All of lore.kernel.org
 help / color / mirror / Atom feed
From: Vince Weaver <vincent.weaver@maine.edu>
To: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
	"dvyukov@google.com" <dvyukov@google.com>
Subject: perf: fuzzer KASAN: global-out-of-bounds in match_token
Date: Thu, 17 Nov 2016 15:24:48 -0500 (EST)	[thread overview]
Message-ID: <alpine.DEB.2.20.1611171521350.12680@macbook-air> (raw)


So got my skylake machine re-compiled with gcc-5 and got this.

Should I keep reporting these, or is everyone fuzzing now so you're all 
hitting them too?

[  911.507365] ==================================================================
[  911.514824] BUG: KASAN: global-out-of-bounds in match_token+0x268/0x310 at addr ffffffffb14ad058
[  911.523912] Read of size 8 by task perf_fuzzer/20662
[  911.528945] Address belongs to variable if_tokens+0x78/0xa0
[  911.534619] CPU: 7 PID: 20662 Comm: perf_fuzzer Tainted: G             L  4.9.0-rc5+ #12
[  911.534620] Hardware name: LENOVO 10FY0017US/SKYBAY, BIOS FWKT53A   06/06/2016
[  911.534622]  ffff8801efd2f970 ffffffffb0f17c88 ffff8801efd2fa08 ffffffffb14ad058
[  911.534624]  ffff8801efd2f9f8 ffffffffb0d0a9f3 1ffff1003dfa5f38 ffff8801efd2fc38
[  911.534627]  ffff8801f12ca100 0000000000000297 ffff8801efd2fc38 ffff8801efd2fa38
[  911.534629] Call Trace:
[  911.534633]  [<ffffffffb0f17c88>] dump_stack+0x63/0x8b
[  911.534636]  [<ffffffffb0d0a9f3>] kasan_report_error+0x493/0x4c0
[  911.534638]  [<ffffffffb0f27a43>] ? simple_strtoull+0x93/0xe0
[  911.534640]  [<ffffffffb0d0b038>] kasan_report+0x58/0x60
[  911.534642]  [<ffffffffb0f31008>] ? match_token+0x268/0x310
[  911.534644]  [<ffffffffb0d0949e>] __asan_load8+0x5e/0x70
[  911.534646]  [<ffffffffb0f31008>] match_token+0x268/0x310
[  911.534649]  [<ffffffffb0d058f8>] ? kmem_cache_alloc_node_trace+0x108/0x5a0
[  911.534651]  [<ffffffffb0f30da0>] ? match_wildcard+0x130/0x130
[  911.534653]  [<ffffffffb0cbb4b5>] ? wp_page_copy+0x6f5/0xb80
[  911.534656]  [<ffffffffb0c49668>] ? perf_event_set_addr_filter+0x1f8/0x630
[  911.534658]  [<ffffffffb0c496bb>] perf_event_set_addr_filter+0x24b/0x630
[  911.534660]  [<ffffffffb0c49470>] ? perf_pin_task_context+0xd0/0xd0
[  911.534663]  [<ffffffffb0d09976>] ? kasan_unpoison_shadow+0x36/0x50
[  911.534665]  [<ffffffffb0d09add>] ? kasan_kmalloc+0xad/0xe0
[  911.534667]  [<ffffffffb0d06a0b>] ? __kmalloc_track_caller+0x10b/0x580
[  911.534669]  [<ffffffffb0cbccd0>] ? vm_normal_page+0x130/0x130
[  911.534671]  [<ffffffffb0c9fe06>] ? strndup_user+0x46/0x70
[  911.534673]  [<ffffffffb0d097d4>] ? kasan_check_write+0x14/0x20
[  911.534675]  [<ffffffffb0c9fd8d>] ? memdup_user+0x4d/0x80
[  911.534677]  [<ffffffffb0c56a7a>] perf_ioctl+0x5fa/0x810
[  911.534680]  [<ffffffffb0c56480>] ? SYSC_perf_event_open+0x11e0/0x11e0
[  911.534682]  [<ffffffffb0cc1472>] ? handle_mm_fault+0x602/0x1c30
[  911.534684]  [<ffffffffb0d589bb>] do_vfs_ioctl+0x14b/0x920
[  911.534686]  [<ffffffffb0d58870>] ? ioctl_preallocate+0x160/0x160
[  911.534689]  [<ffffffffb0e36be3>] ? security_file_permission+0xd3/0x100
[  911.534692]  [<ffffffffb0c59af8>] ? __perf_sw_event+0x98/0xc0
[  911.534694]  [<ffffffffb0aa0639>] ? __do_page_fault+0x579/0x650
[  911.534696]  [<ffffffffb0d59209>] SyS_ioctl+0x79/0x90
[  911.534699]  [<ffffffffb13f493b>] entry_SYSCALL_64_fastpath+0x1e/0xad
[  911.534700] Memory state around the buggy address:
[  911.539563]  ffffffffb14acf00: fa fa fa fa 06 fa fa fa fa fa fa fa 06 fa fa fa
[  911.546942]  ffffffffb14acf80: fa fa fa fa 03 fa fa fa fa fa fa fa 00 00 00 00
[  911.554269] >ffffffffb14ad000: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
[  911.561598]                                                     ^
[  911.567800]  ffffffffb14ad080: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
[  911.575138]  ffffffffb14ad100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
[  911.582492] ==================================================================

             reply	other threads:[~2016-11-17 20:24 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-17 20:24 Vince Weaver [this message]
2016-11-17 20:37 ` perf: fuzzer KASAN: global-out-of-bounds in match_token Vince Weaver
2016-11-17 22:11   ` Vince Weaver
2016-11-18  2:51     ` Vince Weaver
2016-11-18  8:24       ` Ingo Molnar
2016-11-18 11:38       ` Alexander Shishkin
2016-11-18 18:02         ` Vince Weaver
2016-11-21 10:38         ` [tip:perf/urgent] perf/core: Fix address filter parser tip-bot for Alexander Shishkin
2016-11-17 23:11 ` perf: fuzzer KASAN: global-out-of-bounds in match_token Andi Kleen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.DEB.2.20.1611171521350.12680@macbook-air \
    --to=vincent.weaver@maine.edu \
    --cc=acme@kernel.org \
    --cc=dvyukov@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.