From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23632 invoked by alias); 8 Dec 2005 02:40:17 -0000 Received: (qmail 23378 invoked by uid 22791); 8 Dec 2005 02:40:16 -0000 X-Spam-Status: No, hits=-0.1 required=5.0 tests=AWL,BAYES_05,DNS_FROM_RFC_POST X-Spam-Check-By: sourceware.org Received: from fmr24.intel.com (HELO scsfmr004.sc.intel.com) (143.183.121.16) by sourceware.org (qpsmtpd/0.31) with ESMTP; Thu, 08 Dec 2005 02:40:12 +0000 Received: from scsfmr100.sc.intel.com (scsfmr100.sc.intel.com [10.3.253.9]) by scsfmr004.sc.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id jB82eAlo006083 for ; Thu, 8 Dec 2005 02:40:10 GMT Received: from scsmsxvs040.sc.intel.com (scsmsxvs040.sc.intel.com [10.3.90.8]) by scsfmr100.sc.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id jB7Jour4006507 for ; Wed, 7 Dec 2005 19:51:01 GMT Received: from scsmsx332.amr.corp.intel.com ([10.3.90.6]) by scsmsxvs040.sc.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005120718400921806 for ; Wed, 07 Dec 2005 18:40:09 -0800 Received: from scsmsx403.amr.corp.intel.com ([10.3.90.18]) by scsmsx332.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 7 Dec 2005 18:40:10 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Bug translator/1276] support more timer varieties Date: Thu, 08 Dec 2005 02:40:00 -0000 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Bug translator/1276] support more timer varieties Thread-Index: AcX6lZLErKfUdDY3TvqKRXfe5jYBEQA/w7EQAAFq71A= From: "Stone, Joshua I" To: X-OriginalArrivalTime: 08 Dec 2005 02:40:10.0112 (UTC) FILETIME=[B511F800:01C5FBA0] X-Scanned-By: MIMEDefang 2.52 on 10.3.253.9 X-IsSubscribed: yes Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Post: List-Help: , Sender: systemtap-owner@sourceware.org X-SW-Source: 2005-q4/txt/msg00368.txt.bz2 Stone, Joshua I wrote: > When I was writing the test script, I did find a couple of probes that > failed, but it was unrelated to "current" dereferencing. I will > follow up in another email... As promised, here they are. I tried these with very simple probe bodies (increment a global number), so I know the crashes have nothing to do with "current" dereferencing. The first one that failed on me was 'kernel.inline("get_current")'. I figured this would be a dangerous one, but I wanted to try it. This matched 2710 locations for me, and probably a lot of them are in critical locations. When I ran this, I got "NMI Watchdog detected LOCKUP". It probably isn't worth trying to make this one work, but if we have a blacklist, this should be on it. The second one that failed was 'kernel.function("__switch_to").return'. This one is a problem with kretprobes only, as all of my other probes in __switch_to behaved just fine, even in the middle of the function. Running this gave "Kernel BUG at kprobes:449" (the full dump is included below). The line mentioned is in trampoline_probe_handler: BUG_ON(!orig_ret_address || (orig_ret_address =3D=3D trampoline_address)); It seems pretty obvious that the actions taken in __switch_to would conflict with the way the trampoline works. I don't know if it's possible to make kretprobes work on this function - if not, it should be blacklisted. Josh crashdump from kernel.function("__switch_to").return =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Kernel BUG at kprobes:449 invalid operand: 0000 [1] SMP CPU 1 Modules linked in: stap_4037(U) nfsd exportfs lockd md5 ipv6 parport_pc lp parport autofs4 i2c_dev i2c_core smbfs sunrpc ds yenta_socket pcmcia_core ipt_REJECT ipt_state ip_conntrack iptable_filter ip_tables dm_mirror dm_mod button battery ac joydev uhci_hcd ehci_hcd shpchp hw_random ata_piix snd_azx snd_hda_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc sk98lin(U) floppy ext3 jbd ahci libata sd_mod scsi_mod Pid: 4006, comm: sshd Tainted: GF 2.6.9-22.ELsmp RIP: 0010:[] {trampoline_probe_handler+130} RSP: 0018:0000010071d81b28 EFLAGS: 00010002 RAX: 0000000000000001 RBX: 000001007f9d4600 RCX: ffffffffa0000000 RDX: 0000000000000001 RSI: 0000010071d81bf8 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000010037e14000 R09: 0000000000000003 R10: 00000000000000ff R11: 0000000000000003 R12: 0000000000000000 R13: 0000010071d81bf8 R14: 0000000000000000 R15: 0000010002c1a5e0 FS: 0000002a96a33280(0000) GS:ffffffff804d3180(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000383c38f070 CR3: 0000000037e18000 CR4: 00000000000006e0 Process sshd (pid: 4006, threadinfo 0000010071d80000, task 0000010076dc3030) Stack: ffffffff803d16a0 ffffffff803d16a0 ffffffff80121785 0000010071d81bf8 ffffffff80121786 ffffffff80121751 ffffffff803db140 0000010071d81bb8 0000000000000002 0000010076dc3030 Call Trace: {kretprobe_trampoline+0} {kretprobe_trampoline+1} {kprobe_handler+559} {kprobe_exceptions_notify+40} {notifier_call_chain+31} {do_int3+66} {error_exit+0} {kretprobe_trampoline+1} {kretprobe_trampoline+0} {tty_ldisc_try+60} {schedule_timeout+101} {tty_ldisc_deref+103} {do_select+939} {__pollwait+0} {sys_select+820} {dnotify_parent+34} {system_call+126} Code: 0f 0b 64 b8 31 80 ff ff ff ff c1 01 49 89 ad 80 00 00 00 e8 RIP {trampoline_probe_handler+130} RSP <0000010071d81b28>