I've discovered a really serious bug in the MM (probably in the swapping
code, but I'm not sure because I didn't try to understand the whole MM machinery
yet): You can simply crash the system by issuing "grep any_string /dev/zero".
As the lines in /dev/zero have infinite length, grep tries to allocate still more
memory for its line buffer until the memory is exhausted. But no out of memory
message appear and the system gets frozen (interrupts work, but normal processes
don't). When I tried to look at the running processes (Ctrl-ScrlLock), I noticed
that kswapd is still running. When straced, the last call shown is
mmap(0, 83894272, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS,
~0) -> 0x40c2ff00
The return value is probably wrong as I have only 8 megs of RAM and 12 megs
of swap... I've written a small test program which reproduces the bug:
void main(void)
{
char *k;
int i = 80000000;
printf("%08x\n", k = malloc(i));
while (--i)
k[i] = 0;
}
Any ideas?
Martin