* 2.5.48: reliable oops in lock_get_status, with test program
@ 2002-11-20 19:42 Burton Windle
0 siblings, 0 replies; only message in thread
From: Burton Windle @ 2002-11-20 19:42 UTC (permalink / raw)
To: matthew; +Cc: linux-fsdevel
I can reproduce this is at will with a simple test case. This is also
logged at http://bugzilla.kernel.org/show_bug.cgi?id=16
Using this file, taken from LKML post by Dave Olien <dmo@osdl.org>:
-------------threaded test program. Run this first---------------------------
------------ compile with -lpthread -lm flags --------------------------
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <math.h>
#include <pthread.h>
#include <getopt.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/fcntl.h>
#include <sys/time.h>
#include <sys/utsname.h>
void *worker_thread(void *arg)
{
sleep(60);
}
static pthread_attr_t thread_attr;
#define NTHREADS 8
main()
{
int i;
int fd;
struct flock lock;
fd = open("/tmp/dmo", O_RDWR);
if (fd == -1) {
perror("open failed");
exit(0);
}
lock.l_whence = SEEK_SET;
lock.l_type = F_WRLCK;
lock.l_start = 0;
lock.l_len = 1;
if (fcntl(fd, F_SETLK, &lock) == -1) {
perror("F_SETLK failed\n");
exit(0);
}
pthread_attr_init(&thread_attr);
pthread_attr_setdetachstate(&thread_attr, PTHREAD_CREATE_DETACHED);
for (i = 0; i < NTHREADS; i++) {
pthread_t worker_tid;
if (pthread_create(&worker_tid, &thread_attr, worker_thread,
(void *)NULL) != 0) {
perror("thread create failed");
exit(1);
}
}
sleep(30);
}
---end ----
so it is named "1", and run this script will cause an oops on my machine
100% of the time.
#!/bin/sh
echo "asdf" > /tmp/dmo
./1 &
sleep 2
killall 1
#erase /tmo/dmo because lock still exists for dead program (bug?)
rm /tmp/dmo
echo "asdf" > /tmp/dmo
./1 &
sleep 2
cat /proc/locks
killall 1
#next cat will oops
cat /proc/locks
Here is the decoded oops:
Unable to handle kernel NULL pointer dereference at virtual address
00000008
printing eip:
c014c54f
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0060:[<c014c54f>] Not tainted
EFLAGS: 00010286
EIP is at lock_get_status+0x17/0x20c
eax: 00000000 ebx: c8d3b02d ecx: c8d3b000 edx: c8d3b02d
esi: c13cf814 edi: 00000000 ebp: 00000400 esp: c8d33ee0
ds: 0068 es: 0068 ss: 0068
Process cat (pid: 267, threadinfo=c8d32000 task=c8d15940)
Stack: c13cf618 c13cf818 c13cf814 c014c85c c8d3b02d c13cf814 00000002 c0287173
c8d32000 00000400 00000400 c8d3b000 c8d33f1c c8d33f20 00000002 c8d3b02d
0000002d c015feaa c8d3b000 c8d33f7c 00000000 00000400 00000000 00000400
Call Trace:
[<c014c85c>] get_locks_status+0x80/0x148
[<c015feaa>] locks_read_proc+0x36/0x80
[<c015dc98>] proc_file_read+0xec/0x190
[<c013a022>] vfs_read+0xc2/0x158
[<c013a2f2>] sys_read+0x2a/0x3c
[<c010891b>] syscall_call+0x7/0xb
Code: 8b 78 08 8b 44 24 1c 50 8b 44 24 1c 50 68 8c 70 28 c0 53 e8
--
Burton Windle burton@fint.org
Linux: the "grim reaper of innocent orphaned children."
from /usr/src/linux-2.4.18/init/main.c:461
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-11-20 19:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-20 19:42 2.5.48: reliable oops in lock_get_status, with test program Burton Windle
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).