c011c3e3 <do_anonymous_page+97/a8>
Trace: c011c607 <handle_mm_fault+103/1e8>
Trace: c012f810 <sys_getdents+104/170>
Trace: c012f688 <filldir+0/84>
Code:  c019d926 <do_tty_hangup+14a/2d0>        00000000 <_EIP>:
Code:  c019d926 <do_tty_hangup+14a/2d0>           0:    f3 a5           repz movsl 
%ds:(%esi),%es:(%edi)
Code:  c019d928 <do_tty_hangup+14c/2d0>           2:    a1 c4 c3 27 c0  movl   
0xc027c3c4,%eax
Code:  c019d92d <do_tty_hangup+151/2d0>           7:    8b 74 24 10     movl   
0x10(%esp,1),%esi
Code:  c019d931 <do_tty_hangup+155/2d0>           b:    39 86 c8 00 00  cmpl   
%eax,0xc8(%esi)
Code:  c019d936 <do_tty_hangup+15a/2d0>          10:    00 
Code:  c019d937 <do_tty_hangup+15b/2d0>          11:    74 5b           je     6e 
<_EIP+0x6e> c019d994 <do_tty_hangup+1b8/2d0>
Code:  c019d939 <do_tty_hangup+15d/2d0>          13:    8b 00           movl   
(%eax),%eax
==================== End Oops ====================

The crashme thingie spawns <N> processes (<N> defined on the command
line) which just open and close tty/pty pairs endlessly.

This is on:
Linux ceramic 2.2.1 #8 SMP Wed Feb 3 19:49:07 PST 1999 i686 unknown
with 2 CPUs, without UNIX98_PTYS support.

Phil.
crashme.c
Reproductible kernel crash (2.1.1)

Reply via email to
