Description of problem: When testing bz519692 I met the kernel panic problem, by executing the following script: SYMVER=/boot/System.map-`uname -r` FUNC=`grep get_random_int $SYMVER | awk 'NR==1' | awk '{ print $1 }'` sed s#_FUNC_#0x${FUNC}# get_random_int.gen > get_random_int.stp stap -vvg -DMAXACTION=20480 get_random_int.stp the kernel panics suddenly, puts out the following message: SystemTap translator/driver (version 0.6.2/0.131 built 2009-03-17) Copyright (C) 2005-2008 Red Hat, Inc. and others This is free software; see the source for copying conditions. Created temporary directory "/tmp/stap1ktKWB" Searched '/usr/share/systemtap/tapset/ia64/*.stp', found 1 Searched '/usr/share/systemtap/tapset/*.stp', found 37 Pass 1: parsed user script and 38 library script(s) in 293usr/5sys/300real ms. Pass 2: analyzed script: 1 probe(s), 2 function(s), 1 embed(s), 0 global(s) in 3usr/1sys/35real ms. Pass 3: translated to C into "/tmp/stap1ktKWB/stap_5d9462950b04d614a6bff800643b8f21_533.c" in 0usr/0sys/24real ms. Running make -C "/lib/modules/2.6.9-89.0.11.EL/build" M="/tmp/stap1ktKWB" modules >/dev/null Pass 4: compiled C into "stap_5d9462950b04d614a6bff800643b8f21_533.ko" in 3600usr/291sys/5189real ms. Copying /tmp/stap1ktKWB/stap_5d9462950b04d614a6bff800643b8f21_533.ko to /root/.systemtap/cache/5d/stap_5d9462950b04d614a6bff800643b8f21_533.ko Copying /tmp/stap1ktKWB/stap_5d9462950b04d614a6bff800643b8f21_533.c to /root/.systemtap/cache/5d/stap_5d9462950b04d614a6bff800643b8f21_533.c Pass 5: starting run. Running /usr/bin/staprun -v -d 3717 /tmp/stap1ktKWB/stap_5d9462950b04d614a6bff800643b8f21_533.ko Unable to handle kernel paging request at virtual address 80c0058006150810 stapio[3843]: Oops 4294967296 [1] Modules linked in: stap_5d9462950b04d614a6bff800643b8f21_533(U) md5 ipv6 parport_pc lp parport autofs4 sunrpc ds yenta_socket pcmcia_core vfat fat loop button ohci_hcd ehci_hcd tg3 dm_snapshot dm_zero dm_mirror ext3 jbd dm_mod mptscsih mptsas mptspi mptscsi mptbase sd_mod scsi_mod Pid: 3843, CPU 1, comm: stapio psr : 0000101008126010 ifs : 8000000000000002 ip : [<80c0058006150810>] Not tainted ip is at 0x80c0058006150810 unat: 0000000000000000 pfs : 000000000000050c rsc : 0000000000000003 rnat: 0000000000000000 bsps: 0000000000000000 pr : 0000000000015559 ldrs: 0000000000000000 ccv : 0000000000000000 fpsr: 0009804c8a70033f csd : 0000000000000000 ssd : 0000000000000000 b0 : a000000200542c80 b6 : 80c0058006150818 b7 : a000000200544520 f6 : 1003e0000000000001400 f7 : 1003e8080808080808081 f8 : 1003e00000000000027d8 f9 : 1003e000000000ff00000 f10 : 1003e000000003b5f2d38 f11 : 1003e44b831eee7285baf r1 : 2000000000467e33 r2 : 0000000000032000 r3 : 0000000000031ffe r8 : 0000000000031ffe r9 : 0000000000000000 r10 : 0000000000000000 r11 : 0000000000031ffc r12 : e00000b00c0f7d60 r13 : e00000b00c0f0000 r14 : 0000000000031fff r15 : 0000000000010000 r16 : 0000000000000001 r17 : e0000030f5e44080 r18 : e0000030f5e44098 r19 : 0000000000000003 r20 : 0000000000000001 r21 : 0000000000000002 r22 : 0000000000000000 r23 : 0000000000000008 r24 : 0000000000000001 r25 : a000000200550630 r26 : a0000001003014e8 r27 : 80c0058006150818 r28 : a000000200550628 r29 : ffffffffffff85a0 r30 : e000003003020000 r31 : 0000000000000000 Call Trace: [<a000000100016e40>] show_stack+0x80/0xa0 sp=e00000b00c0f78f0 bsp=e00000b00c0f11d8 [<a000000100017750>] show_regs+0x890/0x8c0 sp=e00000b00c0f7ac0 bsp=e00000b00c0f1190 [<a00000010003ecf0>] die+0x150/0x240 sp=e00000b00c0f7ae0 bsp=e00000b00c0f1150 [<a000000100064bc0>] ia64_do_page_fault+0x8e0/0xbe0 sp=e00000b00c0f7ae0 bsp=e00000b00c0f10e8 [<a00000010000f600>] ia64_leave_kernel+0x0/0x260 sp=e00000b00c0f7b90 bsp=e00000b00c0f10e8 Kernel panic - not syncing: Fatal exception Version-Release number of selected component (if applicable): systemtap-runtime-0.6.2-2.el4_7.ia64. systemtap-0.6.2-2.el4_7.ia64. kernel-2.6.9-89.0.11 How reproducible: 100% Steps to Reproduce: 1. see above 2. 3. Actual results: see above error message Expected results: SystemTap translator/driver (version 0.6.2/0.131 built 2009-03-17) Copyright (C) 2005-2008 Red Hat, Inc. and others This is free software; see the source for copying conditions. Created temporary directory "/tmp/stapBGCmMm" Searched '/usr/share/systemtap/tapset/i686/*.stp', found 1 Searched '/usr/share/systemtap/tapset/*.stp', found 37 Pass 1: parsed user script and 38 library script(s) in 440usr/10sys/460real ms. Pass 2: analyzed script: 1 probe(s), 2 function(s), 1 embed(s), 0 global(s) in 0usr/0sys/7real ms. Pass 3: translated to C into "/tmp/stapBGCmMm/stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.c" in 0usr/0sys/2real ms. Running make -C "/lib/modules/2.6.9-89.0.11.ELsmp/build" M="/tmp/stapBGCmMm" modules >/dev/null Pass 4: compiled C into "stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.ko" in 2720usr/350sys/3807real ms. Copying /tmp/stapBGCmMm/stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.ko to //.systemtap/cache/d6/stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.ko Copying /tmp/stapBGCmMm/stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.c to //.systemtap/cache/d6/stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.c Pass 5: starting run. Running /usr/bin/staprun -v -d 4966 /tmp/stapBGCmMm/stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.ko stapio:cleanup_and_exit:216 CLEANUP AND EXIT closed=0 stapio:cleanup_and_exit:229 closing control channel Pass 5: run completed in 10usr/250sys/294real ms. Running rm -rf /tmp/stapBGCmMm Additional info:
Created attachment 359965 [details] get_random_int.gen file in 2nd step.
*** Bug 521605 has been marked as a duplicate of this bug. ***
The effect of the proposed script is to call an unexported kernel symbol by type-casting a hex address located in /boot/Symbol* into a function pointer, then calling through that pointer in a guru-mode embedded-c function. This sort of hackery is just not correct, for multiple reasons. The addresses found may not be actual function addresses at run time. They may be in need of relocation, or special dereferencing (as for ppc function descriptors). We do not document a supported procedure for calling into unexported kernel functions from a systemtap script. Even if we did, it certainly wouldn't be as simple this.