* [Bug runtime/19000] several task tapset functions can cause kernel crash
2015-09-24 8:58 [Bug runtime/19000] New: several task tapset functions can cause kernel crash mcermak at redhat dot com
@ 2015-09-25 10:54 ` mcermak at redhat dot com
2015-09-25 15:09 ` dsmith at redhat dot com
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: mcermak at redhat dot com @ 2015-09-25 10:54 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=19000
--- Comment #1 from Martin Cermak <mcermak at redhat dot com> ---
(In reply to Martin Cermak from comment #0)
> Following tapset functions can crash the kernel when run with invalid
> arguments: task_egid(), task_euid(), task_gid(), task_ns_gid(),
> task_ns_pid(), task_ns_tid().
task_uid() too
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug runtime/19000] several task tapset functions can cause kernel crash
2015-09-24 8:58 [Bug runtime/19000] New: several task tapset functions can cause kernel crash mcermak at redhat dot com
2015-09-25 10:54 ` [Bug runtime/19000] " mcermak at redhat dot com
@ 2015-09-25 15:09 ` dsmith at redhat dot com
2015-10-02 12:56 ` mcermak at redhat dot com
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dsmith at redhat dot com @ 2015-09-25 15:09 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=19000
David Smith <dsmith at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |dsmith at redhat dot com
Resolution|--- |FIXED
--- Comment #2 from David Smith <dsmith at redhat dot com> ---
Fixed in commit 08c687a. Updated several functions: task_ns_pid(),
task_ns_tid(), task_gid(), task_ns_gid(), task_egid(), task_ns_egid(),
task_uid(), task_ns_uid(), task_euid(), and task_ns_euid().
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug runtime/19000] several task tapset functions can cause kernel crash
2015-09-24 8:58 [Bug runtime/19000] New: several task tapset functions can cause kernel crash mcermak at redhat dot com
2015-09-25 10:54 ` [Bug runtime/19000] " mcermak at redhat dot com
2015-09-25 15:09 ` dsmith at redhat dot com
@ 2015-10-02 12:56 ` mcermak at redhat dot com
2015-10-02 18:53 ` mcermak at redhat dot com
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: mcermak at redhat dot com @ 2015-10-02 12:56 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=19000
--- Comment #3 from Martin Cermak <mcermak at redhat dot com> ---
Using stap release-2.9-4-g4dc97b40ad9e, `stap -ge 'probe oneshot
{println(task_egid(0))}'` still seems to kill the rhel7/s390x kernel:
=======
[ 727.130211] stap_09eb0146da34d3191a27df63ae2c7fb4_3098: module verification
f
ailed: signature and/or required key missing - tainting kernel
[ 727.170592] Unable to handle kernel pointer dereference at virtual kernel
add
ress 00a8b00000001000
[ 727.170635] Oops: 0038 [#1] SMP
[ 727.170639] Modules linked in:
stap_09eb0146da34d3191a27df63ae2c7fb4_3098(OE)
vmur nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c
dasd_f
ba_mod qeth_l2 dasd_eckd_mod dasd_mod lcs ctcm qeth qdio ccwgroup fsm dm_mirror
dm_region_hash dm_log dm_mod
[ 727.170667] CPU: 1 PID: 3098 Comm: stapio Tainted: G OE
----------
-- 3.10.0-319.el7.s390x #1
[ 727.170671] task: 0000000001fa5be0 ti: 000000007ab54000 task.ti:
000000007ab5
4000
[ 727.170675] Krnl PSW : 0704e00180000000 00000000001c2816
(map_id_up+0x6/0x80)
[ 727.170683] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0
EA:
3
Krnl GPRS: 0000000000000081 00000000001c2980 00a8b00000001044 0000000000000000
[ 727.170692] 000003ff00000001 0000000000000000 000003e081e05270
000
000007ab57d90
[ 727.170701] 0000000000000000 000003e081e05000 000003ff00000001
000
0000000000000
[ 727.170702] 000000000000000c 000000000000092f 00000000001c29ac
000
000007ab57cc0
[ 727.170710] Krnl Code: 00000000001c280c: 07fe bcr 15,%r14
00000000001c280e: 0707 bcr 0,%r7
#00000000001c2810: ebbcf0700024 stmg %r11,%r12,112(%r15)
>00000000001c2816: 58b02000 l %r11,0(%r2)
00000000001c281a: 07e0 bcr 14,%r0
00000000001c281c: ecb8001b007e cij %r11,0,8,1c2852
00000000001c2822: b9040012 lgr %r1,%r2
00000000001c2826: a7080000 lhi %r0,0
[ 727.170722] Call Trace:
[ 727.170723] ([<0000000000000001>] 0x1)
[ 727.170725] [<000003ff80839508>] probe_2757+0x178/0x320
[stap_09eb0146da34d3
191a27df63ae2c7fb4_3098]
[ 727.170728] [<000003ff8083aade>] enter_be_probe+0x10e/0x230
[stap_09eb0146da
34d3191a27df63ae2c7fb4_3098]
[ 727.170730] [<000003ff8083ba5e>] _stp_ctl_write_cmd+0x94e/0x9d0
[stap_09eb01
46da34d3191a27df63ae2c7fb4_3098]
[ 727.170733] [<000000000028b4ea>] vfs_write+0xa2/0x1c8
[ 727.170737] [<000000000028c084>] SyS_write+0x6c/0x100
[ 727.170738] [<00000000005d66fa>] sysc_tracego+0x14/0x1a
[ 727.170742] [<000003fffd389520>] 0x3fffd389520
[ 727.170744] Last Breaking-Event-Address:
[ 727.170744] [<00000000001c29a6>] from_kgid_munged+0x26/0x48
[ 727.170746]
[ 727.170747] Kernel panic - not syncing: Fatal exception: panic_on_oops
00: HCPGSP2629I The virtual machine is placed in CP mode due to a SIGP stop
from
CPU 00.
01: HCPGIR450W CP entered; disabled wait PSW 00020001 80000000 00000000
0010EC20
=======
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug runtime/19000] several task tapset functions can cause kernel crash
2015-09-24 8:58 [Bug runtime/19000] New: several task tapset functions can cause kernel crash mcermak at redhat dot com
` (2 preceding siblings ...)
2015-10-02 12:56 ` mcermak at redhat dot com
@ 2015-10-02 18:53 ` mcermak at redhat dot com
2015-10-02 20:57 ` mcermak at redhat dot com
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: mcermak at redhat dot com @ 2015-10-02 18:53 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=19000
--- Comment #4 from Martin Cermak <mcermak at redhat dot com> ---
Hmm, same with `stap -ge 'probe oneshot {println(task_euid(0))}'` on rhel7.2 /
s390x kernel:
=======
[ 3661.098528] stap_d81f3e59f58b2c26a85410ab00420e35_3393: module verification
f
ailed: signature and/or required key missing - tainting kernel
[ 3661.138794] Unable to handle kernel pointer dereference at virtual kernel
add
ress 00a8b00000011000
[ 3661.138835] Oops: 0038 [#1] SMP
[ 3661.138839] Modules linked in:
stap_d81f3e59f58b2c26a85410ab00420e35_3393(OE)
nfsv3 rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache vmur nfsd auth_rpcgss
nfs_
acl lockd grace sunrpc ip_tables xfs libcrc32c dasd_fba_mod qeth_l2
dasd_eckd_mo
d dasd_mod lcs ctcm fsm qeth qdio ccwgroup dm_mirror dm_region_hash dm_log
dm_mo
d
[ 3661.138874] CPU: 0 PID: 3393 Comm: stapio Tainted: G OE
----------
-- 3.10.0-319.el7.s390x #1
[ 3661.138877] task: 000000007d439b90 ti: 000000007cb98000 task.ti:
000000007cb9
8000
[ 3661.138881] Krnl PSW : 0704e00180000000 00000000001c2816
(map_id_up+0x6/0x80)
[ 3661.138890] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0
EA:
3
Krnl GPRS: 0000000000000081 00000000001c28e0 00a8b00000011202 0000000000000000
[ 3661.138935] 000003ff00000001 0000000000000000 000003e0817fa270
000
000007cb9bd90
[ 3661.138941] 0000000000000000 000003e0817fa000 000003ff00000001
000
0000000000000
[ 3661.138943] 000000000000000c 000000000000092f 00000000001c2908
000
000007cb9bcc0
[ 3661.138952] Krnl Code: 00000000001c280c: 07fe bcr 15,%r14
00000000001c280e: 0707 bcr 0,%r7
#00000000001c2810: ebbcf0700024 stmg %r11,%r12,112(%r15)
>00000000001c2816: 58b02000 l %r11,0(%r2)
00000000001c281a: 07e0 bcr 14,%r0
00000000001c281c: ecb8001b007e cij %r11,0,8,1c2852
00000000001c2822: b9040012 lgr %r1,%r2
00000000001c2826: a7080000 lhi %r0,0
[ 3661.139022] Call Trace:
[ 3661.139025] ([<0000000000000001>] 0x1)
[ 3661.139031] [<000003ff8092e508>] probe_2757+0x178/0x320
[stap_d81f3e59f58b2c
26a85410ab00420e35_3393]
[ 3661.139038] [<000003ff8092fade>] 01: HCPGSP2629I The virtual machine is
plac
ed in CP mode due to a SIGP stop from
CPU 01.
enter_be_probe+0x10e/0x230 [stap_d81f3e59f58b2c26a85410ab00420e35_3393]
[ 3661.139070] [<000003ff80930a5e>] _stp_ctl_write_cmd+0x94e/0x9d0
[stap_d81f3e
59f58b2c26a85410ab00420e35_3393]
[ 3661.139073] [<000000000028b4ea>] vfs_write+0xa2/0x1c8
[ 3661.139078] [<000000000028c084>] SyS_write+0x6c/0x100
[ 3661.139081] [<00000000005d66fa>] sysc_tracego+0x14/0x1a
[ 3661.139087] [<000003fffd475520>] 0x3fffd475520
[ 3661.139094] Last Breaking-Event-Address:
[ 3661.139102] [<00000000001c2902>] from_kuid_munged+0x22/0x48
[ 3661.139106]
[ 3661.139107] Kernel panic - not syncing: Fatal exception: panic_on_oops
00: HCPGIR450W CP entered; disabled wait PSW 00020001 80000000 00000000
0010EC20
=======
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug runtime/19000] several task tapset functions can cause kernel crash
2015-09-24 8:58 [Bug runtime/19000] New: several task tapset functions can cause kernel crash mcermak at redhat dot com
` (3 preceding siblings ...)
2015-10-02 18:53 ` mcermak at redhat dot com
@ 2015-10-02 20:57 ` mcermak at redhat dot com
2015-10-05 16:21 ` dsmith at redhat dot com
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: mcermak at redhat dot com @ 2015-10-02 20:57 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=19000
--- Comment #5 from Martin Cermak <mcermak at redhat dot com> ---
Similarly task_gid(0) or task_gid(1) on rhel-7 / s390x. Good news is that
issues reported in comments 3, 4, and this one (5) are only related to rhel-7 /
s390x. They do not crash rhel-6 or rhel-5 / s390x kernels. I can offer access
to testing boxes if that would be of any help.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug runtime/19000] several task tapset functions can cause kernel crash
2015-09-24 8:58 [Bug runtime/19000] New: several task tapset functions can cause kernel crash mcermak at redhat dot com
` (4 preceding siblings ...)
2015-10-02 20:57 ` mcermak at redhat dot com
@ 2015-10-05 16:21 ` dsmith at redhat dot com
2015-10-05 21:17 ` mcermak at redhat dot com
2015-10-07 15:25 ` dsmith at redhat dot com
7 siblings, 0 replies; 9+ messages in thread
From: dsmith at redhat dot com @ 2015-10-05 16:21 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=19000
--- Comment #6 from David Smith <dsmith at redhat dot com> ---
Those s390x failures should be resolved by commit aee2613.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug runtime/19000] several task tapset functions can cause kernel crash
2015-09-24 8:58 [Bug runtime/19000] New: several task tapset functions can cause kernel crash mcermak at redhat dot com
` (5 preceding siblings ...)
2015-10-05 16:21 ` dsmith at redhat dot com
@ 2015-10-05 21:17 ` mcermak at redhat dot com
2015-10-07 15:25 ` dsmith at redhat dot com
7 siblings, 0 replies; 9+ messages in thread
From: mcermak at redhat dot com @ 2015-10-05 21:17 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=19000
--- Comment #7 from Martin Cermak <mcermak at redhat dot com> ---
Excuse me for reporting issues again. It looks like task_ns_pid() and
task_ns_tid() still need attention on rhel7/s390x. The rest looks fine to me.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug runtime/19000] several task tapset functions can cause kernel crash
2015-09-24 8:58 [Bug runtime/19000] New: several task tapset functions can cause kernel crash mcermak at redhat dot com
` (6 preceding siblings ...)
2015-10-05 21:17 ` mcermak at redhat dot com
@ 2015-10-07 15:25 ` dsmith at redhat dot com
7 siblings, 0 replies; 9+ messages in thread
From: dsmith at redhat dot com @ 2015-10-07 15:25 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=19000
--- Comment #8 from David Smith <dsmith at redhat dot com> ---
Those task_ns_pid() and task_ns_tid() rhel7/s390x failures should be fixed in
commit 19b8ace.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread