perf command makes kernel panic due to NULL pointer dereference in __wake_up_common through perf_event_wakeup
Issue
- After starting/stopping
perf record -p $PID, kernel panic occurs with the following call trace in vmcore/vmcore-dmesg.txt .
<1>BUG: unable to handle kernel NULL pointer dereference at (null)
<1>IP: [<ffffffff81062514>] __wake_up_common+0x34/0x90
<4>Kernel PGD 800000007da84067 PUD 7a35a067 PMD 0
<4>User PGD 7da84067 PUD 7a35a067 PMD 0
<4>Oops: 0000 [#1] SMP
<4>last sysfs file: /sys/devices/software/type
<4>CPU 0
<4>Modules linked in: autofs4 ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr ipv6 microcode snd_hda_codec_generic joydev virtio_balloon virtio_console snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc virtio_net i2c_piix4 i2c_core sg ext4 jbd2 mbcache virtio_blk sr_mod cdrom virtio_pci virtio_ring virtio pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod [last unloaded: speedstep_lib]
<4>
<4>Pid: 2150, comm: repro Not tainted 2.6.32-754.3.5.el6.x86_64 #1 QEMU Standard PC (i440FX + PIIX, 1996)
<4>RIP: 0010:[<ffffffff81062514>] [<ffffffff81062514>] __wake_up_common+0x34/0x90
<4>RSP: 0018:ffff88007978fd98 EFLAGS: 00010082
<4>RAX: 0000000000000000 RBX: ffff88007977f690 RCX: 0000000000000000
<4>RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffffffffffffe8
<4>RBP: ffff88007978fdd8 R08: 0000000000000000 R09: 00000000ffffffff
<4>R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000286
<4>R13: ffff88007977f698 R14: 0000000000000000 R15: 0000000000000000
<4>FS: 0000000000000000(0000) GS:ffff880002200000(0000) knlGS:0000000000000000
<4>CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>CR2: 0000000000000000 CR3: 000000007da3e000 CR4: 00000000001606f0
<4>DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<4>DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
<4>Process repro (pid: 2150, threadinfo ffff88007978c000, task ffff880037b52040)
<4>Stack:
<4> ffff88007978fdd8 0000000300000000 ffff880037b52040 ffff88007977f690
<4><d> 0000000000000286 0000000000000003 0000000000000000 0000000000000000
<4><d> ffff88007978fe18 ffffffff81066ca8 ffff88007978fe48 ffff88007977f400
<4>Call Trace:
<4> [<ffffffff81066ca8>] __wake_up+0x48/0x70
<4> [<ffffffff8112cba5>] perf_event_wakeup+0x45/0x90
<4> [<ffffffff811301b0>] perf_event_exit_task+0x230/0x340
<4> [<ffffffff81085bf4>] do_exit+0x1e4/0x860
<4> [<ffffffff8156427e>] ? system_call_after_swapgs+0xae/0x152
<4> [<ffffffff81564272>] ? system_call_after_swapgs+0xa2/0x152
<4> [<ffffffff8156427e>] ? system_call_after_swapgs+0xae/0x152
<4> [<ffffffff81564272>] ? system_call_after_swapgs+0xa2/0x152
<4> [<ffffffff8156427e>] ? system_call_after_swapgs+0xae/0x152
<4> [<ffffffff81564272>] ? system_call_after_swapgs+0xa2/0x152
<4> [<ffffffff81086377>] sys_exit+0x17/0x20
<4> [<ffffffff81564357>] system_call_fastpath+0x35/0x3a
<4> [<ffffffff8156427e>] ? system_call_after_swapgs+0xae/0x152
<4>Code: 55 41 54 53 48 83 ec 18 0f 1f 44 00 00 89 75 cc 89 55 c8 49 89 fd 48 8b 47 08 49 83 c5 08 41 89 cf 4d 89 c6 48 8d 78 e8 49 39 c5 <48> 8b 5f 18 74 3f 48 83 eb 18 eb 07 48 89 df 48 8d 5a e8 44 8b
<1>RIP [<ffffffff81062514>] __wake_up_common+0x34/0x90
<4> RSP <ffff88007978fd98>
<4>CR2: 0000000000000000
Environment
- Red Hat Enterprise Linux 6.4 or later
perfcommand with multi thread process
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
