Warnings/memory corruption in perf intel events

From: Sasha Levin
Date: Sun Aug 09 2015 - 15:48:02 EST

Next message: Richard Weinberger: "[PATCH] um: Fix waitpid() usage in helper code"
Previous message: Denys Vlasenko: "Re: [PATCH] iwlwifi: Deinline iwl_{read,write}{8,32}"
Next in thread: Peter Zijlstra: "Re: Warnings/memory corruption in perf intel events"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

While fuzzing with trinity inside a KVM tools guest running -next I've stumbled on the following:

[424252.656471] ------------[ cut here ]------------
[424252.657322] WARNING: CPU: 8 PID: 20077 at arch/x86/kernel/cpu/perf_event.c:1342 x86_pmu_del+0x1bf/0x570()
[424252.658833] Modules linked in:
[424252.659391] CPU: 8 PID: 20077 Comm: trinity-c398 Not tainted 4.2.0-rc5-next-20150806-sasha-00040-g1b47b00-dirty #2418
[424252.661064] ffffffffb6045c80 ffff8807088f7120! old=1346981957 now=13
[watchdog] child 253 wrapped! old=13469
[424252.662262] Call Trace:
[424252.662706] dump_stack (lib/dump_stack.c:52)
[424252.663548] warn_slowpath_common (kernel/panic.c:448)
[424252.664526] ? x86_pmu_del (arch/x86/kernel/cpu/perf_event.c:1342 (discriminator 3))
[424252.665435] warn_slowpath_null (kernel/panic.c:482)
[424252.666381] x86_pmu_del (arch/x86/kernel/cpu/perf_event.c:1342 (discriminator 3))
[424252.667941] event_sched_out.isra.54 (kernel/events/core.c:1555)
[424252.669813] group_sched_out (kernel/events/core.c:1585)
[424252.671448] ctx_sched_out (kernel/events/core.c:2382 (discriminator 3))
[424252.673112] __perf_event_task_sched_out (kernel/events/core.c:2568 kernel/events/core.c:2652)
[424252.675104] ? __perf_event_task_sched_out (include/linux/rcupdate.h:857 kernel/events/core.c:2519 kernel/events/core.c:2652)
[424252.677316] ? lockdep_init (kernel/locking/lockdep.c:3298)
[424252.678949] ? perf_event_update_userpage (kernel/events/core.c:2642)
[424252.680967] ? __lock_is_held (kernel/locking/lockdep.c:3491)
[424252.682653] __schedule (include/linux/perf_event.h:857 kernel/sched/core.c:2423 kernel/sched/core.c:2559 kernel/sched/core.c:3051)
[424252.684260] schedule (kernel/sched/core.c:3081 (discriminator 1))
[424252.685778] p9_virtio_request (net/9p/trans_virtio.c:293 (discriminator 13))
[424252.687522] ? p9pdu_vwritef (net/9p/protocol.c:546)
[424252.689220] ? pack_sg_list.constprop.4 (net/9p/trans_virtio.c:262)
[424252.691143] ? rcu_read_lock_sched_held (kernel/rcu/update.c:109)
[424252.693125] ? abort_exclusive_wait (kernel/sched/wait.c:293)
[424252.694982] p9_client_rpc (net/9p/client.c:744)
[424252.696628] ? perf_trace_9p_client_res (net/9p/client.c:726)
[424252.698538] ? get_lock_stats (kernel/locking/lockdep.c:249)
[424252.700159] ? __raw_callee_save___pv_queued_spin_unlock (??:?)
[424252.702426] ? get_parent_ip (kernel/sched/core.c:2796)
[424252.703999] ? __posix_lock_file (fs/locks.c:1141)
[424252.705759] ? lock_release (kernel/locking/lockdep.c:3644)
[424252.707448] ? rfkill_gpio_probe (net/9p/mod.c:49)
[424252.709221] ? locks_remove_flock (fs/locks.c:934)
[424252.711000] ? ___might_sleep (kernel/sched/core.c:7399 (discriminator 1))
[424252.712769] ? __might_sleep (kernel/sched/core.c:7391 (discriminator 14))
[424252.714426] p9_client_lock_dotl (net/9p/client.c:2193)
[424252.716194] ? __lock_acquire (kernel/locking/lockdep.c:3246)
[424252.717975] ? __lock_acquire (kernel/locking/lockdep.c:3246)
[424252.719699] v9fs_file_do_lock (fs/9p/vfs_file.c:197)
[424252.721399] ? v9fs_vm_page_mkwrite (fs/9p/vfs_file.c:151)
[424252.723295] v9fs_file_lock_dotl (fs/9p/vfs_file.c:322)
[424252.725079] ? v9fs_file_flock_dotl (fs/9p/vfs_file.c:305)
[424252.726940] vfs_lock_file (fs/locks.c:2082)
[424252.728504] locks_remove_posix (fs/locks.c:2383)
[424252.730250] ? vfs_lock_file (fs/locks.c:2359)
[424252.731872] ? get_lock_stats (kernel/locking/lockdep.c:249)
[424252.733554] ? __raw_callee_save___pv_queued_spin_unlock (??:?)
[424252.735896] ? preempt_count_sub (kernel/sched/core.c:2852)
[424252.737743] ? fsnotify_find_inode_mark (fs/notify/inode_mark.c:89)
[424252.739659] filp_close (fs/open.c:1088)
[424252.741192] put_files_struct (fs/file.c:389 fs/file.c:416)
[424252.742647] exit_files (fs/file.c:447)
[424252.743832] do_exit (kernel/exit.c:742)
[424252.745017] ? lockdep_init (kernel/locking/lockdep.c:3298)
[424252.746303] ? mm_update_next_owner (kernel/exit.c:654)
[424252.747892] ? lock_release (kernel/locking/lockdep.c:3644)
[424252.749247] ? lock_is_held (kernel/locking/lockdep.c:3664)
[424252.750582] ? arch_local_save_flags (./arch/x86/include/asm/paravirt.h:798 (discriminator 4))
[424252.752044] ? __do_page_fault (arch/x86/mm/fault.c:1265)
[424252.753414] ? up_read (./arch/x86/include/asm/rwsem.h:156 kernel/locking/rwsem.c:81)
[424252.754588] ? check_preemption_disabled (lib/smp_processor_id.c:18)
[424252.756149] do_group_exit (./arch/x86/include/asm/current.h:14 kernel/exit.c:859)
[424252.757496] ? trace_hardirqs_on_thunk (arch/x86/entry/thunk_64.S:39)
[424252.759021] SyS_exit_group (kernel/exit.c:885)
[424252.760286] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:186)
[424252.761794] ---[ end trace 3bdadb2019070ba0 ]---
[424253.320337] ------------[ cut here ]------------
[424253.321785] WARNING: CPU: 2 PID: 20397 at arch/x86/kernel/cpu/perf_event.c:1297 x86_pmu_stop+0x232/0x280()
[424253.324530] Modules linked in:
[424253.325477] CPU: 2 PID: 20397 Comm: trinity-c162 Tainted: G W 4.2.0-rc5-next-20150806-sasha-00040-g1b47b00-dirty #2418
[424253.328820] ffffffffb6045c80 ffff88045d50f678
[424253.330160] Call Trace:
[424253.330905] dump_stack (lib/dump_stack.c:52)
[424253.332385] warn_slowpath_common (kernel/panic.c:448)
[424253.334095] ? x86_pmu_stop (arch/x86/kernel/cpu/perf_event.c:1297 (discriminator 3))
[424253.335687] warn_slowpath_null (kernel/panic.c:482)
[424253.337360] x86_pmu_stop (arch/x86/kernel/cpu/perf_event.c:1297 (discriminator 3))
[424253.338908] x86_pmu_enable (arch/x86/kernel/cpu/perf_event.c:1040)
[424253.340503] ? ctx_sched_in (kernel/events/core.c:2739 kernel/events/core.c:2770)
[424253.342131] perf_pmu_enable (kernel/events/core.c:831)
[424253.343718] perf_event_context_sched_in (kernel/events/core.c:358 kernel/events/core.c:2806)
[424253.345622] __perf_event_task_sched_in (kernel/events/core.c:2831)
[424253.347612] ? perf_sched_cb_inc (kernel/events/core.c:2822)
[424253.349291] ? __switch_to (arch/x86/kernel/process_64.c:418)
[424253.350893] finish_task_switch (include/linux/perf_event.h:840 kernel/sched/core.c:2471)
[424253.352598] ? __schedule (kernel/sched/core.c:2587 kernel/sched/core.c:3051)
[424253.354180] __schedule (kernel/sched/core.c:2594 kernel/sched/core.c:3051)
[424253.355756] schedule (kernel/sched/core.c:3081 (discriminator 1))
[424253.357278] schedule_timeout (kernel/time/timer.c:1486)
[424253.358934] ? usleep_range (kernel/time/timer.c:1471)
[424253.360548] ? check_preemption_disabled (lib/smp_processor_id.c:18)
[424253.362440] ? lock_acquire (kernel/locking/lockdep.c:3625)
[424253.364035] ? kvm_clock_read (./arch/x86/include/asm/preempt.h:87 arch/x86/kernel/kvmclock.c:86)
[424253.365633] ? kvm_clock_get_cycles (arch/x86/kernel/kvmclock.c:93)
[424253.367380] ? ktime_get (kernel/time/timekeeping.c:179 kernel/time/timekeeping.c:306 kernel/time/timekeeping.c:677)
[424253.368906] ? __delayacct_blkio_start (kernel/delayacct.c:67)
[424253.370712] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:163 kernel/locking/spinlock.c:191)
[424253.372631] io_schedule_timeout (kernel/sched/core.c:4663)
[424253.374343] bit_wait_io (kernel/sched/wait.c:599)
[424253.375827] __wait_on_bit (kernel/sched/wait.c:397)
[424253.377419] ? bit_wait (kernel/sched/wait.c:595)
[424253.378904] wait_on_page_bit (mm/filemap.c:712)
[424253.380564] ? add_to_page_cache_lru (mm/filemap.c:706)
[424253.382411] ? autoremove_wake_function (kernel/sched/wait.c:368)
[424253.384233] ? get_parent_ip (kernel/sched/core.c:2796)
[424253.385788] ? preempt_count_sub (kernel/sched/core.c:2852)
[424253.387767] __migration_entry_wait (mm/migrate.c:230)
[424253.389608] migration_entry_wait (mm/migrate.c:242)
[424253.391370] handle_mm_fault (mm/memory.c:2462 mm/memory.c:3303 mm/memory.c:3418 mm/memory.c:3447)
[424253.393074] ? handle_mm_fault (include/linux/rcupdate.h:857 include/linux/memcontrol.h:475 mm/memory.c:3435)
[424253.394798] ? copy_page_range (mm/memory.c:3429)
[424253.396595] ? __lock_is_held (kernel/locking/lockdep.c:3491)
[424253.398181] ? lock_is_held (kernel/locking/lockdep.c:3664)
[424253.399475] ? arch_local_save_flags (./arch/x86/include/asm/paravirt.h:798 (discriminator 4))
[424253.401291] ? ___might_sleep (kernel/sched/core.c:7399 (discriminator 1))
[424253.402973] ? find_vma (mm/mmap.c:2074)
[424253.404469] __do_page_fault (arch/x86/mm/fault.c:1239)
[424253.406130] trace_do_page_fault (arch/x86/mm/fault.c:1331 include/linux/jump_label.h:135 include/linux/context_tracking_state.h:30 include/linux/context_tracking.h:46 arch/x86/mm/fault.c:1332)
[424253.407915] do_async_page_fault (arch/x86/kernel/kvm.c:280)
[424253.409640] async_page_fault (arch/x86/entry/entry_64.S:982)
[424253.411247] ---[ end trace 3bdadb2019070ba1 ]---
[424256.911563] ==================================================================
[424256.913989] BUG: KASan: use after free in intel_get_event_constraints+0xdb0/0xf90 at addr ffff8801741a70e9
[424256.917044] Read of size 1 by task trinity-c162/20397
[424256.918696] =============================================================================
[424256.921309] BUG kmalloc-2048 (Tainted: G W ): kasan: bad access detected
[424256.923782] -----------------------------------------------------------------------------
[424256.923782]
[424256.926954] Disabling lock debugging due to kernel taint
[424256.928606] INFO: Slab 0xffffea0005d06800 objects=16 used=12 fp=0xffff8801741a7000 flags=0xafffff80004080
[424256.931529] INFO: Object 0xffff8801741a7000 @offset=28672 fp=0xffff8801741a4000
[424256.931529]
[424256.934286] Bytes b4 ffff8801741a6ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.937276] Object ffff8801741a7000: 00 40 1a 74 01 88 ff ff 00 02 00 00 00 00 ad de .@.t............
[424256.940409] Object ffff8801741a7010: 10 70 1a 74 01 88 ff ff 10 70 1a 74 01 88 ff ff .p.t.....p.t....
[424256.943515] Object ffff8801741a7020: 20 70 1a 74 01 88 ff ff 20 70 1a 74 01 88 ff ff p.t.... p.t....
[424256.946959] Object ffff8801741a7030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.949317] Object ffff8801741a7040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.951373] Object ffff8801741a7050: 50 70 1a 74 01 88 ff ff 50 70 1a 74 01 88 ff ff Pp.t....Pp.t....
[424256.953432] Object ffff8801741a7060: 00 00 00 00 00 00 00 00 00 70 1a 74 01 88 ff ff .........p.t....
[424256.955070] Object ffff8801741a7070: 00 62 a7 b8 ff ff ff ff ff ff ff ff 04 00 00 00 .b..............
[424256.956254] Object ffff8801741a7080: 9e e0 bf 20 00 00 00 00 00 00 00 00 00 00 00 00 ... ............
[424256.957465] Object ffff8801741a7090: 3d 54 19 02 00 00 00 00 3d 54 19 02 00 00 00 00 =T......=T......
[424256.958648] Object ffff8801741a70a0: 55 6e bd b6 da 81 01 00 55 6e bd b6 da 81 01 00 Un......Un......
[424256.959829] Object ffff8801741a70b0: 92 c2 d6 b8 da 81 01 00 52 e3 0a 50 ff ff ff ff ........R..P....
[424256.961009] Object ffff8801741a70c0: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ................
[424256.962185] Object ffff8801741a70d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.963361] Object ffff8801741a70e0: 0a 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ................
[424256.964547] Object ffff8801741a70f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.965720] Object ffff8801741a7100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.966940] Object ffff8801741a7110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.968133] Object ffff8801741a7120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.969321] Object ffff8801741a7130: 00 00 00 00 18 00 00 00 c4 00 13 00 00 00 00 00 ................
[424256.970500] Object ffff8801741a7140: 11 00 00 00 00 00 00 00 86 01 00 00 00 00 00 00 ................
[424256.971687] Object ffff8801741a7150: c1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.972872] Object ffff8801741a7160: 02 00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 ................
[424256.974053] Object ffff8801741a7170: 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 ................
[424256.975240] Object ffff8801741a7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.976450] Object ffff8801741a7190: ff ff ff ff 00 00 00 00 00 00 a5 f3 06 88 ff ff ................
[424256.977636] Object ffff8801741a71a0: 07 00 00 00 00 00 00 00 9f e0 bf a0 ff ff 00 00 ................
[424256.978809] Object ffff8801741a71b0: ff ff ff 7f 00 00 00 00 ff ff ff 7f 00 00 00 00 ................
[424256.979981] Object ffff8801741a71c0: 61 1f 40 5f 00 00 00 00 00 00 00 00 00 00 00 00 a.@xxxxxxxxxxxxx
[424256.981153] Object ffff8801741a71d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.982337] Object ffff8801741a71e0: 00 00 00 00 00 00 00 00 00 34 61 73 01 88 ff ff .........4as....
[424256.983514] Object ffff8801741a71f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.984694] Object ffff8801741a7200: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................
[424256.985869] Object ffff8801741a7210: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
[424256.987173] Object ffff8801741a7220: ff ff ff ff ff ff ff ff e0 7b 35 bb ff ff ff ff .........{5.....
[424256.988598] Object ffff8801741a7230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.989988] Object ffff8801741a7240: e0 ac 0c b6 ff ff ff ff 03 00 00 00 02 00 00 00 ................
[424256.991374] Object ffff8801741a7250: 00 00 00 00 00 00 00 00 58 72 1a 74 01 88 ff ff ........Xr.t....
[424256.992775] Object ffff8801741a7260: 58 72 1a 74 01 88 ff ff 00 00 00 00 00 00 00 00 Xr.t............
[424256.994154] Object ffff8801741a7270: 08 72 1a 74 01 88 ff ff a0 eb 2b bc ff ff ff ff .r.t......+.....
[424256.995531] Object ffff8801741a7280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424256.997573] Object ffff8801741a7290: 60 8a 12 b6 ff ff ff ff 01 00 00 00 02 00 00 00 `...............
[424257.000150] Object ffff8801741a72a0: 00 00 00 00 00 00 00 00 a8 72 1a 74 01 88 ff ff .........r.t....
[424257.002664] Object ffff8801741a72b0: a8 72 1a 74 01 88 ff ff 00 00 00 00 00 00 00 00 .r.t............
[424257.005201] Object ffff8801741a72c0: ff ff ff ff ff ff ff ff c8 72 1a 74 01 88 ff ff .........r.t....
[424257.007789] Object ffff8801741a72d0: c8 72 1a 74 01 88 ff ff 00 00 a5 f3 06 88 ff ff .r.t............
[424257.010382] Object ffff8801741a72e0: 01 00 00 00 00 00 00 00 00 00 00 00 ad 4e ad de .............N..
[424257.012967] Object ffff8801741a72f0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
[424257.015560] Object ffff8801741a7300: e0 7b 35 bb ff ff ff ff 00 00 00 00 00 00 00 00 .{5.............
[424257.017461] Object ffff8801741a7310: 00 00 00 00 00 00 00 00 e0 ac 0c b6 ff ff ff ff ................
[424257.018603] Object ffff8801741a7320: 03 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.019739] Object ffff8801741a7330: 30 73 1a 74 01 88 ff ff 30 73 1a 74 01 88 ff ff 0s.t....0s.t....
[424257.020877] Object ffff8801741a7340: 00 00 00 00 00 00 00 00 e0 72 1a 74 01 88 ff ff .........r.t....
[424257.022029] Object ffff8801741a7350: 20 eb 2b bc ff ff ff ff 00 00 00 00 00 00 00 00 .+.............
[424257.023156] Object ffff8801741a7360: 00 00 00 00 00 00 00 00 e0 8a 12 b6 ff ff ff ff ................
[424257.024282] Object ffff8801741a7370: 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.025403] Object ffff8801741a7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.026569] Object ffff8801741a7390: 90 73 1a 74 01 88 ff ff 90 73 1a 74 01 88 ff ff .s.t.....s.t....
[424257.027717] Object ffff8801741a73a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.028855] Object ffff8801741a73b0: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
[424257.030000] Object ffff8801741a73c0: ff ff ff ff ff ff ff ff 60 eb 2b bc ff ff ff ff ........`.+.....
[424257.031139] Object ffff8801741a73d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.032299] Object ffff8801741a73e0: a0 8a 12 b6 ff ff ff ff 00 00 00 00 02 00 00 00 ................
[424257.033446] Object ffff8801741a73f0: 00 00 00 00 00 00 00 00 f8 73 1a 74 01 88 ff ff .........s.t....
[424257.034583] Object ffff8801741a7400: f8 73 1a 74 01 88 ff ff 00 00 00 00 00 00 00 00 .s.t............
[424257.035723] Object ffff8801741a7410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.036879] Object ffff8801741a7420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.038024] Object ffff8801741a7430: 90 36 64 ac ff ff ff ff 00 00 00 00 00 00 00 00 .6d.............
[424257.039162] Object ffff8801741a7440: 60 84 18 ac ff ff ff ff 00 98 93 63 01 88 ff ff `..........c....
[424257.040303] Object ffff8801741a7450: 10 a1 62 ac ff ff ff ff a0 88 b1 b8 ff ff ff ff ..b.............
[424257.041451] Object ffff8801741a7460: 13 02 00 00 00 00 00 00 30 3d 3c ac ff ff ff ff ........0=<.....
[424257.042610] Object ffff8801741a7470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.043748] Object ffff8801741a7480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.044880] Object ffff8801741a7490: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.046010] Object ffff8801741a74a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.047281] Object ffff8801741a74b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.048420] Object ffff8801741a74c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.049553] Object ffff8801741a74d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.050687] Object ffff8801741a74e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.051837] Object ffff8801741a74f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.052971] Object ffff8801741a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.054101] Object ffff8801741a7510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.055232] Object ffff8801741a7520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.056422] Object ffff8801741a7530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.057564] Object ffff8801741a7540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.058702] Object ffff8801741a7550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.059838] Object ffff8801741a7560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.060973] Object ffff8801741a7570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.062132] Object ffff8801741a7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.063271] Object ffff8801741a7590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.064399] Object ffff8801741a75a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.065527] Object ffff8801741a75b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.066694] Object ffff8801741a75c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.067847] Object ffff8801741a75d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.068988] Object ffff8801741a75e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.070124] Object ffff8801741a75f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.071265] Object ffff8801741a7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.072421] Object ffff8801741a7610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.073557] Object ffff8801741a7620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.074684] Object ffff8801741a7630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.075807] Object ffff8801741a7640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.077097] Object ffff8801741a7650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.078229] Object ffff8801741a7660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.079358] Object ffff8801741a7670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.080483] Object ffff8801741a7680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.081631] Object ffff8801741a7690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.082763] Object ffff8801741a76a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.083895] Object ffff8801741a76b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.085024] Object ffff8801741a76c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.086153] Object ffff8801741a76d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.087322] Object ffff8801741a76e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.088457] Object ffff8801741a76f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.089592] Object ffff8801741a7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.090720] Object ffff8801741a7710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.091867] Object ffff8801741a7720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.092999] Object ffff8801741a7730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.094123] Object ffff8801741a7740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.095246] Object ffff8801741a7750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.096400] Object ffff8801741a7760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.097534] Object ffff8801741a7770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.098673] Object ffff8801741a7780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.099813] Object ffff8801741a7790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.100951] Object ffff8801741a77a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.102097] Object ffff8801741a77b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.103229] Object ffff8801741a77c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.104359] Object ffff8801741a77d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.105495] Object ffff8801741a77e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.106657] Object ffff8801741a77f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[424257.107801] CPU: 2 PID: 20397 Comm: trinity-c162 Tainted: G B W 4.2.0-rc5-next-20150806-sasha-00040-g1b47b00-dirty #2418
[424257.109217] ffff8801741a0000 ffff88045d50f630
[424257.109825] Call Trace:
[424257.110169] dump_stack (lib/dump_stack.c:52)
[424257.110820] print_trailer (mm/slub.c:653)
[424257.111524] object_err (mm/slub.c:660)
[424257.112173] kasan_report_error (include/linux/kasan.h:20 mm/kasan/report.c:152 mm/kasan/report.c:194)
[424257.112921] __asan_report_load1_noabort (mm/kasan/report.c:248)
[424257.113742] ? intel_get_event_constraints (arch/x86/kernel/cpu/perf_event_intel.c:1690 arch/x86/kernel/cpu/perf_event_intel.c:1887 arch/x86/kernel/cpu/perf_event_intel.c:2113)
[424257.114597] intel_get_event_constraints (arch/x86/kernel/cpu/perf_event_intel.c:1690 arch/x86/kernel/cpu/perf_event_intel.c:1887 arch/x86/kernel/cpu/perf_event_intel.c:2113)
[424257.115437] x86_schedule_events (arch/x86/kernel/cpu/perf_event.c:834 (discriminator 3))
[424257.116194] ? x86_pmu_enable_all (arch/x86/kernel/cpu/perf_event.c:819)
[424257.116986] ? x86_pmu_add (arch/x86/kernel/cpu/perf_event.c:1165)
[424257.117666] ? x86_pmu_commit_txn (arch/x86/kernel/cpu/perf_event.c:1156)
[424257.118426] x86_pmu_commit_txn (arch/x86/kernel/cpu/perf_event.c:1795)
[424257.119154] ? x86_pmu_cancel_txn (arch/x86/kernel/cpu/perf_event.c:1784)
[424257.119895] ? lockdep_init (kernel/locking/lockdep.c:3298)
[424257.120582] ? __lock_acquire (kernel/locking/lockdep.c:3246)
[424257.121325] ? debug_smp_processor_id (lib/smp_processor_id.c:57)
[424257.122125] ? __lock_is_held (kernel/locking/lockdep.c:3491)
[424257.122826] ? debug_smp_processor_id (lib/smp_processor_id.c:57)
[424257.123612] ? perf_pmu_enable (kernel/events/core.c:828)
[424257.124323] ? event_sched_in.isra.55 (kernel/events/core.c:1902)
[424257.125130] group_sched_in (kernel/events/core.c:1935)
[424257.125831] ctx_sched_in (kernel/events/core.c:2739 kernel/events/core.c:2770)
[424257.126548] perf_event_sched_in (kernel/events/core.c:2033)
[424257.127281] perf_event_context_sched_in (kernel/events/core.c:2805)
[424257.128110] __perf_event_task_sched_in (kernel/events/core.c:2831)
[424257.128931] ? perf_sched_cb_inc (kernel/events/core.c:2822)
[424257.129668] ? __switch_to (arch/x86/kernel/process_64.c:418)
[424257.130374] finish_task_switch (include/linux/perf_event.h:840 kernel/sched/core.c:2471)
[424257.131119] ? __schedule (kernel/sched/core.c:2587 kernel/sched/core.c:3051)
[424257.131829] __schedule (kernel/sched/core.c:2594 kernel/sched/core.c:3051)
[424257.132436] schedule (kernel/sched/core.c:3081 (discriminator 1))
[424257.133018] do_nanosleep (./arch/x86/include/asm/current.h:14 include/linux/freezer.h:120 include/linux/freezer.h:172 kernel/time/hrtimer.c:1463)
[424257.133700] ? schedule_timeout_uninterruptible (kernel/time/hrtimer.c:1455)
[424257.134576] ? lockdep_reset_lock (kernel/locking/lockdep.c:3105)
[424257.135336] ? memset (mm/kasan/kasan.c:269)
[424257.135958] hrtimer_nanosleep (kernel/time/hrtimer.c:1532)
[424257.136866] ? hrtimer_run_queues (kernel/time/hrtimer.c:1520)
[424257.137625] ? lock_release (kernel/locking/lockdep.c:3644)
[424257.138329] ? retrigger_next_event (kernel/time/hrtimer.c:1435)
[424257.139090] ? do_nanosleep (kernel/time/hrtimer.c:1462 (discriminator 1))
[424257.139785] SyS_nanosleep (kernel/time/hrtimer.c:1559)
[424257.140451] ? hrtimer_nanosleep (kernel/time/hrtimer.c:1559)
[424257.141195] ? lockdep_sys_exit_thunk (arch/x86/entry/thunk_64.S:44)
[424257.141998] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:186)
[424257.142787] Memory state around the buggy address:
[424257.143385] ffff8801741a6f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[424257.144265] ffff8801741a7000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[424257.145146] >ffff8801741a7080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[424257.146025] ^
[424257.146881] ffff8801741a7100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[424257.147771] ffff8801741a7180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[424257.148653] ==================================================================
[More of the same KASan errors]

Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Weinberger: "[PATCH] um: Fix waitpid() usage in helper code"
Previous message: Denys Vlasenko: "Re: [PATCH] iwlwifi: Deinline iwl_{read,write}{8,32}"
Next in thread: Peter Zijlstra: "Re: Warnings/memory corruption in perf intel events"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]