From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751711AbaBXFXX (ORCPT ); Mon, 24 Feb 2014 00:23:23 -0500 Received: from terminus.zytor.com ([198.137.202.10]:58429 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750739AbaBXFXW (ORCPT ); Mon, 24 Feb 2014 00:23:22 -0500 Message-ID: <530AD71E.50800@zytor.com> Date: Sun, 23 Feb 2014 21:22:38 -0800 From: "H. Peter Anvin" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Vince Weaver CC: Linux Kernel , Peter Zijlstra , Ingo Molnar , "H.J. Lu" Subject: Re: perf_fuzzer compiled for x32 causes reboot References: <53084317.4090304@zytor.com> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02/23/2014 07:02 PM, Vince Weaver wrote: > On Sun, 23 Feb 2014, Vince Weaver wrote: >> >> and as far as I can tell nothing touches rbp again until the segfault. >> Nothing in _memset_sse2 does as far as I can tell. > > I only know enough about ftrace to be dangerous, but here is what I think > is the trace of the problem: > > perf_fuzzer-11492 [000] 197077.488420: function: perf_output_put_handle > perf_fuzzer-11492 [000] 197077.488421: function: __do_page_fault So we do a write to the buffer rather immediately before this happens, and in particular that will update the head: rb->user_page->data_head = head; However, that doesn't explain what is going on and in particular the write to whatever address was in %rbp. The rest pretty much seems to be the page fault logic. Incidentally, I doubt that this is x32-related in any way; there seems to be absolutely no difference between x86-64 perf and x32 perf; more likely it just makes the error more reproducible because the address space is so much smaller. -hpa