lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 10 May 2014 19:34:52 -0400
From:	Sasha Levin <sasha.levin@...cle.com>
To:	Ingo Molnar <mingo@...nel.org>, acme@...stprotocols.net,
	Peter Zijlstra <peterz@...radead.org>
CC:	Dave Jones <davej@...hat.com>, LKML <linux-kernel@...r.kernel.org>
Subject: perf: invalid memory access in perf_swevent_del

Hi all,

While fuzzing with trinity inside a KVM tools guest running the latest -next
kernel I've stumbled on the following spew:

[ 6795.260300] BUG: unable to handle kernel paging request at ffff88002e36b5b8
[ 6795.261530] IP: perf_swevent_del (include/linux/list.h:617 include/linux/rculist.h:345 kernel/events/core.c:5671)
[ 6795.262689] PGD 26bc6067 PUD 26bc7067 PMD 705e61067 PTE 800000002e36b060
[ 6795.264634] Oops: 0002 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 6795.266144] Dumping ftrace buffer:
[ 6795.267203]    (ftrace buffer empty)
[ 6795.268272] Modules linked in:
[ 6795.269159] CPU: 40 PID: 13449 Comm: trinity-c263 Tainted: G    B   W     3.15.0-rc4-next-20140508-sasha-00020-gec9304b-dirty #452
[ 6795.270163] task: ffff8800183d3000 ti: ffff880018356000 task.ti: ffff880018356000
[ 6795.270163] RIP: perf_swevent_del (include/linux/list.h:617 include/linux/rculist.h:345 kernel/events/core.c:5671)
[ 6795.270163] RSP: 0000:ffff880018357c80  EFLAGS: 00010046
[ 6795.270163] RAX: 0000000000000000 RBX: ffff8800183c9290 RCX: ffff880016b06c48
[ 6795.270163] RDX: ffff88002e36b5b8 RSI: 0000000000000000 RDI: ffff8800183c9290
[ 6795.270163] RBP: ffff880018357c80 R08: ffff880016b06d88 R09: 0000000000000005
[ 6795.270163] R10: ffff8800183d3000 R11: 0000000000000000 R12: ffff880016b06d7c
[ 6795.270163] R13: ffff880224fdbd90 R14: ffff880224fdbd94 R15: 0000008d7161175a
[ 6795.270163] FS:  00007f068aa56700(0000) GS:ffff880224e00000(0000) knlGS:0000000000000000
[ 6795.270163] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 6795.270163] CR2: ffff88002e36b5b8 CR3: 0000000018361000 CR4: 00000000000006a0
[ 6795.270163] DR0: 00000000006df000 DR1: 0000000000000000 DR2: 0000000000000000
[ 6795.270163] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 6795.270163] Stack:
[ 6795.270163]  ffff880018357cd0 ffffffff9f2780fb ffff880018357ca0 ffff880016b06d88
[ 6795.270163]  ffff880018357cd0 ffff880016b06c48 ffff880224fdbd90 ffff880224fdbd94
[ 6795.270163]  ffff880016b06d7c ffff880016b06d38 ffff880018357d30 ffffffff9f2784f6
[ 6795.270163] Call Trace:
[ 6795.270163] event_sched_out.isra.46 (include/linux/perf_event.h:634 kernel/events/core.c:1416)
[ 6795.270163] group_sched_out (kernel/events/core.c:1440)
[ 6795.270163] ctx_sched_out (kernel/events/core.c:2167 (discriminator 2))
[ 6795.270163] __perf_event_task_sched_out (kernel/events/core.c:2342 kernel/events/core.c:2367)
[ 6795.270163] ? __perf_event_task_sched_out (include/linux/rcupdate.h:867 kernel/events/core.c:2296 kernel/events/core.c:2367)
[ 6795.270163] ? update_curr (kernel/sched/stats.h:259 kernel/sched/fair.c:721)
[ 6795.270163] perf_event_task_sched_out (include/linux/perf_event.h:690)
[ 6795.270163] ? set_next_entity (kernel/sched/fair.c:7708 kernel/sched/fair.c:2891)
[ 6795.270163] ? pick_next_task_fair (kernel/sched/fair.c:4761)
[ 6795.270163] ? sched_clock (arch/x86/include/asm/paravirt.h:192 arch/x86/kernel/tsc.c:305)
[ 6795.270163] ? sched_clock_cpu (kernel/sched/clock.c:311)
[ 6795.270163] __schedule (kernel/sched/core.c:2077 kernel/sched/core.c:2115 kernel/sched/core.c:2239 kernel/sched/core.c:2728)
[ 6795.270163] ? _raw_spin_unlock (arch/x86/include/asm/preempt.h:98 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:183)
[ 6795.270163] ? context_tracking_user_exit (arch/x86/include/asm/paravirt.h:809 (discriminator 2) kernel/context_tracking.c:182 (discriminator 2))
[ 6795.270163] schedule (kernel/sched/core.c:2765)
[ 6795.270163] schedule_user (kernel/sched/core.c:2778 include/linux/jump_label.h:105 include/linux/context_tracking_state.h:27 include/linux/context_tracking.h:20 kernel/sched/core.c:2779)
[ 6795.270163] retint_careful (arch/x86/kernel/entry_64.S:1109)
[ 6795.270163] Code: 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 5d c3 66 2e 0f 1f 84 00 00 00 00 00 48 8b 47 40 55 48 8b 57 48 48 89 e5 48 85 c0 <48> 89 02 74 04 48 89 50 08 49 b8 00 02 20 00 00 00 ad de 5d 4c
[ 6795.270163] RIP perf_swevent_del (include/linux/list.h:617 include/linux/rculist.h:345 kernel/events/core.c:5671)
[ 6795.270163]  RSP <ffff880018357c80>
[ 6795.270163] CR2: ffff88002e36b5b8


Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists