Description yunyings 2022-09-29 15:04:03 UTC

Description of problem:
On Sapphire Rapids, with latest anolis/devel-5.10 kernel:
# bpftrace /usr/sbin/bashreadline.bt
Attaching 2 probes...
Trace/breakpoint trap (core dumped)

Along with core dump, there's call trace in dmesg:
[  904.280292] RIP: 0010:uprobe_unregister+0x46/0x50
[  904.280296] Code: 89 c5 4c 89 ef e8 7a 16 7b 00 4c 89 e6 48 89 ef e8 ff fe ff ff 4c 89 ef e8 77 84 ec ff 48 89 ef 5d 41 5c 41 5d e9 1a ef ff ff <0f> 0b 5d 41 5c 41 5d c3 66 90 0f 1f 44 00 00 41 57 41 56 41 55 49
[  904.280300] RSP: 0018:ff4ede802b0e7c78 EFLAGS: 00010246
[  904.280301] RAX: 0000000000000000 RBX: ff2c3c7bbdf72f70 RCX: ff2c3c7c47941510
[  904.280302] RDX: 0000000000000001 RSI: 0000000000071eb0 RDI: ffffffffb22ad520
[  904.280303] RBP: ff2c3c7bbdf72f70 R08: 0000000000000000 R09: ffffffffb1853a60
[  904.280304] R10: 0000000000000000 R11: ff2c3c5cc040c900 R12: ff2c3c7bbdf72f18
[  904.280307] R13: ff2c3c7c47941450 R14: ff4ede802b0e7b00 R15: dead000000000100
[  904.280312] FS:  0000000000000000(0000) GS:ff2c3c7bbf080000(0000) knlGS:0000000000000000
[  904.280313] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  904.280314] CR2: 0000556f7bfc7000 CR3: 0000000382a0a003 CR4: 0000000000771ee0
[  904.280315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  904.280315] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
[  904.280316] PKRU: 55555554
[  904.280316] Call Trace:
[  904.280325]  __probe_event_disable+0x3d/0x70
[  904.280328]  probe_event_disable+0x40/0x50
[  904.280330]  trace_uprobe_register+0x19e/0x250
[  904.280336]  perf_trace_event_unreg.isra.0+0x26/0x90
[  904.280340]  perf_uprobe_destroy+0x38/0x60
[  904.280346]  _free_event+0xfc/0x1e0
[  904.280349]  perf_event_release_kernel+0x349/0x3c0
[  904.280353]  perf_release+0xc/0x10
[  904.280359]  __fput+0xcb/0x240
[  904.280366]  task_work_run+0x5f/0x90
[  904.280371]  do_exit+0x22e/0x3c0
[  904.280374]  do_group_exit+0x33/0xa0
[  904.280378]  get_signal+0x15a/0x790
[  904.280383]  arch_do_signal+0x25/0xf0
[  904.280391]  ? _copy_from_user+0x3c/0x80
[  904.280398]  exit_to_user_mode_prepare+0xe6/0x110
[  904.280405]  syscall_exit_to_user_mode+0x23/0x80
[  904.280411]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  904.280416] RIP: 0033:0x556f7aa18eb1
[  904.280419] Code: Unable to access opcode bytes at RIP 0x556f7aa18e87.
[  904.280422] RSP: 002b:00007ffdc124cbd8 EFLAGS: 00000246
[  904.280428] RAX: 0000556f7aa18eb0 RBX: 00007f9d84098e30 RCX: 0000000000000031
[  904.280432] RDX: 00007f9d9107ace0 RSI: 0000556f7be5abf0 RDI: 00007ffdc124c8a0
[  904.280434] RBP: 00007ffdc124cbf0 R08: 0000000000000000 R09: 0000556f7be7a424
[  904.280436] R10: 00000000ffffffff R11: 6dbcb63ba93c5f2b R12: 00007ffdc124e260
[  904.280438] R13: 00007ffdc124cfb0 R14: 00007ffdc124e5a8 R15: 00007f9d84098d00
[  904.280442] ---[ end trace b496b0de3dd007a5 ]---

Version-Release number of selected component (if applicable):
anolis/devel-5.10

How reproducible:
100%

Steps to Reproduce:
Install bpftrace and run the command above.

Actual results:
Failed with core dump.

Expected results:
Works and no core dump.

Additional info:
It's an upstream bug introduced by commit:
(v5.12-rc1) a905e84e6408 rbtree, uprobes: Use rbtree helpers
which has been fixed soon later with commit:
(v5.12-rc1) b0d6d4789677 uprobes: (Re)add missing get_uprobe() in __find_uprobe()

Since a905e84e6408 has been backported to anolis/devel-5.10 kernel(through 6f454faea6), the fix patch b0d6d4789677 also should be backported.