This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug kprobes/13112] New: kprobing some port i/o stuff seems unsafe


http://sourceware.org/bugzilla/show_bug.cgi?id=13112

             Bug #: 13112
           Summary: kprobing some port i/o stuff seems unsafe
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: kprobes
        AssignedTo: systemtap@sourceware.org
        ReportedBy: mjw@redhat.com
    Classification: Unclassified


Probably related to bug #13108.

Putting a kernel.function probe on "inw" as defined in
arch/x86/include/asm/io_64.h (old) or arch/x86/boot/boot.h (new) causes kernel
panics. There are some other functions in that header file that seem
problematic.

inw: systemtap: 1.7/0.152, base: ffffffffa0354000, memory:
63data/18text/10ctx/10net/33alloc kb, probes: 49
BUG: unable to handle kernel NULL pointer dereference at 0000000000000085
IP: [<ffffffff813b6f0c>] uhci_hub_status_data+0xec/0x200
PGD 9951d067 PUD 99018067 PMD 0 
Oops: 0002 [#1] SMP 
last sysfs file: /sys/module/xt_state/sections/__mcount_loc
CPU 2 
Modules linked in: inw(U) ebtable_nat ebtables ipt_MASQUERADE iptable_nat
nf_nat xt_CHECKSUM iptable_mangle bridge stp llc autofs4 nfs lockd fscache(T)
nfs_acl auth_rpcgss sunrpc xt_physdev ipt_REJECT nf_conntrack_ipv4
nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6
nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 dm_mirror
dm_region_hash dm_log vhost_net macvtap macvlan tun uinput sg microcode
virtio_balloon snd_intel8x0 snd_ac97_codec ac97_bus snd_seq snd_seq_device
snd_pcm snd_timer snd soundcore snd_page_alloc virtio_net i2c_piix4 i2c_core
ext4 mbcache jbd2 virtio_blk sr_mod cdrom virtio_pci virtio_ring virtio
pata_acpi ata_generic ata_piix dm_mod [last unloaded: speedstep_lib]

Modules linked in: inw(U) ebtable_nat ebtables ipt_MASQUERADE iptable_nat
nf_nat xt_CHECKSUM iptable_mangle bridge stp llc autofs4 nfs lockd fscache(T)
nfs_acl auth_rpcgss sunrpc xt_physdev ipt_REJECT nf_conntrack_ipv4
nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6
nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 dm_mirror
dm_region_hash dm_log vhost_net macvtap macvlan tun uinput sg microcode
virtio_balloon snd_intel8x0 snd_ac97_codec ac97_bus snd_seq snd_seq_device
snd_pcm snd_timer snd soundcore snd_page_alloc virtio_net i2c_piix4 i2c_core
ext4 mbcache jbd2 virtio_blk sr_mod cdrom virtio_pci virtio_ring virtio
pata_acpi ata_generic ata_piix dm_mod [last unloaded: speedstep_lib]
Pid: 0, comm: swapper Tainted: G           ---------------- T
2.6.32-131.6.1.el6.x86_64 #1 Bochs
RIP: 0010:[<ffffffff813b6f0c>]  [<ffffffff813b6f0c>]
uhci_hub_status_data+0xec/0x200
RSP: 0018:ffff880002103da0  EFLAGS: 00010146
RAX: 0000000000000085 RBX: ffff8800379fb998 RCX: 0000000000000001
RDX: 000000000000c030 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff880002103de0 R08: 000000000000080a R09: 0000000000000001
R10: ffff8800379fbab8 R11: 0000000000000002 R12: ffff8800379fb800
R13: ffff8800379fba20 R14: ffff880002103df0 R15: 0000000000000286
FS:  0000000000000000(0000) GS:ffff880002100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000085 CR3: 000000009a227000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper (pid: 0, threadinfo ffff88009c012000, task ffff88009c006040)
Stack:
 ffff88009c006040 0000000002103db8 ffffffff8103622c ffff8800379fb800
<0> ffff8800379fb8a0 ffff880002103e90 ffff880002103df0 ffffffff81391cd0
<0> ffff880002103e30 ffffffff8139140f ffff880002115f00 0000000000000002
Call Trace:
 <IRQ> 
 [<ffffffff8103622c>] ? kvm_clock_read+0x1c/0x20
 [<ffffffff81391cd0>] ? rh_timer_func+0x0/0x10
 [<ffffffff8139140f>] usb_hcd_poll_rh_status+0x5f/0x180
 [<ffffffff81391cd0>] ? rh_timer_func+0x0/0x10
 [<ffffffff81391cde>] rh_timer_func+0xe/0x10
 [<ffffffff81079ef7>] run_timer_softirq+0x197/0x340
 [<ffffffff8102a00d>] ? lapic_next_event+0x1d/0x30
 [<ffffffff8106f6e1>] __do_softirq+0xc1/0x1d0
 [<ffffffff81092c40>] ? hrtimer_interrupt+0x140/0x250
 [<ffffffff8100c2cc>] call_softirq+0x1c/0x30
 [<ffffffff8100df05>] do_softirq+0x65/0xa0
 [<ffffffff8106f4c5>] irq_exit+0x85/0x90
 [<ffffffff814e2f00>] smp_apic_timer_interrupt+0x70/0x9b
 [<ffffffff8100bc93>] apic_timer_interrupt+0x13/0x20
 <EOI> 
 [<ffffffff8103628b>] ? native_safe_halt+0xb/0x10
 [<ffffffff810142ed>] default_idle+0x4d/0xb0
 [<ffffffff81009e86>] cpu_idle+0xb6/0x110
 [<ffffffff814d425a>] start_secondary+0x202/0x245
Code: 66 4d 8d 94 24 b8 02 00 00 b9 01 00 00 00 31 f6 31 ff 41 b9 01 00 00 00
eb 09 0f 1f 44 00 00 41 0f b6 3e 48 8b 53 08 8d 54 72 10 <cc> ed 0f b7 c0 44 85
c0 75 0c 41 0f a3 32 19 d2 85 d2 89 c8 74 
RIP  [<ffffffff813b6f0c>] uhci_hub_status_data+0xec/0x200
 RSP <ffff880002103da0>
CR2: 0000000000000085
---[ end trace e726baaa907c31d1 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Pid: 0, comm: swapper Tainted: G      D    ---------------- T
2.6.32-131.6.1.el6.x86_64 #1
Call Trace:
 <IRQ>  [<ffffffff814da518>] ? panic+0x78/0x143
 [<ffffffff814de572>] ? oops_end+0xf2/0x100
 [<ffffffff81040c9b>] ? no_context+0xfb/0x260
 [<ffffffff81040f25>] ? __bad_area_nosemaphore+0x125/0x1e0
 [<ffffffff81040ff3>] ? bad_area_nosemaphore+0x13/0x20
 [<ffffffff810416cd>] ? __do_page_fault+0x31d/0x480
 [<ffffffffa0355a16>] ? probe_1997+0x186/0x250 [inw]
 [<ffffffffa03574be>] ? enter_kprobe_probe+0x1ae/0x330 [inw]
 [<ffffffff814e0b33>] ? opt_pre_handler+0x53/0x90
 [<ffffffff814e054e>] ? do_page_fault+0x3e/0xa0
 [<ffffffff814dd8d5>] ? page_fault+0x25/0x30
 [<ffffffff813b6f0c>] ? uhci_hub_status_data+0xec/0x200
 [<ffffffff8103622c>] ? kvm_clock_read+0x1c/0x20
 [<ffffffff81391cd0>] ? rh_timer_func+0x0/0x10
 [<ffffffff8139140f>] ? usb_hcd_poll_rh_status+0x5f/0x180
 [<ffffffff81391cd0>] ? rh_timer_func+0x0/0x10
 [<ffffffff81391cde>] ? rh_timer_func+0xe/0x10
 [<ffffffff81079ef7>] ? run_timer_softirq+0x197/0x340
 [<ffffffff8102a00d>] ? lapic_next_event+0x1d/0x30
 [<ffffffff8106f6e1>] ? __do_softirq+0xc1/0x1d0
 [<ffffffff81092c40>] ? hrtimer_interrupt+0x140/0x250
 [<ffffffff8100c2cc>] ? call_softirq+0x1c/0x30
 [<ffffffff8100df05>] ? do_softirq+0x65/0xa0
 [<ffffffff8106f4c5>] ? irq_exit+0x85/0x90
 [<ffffffff814e2f00>] ? smp_apic_timer_interrupt+0x70/0x9b
 [<ffffffff8100bc93>] ? apic_timer_interrupt+0x13/0x20
 <EOI>  [<ffffffff8103628b>] ? native_safe_halt+0xb/0x10
 [<ffffffff810142ed>] ? default_idle+0x4d/0xb0
 [<ffffffff81009e86>] ? cpu_idle+0xb6/0x110
 [<ffffffff814d425a>] ? start_secondary+0x202/0x245

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]