Reproducible Oops with 2.0.21

Erik Heinz (erik@iks-jena.de)
Tue, 24 Sep 1996 13:44:19 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bernd Schmidt: "string-486.h fixes"
Previous message: Jon Lewis: "Ack...2.0.10 just died on me"

Hi,

I am able to crash kernel 2.0.21 one one Linux box reliably using the
following procedure:
- floppy driver and ftape driver are compiled as modules
- ftape.o loaded by insmod
- someone tries to access floppy -> kerneld tries to load fd.o
-> Oops

Kernel log and ksymoops output are appended below. More detailed information
can be provided on request.

Hope this helps,
Erik

=============================================================================
floppy0: Unable to grab IRQ6 for the floppy driver
Unable to handle kernel paging request at virtual address c285be48
current->tss.cr3 = 01913000, hr3 = 01913000
*pde = 00001067
*pte = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<00110466>]
EFLAGS: 00010087
eax: 00075ae3 ebx: 00000212 ecx: 01916164 edx: 0285be40
esi: 000743b6 edi: 00000000 ebp: 01915f4c esp: 01915f48
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process kerneld (pid: 58, process nr: 13, stackpage=01915000)
Stack: 00075ae3 01915f94 0011581b 01916164 00001770 00000000 00000000 01915f94
0011595d 00000000 01915f94 01916018 0804b4ac bffffcb4 01915fb4 00110b9c
00000000 01915fa4 01915f94 bfffd000 00115456 00000000 bffffcb4 00000000
Call Trace: [<0011581b>] [<0011595d>] [<00110b9c>] [<00115456>] [<0010a472>]
Code: 39 42 08 72 f9 89 11 8b 42 04 89 41 04 89 4a 04 8b 41 04 89

>>EIP: 110466 <add_timer+16/34>
Trace: 11581b <_getitimer+5f/c0>
Trace: 11595d <_setitimer+31/110>
Trace: 110b9c <sys_alarm+30/40>
Trace: 115456 <sys_sigprocmask+26/a4>
Trace: 10a472 <system_call+52/80>

Code: 110466 <add_timer+16/34> cmpl %eax,0x8(%edx)
Code: 110469 <add_timer+19/34> jb fffffffe <_EIP+fffffffe>
Code: 11046b <add_timer+1b/34> movl %edx,(%ecx)
Code: 11046d <add_timer+1d/34> movl 0x4(%edx),%eax
Code: 110470 <add_timer+20/34> movl %eax,0x4(%ecx)
Code: 110473 <add_timer+23/34> movl %ecx,0x4(%edx)
Code: 110476 <add_timer+26/34> movl 0x4(%ecx),%eax
Code: 110479 <add_timer+29/34> movl %eax,(%eax)
Code: 11047b <add_timer+2b/34> nop
Code: 11047c <add_timer+2c/34> nop
Code: 11047d <add_timer+2d/34> nop

-- 
| Erik Heinz, IKS GmbH Jena * erik@iks-jena.de * privat: erik@jena.thur.de  |
+---------------------------------------------------------------------------+

Next message: Bernd Schmidt: "string-486.h fixes"
Previous message: Jon Lewis: "Ack...2.0.10 just died on me"