This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug kprobes/5963] New: testsuite/systemtap.maps/pmap_agg_overflow.stp crashes on 2.6.25-0.121.rc5.git4.fc9


I have a vmware image on a uniprocessor rhel4 i686 machine set up with the
Fedora 9 rawhide image. When running the "make installcheck" on a cvs nightly
checkout following test causes the kernel to oops:

testsuite/systemtap.maps/pmap_agg_overflow.stp

Able to crash the machine with the following command line:

./stap -v  -DMAXERRORS=1 -g \
../src/testsuite/systemtap.maps/pmap_agg_overflow.stp

The test crashes very frequently, but it doesn't crash every time. Below is the
back trace from /var/log/messages:

BUG: unable to handle kernel paging request at e0ac61c0
IP: [<c063b7b4>] get_kprobe+0x2d/0x3c
Oops: 0000 [#1] SMP 
Modules linked in: rfcomm l2cap bluetooth autofs4 sunrpc ipt_REJECT xt_tcpudp
nf_conntrack_ipv4 xt_state nf_conntrack iptable_filter ip_tables ip6table_filter
ip6_tables x_tables ipv6 loop dm_multipath snd_ens1371 gameport snd_rawmidi
snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
snd_seq_device parport_pc snd_pcm_oss parport snd_mixer_oss floppy snd_pcm
snd_timer pcspkr snd soundcore snd_page_alloc pcnet32 mii BusLogic i2c_piix4
i2c_core ac button sr_mod sg cdrom dm_snapshot dm_zero dm_mirror dm_mod ata_piix
ata_generic pata_acpi libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd
ehci_hcd [last unloaded: stap_968413d115d4668ca6effc95d048ae96_1280]

Pid: 2532, comm: staprun Not tainted (2.6.25-0.121.rc5.git4.fc9 #1)
EIP: 0060:[<c063b7b4>] EFLAGS: 00010086 CPU: 0
EIP is at get_kprobe+0x2d/0x3c
EAX: e0ac61c0 EBX: deb70c68 ECX: c0425bd0 EDX: 00f5d000
ESI: deb70d24 EDI: c1709164 EBP: deb70c70 ESP: deb70c68
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process staprun (pid: 2532, ti=deb70000 task=deb90000 task.ti=deb70000)
Stack: e0ac61c0 00000002 deb70c8c c063aa7f c0730714 00000097 c0731de4 ffffffff 
       00000000 deb70cac c063b700 deb70cec 00000002 00000000 c073032c deb70cec 
       00000002 deb70cd4 c063b756 ffffffff 00000000 00000002 00000001 c063b71f 
Call Trace:
 [<c063aa7f>] ? kprobe_exceptions_notify+0x70/0x442
 [<c063b700>] ? notifier_call_chain+0x2b/0x4a
 [<c063b756>] ? __atomic_notifier_call_chain+0x37/0x5a
 [<c063b71f>] ? __atomic_notifier_call_chain+0x0/0x5a
 [<c063b785>] ? atomic_notifier_call_chain+0xc/0xe
 [<c043d16b>] ? notify_die+0x2d/0x2f
 [<c063a290>] ? do_int3+0x3a/0x7d
 [<c0639cf3>] ? int3+0x27/0x2c
 [<c0425bd1>] ? scheduler_tick+0x1/0x284
 [<c043063a>] ? update_process_times+0x3d/0x49
 [<c04418fe>] ? tick_sched_timer+0x6d/0xa5
 [<c0441891>] ? tick_sched_timer+0x0/0xa5
 [<c043bc7e>] ? __run_hrtimer+0x51/0x88
 [<c043c681>] ? hrtimer_interrupt+0xf8/0x163
 [<c0414c87>] ? smp_apic_timer_interrupt+0x69/0x7c
 [<c040684b>] ? apic_timer_interrupt+0x33/0x38
 [<c044596a>] ? lock_acquire+0x7e/0x90
 [<c063b2a1>] ? do_page_fault+0x289/0x6bd
 [<c043c7da>] ? down_read_trylock+0x37/0x41
 [<c063b2a1>] ? do_page_fault+0x289/0x6bd
 [<c063b2a1>] ? do_page_fault+0x289/0x6bd
 [<c04d621d>] ? avc_has_perm_noaudit+0x3a1/0x3dc
 [<c04d623a>] ? avc_has_perm_noaudit+0x3be/0x3dc
 [<c040a2f4>] ? native_sched_clock+0xb5/0xd1
 [<c04d6b9c>] ? avc_has_perm+0x39/0x43
 [<c040a2f4>] ? native_sched_clock+0xb5/0xd1
 [<c040a026>] ? sched_clock+0x8/0xb
 [<c0442ffd>] ? lock_release_holdtime+0x1a/0x115
 [<c042f364>] ? sys_capset+0x2a1/0x2b2
 [<c06394d5>] ? _spin_unlock+0x1d/0x20
 [<c045eacb>] ? audit_syscall_exit+0x2b1/0x2cc
 [<c063b018>] ? do_page_fault+0x0/0x6bd
 [<c0639b5a>] ? error_code+0x72/0x78
 =======================
Code: 69 c0 01 00 37 9e 55 89 e5 53 c1 e8 1a 83 ec 04 8b 04 85 90 82 a9 c0 8d 5d
f8 89 45 f8 eb 03 89 55 f8 8b 03 85 c0 74 0e 8b 45 f8 <8b> 10 0f 18 02 90 39 48
18 75 e9 5a 5b 5d c3 55 89 e5 57 89 d7 
EIP: [<c063b7b4>] get_kprobe+0x2d/0x3c SS:ESP 0068:deb70c68
Kernel panic - not syncing: Fatal exception in interrupt


The disassembly of the function that EIP points to:

c063b787 <get_kprobe>:
c063b787:	89 c1                	mov    %eax,%ecx
c063b789:	69 c0 01 00 37 9e    	imul   $0x9e370001,%eax,%eax
c063b78f:	55                   	push   %ebp
c063b790:	89 e5                	mov    %esp,%ebp
c063b792:	53                   	push   %ebx
c063b793:	c1 e8 1a             	shr    $0x1a,%eax
c063b796:	83 ec 04             	sub    $0x4,%esp
c063b799:	8b 04 85 90 82 a9 c0 	mov    -0x3f567d70(,%eax,4),%eax
c063b7a0:	8d 5d f8             	lea    -0x8(%ebp),%ebx
c063b7a3:	89 45 f8             	mov    %eax,-0x8(%ebp)
c063b7a6:	eb 03                	jmp    c063b7ab <get_kprobe+0x24>
c063b7a8:	89 55 f8             	mov    %edx,-0x8(%ebp)
c063b7ab:	8b 03                	mov    (%ebx),%eax
c063b7ad:	85 c0                	test   %eax,%eax
c063b7af:	74 0e                	je     c063b7bf <get_kprobe+0x38>
c063b7b1:	8b 45 f8             	mov    -0x8(%ebp),%eax
c063b7b4:	8b 10                	mov    (%eax),%edx
c063b7b6:	8d 74 26 00          	lea    0x0(%esi,%eiz,1),%esi
c063b7ba:	39 48 18             	cmp    %ecx,0x18(%eax)
c063b7bd:	75 e9                	jne    c063b7a8 <get_kprobe+0x21>
c063b7bf:	5a                   	pop    %edx
c063b7c0:	5b                   	pop    %ebx
c063b7c1:	5d                   	pop    %ebp
c063b7c2:	c3                   	ret

-- 
           Summary: testsuite/systemtap.maps/pmap_agg_overflow.stp crashes
                    on  2.6.25-0.121.rc5.git4.fc9
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: critical
          Priority: P2
         Component: kprobes
        AssignedTo: systemtap at sources dot redhat dot com
        ReportedBy: wcohen at redhat dot com
GCC target triplet: i686


http://sourceware.org/bugzilla/show_bug.cgi?id=5963

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]