521600 – systemtap causes panic on ia64

Bug 521600 - systemtap causes panic on ia64

Summary: systemtap causes panic on ia64

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	systemtap
Sub Component:
Version:	4.8
Hardware:	ia64
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Frank Ch. Eigler
QA Contact:	BaseOS QE
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	521605 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-09-07 08:30 UTC by Caspar Zhang
Modified:	2013-07-03 07:22 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-09-07 18:09:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
get_random_int.gen file in 2nd step. (224 bytes, text/plain) 2009-09-07 08:40 UTC, Caspar Zhang	no flags	Details
View All

Description Caspar Zhang 2009-09-07 08:30:19 UTC

Description of problem:

When testing bz519692 I met the kernel panic problem, by executing the following script:

SYMVER=/boot/System.map-`uname -r`
FUNC=`grep get_random_int $SYMVER | awk 'NR==1' | awk '{ print $1 }'`
sed s#_FUNC_#0x${FUNC}# get_random_int.gen > get_random_int.stp
stap -vvg -DMAXACTION=20480 get_random_int.stp

the kernel panics suddenly, puts out the following message:

SystemTap translator/driver (version 0.6.2/0.131 built 2009-03-17)
Copyright (C) 2005-2008 Red Hat, Inc. and others
This is free software; see the source for copying conditions.
Created temporary directory "/tmp/stap1ktKWB"
Searched '/usr/share/systemtap/tapset/ia64/*.stp', found 1
Searched '/usr/share/systemtap/tapset/*.stp', found 37
Pass 1: parsed user script and 38 library script(s) in 293usr/5sys/300real ms.
Pass 2: analyzed script: 1 probe(s), 2 function(s), 1 embed(s), 0 global(s) in 3usr/1sys/35real ms.
Pass 3: translated to C into "/tmp/stap1ktKWB/stap_5d9462950b04d614a6bff800643b8f21_533.c" in 0usr/0sys/24real ms.
Running make -C "/lib/modules/2.6.9-89.0.11.EL/build" M="/tmp/stap1ktKWB" modules >/dev/null
Pass 4: compiled C into "stap_5d9462950b04d614a6bff800643b8f21_533.ko" in 3600usr/291sys/5189real ms.
Copying /tmp/stap1ktKWB/stap_5d9462950b04d614a6bff800643b8f21_533.ko to /root/.systemtap/cache/5d/stap_5d9462950b04d614a6bff800643b8f21_533.ko
Copying /tmp/stap1ktKWB/stap_5d9462950b04d614a6bff800643b8f21_533.c to /root/.systemtap/cache/5d/stap_5d9462950b04d614a6bff800643b8f21_533.c
Pass 5: starting run.
Running /usr/bin/staprun -v -d 3717 /tmp/stap1ktKWB/stap_5d9462950b04d614a6bff800643b8f21_533.ko
Unable to handle kernel paging request at virtual address 80c0058006150810
stapio[3843]: Oops 4294967296 [1]
Modules linked in: stap_5d9462950b04d614a6bff800643b8f21_533(U) md5 ipv6 parport_pc lp parport autofs4 sunrpc ds yenta_socket pcmcia_core vfat fat loop button ohci_hcd ehci_hcd tg3 dm_snapshot dm_zero dm_mirror ext3 jbd dm_mod mptscsih mptsas mptspi mptscsi mptbase sd_mod scsi_mod

Pid: 3843, CPU 1, comm:               stapio
psr : 0000101008126010 ifs : 8000000000000002 ip  : [<80c0058006150810>]    Not tainted
ip is at 0x80c0058006150810
unat: 0000000000000000 pfs : 000000000000050c rsc : 0000000000000003
rnat: 0000000000000000 bsps: 0000000000000000 pr  : 0000000000015559
ldrs: 0000000000000000 ccv : 0000000000000000 fpsr: 0009804c8a70033f
csd : 0000000000000000 ssd : 0000000000000000
b0  : a000000200542c80 b6  : 80c0058006150818 b7  : a000000200544520
f6  : 1003e0000000000001400 f7  : 1003e8080808080808081
f8  : 1003e00000000000027d8 f9  : 1003e000000000ff00000
f10 : 1003e000000003b5f2d38 f11 : 1003e44b831eee7285baf
r1  : 2000000000467e33 r2  : 0000000000032000 r3  : 0000000000031ffe
r8  : 0000000000031ffe r9  : 0000000000000000 r10 : 0000000000000000
r11 : 0000000000031ffc r12 : e00000b00c0f7d60 r13 : e00000b00c0f0000
r14 : 0000000000031fff r15 : 0000000000010000 r16 : 0000000000000001
r17 : e0000030f5e44080 r18 : e0000030f5e44098 r19 : 0000000000000003
r20 : 0000000000000001 r21 : 0000000000000002 r22 : 0000000000000000
r23 : 0000000000000008 r24 : 0000000000000001 r25 : a000000200550630
r26 : a0000001003014e8 r27 : 80c0058006150818 r28 : a000000200550628
r29 : ffffffffffff85a0 r30 : e000003003020000 r31 : 0000000000000000

Call Trace:
 [<a000000100016e40>] show_stack+0x80/0xa0
                                sp=e00000b00c0f78f0 bsp=e00000b00c0f11d8
 [<a000000100017750>] show_regs+0x890/0x8c0
                                sp=e00000b00c0f7ac0 bsp=e00000b00c0f1190
 [<a00000010003ecf0>] die+0x150/0x240
                                sp=e00000b00c0f7ae0 bsp=e00000b00c0f1150
 [<a000000100064bc0>] ia64_do_page_fault+0x8e0/0xbe0
                                sp=e00000b00c0f7ae0 bsp=e00000b00c0f10e8
 [<a00000010000f600>] ia64_leave_kernel+0x0/0x260
                                sp=e00000b00c0f7b90 bsp=e00000b00c0f10e8
Kernel panic - not syncing: Fatal exception



Version-Release number of selected component (if applicable):

systemtap-runtime-0.6.2-2.el4_7.ia64.
systemtap-0.6.2-2.el4_7.ia64.
kernel-2.6.9-89.0.11

How reproducible:

100%

Steps to Reproduce:
1. see above
2.
3.
  
Actual results:

see above error message

Expected results:

SystemTap translator/driver (version 0.6.2/0.131 built 2009-03-17)
Copyright (C) 2005-2008 Red Hat, Inc. and others
This is free software; see the source for copying conditions.
Created temporary directory "/tmp/stapBGCmMm"
Searched '/usr/share/systemtap/tapset/i686/*.stp', found 1
Searched '/usr/share/systemtap/tapset/*.stp', found 37
Pass 1: parsed user script and 38 library script(s) in 440usr/10sys/460real ms.
Pass 2: analyzed script: 1 probe(s), 2 function(s), 1 embed(s), 0 global(s) in 0usr/0sys/7real ms.
Pass 3: translated to C into "/tmp/stapBGCmMm/stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.c" in 0usr/0sys/2real ms.
Running make -C "/lib/modules/2.6.9-89.0.11.ELsmp/build" M="/tmp/stapBGCmMm" modules >/dev/null
Pass 4: compiled C into "stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.ko" in 2720usr/350sys/3807real ms.
Copying /tmp/stapBGCmMm/stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.ko to //.systemtap/cache/d6/stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.ko
Copying /tmp/stapBGCmMm/stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.c to //.systemtap/cache/d6/stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.c
Pass 5: starting run.
Running /usr/bin/staprun -v -d 4966 /tmp/stapBGCmMm/stap_d6c37f5dcc49ab158c632e8b459c9dfc_512.ko
stapio:cleanup_and_exit:216 CLEANUP AND EXIT  closed=0
stapio:cleanup_and_exit:229 closing control channel
Pass 5: run completed in 10usr/250sys/294real ms.
Running rm -rf /tmp/stapBGCmMm


Additional info:

Comment 1 Caspar Zhang 2009-09-07 08:40:57 UTC

Created attachment 359965 [details]
get_random_int.gen file in 2nd step.

Comment 2 Frank Ch. Eigler 2009-09-07 18:09:02 UTC

*** Bug 521605 has been marked as a duplicate of this bug. ***

Comment 3 Frank Ch. Eigler 2009-09-07 18:09:18 UTC

The effect of the proposed script is to call an unexported kernel symbol
by type-casting a hex address located in /boot/Symbol* into a function
pointer, then calling through that pointer in a guru-mode embedded-c 
function.

This sort of hackery is just not correct, for multiple reasons.
The addresses found may not be actual function addresses at run
time.  They may be in need of relocation, or special dereferencing
(as for ppc function descriptors).

We do not document a supported procedure for calling into
unexported kernel functions from a systemtap script.  Even
if we did, it certainly wouldn't be as simple this.

Note You need to log in before you can comment on or make changes to this bug.