From: Vince Weaver <vincent.weaver@maine.edu>
To: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
"dvyukov@google.com" <dvyukov@google.com>
Subject: perf: fuzzer KASAN: global-out-of-bounds in match_token
Date: Thu, 17 Nov 2016 15:24:48 -0500 (EST) [thread overview]
Message-ID: <alpine.DEB.2.20.1611171521350.12680@macbook-air> (raw)
So got my skylake machine re-compiled with gcc-5 and got this.
Should I keep reporting these, or is everyone fuzzing now so you're all
hitting them too?
[ 911.507365] ==================================================================
[ 911.514824] BUG: KASAN: global-out-of-bounds in match_token+0x268/0x310 at addr ffffffffb14ad058
[ 911.523912] Read of size 8 by task perf_fuzzer/20662
[ 911.528945] Address belongs to variable if_tokens+0x78/0xa0
[ 911.534619] CPU: 7 PID: 20662 Comm: perf_fuzzer Tainted: G L 4.9.0-rc5+ #12
[ 911.534620] Hardware name: LENOVO 10FY0017US/SKYBAY, BIOS FWKT53A 06/06/2016
[ 911.534622] ffff8801efd2f970 ffffffffb0f17c88 ffff8801efd2fa08 ffffffffb14ad058
[ 911.534624] ffff8801efd2f9f8 ffffffffb0d0a9f3 1ffff1003dfa5f38 ffff8801efd2fc38
[ 911.534627] ffff8801f12ca100 0000000000000297 ffff8801efd2fc38 ffff8801efd2fa38
[ 911.534629] Call Trace:
[ 911.534633] [<ffffffffb0f17c88>] dump_stack+0x63/0x8b
[ 911.534636] [<ffffffffb0d0a9f3>] kasan_report_error+0x493/0x4c0
[ 911.534638] [<ffffffffb0f27a43>] ? simple_strtoull+0x93/0xe0
[ 911.534640] [<ffffffffb0d0b038>] kasan_report+0x58/0x60
[ 911.534642] [<ffffffffb0f31008>] ? match_token+0x268/0x310
[ 911.534644] [<ffffffffb0d0949e>] __asan_load8+0x5e/0x70
[ 911.534646] [<ffffffffb0f31008>] match_token+0x268/0x310
[ 911.534649] [<ffffffffb0d058f8>] ? kmem_cache_alloc_node_trace+0x108/0x5a0
[ 911.534651] [<ffffffffb0f30da0>] ? match_wildcard+0x130/0x130
[ 911.534653] [<ffffffffb0cbb4b5>] ? wp_page_copy+0x6f5/0xb80
[ 911.534656] [<ffffffffb0c49668>] ? perf_event_set_addr_filter+0x1f8/0x630
[ 911.534658] [<ffffffffb0c496bb>] perf_event_set_addr_filter+0x24b/0x630
[ 911.534660] [<ffffffffb0c49470>] ? perf_pin_task_context+0xd0/0xd0
[ 911.534663] [<ffffffffb0d09976>] ? kasan_unpoison_shadow+0x36/0x50
[ 911.534665] [<ffffffffb0d09add>] ? kasan_kmalloc+0xad/0xe0
[ 911.534667] [<ffffffffb0d06a0b>] ? __kmalloc_track_caller+0x10b/0x580
[ 911.534669] [<ffffffffb0cbccd0>] ? vm_normal_page+0x130/0x130
[ 911.534671] [<ffffffffb0c9fe06>] ? strndup_user+0x46/0x70
[ 911.534673] [<ffffffffb0d097d4>] ? kasan_check_write+0x14/0x20
[ 911.534675] [<ffffffffb0c9fd8d>] ? memdup_user+0x4d/0x80
[ 911.534677] [<ffffffffb0c56a7a>] perf_ioctl+0x5fa/0x810
[ 911.534680] [<ffffffffb0c56480>] ? SYSC_perf_event_open+0x11e0/0x11e0
[ 911.534682] [<ffffffffb0cc1472>] ? handle_mm_fault+0x602/0x1c30
[ 911.534684] [<ffffffffb0d589bb>] do_vfs_ioctl+0x14b/0x920
[ 911.534686] [<ffffffffb0d58870>] ? ioctl_preallocate+0x160/0x160
[ 911.534689] [<ffffffffb0e36be3>] ? security_file_permission+0xd3/0x100
[ 911.534692] [<ffffffffb0c59af8>] ? __perf_sw_event+0x98/0xc0
[ 911.534694] [<ffffffffb0aa0639>] ? __do_page_fault+0x579/0x650
[ 911.534696] [<ffffffffb0d59209>] SyS_ioctl+0x79/0x90
[ 911.534699] [<ffffffffb13f493b>] entry_SYSCALL_64_fastpath+0x1e/0xad
[ 911.534700] Memory state around the buggy address:
[ 911.539563] ffffffffb14acf00: fa fa fa fa 06 fa fa fa fa fa fa fa 06 fa fa fa
[ 911.546942] ffffffffb14acf80: fa fa fa fa 03 fa fa fa fa fa fa fa 00 00 00 00
[ 911.554269] >ffffffffb14ad000: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
[ 911.561598] ^
[ 911.567800] ffffffffb14ad080: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
[ 911.575138] ffffffffb14ad100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
[ 911.582492] ==================================================================
next reply other threads:[~2016-11-17 20:24 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-17 20:24 Vince Weaver [this message]
2016-11-17 20:37 ` perf: fuzzer KASAN: global-out-of-bounds in match_token Vince Weaver
2016-11-17 22:11 ` Vince Weaver
2016-11-18 2:51 ` Vince Weaver
2016-11-18 8:24 ` Ingo Molnar
2016-11-18 11:38 ` Alexander Shishkin
2016-11-18 18:02 ` Vince Weaver
2016-11-21 10:38 ` [tip:perf/urgent] perf/core: Fix address filter parser tip-bot for Alexander Shishkin
2016-11-17 23:11 ` perf: fuzzer KASAN: global-out-of-bounds in match_token Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.20.1611171521350.12680@macbook-air \
--to=vincent.weaver@maine.edu \
--cc=acme@kernel.org \
--cc=dvyukov@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.