[Bug runtime/21726] New: on rawhide, the backtrace.exp test case causes a kernel panic

[Bug runtime/21726] New: on rawhide, the backtrace.exp test case causes a kernel panic

[dsmith at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=21726

            Bug ID: 21726
           Summary: on rawhide, the backtrace.exp test case causes a
                    kernel panic
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: runtime
          Assignee: systemtap at sourceware dot org
          Reporter: dsmith at redhat dot com
  Target Milestone: ---

On rawhide (4.12.0-0.rc7.git2.1.fc27.x86_64), I'm seeing the following kernel
panic when running the backtrace.exp test case:

====
[  388.153533] BUG: unable to handle kernel paging request at ffffffffc043307e
[  388.154243] IP: report_bug+0x94/0x120
[  388.154607] PGD 66e14067 
[  388.154608] P4D 66e14067 
[  388.154866] PUD 66e16067 
[  388.155123] PMD 13425d067 
[  388.155380] PTE 800000010a0c9161
[  388.155654] 
[  388.156144] Oops: 0003 [#1] SMP
[  388.156452] Modules linked in:
stap_e826df493357d85b1964bab4f742b8d4_2337(OE) sunrpc ppdev crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel joydev virtio_net virtio_balloon tpm_tis
parport_pc i2c_piix4 tpm_tis_core parport tpm pvpanic xfs libcrc32c
virtio_console virtio_blk crc32c_intel serio_raw virtio_pci virtio_ring
ata_generic virtio pata_acpi
[  388.159371] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G           OE  
4.12.0-0.rc7.git2.1.fc27.x86_64 #1
[  388.160225] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[  388.160783] task: ffffffff89e18500 task.stack: ffffffff89e00000
[  388.161351] RIP: 0010:report_bug+0x94/0x120
[  388.161761] RSP: 0018:ffff88c6ffc03c00 EFLAGS: 00010002
[  388.162275] RAX: 0000000000000907 RBX: ffff88c6ffc03d68 RCX:
ffffffffc0433074
[  388.162954] RDX: 0000000000000001 RSI: 0000000000000047 RDI:
0000000000000001
[  388.163628] RBP: ffff88c6ffc03c20 R08: 0000006ed270b039 R09:
22bcc9f200000000
[  388.164301] R10: 0000000000000001 R11: 0000000000000000 R12:
ffffffffc042bc79
[  388.164986] R13: ffffffffc0432888 R14: 0000000000000004 R15:
ffff88c6ffc03d68
[  388.165676] FS:  0000000000000000(0000) GS:ffff88c6ffc00000(0000)
knlGS:0000000000000000
[  388.166448] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  388.166995] CR2: ffffffffc043307e CR3: 00000001382bc000 CR4:
00000000001406f0
[  388.167679] Call Trace:
[  388.167922]  <IRQ>
[  388.168131]  ? _stp_stack_kernel_get.part.39+0x3f9/0x410
[stap_e826df493357d85b1964bab4f742b8d4_2337]
[  388.169023]  fixup_bug+0x2e/0x50
[  388.169339]  do_trap+0x119/0x150
[  388.169657]  do_error_trap+0xa3/0x160
[  388.170023]  ? _stp_stack_kernel_get.part.39+0x3f9/0x410
[stap_e826df493357d85b1964bab4f742b8d4_2337]
[  388.170912]  ? unwind_frame.constprop.59+0x8c1/0x11b0
[stap_e826df493357d85b1964bab4f742b8d4_2337]
[  388.171766]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  388.172217]  do_invalid_op+0x20/0x30
[  388.172580]  invalid_op+0x1e/0x30
[  388.172904] RIP: 0010:_stp_stack_kernel_get.part.39+0x3f9/0x410
[stap_e826df493357d85b1964bab4f742b8d4_2337]
[  388.173853] RSP: 0018:ffff88c6ffc03e10 EFLAGS: 00010006
[  388.174360] RAX: 0000000080010002 RBX: ffffffff89e18500 RCX:
ffffffffffffffff
[  388.175041] RDX: ffffffffc042cda6 RSI: 00007ffffffff000 RDI:
ffff88c6ffc03e70
[  388.175731] RBP: ffff88c6ffc03e68 R08: 0000000000000007 R09:
0000000000000008
[  388.176416] R10: ffff88c6ffc03e08 R11: 0000000000000047 R12:
0000000000000000
[  388.177098] R13: ffffa42380ad5a40 R14: 0000000000000001 R15:
ffffa42380ad5000
[  388.177780]  ? function___global_print_backtrace__overload_0+0xb6/0x1a0
[stap_e826df493357d85b1964bab4f742b8d4_2337]
[  388.178780]  function___global_print_backtrace__overload_0+0xb6/0x1a0
[stap_e826df493357d85b1964bab4f742b8d4_2337]
[  388.179781]  probe_3649+0xd9/0x150
[stap_e826df493357d85b1964bab4f742b8d4_2337]
[  388.180486]  _stp_hrtimer_notify_function+0x284/0x490
[stap_e826df493357d85b1964bab4f742b8d4_2337]
[  388.181336]  ? _stp_proc_read_file+0x430/0x430
[stap_e826df493357d85b1964bab4f742b8d4_2337]
[  388.182142]  __hrtimer_run_queues+0xf0/0x4e0
[  388.182560]  hrtimer_interrupt+0xb6/0x210
[  388.182955]  local_apic_timer_interrupt+0x38/0x60
[  388.183405]  smp_apic_timer_interrupt+0x38/0x50
[  388.183846]  apic_timer_interrupt+0x9d/0xb0
[  388.184250] RIP: 0010:native_safe_halt+0x6/0x10
[  388.184690] RSP: 0018:ffffffff89e03dd8 EFLAGS: 00000206 ORIG_RAX:
ffffffffffffff10
[  388.185420] RAX: ffffffff89e18500 RBX: ffffffff89e18500 RCX:
0000000000000000
[  388.186110] RDX: ffffffff89e18500 RSI: 0000000000000001 RDI:
ffffffff89e18500
[  388.186795] RBP: ffffffff89e03dd8 R08: 0000000000000001 R09:
0000000000000000
[  388.187480] R10: 0000000000000000 R11: 0000000000000000 R12:
0000000000000000
[  388.188168] R13: ffffffff89e18500 R14: 0000000000000000 R15:
0000000000000000
[  388.188852]  </IRQ>
[  388.189072]  ? trace_hardirqs_on+0xd/0x10
[  388.189463]  default_idle+0x25/0x1b0
[  388.189814]  arch_cpu_idle+0xf/0x20
[  388.190153]  default_idle_call+0x23/0x40
[  388.190536]  do_idle+0x175/0x1f0
[  388.190857]  cpu_startup_entry+0x71/0x80
[  388.191236]  rest_init+0x135/0x140
[  388.191585]  start_kernel+0x47f/0x4a0
[  388.191944]  ? early_idt_handler_array+0x120/0x120
[  388.192401]  x86_64_start_reservations+0x29/0x2b
[  388.192846]  x86_64_start_kernel+0x143/0x166
[  388.193256]  secondary_startup_64+0x9f/0x9f
[  388.193666] Code: 74 59 0f b7 41 0a 4c 63 69 04 0f b7 71 08 89 c7 49 01 cd
83 e7 01 a8 02 74 15 66 85 ff 74 10 a8 04 ba 01 00 00 00 75 26 83 c8 04 <66> 89
41 0a 66 85 ff 74 49 0f b6 49 0b 4c 89 e2 45 31 c9 49 89 
[  388.195491] RIP: report_bug+0x94/0x120 RSP: ffff88c6ffc03c00
[  388.196028] CR2: ffffffffc043307e
[  388.196363] ---[ end trace 4a1ee64c6d807fc5 ]---
[  388.196809] Kernel panic - not syncing: Fatal exception in interrupt
[  388.198342] stap_e826df493357d85b1964bab4f742b8d4_2337 trace buffer for
processor 0 sub-buffer 0:
[  388.199221] The following may not have been sent to the display:
[  388.199805] begin
[  388.200001]  0xffffffffc042bb4d
[stap_e826df493357d85b1964bab4f742b8d4_2337+0x8b4d/0x0]
[  388.200759]  0xffffffffc042cda6
[stap_e826df493357d85b1964bab4f742b8d4_2337+0x9da6/0x0]
[  388.201525]  0xffffffffc042d278
[stap_e826df493357d85b1964bab4f742b8d4_2337+0xa278/0x0]
[  388.202284]  0xffffffffc042e056
[stap_e826df493357d85b1964bab4f742b8d4_2337+0xb056/0x0]
[  388.203054]  0xffffffffc042f0b5
[stap_e826df493357d85b1964bab4f742b8d4_2337+0xc0b5/0x0]
[  388.203822]  0xffffffff893e3998
[  388.204125]  0x0 (inexact)
[  388.204401] Kernel Offset: 0x8000000 from 0xffffffff81000000 (relocation
range: 0xffffffff80000000-0xffffffffbfffffff)
[  388.205428] ---[ end Kernel panic - not syncing: Fatal exception in
interrupt
====

This crash is consistent. I've seen it on real hardware and on a rawhide VM.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug runtime/21726] on rawhide, the backtrace.exp test case causes a kernel panic

[mark at klomp dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=21726

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mark at klomp dot org

--- Comment #1 from Mark Wielaard <mark at klomp dot org> ---
I could replicate with a simple:

stap -e 'probe timer.ms(100) { log(pp()) print_backtrace() exit() }'

[  318.801763] unwind_frame:1446  
[  318.801765] returning 0 (0) 
[  318.802409] _stp_stack_unwind_one_kernel:329  
[  318.802411] ret=0 PC=0 SP=ffff8b743fc03e28 
[  318.803271] BUG: unable to handle kernel paging request at ffffffffc0675652 
[  318.803955] IP: report_bug+0x94/0x120 
[  318.804334] PGD bde14067  
[  318.804335] P4D bde14067  
[  318.804606] PUD bde16067  
[  318.804865] PMD 133894067  
[  318.805124] PTE 8000000123b12161 
[  318.805391]  
[  318.805916] Oops: 0003 [#1] SMP 
[  318.806223] Modules linked in: stap_1014(OE) sunrpc crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel ppdev joydev virtio_balloon virtio_net
i2c_piix4 parport_pc pvpanic tpm_tis tpm_tis_core parport tpm xfs libcrc32c
virtio_console virtio_blk crc32c_intel serio_raw virtio_pci virtio_ring
ata_generic virtio pata_acpi 
[  318.808928] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G           OE  
4.12.0-0.rc7.git2.1.fc27.x86_64 #1 
[  318.809817] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 
[  318.810389] task: ffffffffa8e18500 task.stack: ffffffffa8e00000 
[  318.810970] RIP: 0010:report_bug+0x94/0x120 
[  318.811400] RSP: 0018:ffff8b743fc03c10 EFLAGS: 00010002 
[  318.811934] RAX: 0000000000000907 RBX: ffff8b743fc03d78 RCX:
ffffffffc0675648 
[  318.812616] RDX: 0000000000000001 RSI: 0000000000000047 RDI:
0000000000000001 
[  318.813317] RBP: ffff8b743fc03c30 R08: 0000006b835ef6b3 R09:
22bcc9f200000000 
[  318.814001] R10: 0000000000000001 R11: 0000000000000000 R12:
ffffffffc0669db0 
[  318.814705] R13: ffffffffc0674f90 R14: 0000000000000004 R15:
ffff8b743fc03d78 
[  318.815384] FS:  0000000000000000(0000) GS:ffff8b743fc00000(0000)
knlGS:0000000000000000 
[  318.816140] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
[  318.816692] CR2: ffffffffc0675652 CR3: 000000011a421000 CR4:
00000000001406f0 
[  318.817371] Call Trace: 
[  318.817616]  <IRQ> 
[  318.817845]  ? _stp_stack_kernel_get+0x550/0x680 [stap_1014] 
[  318.818389]  fixup_bug+0x2e/0x50 
[  318.818712]  do_trap+0x119/0x150 
[  318.819029]  do_error_trap+0xa3/0x160 
[  318.819419]  ? _stp_stack_kernel_get+0x550/0x680 [stap_1014] 
[  318.819971]  ? wake_up_klogd+0x3b/0x50 
[  318.820345]  ? console_unlock+0x327/0x560 
[  318.820746]  ? trace_hardirqs_off_thunk+0x1a/0x1c 
[  318.821204]  do_invalid_op+0x20/0x30 
[  318.821566]  invalid_op+0x1e/0x30 
[  318.821928] RIP: 0010:_stp_stack_kernel_get+0x550/0x680 [stap_1014] 
[  318.822535] RSP: 0018:ffff8b743fc03e28 EFLAGS: 00010006 
[  318.823043] RAX: 0000000080010002 RBX: ffff987640ad5000 RCX:
ffffffffffffffff 
[  318.823734] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
ffff8b743fdce380 
[  318.824457] RBP: ffff8b743fc03e88 R08: 0000000000000001 R09:
0000000000000001 
[  318.825147] R10: ffff8b743fc03e20 R11: 00007ffffffff000 R12:
0000000000000001 
[  318.825832] R13: ffffffffa8e18500 R14: ffffffffa8e18500 R15:
ffffffffa8e18500 
[  318.826537]  ? _stp_stack_kernel_get+0x393/0x680 [stap_1014] 
[  318.827080]  probe_3643+0x21a/0x2a0 [stap_1014] 
[  318.827526]  _stp_hrtimer_notify_function+0x284/0x490 [stap_1014] 
[  318.828109]  ? probe_3643+0x2a0/0x2a0 [stap_1014] 
[  318.828566]  __hrtimer_run_queues+0xf0/0x4e0 
[  318.828979]  hrtimer_interrupt+0xb6/0x210 
[  318.829368]  local_apic_timer_interrupt+0x38/0x60 
[  318.829825]  smp_apic_timer_interrupt+0x38/0x50 
[  318.830260]  apic_timer_interrupt+0x9d/0xb0 
[  318.830671] RIP: 0010:native_safe_halt+0x6/0x10 
[  318.831105] RSP: 0018:ffffffffa8e03dd8 EFLAGS: 00000202 ORIG_RAX:
ffffffffffffff10 
[  318.831840] RAX: ffffffffa8e18500 RBX: ffffffffa8e18500 RCX:
0000000000000000 
[  318.832524] RDX: ffffffffa8e18500 RSI: 0000000000000001 RDI:
ffffffffa8e18500 
[  318.833199] RBP: ffffffffa8e03dd8 R08: 0000000000000001 R09:
0000000000000000 
[  318.833879] R10: 0000000000000000 R11: 0000000000000000 R12:
0000000000000000 
[  318.834611] R13: ffffffffa8e18500 R14: 0000000000000000 R15:
0000000000000000 
[  318.835328]  </IRQ> 
[  318.835549]  ? trace_hardirqs_on+0xd/0x10 
[  318.835936]  default_idle+0x25/0x1b0 
[  318.836284]  arch_cpu_idle+0xf/0x20 
[  318.836649]  default_idle_call+0x23/0x40 
[  318.837041]  do_idle+0x175/0x1f0 
[  318.837345]  cpu_startup_entry+0x71/0x80 
[  318.837749]  rest_init+0x135/0x140 
[  318.838069]  start_kernel+0x47f/0x4a0 
[  318.838419]  ? early_idt_handler_array+0x120/0x120 
[  318.838892]  x86_64_start_reservations+0x29/0x2b 
[  318.839365]  x86_64_start_kernel+0x143/0x166 
[  318.839790]  secondary_startup_64+0x9f/0x9f 
[  318.840198] Code: 74 59 0f b7 41 0a 4c 63 69 04 0f b7 71 08 89 c7 49 01 cd
83 e7 01 a8 02 74 15 66 85 ff 74 10 a8 04 ba 01 00 00 00 75 26 83 c8 04 <66> 89
41 0a 66 85 ff 74 49 0f b6 49 0b 4c 89 e2 45 31 c9 49 89  
[  318.842078] RIP: report_bug+0x94/0x120 RSP: ffff8b743fc03c10 
[  318.842650] CR2: ffffffffc0675652 
[  318.842979] ---[ end trace 26b2cf785e6a8968 ]--- 
[  318.843481] Kernel panic - not syncing: Fatal exception in interrupt 
[  318.844964] Kernel Offset: 0x27000000 from 0xffffffff81000000 (relocation
range: 0xffffffff80000000-0xffffffffbfffffff) 
[  318.846000] ---[ end Kernel panic - not syncing: Fatal exception in
interrupt 

Disassemble around _stp_stack_kernel_get+0x393/0x680:

373                     c->uwcache_kernel.depth ++;
   0x00000000000049eb <+347>:   mov    %r8d,0x31c(%rbx)

374                     if (pc == 0 || pc == _stp_kretprobe_trampoline) {
   0x00000000000049f2 <+354>:   je     0x4d69 <_stp_stack_kernel_get+1241>
   0x00000000000049f8 <+360>:   mov    0x0(%rip),%rax        # 0x49ff
<_stp_stack_kernel_get+367>
   0x00000000000049ff <+367>:   mov    -0x48(%rbp),%r11
   0x0000000000004a03 <+371>:   cmp    %r9,%rax
   0x0000000000004a06 <+374>:   je     0x4d57 <_stp_stack_kernel_get+1223>

368             while (c->uwcache_kernel.depth <= depth) {
   0x0000000000004a0c <+380>:   cmp    %r12d,%r8d
   0x0000000000004a0f <+383>:   jbe    0x492f <_stp_stack_kernel_get+159>
   0x0000000000004a15 <+389>:   mov    %r9,%r15

378                             /* XXX: is there a way to unwind across
kretprobe trampolines? PR9999 */
379                     }
380             }
381     
382             /* Return the program counter at the current depth. */
383     
384             printk(KERN_ERR "%s:%d returning %lx\n", __FUNCTION__,
__LINE__, pc);
   0x0000000000004a18 <+392>:   mov    %r15,%rcx
   0x0000000000004a1b <+395>:   mov    $0x180,%edx
   0x0000000000004a20 <+400>:   mov    $0x0,%rsi
   0x0000000000004a27 <+407>:   mov    $0x0,%rdi
   0x0000000000004a2e <+414>:   callq  0x4a33 <_stp_stack_kernel_get+419>

385             return pc;
386     }
   0x0000000000004a33 <+419>:   mov    -0x30(%rbp),%rdx
   0x0000000000004a37 <+423>:   xor    %gs:0x28,%rdx
   0x0000000000004a40 <+432>:   mov    %r15,%rax
   0x0000000000004a43 <+435>:   jne    0x4cb4 <_stp_stack_kernel_get+1060>
   0x0000000000004a49 <+441>:   lea    -0x28(%rbp),%rsp
   0x0000000000004a4d <+445>:   pop    %rbx
   0x0000000000004a4e <+446>:   pop    %r12
   0x0000000000004a50 <+448>:   pop    %r13
   0x0000000000004a52 <+450>:   pop    %r14
   0x0000000000004a54 <+452>:   pop    %r15
   0x0000000000004a56 <+454>:   pop    %rbp
   0x0000000000004a57 <+455>:   retq

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug runtime/21726] on rawhide, the backtrace.exp test case causes a kernel panic

[mark at klomp dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=21726

--- Comment #2 from Mark Wielaard <mark at klomp dot org> ---
Disassembly was of the wrong part. It should be around:

[  318.821928] RIP: 0010:_stp_stack_kernel_get+0x550/0x680 [stap_1014] 

364                     return 0; /* unwind does not reach this far */
   0x0000000000004a8c <+508>:   xor    %r15d,%r15d
   0x0000000000004a8f <+511>:   jmp    0x4a33 <_stp_stack_kernel_get+419>

353                     printk(KERN_ERR "%s:%d depth >= MAXBACKTRACE, returning
0\n", __FUNCTION__, __LINE__);
   0x0000000000004a91 <+513>:   mov    $0x161,%edx
   0x0000000000004a96 <+518>:   mov    $0x0,%rsi
   0x0000000000004a9d <+525>:   mov    $0x0,%rdi
   0x0000000000004aa4 <+532>:   callq  0x4aa9 <_stp_stack_kernel_get+537>

354                     return 0;
   0x0000000000004aa9 <+537>:   xor    %r15d,%r15d
   0x0000000000004aac <+540>:   jmp    0x4a33 <_stp_stack_kernel_get+419>

307             regs = c->kregs;
   0x0000000000004aae <+542>:   mov    0x238(%rbx),%rax

310     
311             dbug_unwind(1, "CONTINUING kernel unwind to depth %d\n",
depth);
   0x0000000000004ab5 <+549>:   mov    $0x137,%edx
   0x0000000000004aba <+554>:   mov    $0x0,%rsi
   0x0000000000004ac1 <+561>:   mov    $0x0,%rdi
   0x0000000000004ac8 <+568>:   mov    %r11,-0x50(%rbp)

307             regs = c->kregs;
   0x0000000000004acc <+572>:   mov    %rax,-0x48(%rbp)

308     
309             info = &c->uwcontext_kernel.info;
   0x0000000000004ad0 <+576>:   lea    0xa40(%rbx),%rax
   0x0000000000004ad7 <+583>:   mov    %rax,-0x58(%rbp)

310

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug runtime/21726] on rawhide, the backtrace.exp test case causes a kernel panic

[mark at klomp dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=21726

--- Comment #3 from Mark Wielaard <mark at klomp dot org> ---
The actual crash is in:

static int _stp_valid_pc_addr(unsigned long addr, struct task_struct *tsk)
{
        /* Just a simple check of whether the the address can be accessed
           as a user space address. Zero is always bad. */

/* FIXME for s390x PR13350. */
#if defined (__s390__) || defined (__s390x__)
       return addr != 0L;
#else
        int ok;
        mm_segment_t oldfs = get_fs();
        set_fs(USER_DS);
        ok = access_ok(VERIFY_READ, (long *) (intptr_t) addr, sizeof(long));
        set_fs(oldfs);
        return addr != 0L && tsk != NULL ? ok : ! ok;
#endif
}

Changing the first #if 1 || ... so that the check simply becomes teturn addr !=
0L makes the crash go away.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug runtime/21726] on rawhide, the backtrace.exp test case causes a kernel panic

[mark at klomp dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=21726

--- Comment #4 from Mark Wielaard <mark at klomp dot org> ---
It actually seems to be just the access_ok() call. Replacing that with ok = 1
also makes the crash go away.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug runtime/21726] on rawhide, the backtrace.exp test case causes a kernel panic

[dsmith at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=21726

--- Comment #5 from David Smith <dsmith at redhat dot com> ---
Commit 109e4e7 adds a workaround that avoids the kernel panic (by not calling
access_ok() in hard IRQ context).

For a longer term fix, we should remove uses of access_ok() in favor of our
uderef() / kderef() macros. There are other access_ok() uses in
runtime/linux/addr-map.c and tapset/linux/nfs.stp. These should all be replaced
if possible.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug runtime/21726] on rawhide, the backtrace.exp test case causes a kernel panic

[dsmith at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=21726

David Smith <dsmith at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #6 from David Smith <dsmith at redhat dot com> ---
Commit f493740 fixes this problem by replacing calls to access_ok() with calls
to systemtap's _stp_lookup_bad_addr() (which actually safely calls access_ok()
when needed).

-- 
You are receiving this mail because:
You are the assignee for the bug.