This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug testsuite/15803] systemtap 2.3 testsuite crashes linux 3.10 sometimes at netdev/enter_netfilter_probe_0

From: "timo.lindfors at iki dot fi" <sourceware-bugzilla at sourceware dot org>
To: systemtap at sourceware dot org
Date: Tue, 30 Jul 2013 11:18:27 +0000
Subject: [Bug testsuite/15803] systemtap 2.3 testsuite crashes linux 3.10 sometimes at netdev/enter_netfilter_probe_0
Auto-submitted: auto-generated
References: <bug-15803-6586 at http dot sourceware dot org/bugzilla/>

http://sourceware.org/bugzilla/show_bug.cgi?id=15803

--- Comment #2 from Timo Juhani Lindfors <timo.lindfors at iki dot fi> ---
With

sudo stap -m testcase -B CONFIG_DEBUG_INFO=y -g
./testsuite/systemtap.examples/network/netfilter_drop.stp TCP 1 -c "sleep 5"

I see

[  433.252967] BUG: unable to handle kernel NULL pointer dereference at
0000000000000280
[  433.252987] IP: [<ffffffffa0219c95>] enter_netfilter_probe_0+0x1ce/0x1dc
[testcase]
[  433.253000] PGD 0 
[  433.253003] Oops: 0000 [#1] SMP 
[  433.253007] Modules linked in: testcase(O) parport_pc ppdev lp parport cuse
binfmt_misc fuse rpcsec_gss_krb5 nfsv4 nfsd auth_rpcgss oid_registry nfs_acl
nfs lockd dns_resolver fscache sunrpc loop evdev snd_pcm_oss snd_mixer_oss
snd_pcm snd_page_alloc acpi_cpufreq snd_timer mperf processor snd thermal_sys
soundcore pcspkr ext3 mbcache jbd virtio_rng rng_core virtio_net virtio_blk
virtio_balloon virtio_pci virtio_ring virtio xen_blkfront xen_netfront [last
unloaded: testcase]
[  433.253056] CPU: 0 PID: 4186 Comm: sshd Tainted: G           O 3.10-1-amd64
#1 Debian 3.10.3-1
[  433.253062] task: ffff88003c73f100 ti: ffff88003c000000 task.ti:
ffff88003c000000
[  433.253067] RIP: e030:[<ffffffffa0219c95>]  [<ffffffffa0219c95>]
enter_netfilter_probe_0+0x1ce/0x1dc [testcase]
[  433.253078] RSP: e02b:ffff88003f803cd8  EFLAGS: 00010297
[  433.253082] RAX: 0000000000000000 RBX: ffffffff816994a0 RCX:
0000000000000000
[  433.253086] RDX: ffff880003b10000 RSI: ffff88003e38d080 RDI:
0000000000000001
[  433.253092] RBP: ffff88003e38d080 R08: ffffffff812eea8c R09:
ffff88003f803d60
[  433.253097] R10: ffffffff8167bf40 R11: 0000000000000001 R12:
0000000000000001
[  433.253101] R13: ffff880003b10000 R14: 0000000000000000 R15:
ffffffff812eea8c
[  433.253112] FS:  00007f2ac2850800(0000) GS:ffff88003f800000(0000)
knlGS:0000000000000000
[  433.253119] CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
[  433.253123] CR2: 0000000000000280 CR3: 000000003c0a5000 CR4:
0000000000000660
[  433.253129] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[  433.253133] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
[  433.253137] Stack:
[  433.253140]  ffffffff8167bf40 0000000000000000 ffffffff816994a0
ffff88003e38d080
[  433.253147]  ffffffff812e9ce2 ffff88003f803d60 ffffffffa021e2b0
ffff88003e38d080
[  433.253155]  ffff88003e38d080 0000000000000001 ffff880003b10000
0000000000000000
[  433.253164] Call Trace:
[  433.253167]  <IRQ> 
[  433.253169]  [<ffffffff812e9ce2>] ? nf_iterate+0x41/0x7e
[  433.253179]  [<ffffffff812e9d88>] ? nf_hook_slow+0x69/0xfd
[  433.253186]  [<ffffffff812eea8c>] ?
__xfrm_policy_check2.constprop.8+0x4c/0x4c
[  433.253193]  [<ffffffff812eed67>] ? ip_local_deliver+0x68/0x74
[  433.253201]  [<ffffffff812c6526>] ? __netif_receive_skb_core+0x426/0x49c
[  433.253206]  [<ffffffff812c6775>] ? netif_receive_skb+0x4c/0x7d
[  433.253213]  [<ffffffffa0002749>] ? xennet_poll+0x9d2/0xa07 [xen_netfront]
[  433.253219]  [<ffffffff812c6c77>] ? net_rx_action+0xa7/0x1df
[  433.253225]  [<ffffffff810421ba>] ? __do_softirq+0xea/0x205
[  433.253230]  [<ffffffff8104239f>] ? irq_exit+0x3e/0x81
[  433.253235]  [<ffffffff8123d582>] ? xen_evtchn_do_upcall+0x27/0x32
[  433.253241]  [<ffffffff8138e77e>] ? xen_do_hypervisor_callback+0x1e/0x30
[  433.253245]  <EOI> 
[  433.253247] Code: 94 c3 75 0a c7 05 30 5c 00 00 02 00 00 00 e8 94 15 00 00
48 85 db 74 0e 48 c7 c7 e4 cf 21 a0 31 c0 e8 dc fd ff ff 48 8b 44 24 08 <48> 8b
80 80 02 00 00 48 83 c4 10 5b 5d c3 53 48 83 ec 10 48 c7 
[  433.253293] RIP  [<ffffffffa0219c95>] enter_netfilter_probe_0+0x1ce/0x1dc
[testcase]
[  433.253300]  RSP <ffff88003f803cd8>
[  433.253303] CR2: 0000000000000280
[  433.253312] ---[ end trace 892021ee0971cf5e ]---

"objdump -drS testcase.ko" shows

...
static inline void atomic_set(atomic_t *v, int i)
{
        v->counter = i;
    3c6e:       c7 05 00 00 00 00 02    movl   $0x2,0x0(%rip)        # 3c78
<enter_netfilter_probe_0+0x1b1>
    3c75:       00 00 00 
                        3c70: R_X86_64_PC32     .bss+0x1360
    3c78:       e8 00 00 00 00          callq  3c7d
<enter_netfilter_probe_0+0x1b6>
                        3c79: R_X86_64_PC32     .text.unlikely+0x4
    3c7d:       48 85 db                test   %rbx,%rbx
    3c80:       74 0e                   je     3c90
<enter_netfilter_probe_0+0x1c9>
    3c82:       48 c7 c7 00 00 00 00    mov    $0x0,%rdi
                        3c85: R_X86_64_32S      .rodata.str1.1+0xc5c
    3c89:       31 c0                   xor    %eax,%eax
    3c8b:       e8 dc fd ff ff          callq  3a6c <_stp_error>
    3c90:       48 8b 44 24 08          mov    0x8(%rsp),%rax
    3c95:       48 8b 80 80 02 00 00    mov    0x280(%rax),%rax
    3c9c:       48 83 c4 10             add    $0x10,%rsp
    3ca0:       5b                      pop    %rbx
    3ca1:       5d                      pop    %rbp
    3ca2:       c3                      retq   
...

and the faulting instruction is at 0x3c95.

-- 
You are receiving this mail because:
You are the assignee for the bug.

References:
- [Bug testsuite/15803] New: systemtap 2.3 testsuite crashes linux 3.10 sometimes at netdev/enter_netfilter_probe_0
  - From: timo.lindfors at iki dot fi

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]