mm: invalid memory access in zap_pte_range

From: Sasha Levin
Date: Fri May 02 2014 - 12:39:47 EST

Next message: Vince Weaver: "Re: [perf] more perf_fuzzer memory corruption"
Previous message: Fabian Frederick: "[PATCH 1/1] mm/zswap.c: add lock helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

While fuzzing with trinity inside a KVM tools guest running latest -next
kernel I've stumbled on the following:

[ 5470.347501] BUG: unable to handle kernel paging request at ffffea0003480088
[ 5470.349619] IP: zap_pte_range (mm/memory.c:1137)
[ 5470.350338] PGD 37fcc067 PUD 37fcb067 PMD 0
[ 5470.350338] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 5470.350338] Dumping ftrace buffer:
[ 5470.350338] (ftrace buffer empty)
[ 5470.350338] Modules linked in:
[ 5470.350338] CPU: 3 PID: 38591 Comm: trinity-c207 Tainted: G W 3.15.0-rc3-next-20140430-sasha-00016-g4e281fa-dirty #429
[ 5470.361024] task: ffff88017136b000 ti: ffff88016f068000 task.ti: ffff88016f068000
[ 5470.361024] RIP: zap_pte_range (mm/memory.c:1137)
[ 5470.361024] RSP: 0018:ffff88016f069c88 EFLAGS: 00010246
[ 5470.361024] RAX: ffffea0003480080 RBX: ffff880341a2fd88 RCX: 0000000003480080
[ 5470.361024] RDX: ffff880341a2fd88 RSI: 00000000403b1000 RDI: ffff880159b05000
[ 5470.361024] RBP: ffff88016f069d28 R08: ffff88034beb6400 R09: ffff88017136bcf0
[ 5470.361024] R10: 0000000000000001 R11: 0000000000000000 R12: ffffea0003480080
[ 5470.361024] R13: ffff88016f069e18 R14: 00000000403b2000 R15: 00000000403b1000
[ 5470.361024] FS: 00007f59dec96700(0000) GS:ffff88010cc00000(0000) knlGS:0000000000000000
[ 5470.361024] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 5470.361024] CR2: ffffea0003480088 CR3: 00000001748b7000 CR4: 00000000000006a0
[ 5470.361024] DR0: 00000000006de000 DR1: 0000000000000000 DR2: 0000000000000000
[ 5470.361024] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 5470.361024] Stack:
[ 5470.361024] ffff88016f069e18 00000000d2002000 00000000d2002fff ffff88017136b000
[ 5470.361024] 0000000000000000 0000000000000001 ffff880354664008 ffff88033fcfc640
[ 5470.361024] 00000000d2002730 ffff88034beb6400 0000000000000000 ffff880159b05000
[ 5470.361024] Call Trace:
[ 5470.361024] unmap_single_vma (mm/memory.c:1261 mm/memory.c:1282 mm/memory.c:1307 mm/memory.c:1353)
[ 5470.361024] unmap_vmas (mm/memory.c:1382 (discriminator 1))
[ 5470.361024] unmap_region (mm/mmap.c:2368 (discriminator 3))
[ 5470.361024] ? put_lock_stats.isra.12 (kernel/locking/lockdep.c:254)
[ 5470.361024] ? validate_mm_rb (mm/mmap.c:409)
[ 5470.361024] ? vma_rb_erase (mm/mmap.c:454 include/linux/rbtree_augmented.h:219 include/linux/rbtree_augmented.h:227 mm/mmap.c:493)
[ 5470.361024] do_munmap (mm/mmap.c:3264 mm/mmap.c:2566)
[ 5470.361024] ? vm_munmap (mm/mmap.c:2577)
[ 5470.361024] vm_munmap (mm/mmap.c:2578)
[ 5470.361024] SyS_munmap (mm/mmap.c:2583)
[ 5470.361024] tracesys (arch/x86/kernel/entry_64.S:746)
[ 5470.361024] Code: e8 de a6 26 03 49 8b 4c 24 10 48 39 c8 74 1c 48 8b 7d b8 48 c1 e1 0c 48 89 da 48 83 c9 40 4c 89 fe e8 95 db ff ff 0f 1f 44 00 00 <41> f6 44 24 08 01 74 08 83 6d c8 01 eb 33 66 90 f6 45 a0 40 74
[ 5470.361024] RIP zap_pte_range (mm/memory.c:1137)
[ 5470.361024] RSP <ffff88016f069c88>
[ 5470.361024] CR2: ffffea0003480088

Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vince Weaver: "Re: [perf] more perf_fuzzer memory corruption"
Previous message: Fabian Frederick: "[PATCH 1/1] mm/zswap.c: add lock helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]