+++ This bug was initially created as a clone of Bug #312951 +++ The rawhide problem is present also in F7. Description of problem: -- Additional comment from adobriyan on 2007-05-29 03:55 EST -- We saw the following oops on rhel5 utrace code BUG: unable to handle kernel paging request at virtual address 7ca1c291 EIP is at utrace_get_signal+0x46/0x477 get_signal_to_deliver+0xdf/0x3b1 do_notify_resume+0xa9/0x6a5 audit_syscall_exit+0x285/0x2a1 work_notifysig+0x13/0x19 copy_to_user_policy+0x73/0x7f The failing IP corresponds to code in utrace_get_signal(): int utrace_get_signal(struct task_struct *tsk, struct pt_regs *regs, siginfo_t *info, struct k_sigaction *return_ka) { struct utrace *utrace = tsk->utrace; ... if (utrace->u.live.signal != NULL) { signal.signr = utrace->u.live.signal->signr; copy_siginfo(info, utrace->u.live.signal->info); ^^^^^^^^^^^^^^^^^^^^^^^^^^^ Bogus pointer was supplied here. How ->utrace assignment should be handled correctly? --------------------------------------------------------------------- On (2 CPUs; qemu-kvm) kernel-2.6.22.9-91.fc7.x86_64 seen: ------------[ cut here ]------------ kernel BUG at kernel/utrace.c:328! invalid opcode: 0000 [1] SMP last sysfs file: /class/sound/sequencer2/dev CPU 0 Modules linked in: snd_hda_intel snd_usb_audio snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc snd_usb_lib snd_rawmidi snd_seq_device snd_hwdep snd soundcore nfs nfsd exportfs lockd nfs_acl sunrpc ipv6 dm_mirror dm_mod video sbs button dock battery ac floppy 8139too 8139cp parport_pc mii parport sr_mod sg cdrom ata_piix ahci libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd Pid: 24866, comm: clone-get-signa Not tainted 2.6.22.9-91.fc7 #1 RIP: 0010:[<ffffffff81067ba6>] [<ffffffff81067ba6>] check_dead_utrace+0xf2/0x158 RSP: 0018:ffff8100070ede68 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff810008948800 RCX: 0000000000000000 RDX: 0000000000000008 RSI: ffff810007763900 RDI: ffff810008948800 RBP: 0000000000000000 R08: ffff810008948800 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: ffff810007763900 R13: 0000000000000000 R14: ffff810008948800 R15: 0000000000000000 FS: 00002aaaaaac2240(0000) GS:ffffffff813ad000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000304b550904 CR3: 000000000707f000 CR4: 00000000000006e0 Process clone-get-signa (pid: 24866, threadinfo ffff8100070ec000, task ffff8100086e4800) Stack: 0000000000000246 ffff810008948800 0000000000000000 000000000007e569 000000000007e569 ffffffff8106830d ffff810007763900 ffff810008948800 ffff8100077635c0 ffffffff8106846a ffff8100077635c0 ffff810008948800 Call Trace: [<ffffffff8106830d>] wake_quiescent+0x4f/0x10d [<ffffffff8106846a>] utrace_detach+0x9f/0xb2 [<ffffffff8106a315>] ptrace_detach+0x65/0x101 [<ffffffff8106a8cd>] ptrace_common+0x98/0x184 [<ffffffff8106b32e>] sys_ptrace+0xf0/0x1ed [<ffffffff81009c71>] tracesys+0x71/0xda [<ffffffff81009cd5>] tracesys+0xd5/0xda Code: 0f 0b eb fe 4c 89 e7 e8 e9 fd ff ff 49 83 fd 10 75 35 8b b3 RIP [<ffffffff81067ba6>] check_dead_utrace+0xf2/0x158 RSP <ffff8100070ede68> --------------------------------------------------------------------- Version-Release number of selected component (if applicable): kernel-2.6.22.9-91.fc7.x86_64 How reproducible: After 727 runs of the testcase; testcase has 2000 internal loops => => approx. 1454000th cycle. Steps to Reproduce: 1. gcc -o ./clone-get-signal ./clone-get-signal.c -Wall -ggdb2 2. while ./clone-get-signal ;do echo -n .;done Actual results: Kernel crash. Expected results: No kernel crash, just infinite dotting.
Created attachment 211741 [details] Testcase, a modified one from adobriyan-at-sw.ru.
Hello, I'm reviewing this bug as part of the kernel bug triage project, an attempt to isolate current bugs in the Fedora kernel. http://fedoraproject.org/wiki/KernelBugTriage I am CC'ing myself to this bug and will try and assist you in resolving it if I can. There hasn't been much activity on this bug for a while. Could you tell me if you are still having problems with the latest kernel? If the problem no longer exists then please close this bug or I'll do so in a few days if there is no additional information lodged.
(In reply to comment #2) > There hasn't been much activity on this bug for a while. Could you tell me if > you are still having problems with the latest kernel? This bug unfortunately still exists - its Fedora 8 counterpart is Bug 312951 and the main tracker page is at: http://sourceware.org/systemtap/wiki/utrace/tests
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists. Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs: http://docs.fedoraproject.org/release-notes/ The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fedora 7 changed to end-of-life (EOL) status on June 13, 2008. Fedora 7 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.