How to break the kernel

Jason Duerstock (jduersto@kendall.mdcc.edu)
Thu, 22 Feb 1996 17:56:21 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ulrich Windl: "Re: 1.3.67 problems w/xterm"
Previous message: Linus Torvalds: "Re: vger *should* produce quoted-printable"

Using my standard "break the kernel" method, I pulled this one out with
1.3.68 using the BSD NCR driver 1.4 with 4 commands/LUN on a DX2/80 with
a 2 GB SCSI, 9 GB SCSI, and two 16 MB swapfiles with the following
commands running concurrently:

dd if=/dev/sda of=/dev/null bs=1048576
dd if=/dev/sdb of=/dev/null bs=1048576

I tried narrowing this down to a __get_free_pages recursion problem by
checking the stack for STACK_MAGIC before returning from __get_free_pages
and I didn't get any messages from my if-printk code.

I would really like to get this bug fixed. Any and all suggestions on
where to start looking for the problem would be greately appreciated.

Anyhow, here is the system log + the ksymoops info:

Unable to handle kernel paging request at virtual address d01af518
current->tss.cr3 = 015f6000,
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<0010c85b>]
EFLAGS: 00010246
eax: 00acd520 ebx: 00000001 ecx: 00000042 edx: 00000000
esi: 00000010 edi: 015f7cd4 ebp: 00000400 esp: 015f7cb4
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process dd (pid: 205, process nr: 25, stackpage=015f7000)
Stack: <1>Unable to handle kernel paging request at virtual address d01af508
current->tss.cr3 = 015f6000,
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<0010c85b>]
EFLAGS: 00010246
eax: 00011e20 ebx: 00000000 ecx: 0004000d edx: 00000000
esi: 00000000 edi: 015f7bb8 ebp: 00000041 esp: 015f7b98
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process dd (pid: 205, process nr: 25, stackpage=015f7000)
Stack: 00000000 015f7bb8 015f7bb8 001c2285 001c2284 0010b5a6 00000000 015f7bb8
00000202 0004000d 0000ea60 001c2285 001c2284 00000041 00011e93 00000018
00170018 0000002b 0000002b fffffffe 00112d3d 00000010 00000202 001b3440
Call Trace: [<0010b5a6>] [<00170018>] [<00112d3d>] [<0010a928>] [<00190018>] [<001103cf>] [<001100e0>]
[<0010a66b>] [<00190018>] [<0010c85b>] [<0010b6c6>] [<0012002b>] [<001292ca>] [<001220c8>] [<00121fac>]
[<0010a4b9>]
Code: 8b 86 08 f5 1a 10 65 30 31 54 05 3a 31 55 45 30 31 10 05 30
Aiee, killing interrupt handler

>>EIP: 10c85b <do_IRQ+2b/40>
>>EIP: 10c85b <do_IRQ+2b/40>
Trace: 10b5a6 <IRQ0_interrupt+56/80>
Trace: 170018 <tty_set_ldisc+98/180>
Trace: 112d3d <printk+12d/140>
Trace: 10a928 <die_if_kernel+168/2e0>
Trace: 190018 <print_status+8/20>
Trace: 1103cf <do_page_fault+2ef/300>
Trace: 1103cf <do_page_fault+2ef/300>
Trace: 10a66b <error_code+4b/60>
Trace: 190018 <print_status+8/20>
Trace: 10c85b <do_IRQ+2b/40>
Trace: 10b6c6 <IRQ1_interrupt+56/80>
Trace: 12002b <unuse_vma+fb/270>
Trace: 1292ca <block_read+55a/680>
Trace: 1220c8 <sys_write+f8/110>
Trace: 121fac <sys_read+8c/b0>
Trace: 10a4b9 <system_call+59/a0>

Code: 10c85b <do_IRQ+2b/40> movl 0x101af508(%esi),%eax
Code: 10c861 <do_IRQ+31/40> xorb %dh,%gs:(%ecx)
Code: 10c864 <do_IRQ+34/40> pushl %esp
Code: 10c865 <do_IRQ+35/40> addl $0x4555313a,%eax
Code: 10c86a <do_IRQ+3a/40> xorb %dh,(%ecx)
Code: 10c86c <do_IRQ+3c/40> adcb %al,0x90900030

Next message: Ulrich Windl: "Re: 1.3.67 problems w/xterm"
Previous message: Linus Torvalds: "Re: vger *should* produce quoted-printable"