Hi. while I'm testing OracleLinux9 - UEK7 kernel (5.15.0-0.30.20.1.el9uek / 5.15.0-0.30.20el9uek) on x86_64
I met strange case -- whenever i use kprobe with KPROBE_FTRACE, it's going to panic.
So, I take a look about it, and I confirm some strange at the last of ftrace-trampoline.
0xffffffffc08ed0c3: call 0xffffffff8188d820 <kprobe_ftrace_handler>
0xffffffffc08ed0c8: mov 0x90(%rsp),%rax
0xffffffffc08ed0d0: mov %rax,0xa8(%rsp)
0xffffffffc08ed0d8: mov 0x80(%rsp),%rax
0xffffffffc08ed0e0: mov %rax,0xb0(%rsp)
0xffffffffc08ed0e8: mov (%rsp),%r15
0xffffffffc08ed0ec: mov 0x8(%rsp),%r14
0xffffffffc08ed0f1: mov 0x10(%rsp),%r13
0xffffffffc08ed0f6: mov 0x18(%rsp),%r12
0xffffffffc08ed0fb: mov 0x38(%rsp),%r10
0xffffffffc08ed100: mov 0x28(%rsp),%rbx
0xffffffffc08ed105: mov 0x78(%rsp),%rax
0xffffffffc08ed10a: mov %rax,0xa0(%rsp)
0xffffffffc08ed112: mov 0x78(%rsp),%rax
0xffffffffc08ed117: test %rax,%rax
0xffffffffc08ed11a: xchg %ax,%ax
0xffffffffc08ed11c: mov 0x20(%rsp),%rbp
0xffffffffc08ed121: mov 0x40(%rsp),%r9
0xffffffffc08ed126: mov 0x48(%rsp),%r8
0xffffffffc08ed12b: mov 0x70(%rsp),%rdi
0xffffffffc08ed130: mov 0x68(%rsp),%rsi
0xffffffffc08ed135: mov 0x60(%rsp),%rdx
0xffffffffc08ed13a: mov 0x58(%rsp),%rcx
0xffffffffc08ed13f: mov 0x50(%rsp),%rax
0xffffffffc08ed144: add $0xa8,%rsp
0xffffffffc08ed14b: popf
0xffffffffc08ed14c: jmp 0xffffffffc18670fc
note the last instruction. it should be the address of __x86_return_thunk,
But that address is:
crash> p __x86_return_thunk
__x86_return_thunk = $6 =
{<text variable, no debug info>} 0xffffffff828023c0 <__x86_return_thunk>
Unfortunately, the generated trampoline's last jmp destination is different form __x86_return_thunk, I always meet the panic with Page translation fault.
Does those version of kernel has some issues related what I experienced?
Thansk.