Crash in init() in 1.3.26..1.3.32

Dick Streefland (
Tue, 10 Oct 1995 19:33:58 +0100 (MET)

Since kernel version 1.3.26, I cannot boot from a bootflop without
directly crashing the kernel. The root filesystem on the floppy neither
has an 'init' process nor an /etc/rc script. Instead, /bin/sh is forked
directly by init(). I added some printf() calls to init(), and found out
that the crash occurs during the _exit() call in the following code

/* if this fails, fall through to original stuff */

if (!(pid=fork())) {
if (open("/etc/rc",O_RDONLY,0))

This is the decoded Oops message:

Trying to free free memory (00039000): memory probably corrupted
PC = 00039000
Trying to free nonexisting swap-page
Trying to free nonexisting swap-page
Unable to handle kernel NULL pointer dereference at virtual address c0000004
current->tss.cr3 = 00101000, %cr3 = 00101000
*pde = 00102067
*pte = 00000027
Oops: 0002
EIP: 0010:0011ba59
EFLAGS: 00010006
eax: 00000000 ebx: 00000000 ecx: 00000000 edx: 0003a000
esi: fffff000 edi: 0003b000 ebp: 0000001d esp: 00040f58
ds: 0018 es: 0018 fs: 002b gs: 0018 ss: 0018
Process swapper (pid: 2, process nr: 2, stackpage=00040000)
Stack: .....
Call Trace: 00118d25 00115ed4 001160df 00116162 0010a961 00109732

EIP = 0011ba59 (_free_pages + 0x00a1)
Call trace = Trace: (unknown)
Call trace = 00118d25 (_free_page_tables + 0x0105)
Call trace = 00115ed4 (_exit_mm + 0x0050)
Call trace = 001160df (_do_exit + 0x004b)
Call trace = 00116162 (_sys_exit + 0x000e)
Call trace = 0010a961 (_system_call + 0x0059)
Call trace = 00109732 (_init + 0x01c2)

When I copy /bin/sh to /etc/init, it is execve()ed directly without a
fork(), and the kernel doesn't crash. It looks to me that the memory map
of the init process is inconsistent.

Hope this helps,

Dick Streefland              ////         Tasking Software BV            (@ @)             The Netherlands