perf: invalid memory access in perf_swevent_del

From: Sasha Levin
Date: Sat May 10 2014 - 20:08:28 EST


Hi all,

While fuzzing with trinity inside a KVM tools guest running the latest -next
kernel I've stumbled on the following spew:

[ 6795.260300] BUG: unable to handle kernel paging request at ffff88002e36b5b8
[ 6795.261530] IP: perf_swevent_del (include/linux/list.h:617 include/linux/rculist.h:345 kernel/events/core.c:5671)
[ 6795.262689] PGD 26bc6067 PUD 26bc7067 PMD 705e61067 PTE 800000002e36b060
[ 6795.264634] Oops: 0002 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 6795.266144] Dumping ftrace buffer:
[ 6795.267203] (ftrace buffer empty)
[ 6795.268272] Modules linked in:
[ 6795.269159] CPU: 40 PID: 13449 Comm: trinity-c263 Tainted: G B W 3.15.0-rc4-next-20140508-sasha-00020-gec9304b-dirty #452
[ 6795.270163] task: ffff8800183d3000 ti: ffff880018356000 task.ti: ffff880018356000
[ 6795.270163] RIP: perf_swevent_del (include/linux/list.h:617 include/linux/rculist.h:345 kernel/events/core.c:5671)
[ 6795.270163] RSP: 0000:ffff880018357c80 EFLAGS: 00010046
[ 6795.270163] RAX: 0000000000000000 RBX: ffff8800183c9290 RCX: ffff880016b06c48
[ 6795.270163] RDX: ffff88002e36b5b8 RSI: 0000000000000000 RDI: ffff8800183c9290
[ 6795.270163] RBP: ffff880018357c80 R08: ffff880016b06d88 R09: 0000000000000005
[ 6795.270163] R10: ffff8800183d3000 R11: 0000000000000000 R12: ffff880016b06d7c
[ 6795.270163] R13: ffff880224fdbd90 R14: ffff880224fdbd94 R15: 0000008d7161175a
[ 6795.270163] FS: 00007f068aa56700(0000) GS:ffff880224e00000(0000) knlGS:0000000000000000
[ 6795.270163] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 6795.270163] CR2: ffff88002e36b5b8 CR3: 0000000018361000 CR4: 00000000000006a0
[ 6795.270163] DR0: 00000000006df000 DR1: 0000000000000000 DR2: 0000000000000000
[ 6795.270163] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 6795.270163] Stack:
[ 6795.270163] ffff880018357cd0 ffffffff9f2780fb ffff880018357ca0 ffff880016b06d88
[ 6795.270163] ffff880018357cd0 ffff880016b06c48 ffff880224fdbd90 ffff880224fdbd94
[ 6795.270163] ffff880016b06d7c ffff880016b06d38 ffff880018357d30 ffffffff9f2784f6
[ 6795.270163] Call Trace:
[ 6795.270163] event_sched_out.isra.46 (include/linux/perf_event.h:634 kernel/events/core.c:1416)
[ 6795.270163] group_sched_out (kernel/events/core.c:1440)
[ 6795.270163] ctx_sched_out (kernel/events/core.c:2167 (discriminator 2))
[ 6795.270163] __perf_event_task_sched_out (kernel/events/core.c:2342 kernel/events/core.c:2367)
[ 6795.270163] ? __perf_event_task_sched_out (include/linux/rcupdate.h:867 kernel/events/core.c:2296 kernel/events/core.c:2367)
[ 6795.270163] ? update_curr (kernel/sched/stats.h:259 kernel/sched/fair.c:721)
[ 6795.270163] perf_event_task_sched_out (include/linux/perf_event.h:690)
[ 6795.270163] ? set_next_entity (kernel/sched/fair.c:7708 kernel/sched/fair.c:2891)
[ 6795.270163] ? pick_next_task_fair (kernel/sched/fair.c:4761)
[ 6795.270163] ? sched_clock (arch/x86/include/asm/paravirt.h:192 arch/x86/kernel/tsc.c:305)
[ 6795.270163] ? sched_clock_cpu (kernel/sched/clock.c:311)
[ 6795.270163] __schedule (kernel/sched/core.c:2077 kernel/sched/core.c:2115 kernel/sched/core.c:2239 kernel/sched/core.c:2728)
[ 6795.270163] ? _raw_spin_unlock (arch/x86/include/asm/preempt.h:98 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:183)
[ 6795.270163] ? context_tracking_user_exit (arch/x86/include/asm/paravirt.h:809 (discriminator 2) kernel/context_tracking.c:182 (discriminator 2))
[ 6795.270163] schedule (kernel/sched/core.c:2765)
[ 6795.270163] schedule_user (kernel/sched/core.c:2778 include/linux/jump_label.h:105 include/linux/context_tracking_state.h:27 include/linux/context_tracking.h:20 kernel/sched/core.c:2779)
[ 6795.270163] retint_careful (arch/x86/kernel/entry_64.S:1109)
[ 6795.270163] Code: 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 5d c3 66 2e 0f 1f 84 00 00 00 00 00 48 8b 47 40 55 48 8b 57 48 48 89 e5 48 85 c0 <48> 89 02 74 04 48 89 50 08 49 b8 00 02 20 00 00 00 ad de 5d 4c
[ 6795.270163] RIP perf_swevent_del (include/linux/list.h:617 include/linux/rculist.h:345 kernel/events/core.c:5671)
[ 6795.270163] RSP <ffff880018357c80>
[ 6795.270163] CR2: ffff88002e36b5b8


Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/