From: Peter Zijlstra <peterz@infradead.org>
To: Vince Weaver <vincent.weaver@maine.edu>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
"davej@codemonkey.org.uk" <davej@codemonkey.org.uk>,
"dvyukov@google.com" <dvyukov@google.com>,
Stephane Eranian <eranian@gmail.com>,
jpoimboe@redhat.com
Subject: Re: perf: fuzzer KASAN unwind_get_return_address
Date: Tue, 15 Nov 2016 19:57:56 +0100 [thread overview]
Message-ID: <20161115185756.GL3142@twins.programming.kicks-ass.net> (raw)
In-Reply-To: <alpine.DEB.2.20.1611151239060.31288@macbook-air>
On Tue, Nov 15, 2016 at 12:43:56PM -0500, Vince Weaver wrote:
>
> Running on my haswell machine with the imc/uncore patch applied, the
> perf_fuzzer next tripped over this issue.
>
> [ 202.034495] BAD LUCK: lost 371 message(s) from NMI context!
> [ 202.034496] ==================================================================
> [ 202.048327] BUG: KASAN: stack-out-of-bounds in unwind_get_return_address+0x35/0x80 at addr ffff8800cff0bd90
> [ 202.058826] Read of size 8 by task perf_fuzzer/16254
> [ 202.064186] page:ffffea00033fc2c0 count:1 mapcount:0 mapping: (null) index:0x0^Ac
> [ 202.073068] flags: 0x1ffff8000000400(reserved)
> [ 202.077885] page dumped because: kasan: bad access detected
> [ 202.083880] CPU: 4 PID: 16254 Comm: perf_fuzzer Not tainted 4.9.0-rc5+ #5
> [ 202.091204] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014
> [ 202.099181] ffff8800cff0b1d8^Ac ffffffff816bb796^Ac ffff8800cff0b270^Ac ffff8800cff0bd90^Ac
> [ 202.107896] ffff8800cff0b260^Ac ffffffff812fbe95^Ac 00007ffc9d1ab480^Ac 0000000000000000^Ac
> [ 202.116638] ffffffff8125117d^Ac 0000000000000092^Ac 0000000000000000^Ac ffff8800cff0b7c0^Ac
> [ 202.125339] Call Trace:
> [ 202.127994] <NMI> [<ffffffff816bb796>] dump_stack+0x63/0x8d
> [ 202.134184] [<ffffffff812fbe95>] kasan_report_error+0x495/0x4c0
> [ 202.140680] [<ffffffff8125117d>] ? perf_output_begin+0x28d/0x4c0
> [ 202.147228] [<ffffffff812fc319>] kasan_report+0x39/0x40
> [ 202.152987] [<ffffffff81095ce5>] ? unwind_get_return_address+0x35/0x80
> [ 202.160094] [<ffffffff812fa8fe>] __asan_load8+0x5e/0x70
> [ 202.165859] [<ffffffff81095ce5>] unwind_get_return_address+0x35/0x80
Josh, any ideas?
> [ 202.172817] [<ffffffff8100b08d>] perf_callchain_kernel+0x22d/0x270
> [ 202.179590] [<ffffffff812fa7c4>] ? __asan_load4+0x24/0x80
> [ 202.185548] [<ffffffff8100ae60>] ? arch_perf_update_userpage+0x130/0x130
> [ 202.192849] [<ffffffff81252aaa>] get_perf_callchain+0x24a/0x3e0
> [ 202.199339] [<ffffffff81252860>] ? put_callchain_buffers+0x50/0x50
> [ 202.206092] [<ffffffff81095b17>] ? perf_get_regs_user+0x327/0x380
> [ 202.212751] [<ffffffff81135fd0>] ? lock_release+0x30/0x540
> [ 202.218803] [<ffffffff81252d05>] perf_callchain+0xc5/0xe0
> [ 202.224767] [<ffffffff812fa7c4>] ? __asan_load4+0x24/0x80
> [ 202.230696] [<ffffffff8124dbf9>] perf_prepare_sample+0x489/0x630
> [ 202.237275] [<ffffffff81135fd0>] ? lock_release+0x30/0x540
> [ 202.243266] [<ffffffff8124de9c>] ? perf_event_output_forward+0xfc/0x130
> [ 202.250472] [<ffffffff8124dda0>] ? perf_prepare_sample+0x630/0x630
> [ 202.257251] [<ffffffff8124e0ae>] perf_event_output+0xae/0x130
> [ 202.263564] [<ffffffff8124e000>] ? perf_event_output_backward+0x130/0x130
> [ 202.270964] [<ffffffff8124e000>] ? perf_event_output_backward+0x130/0x130
> [ 202.278373] [<ffffffff81247cc2>] ? perf_event_update_userpage+0x212/0x2b0
> [ 202.285772] [<ffffffff81247ab0>] ? perf_event_task_disable+0xc0/0xc0
> [ 202.292744] [<ffffffff812fac4f>] ? __asan_loadN+0xf/0x20
> [ 202.298581] [<ffffffff8101757d>] ? setup_pebs_sample_data+0x68d/0x830
> [ 202.305622] [<ffffffff81017a91>] __intel_pmu_pebs_event+0x221/0x3a0
> [ 202.312469] [<ffffffff81135e4d>] ? lock_acquire+0x3d/0x190
> [ 202.318523] [<ffffffff81017870>] ? pebs_update_state+0x150/0x150
> [ 202.325060] [<ffffffff8104c6ec>] ? get_stack_info+0x3c/0x150
> [ 202.331259] [<ffffffff810106b7>] ? __intel_pmu_enable_all+0x77/0xf0
> [ 202.338128] [<ffffffff812fa7c4>] ? __asan_load4+0x24/0x80
> [ 202.344059] [<ffffffff81018b50>] ? intel_pmu_disable_bts+0x60/0x60
> [ 202.350823] [<ffffffff812fa7c4>] ? __asan_load4+0x24/0x80
> [ 202.356740] [<ffffffff81252d05>] ? perf_callchain+0xc5/0xe0
> [ 202.362855] [<ffffffff81135fd0>] ? lock_release+0x30/0x540
> [ 202.368855] [<ffffffff8124dc31>] ? perf_prepare_sample+0x4c1/0x630
> [ 202.375619] [<ffffffff8124de84>] ? perf_event_output_forward+0xe4/0x130
> [ 202.382849] [<ffffffff81017ffc>] intel_pmu_drain_pebs_nhm+0x3ec/0x530
> [ 202.389899] [<ffffffff81017c10>] ? __intel_pmu_pebs_event+0x3a0/0x3a0
> [ 202.396959] [<ffffffff81247caa>] ? perf_event_update_userpage+0x1fa/0x2b0
> [ 202.406800] [<ffffffff81247cc2>] ? perf_event_update_userpage+0x212/0x2b0
> [ 202.416486] [<ffffffff81247ab0>] ? perf_event_task_disable+0xc0/0xc0
> [ 202.425720] [<ffffffff8101a832>] ? intel_pmu_lbr_read+0x32/0x790
> [ 202.434566] [<ffffffff8123ba26>] ? __perf_event_overflow+0x116/0x280
> [ 202.443735] [<ffffffff810144d8>] ? intel_bts_interrupt+0x88/0x1b0
> [ 202.452538] [<ffffffff81012c7e>] intel_pmu_handle_irq+0x3ae/0x690
> [ 202.461407] [<ffffffff810128d0>] ? intel_pmu_save_and_restart+0x80/0x80
> [ 202.470877] [<ffffffff81135fd0>] ? lock_release+0x30/0x540
> [ 202.479131] [<ffffffff81088eeb>] ? native_apic_msr_write+0x2b/0x30
> [ 202.488181] [<ffffffff8108899c>] ? x2apic_send_IPI_self+0x3c/0x50
> [ 202.497066] [<ffffffff81055d72>] ? native_sched_clock+0x62/0x140
> [ 202.505919] [<ffffffff810081fd>] perf_event_nmi_handler+0x2d/0x50
> [ 202.514832] [<ffffffff8104da91>] nmi_handle+0xb1/0x1d0
> [ 202.522697] [<ffffffff8104d9e5>] ? nmi_handle+0x5/0x1d0
> [ 202.530610] [<ffffffff8104e185>] default_do_nmi+0xe5/0x140
> [ 202.538765] [<ffffffff8104e332>] do_nmi+0x152/0x1b0
> [ 202.546254] [<ffffffff81b8f171>] end_repeat_nmi+0x1a/0x1e
> [ 202.554257] [<ffffffff810106b7>] ? __intel_pmu_enable_all+0x77/0xf0
> [ 202.563167] [<ffffffff812475eb>] ? perf_event_task_tick+0x48b/0x5f0
> [ 202.572060] [<ffffffff812475eb>] ? perf_event_task_tick+0x48b/0x5f0
> [ 202.580864] [<ffffffff812475eb>] ? perf_event_task_tick+0x48b/0x5f0
> [ 202.589703] <EOE> <IRQ> [<ffffffff81101571>] scheduler_tick+0xb1/0x150
> [ 202.598985] [<ffffffff8116e7e7>] update_process_times+0x47/0x60
> [ 202.607433] [<ffffffff81185e53>] tick_sched_handle.isra.14+0x33/0x80
> [ 202.616314] [<ffffffff811869cb>] tick_sched_timer+0x4b/0x90
> [ 202.624322] [<ffffffff8116fbfe>] __hrtimer_run_queues+0x21e/0x540
> [ 202.632864] [<ffffffff81186980>] ? tick_sched_do_timer+0x50/0x50
> [ 202.641337] [<ffffffff8116f9e0>] ? retrigger_next_event+0xa0/0xa0
> [ 202.649947] [<ffffffff8117b8f6>] ? ktime_get_update_offsets_now+0xe6/0x190
> [ 202.659411] [<ffffffff811707f0>] ? hrtimer_interrupt+0xb0/0x220
> [ 202.667864] [<ffffffff8117082f>] hrtimer_interrupt+0xef/0x220
> [ 202.676069] [<ffffffff8123b020>] ? perf_cgroup_attach+0xb0/0xb0
> [ 202.684444] [<ffffffff8107ec2f>] local_apic_timer_interrupt+0x4f/0x80
> [ 202.693422] [<ffffffff81b903d7>] smp_apic_timer_interrupt+0x57/0x70
> [ 202.702203] [<ffffffff81b8f6a2>] apic_timer_interrupt+0x82/0x90
> [ 202.710591] <EOI> [<ffffffff8123b020>] ? perf_cgroup_attach+0xb0/0xb0
> [ 202.719609] [<ffffffff8118dc3a>] ? smp_call_function_single+0x14a/0x1b0
> [ 202.728811] [<ffffffff8118dc30>] ? smp_call_function_single+0x140/0x1b0
> [ 202.738039] [<ffffffff8118daf0>] ? generic_exec_single+0x170/0x170
> [ 202.746727] [<ffffffff8123b020>] ? perf_cgroup_attach+0xb0/0xb0
> [ 202.755181] [<ffffffff81238e48>] event_function_call+0x268/0x270
> [ 202.763687] [<ffffffff812426d0>] ? task_ctx_sched_out+0x60/0x60
> [ 202.772057] [<ffffffff81238be0>] ? task_function_call+0xc0/0xc0
> [ 202.780404] [<ffffffff812426d0>] ? task_ctx_sched_out+0x60/0x60
> [ 202.788768] [<ffffffff81238e79>] ? _perf_event_disable+0x29/0x70
> [ 202.797258] [<ffffffff812383d0>] ? update_group_times+0x50/0x50
> [ 202.805667] [<ffffffff81238e97>] ? _perf_event_disable+0x47/0x70
> [ 202.814188] [<ffffffff8113a4d7>] ? do_raw_spin_unlock+0x97/0x130
> [ 202.822733] [<ffffffff81238e50>] ? event_function_call+0x270/0x270
> [ 202.831462] [<ffffffff81238ea8>] _perf_event_disable+0x58/0x70
> [ 202.839778] [<ffffffff812386a3>] perf_event_for_each_child+0x53/0xd0
> [ 202.848576] [<ffffffff81247a51>] perf_event_task_disable+0x61/0xc0
> [ 202.857303] [<ffffffff810daee2>] SyS_prctl+0x3f2/0x690
> [ 202.864853] [<ffffffff810daaf0>] ? SyS_umask+0x40/0x40
> [ 202.872375] [<ffffffff81136c6a>] ? lockdep_sys_exit+0x1a/0xa0
> [ 202.880517] [<ffffffff81004016>] ? lockdep_sys_exit_thunk+0x16/0x30
> [ 202.889310] [<ffffffff81b8dabb>] entry_SYSCALL_64_fastpath+0x1e/0xb2
> [ 202.898177] Memory state around the buggy address:
> [ 202.905288] ffff8800cff0bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [ 202.915044] ffff8800cff0bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [ 202.924697] >ffff8800cff0bd80: f3 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
> [ 202.934420] ^
> [ 202.940352] ffff8800cff0be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [ 202.950141] ffff8800cff0be80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [ 202.959835] ==================================================================
>
next prev parent reply other threads:[~2016-11-15 18:58 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-15 17:43 perf: fuzzer KASAN unwind_get_return_address Vince Weaver
2016-11-15 18:57 ` Peter Zijlstra [this message]
2016-11-15 19:04 ` Dmitry Vyukov
2016-11-15 20:56 ` Josh Poimboeuf
2016-11-15 19:05 ` Vince Weaver
2016-11-15 20:57 ` Josh Poimboeuf
2016-11-16 13:03 ` Peter Zijlstra
2016-11-16 13:18 ` Dmitry Vyukov
2016-11-16 14:37 ` Josh Poimboeuf
2016-11-16 14:49 ` Peter Zijlstra
2016-11-16 14:58 ` Josh Poimboeuf
2016-11-16 14:58 ` Peter Zijlstra
2016-11-17 4:48 ` Josh Poimboeuf
2016-11-17 9:04 ` Peter Zijlstra
2016-11-17 9:13 ` Peter Zijlstra
2016-11-17 9:30 ` Peter Zijlstra
2016-11-17 9:48 ` Dmitry Vyukov
2016-11-17 14:01 ` Josh Poimboeuf
2016-11-17 14:25 ` Vince Weaver
2016-11-17 14:36 ` Josh Poimboeuf
2016-11-17 14:58 ` Dmitry Vyukov
2016-11-17 17:15 ` Vince Weaver
2016-11-17 15:18 ` Josh Poimboeuf
2016-11-17 16:07 ` Peter Zijlstra
2016-11-17 17:17 ` Peter Zijlstra
2016-11-22 12:30 ` [tip:perf/urgent] perf/x86/intel: Cure bogus unwind from PEBS entries tip-bot for Peter Zijlstra
2016-11-16 15:06 ` perf: fuzzer KASAN unwind_get_return_address Vince Weaver
2016-11-17 15:57 ` [PATCH 1/2] unwind: prevent KASAN false positive warnings in guess unwinder Josh Poimboeuf
2016-11-17 15:57 ` [PATCH 2/2] dumpstack: prevent KASAN false positive warnings Josh Poimboeuf
2016-11-18 9:04 ` [tip:x86/urgent] x86/dumpstack: Prevent " tip-bot for Josh Poimboeuf
2016-11-17 20:26 ` [PATCH 1/2] unwind: prevent KASAN false positive warnings in guess unwinder Josh Poimboeuf
2016-11-18 8:38 ` Ingo Molnar
2016-11-18 9:04 ` [tip:x86/urgent] x86/unwind: Prevent " tip-bot for Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161115185756.GL3142@twins.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=acme@kernel.org \
--cc=davej@codemonkey.org.uk \
--cc=dvyukov@google.com \
--cc=eranian@gmail.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=vincent.weaver@maine.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).