This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug uprobes/13539] New: occasional oops, kernel SEGV, RHEL5, :uprobes:uprobe_free_process+0xba/0x131


http://sourceware.org/bugzilla/show_bug.cgi?id=13539

             Bug #: 13539
           Summary: occasional oops, kernel SEGV, RHEL5,
                    :uprobes:uprobe_free_process+0xba/0x131
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: uprobes
        AssignedTo: systemtap@sourceware.org
        ReportedBy: fche@redhat.com
    Classification: Unclassified


Similar to bug #10332, the following Oops can sometimes be seen:

stap_f851e90ddc08f1485de5ede118eb805a_2165: systemtap: 1.7/0.152, base:
ffffffff88744000, memory: 93data/24text/4ctx/2058net/3
3alloc kb, probes: 2, unpriv-uid: 0
stap_d28d88f749ad814bb6852f92fe4169d7_3448: systemtap: 1.7/0.152, base:
ffffffff88744000, memory: 130data/24text/4ctx/2058net/
33alloc kb, probes: 7, unpriv-uid: 0
Unable to handle kernel paging request at 0000000000200200 RIP: 
 [<ffffffff88702f09>] :uprobes:uprobe_free_process+0xba/0x131
PGD 27bb0067 PUD 22076067 PMD 0 
Oops: 0002 [1] SMP 
last sysfs file: /module/zlib_deflate/sections/__versions
CPU 0 
Modules linked in: stap_d28d88f749ad814bb6852f92fe4169d7_3448(U) uprobes(U)
stap_332da8e4c59a2a43e9adc53782bbd601_594(U) zlib_
deflate mtdcore virtio_pci virtio_ring virtio_balloon virtio xt_tcpudp
iptable_nat ip_nat ip_conntrack nfnetlink ip_tables x_t
ables netconsole hidp nfs nfs_acl rfcomm l2cap bluetooth lockd sunrpc be2iscsi
ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_cor
e ib_addr iscsi_tcp bnx2i cnic ipv6 xfrm_nalgo crypto_api uio cxgb3i libcxgbi
cxgb3 8021q libiscsi_tcp libiscsi2 scsi_transpor
t_iscsi2 scsi_transport_iscsi loop dm_multipath scsi_dh video backlight sbs
power_meter hwmon i2c_ec dell_wmi wmi button batte
ry asus_acpi acpi_memhotplug ac lp floppy tpm_tis 8139too 8139cp ide_cd
parport_pc tpm cdrom pcspkr mii i2c_piix4 parport tpm_
bios serio_raw i2c_core dm_raid45 dm_message dm_region_hash dm_mem_cache
dm_snapshot dm_zero dm_mirror dm_log dm_mod ata_piix 
libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
Pid: 15624, comm: loop Tainted: GF    ---- 2.6.18-300.el5 #1
RIP: 0010:[<ffffffff88702f09>]  [<ffffffff88702f09>]
:uprobes:uprobe_free_process+0xba/0x131
RSP: 0018:ffff81000e4e3e78  EFLAGS: 00010206
RAX: 0000000000100100 RBX: ffff81000dc11e00 RCX: ffff81000dc11f48
RDX: 0000000000200200 RSI: 00000000006e34a0 RDI: 0000000000000000
RBP: ffff81000dc11e00 R08: ffff81002d9a7000 R09: 0000000000000000
R10: 00000000419379e0 R11: 0000000000000246 R12: 00007fff2bc01000
R13: ffff81000dc11f78 R14: ffff81002b61d640 R15: ffff81000e4e3f30
FS:  0000000041937940(0063) GS:ffffffff8042f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000200200 CR3: 000000003a86d000 CR4: 00000000000006e0
Stack:  ffff81000dc11e00 ffff810034023680 0000000000000000 ffffffff88702fd6
 ffff81000dc11e00 ffffffff887049a1 0000000000000000 ffff81001ab87e80
 0000000000000000 ffff81001d812080 0000000000000003 ffffffff800c5088
Call Trace:
 [<ffffffff88702fd6>] :uprobes:uprobe_put_process+0x56/0xa0
 [<ffffffff887049a1>] :uprobes:uprobe_report_exit+0x141/0x14f
 [<ffffffff800c5088>] utrace_report_exit+0x57/0x17d
 [<ffffffff800156a8>] do_exit+0xdb/0x955
 [<ffffffff8009557b>] complete_and_exit+0x0/0x16
 [<ffffffff8005d28d>] tracesys+0xd5/0xe0


Code: 48 89 02 74 04 48 89 50 08 48 c7 85 48 01 00 00 00 01 10 00 
RIP  [<ffffffff88702f09>] :uprobes:uprobe_free_process+0xba/0x131
 RSP <ffff81000e4e3e78>

     eea:       e8 00 00 00 00          callq  eef <uprobe_free_process+0xa0>
                        eeb: R_X86_64_PC32      kfree+0xfffffffffffffffc
     eef:       48 8d 8d 48 01 00 00    lea    0x148(%rbp),%rcx
     ef6:       48 8b 51 08             mov    0x8(%rcx),%rdx
     efa:       48 85 d2                test   %rdx,%rdx
     efd:       74 26                   je     f25 <uprobe_free_process+0xd6>
     eff:       48 8b 85 48 01 00 00    mov    0x148(%rbp),%rax
     f06:       48 85 c0                test   %rax,%rax
>>>  f09:       48 89 02                mov    %rax,(%rdx)

This appears to be an inlined copy of __hlist_del:

static inline void __hlist_del(struct hlist_node *n)
{
        struct hlist_node *next = n->next;
     eff:       48 8b 85 48 01 00 00    mov    0x148(%rbp),%rax
        struct hlist_node **pprev = n->pprev;
        *pprev = next;
        if (next)
     f06:       48 85 c0                test   %rax,%rax
     f09:       48 89 02                mov    %rax,(%rdx)
     f0c:       74 04                   je     f12 <uprobe_free_process+0xc3>
                next->pprev = pprev;
     f0e:       48 89 50 08             mov    %rdx,0x8(%rax)
}

in particular the *pprev = next; statement.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]