linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* perf: fuzzer KASAN perf_callchain_store on amd
@ 2016-11-16 16:33 Vince Weaver
  2016-11-16 16:38 ` Dmitry Vyukov
  0 siblings, 1 reply; 3+ messages in thread
From: Vince Weaver @ 2016-11-16 16:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Peter Zijlstra, Josh Poimboeuf, Ingo Molnar,
	Arnaldo Carvalho de Melo, davej, dvyukov, Stephane Eranian


Possibly related to the other reports, I'm getting this on the AMD a10
machine.  I don't have the earliest trigger for this because my testing 
setup is poorly designed so the haswell machine crashing the ethernet 
switch caused the serial port logs to be lost.

It turns out the framepointer wasn't enabled on this machine, I'm 
re-enabling and I'll see if I can reproduce.

As an aside, it might be random chance, but I am noticing
"perf_event_output_backward" is involved in a lot of these
traces.

[118724.973843] BAD LUCK: lost 45131 message(s) from NMI context!
[118724.973845] ==================================================================
[118724.988303] BUG: KASAN: slab-out-of-bounds in perf_callchain_store+0x69/0x84 at addr ffff8801d4fbe800
[118724.998335] Write of size 8 by task perf_fuzzer/17994
[118725.004205] CPU: 0 PID: 17994 Comm: perf_fuzzer Tainted: G    B   W    L  4.9.0-rc5+ #39
[118725.013189] Hardware name: Hewlett-Packard HP Compaq Pro 6305 SFF/1850, BIOS K06 v02.57 08/16/2013
[118725.023108]  0000000000000000^Ac ffffffff813a8d66^Ac ffff8801d4fbf700^Ac ffff8801ed800a00^Ac
[118725.032198]  ffffffff811d229c^Ac ffff8801d4fbd700^Ac 1ffff1003a9f7d00^Ac ffffed003a9f7d00^Ac
[118725.041297]  ffffffff811d263e^Ac 0000000000000096^Ac ffff8801eabb7d30^Ac ffff8801edc0ba88^Ac
[118725.050433] Call Trace:
[118725.053940]  <NMI>  [<ffffffff813a8d66>] ? dump_stack+0x46/0x59
[118725.061001]  [<ffffffff811d229c>] ? kasan_object_err+0x17/0x6b
[118725.068017]  [<ffffffff811d263e>] ? kasan_report+0x2c0/0x41a
[118725.074880]  [<ffffffff810f490d>] ? __module_text_address+0xc/0x86
[118725.082302]  [<ffffffff81067d7f>] ? copy_process.part.40+0x12d/0x2789
[118725.090027]  [<ffffffff810032bc>] ? perf_callchain_store+0x69/0x84
[118725.097519]  [<ffffffff810063da>] ? perf_callchain_kernel+0xdd/0xf7
[118725.105117]  [<ffffffff8116aab6>] ? get_perf_callchain+0x1ad/0x2af
[118725.112667]  [<ffffffff8116ac62>] ? perf_callchain+0xaa/0xb5
[118725.119719]  [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
[118725.127333]  [<ffffffff81166785>] ? perf_prepare_sample+0xd8/0x5c0
[118725.134977]  [<ffffffff810062dc>] ? arch_perf_update_userpage+0x104/0x125
[118725.143273]  [<ffffffff81166cdb>] ? perf_event_output_backward+0x1a/0x54
[118725.151511]  [<ffffffff81163a48>] ? __perf_event_overflow+0x188/0x222
[118725.159528]  [<ffffffff81005b60>] ? x86_pmu_handle_irq+0x147/0x184
[118725.167321]  [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
[118725.175144]  [<ffffffff810094af>] ? perf_ibs_handle_irq+0x54c/0x54c
[118725.183086]  [<ffffffff81024cdb>] ? perf_trace_nmi_handler+0x123/0x14a
[118725.191319]  [<ffffffff8102a0fe>] ? cycles_2_ns+0x5c/0xe4
[118725.198452]  [<ffffffff8102a0fe>] ? cycles_2_ns+0x5c/0xe4
[118725.205588]  [<ffffffff81003efd>] ? perf_event_nmi_handler+0x22/0x39
[118725.213722]  [<ffffffff81003efd>] ? perf_event_nmi_handler+0x22/0x39
[118725.221856]  [<ffffffff8102520c>] ? nmi_handle+0x62/0x153
[118725.229057]  [<ffffffff810094af>] ? perf_ibs_handle_irq+0x54c/0x54c
[118725.237169]  [<ffffffff81024bb8>] ? local_touch_nmi+0xd/0xd
[118725.244619]  [<ffffffff810254e3>] ? default_do_nmi+0x55/0x101
[118725.252262]  [<ffffffff8102562d>] ? do_nmi+0x9e/0x10f
[118725.259234]  [<ffffffff816cbb87>] ? end_repeat_nmi+0x1a/0x1e
[118725.266843]  [<ffffffff810536d3>] ? unwind_next_frame+0x26/0xa7
[118725.274746]  [<ffffffff8108c752>] ? core_kernel_text+0x29/0x48
[118725.282588]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.289936]  [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
[118725.298209]  [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
[118725.306469]  [<ffffffff8108c752>] ? core_kernel_text+0x29/0x48
[118725.314414]  [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
[118725.322728]  <EOE>  <IRQ>  [<ffffffff810536dc>] ? unwind_next_frame+0x2f/0xa7
[118725.332078]  [<ffffffff810316aa>] ? __save_stack_trace+0xab/0xba
[118725.340327]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.347870]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.355340]  [<ffffffff811d157c>] ? save_stack+0x9d/0xa6
[118725.362749]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.370065]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.377344]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.384532]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.391641]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.398711]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.405740]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.412698]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.419610]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.426474]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.433327]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.440135]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.446910]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.453654]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.460383]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.467072]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.473730]  [<ffffffff81168e39>] ? perf_output_copy+0x58/0xf1
[118725.480913]  [<ffffffff81168b51>] ? perf_output_put_handle+0x46/0xa0
[118725.488625]  [<ffffffff811635f5>] ? perf_log_throttle+0xfa/0x10c
[118725.495964]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.502598]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.509193]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.515754]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.522282]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.528779]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.535247]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.541679]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.548113]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.554508]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.560899]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.567254]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.573573]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.579862]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.586132]  [<ffffffff811d1aa8>] ? kasan_unpoison_shadow+0xf/0x2e
[118725.593285]  [<ffffffff811d1bae>] ? kasan_kmalloc+0x8b/0x9a
[118725.599818]  [<ffffffff811ce5de>] ? slab_post_alloc_hook+0x31/0x3c
[118725.606966]  [<ffffffff811cf827>] ? kmem_cache_alloc+0xc6/0x145
[118725.613851]  [<ffffffff81078994>] ? __sigqueue_alloc+0x5a/0x152
[118725.620734]  [<ffffffff8107aa8d>] ? __send_signal+0x105/0x30b
[118725.627428]  [<ffffffff8107b9d5>] ? do_send_sig_info+0x3d/0x73
[118725.634241]  [<ffffffff811f88f6>] ? send_sigio_to_task+0xb6/0xe4
[118725.641230]  [<ffffffff8115f24c>] ? perf_pmu_enable+0x2f/0x3d
[118725.647962]  [<ffffffff810e03f3>] ? task_cputime_zero+0x2c/0x3a
[118725.654837]  [<ffffffff810e1fab>] ? run_posix_cpu_timers+0xd8/0x687
[118725.662038]  [<ffffffff810a94e2>] ? nohz_balance_exit_idle+0x36/0x81
[118725.669327]  [<ffffffff810d46e4>] ? rcu_accelerate_cbs+0x1da/0x39a
[118725.676481]  [<ffffffff810d2630>] ? rcu_report_qs_rnp+0x77/0x18b
[118725.683485]  [<ffffffff810d2c93>] ? cpu_needs_another_gp+0xbb/0x11a
[118725.690771]  [<ffffffff811f9068>] ? send_sigio+0xb6/0x10c
[118725.697215]  [<ffffffff811f915c>] ? kill_fasync+0x9e/0xdd
[118725.703673]  [<ffffffff811633c7>] ? perf_event_wakeup+0x6e/0xd6
[118725.710695]  [<ffffffff81167cf5>] ? perf_pending_event+0x70/0x8a
[118725.717830]  [<ffffffff8114b569>] ? irq_work_run_list+0x66/0x84
[118725.724905]  [<ffffffff8114b59b>] ? irq_work_run+0x14/0x29
[118725.731563]  [<ffffffff81026452>] ? smp_irq_work_interrupt+0x11/0x16
[118725.739134]  [<ffffffff816cc90f>] ? irq_work_interrupt+0x7f/0x90
[118725.746386]  <EOI>  [<ffffffff813b3b9d>] ? memcmp+0x1d/0x44
[118725.753246]  [<ffffffff811d1a57>] ? __asan_load2+0x64/0x64
[118725.760055]  [<ffffffff813b3ba8>] ? memcmp+0x28/0x44
[118725.766368]  [<ffffffff813e3101>] ? find_stack+0x3b/0x54
[118725.773053]  [<ffffffff813e32a6>] ? depot_save_stack+0x136/0x375
[118725.780468]  [<ffffffff811d157c>] ? save_stack+0x9d/0xa6
[118725.787218]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.793967]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.800690]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.807393]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
...

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: perf: fuzzer KASAN perf_callchain_store on amd
  2016-11-16 16:33 perf: fuzzer KASAN perf_callchain_store on amd Vince Weaver
@ 2016-11-16 16:38 ` Dmitry Vyukov
  2016-11-16 18:32   ` Vince Weaver
  0 siblings, 1 reply; 3+ messages in thread
From: Dmitry Vyukov @ 2016-11-16 16:38 UTC (permalink / raw)
  To: Vince Weaver
  Cc: linux-kernel, Peter Zijlstra, Josh Poimboeuf, Ingo Molnar,
	Arnaldo Carvalho de Melo, davej, Stephane Eranian

On Wed, Nov 16, 2016 at 5:33 PM, Vince Weaver <vincent.weaver@maine.edu> wrote:
>
> Possibly related to the other reports, I'm getting this on the AMD a10
> machine.  I don't have the earliest trigger for this because my testing
> setup is poorly designed so the haswell machine crashing the ethernet
> switch caused the serial port logs to be lost.
>
> It turns out the framepointer wasn't enabled on this machine, I'm
> re-enabling and I'll see if I can reproduce.
>
> As an aside, it might be random chance, but I am noticing
> "perf_event_output_backward" is involved in a lot of these
> traces.
>
> [118724.973843] BAD LUCK: lost 45131 message(s) from NMI context!
> [118724.973845] ==================================================================
> [118724.988303] BUG: KASAN: slab-out-of-bounds in perf_callchain_store+0x69/0x84 at addr ffff8801d4fbe800
> [118724.998335] Write of size 8 by task perf_fuzzer/17994
> [118725.004205] CPU: 0 PID: 17994 Comm: perf_fuzzer Tainted: G    B   W    L  4.9.0-rc5+ #39
> [118725.013189] Hardware name: Hewlett-Packard HP Compaq Pro 6305 SFF/1850, BIOS K06 v02.57 08/16/2013
> [118725.023108]  0000000000000000^Ac ffffffff813a8d66^Ac ffff8801d4fbf700^Ac ffff8801ed800a00^Ac
> [118725.032198]  ffffffff811d229c^Ac ffff8801d4fbd700^Ac 1ffff1003a9f7d00^Ac ffffed003a9f7d00^Ac
> [118725.041297]  ffffffff811d263e^Ac 0000000000000096^Ac ffff8801eabb7d30^Ac ffff8801edc0ba88^Ac
> [118725.050433] Call Trace:
> [118725.053940]  <NMI>  [<ffffffff813a8d66>] ? dump_stack+0x46/0x59
> [118725.061001]  [<ffffffff811d229c>] ? kasan_object_err+0x17/0x6b
> [118725.068017]  [<ffffffff811d263e>] ? kasan_report+0x2c0/0x41a
> [118725.074880]  [<ffffffff810f490d>] ? __module_text_address+0xc/0x86
> [118725.082302]  [<ffffffff81067d7f>] ? copy_process.part.40+0x12d/0x2789
> [118725.090027]  [<ffffffff810032bc>] ? perf_callchain_store+0x69/0x84
> [118725.097519]  [<ffffffff810063da>] ? perf_callchain_kernel+0xdd/0xf7
> [118725.105117]  [<ffffffff8116aab6>] ? get_perf_callchain+0x1ad/0x2af
> [118725.112667]  [<ffffffff8116ac62>] ? perf_callchain+0xaa/0xb5
> [118725.119719]  [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
> [118725.127333]  [<ffffffff81166785>] ? perf_prepare_sample+0xd8/0x5c0
> [118725.134977]  [<ffffffff810062dc>] ? arch_perf_update_userpage+0x104/0x125
> [118725.143273]  [<ffffffff81166cdb>] ? perf_event_output_backward+0x1a/0x54
> [118725.151511]  [<ffffffff81163a48>] ? __perf_event_overflow+0x188/0x222
> [118725.159528]  [<ffffffff81005b60>] ? x86_pmu_handle_irq+0x147/0x184
> [118725.167321]  [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
> [118725.175144]  [<ffffffff810094af>] ? perf_ibs_handle_irq+0x54c/0x54c
> [118725.183086]  [<ffffffff81024cdb>] ? perf_trace_nmi_handler+0x123/0x14a
> [118725.191319]  [<ffffffff8102a0fe>] ? cycles_2_ns+0x5c/0xe4
> [118725.198452]  [<ffffffff8102a0fe>] ? cycles_2_ns+0x5c/0xe4
> [118725.205588]  [<ffffffff81003efd>] ? perf_event_nmi_handler+0x22/0x39
> [118725.213722]  [<ffffffff81003efd>] ? perf_event_nmi_handler+0x22/0x39
> [118725.221856]  [<ffffffff8102520c>] ? nmi_handle+0x62/0x153
> [118725.229057]  [<ffffffff810094af>] ? perf_ibs_handle_irq+0x54c/0x54c
> [118725.237169]  [<ffffffff81024bb8>] ? local_touch_nmi+0xd/0xd
> [118725.244619]  [<ffffffff810254e3>] ? default_do_nmi+0x55/0x101
> [118725.252262]  [<ffffffff8102562d>] ? do_nmi+0x9e/0x10f
> [118725.259234]  [<ffffffff816cbb87>] ? end_repeat_nmi+0x1a/0x1e
> [118725.266843]  [<ffffffff810536d3>] ? unwind_next_frame+0x26/0xa7
> [118725.274746]  [<ffffffff8108c752>] ? core_kernel_text+0x29/0x48
> [118725.282588]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.289936]  [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
> [118725.298209]  [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
> [118725.306469]  [<ffffffff8108c752>] ? core_kernel_text+0x29/0x48
> [118725.314414]  [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
> [118725.322728]  <EOE>  <IRQ>  [<ffffffff810536dc>] ? unwind_next_frame+0x2f/0xa7
> [118725.332078]  [<ffffffff810316aa>] ? __save_stack_trace+0xab/0xba
> [118725.340327]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.347870]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.355340]  [<ffffffff811d157c>] ? save_stack+0x9d/0xa6
> [118725.362749]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.370065]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.377344]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.384532]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.391641]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.398711]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.405740]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.412698]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.419610]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.426474]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.433327]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.440135]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.446910]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.453654]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.460383]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.467072]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.473730]  [<ffffffff81168e39>] ? perf_output_copy+0x58/0xf1
> [118725.480913]  [<ffffffff81168b51>] ? perf_output_put_handle+0x46/0xa0
> [118725.488625]  [<ffffffff811635f5>] ? perf_log_throttle+0xfa/0x10c
> [118725.495964]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.502598]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.509193]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.515754]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.522282]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.528779]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.535247]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.541679]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.548113]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.554508]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.560899]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.567254]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.573573]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.579862]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.586132]  [<ffffffff811d1aa8>] ? kasan_unpoison_shadow+0xf/0x2e
> [118725.593285]  [<ffffffff811d1bae>] ? kasan_kmalloc+0x8b/0x9a
> [118725.599818]  [<ffffffff811ce5de>] ? slab_post_alloc_hook+0x31/0x3c
> [118725.606966]  [<ffffffff811cf827>] ? kmem_cache_alloc+0xc6/0x145
> [118725.613851]  [<ffffffff81078994>] ? __sigqueue_alloc+0x5a/0x152
> [118725.620734]  [<ffffffff8107aa8d>] ? __send_signal+0x105/0x30b
> [118725.627428]  [<ffffffff8107b9d5>] ? do_send_sig_info+0x3d/0x73
> [118725.634241]  [<ffffffff811f88f6>] ? send_sigio_to_task+0xb6/0xe4
> [118725.641230]  [<ffffffff8115f24c>] ? perf_pmu_enable+0x2f/0x3d
> [118725.647962]  [<ffffffff810e03f3>] ? task_cputime_zero+0x2c/0x3a
> [118725.654837]  [<ffffffff810e1fab>] ? run_posix_cpu_timers+0xd8/0x687
> [118725.662038]  [<ffffffff810a94e2>] ? nohz_balance_exit_idle+0x36/0x81
> [118725.669327]  [<ffffffff810d46e4>] ? rcu_accelerate_cbs+0x1da/0x39a
> [118725.676481]  [<ffffffff810d2630>] ? rcu_report_qs_rnp+0x77/0x18b
> [118725.683485]  [<ffffffff810d2c93>] ? cpu_needs_another_gp+0xbb/0x11a
> [118725.690771]  [<ffffffff811f9068>] ? send_sigio+0xb6/0x10c
> [118725.697215]  [<ffffffff811f915c>] ? kill_fasync+0x9e/0xdd
> [118725.703673]  [<ffffffff811633c7>] ? perf_event_wakeup+0x6e/0xd6
> [118725.710695]  [<ffffffff81167cf5>] ? perf_pending_event+0x70/0x8a
> [118725.717830]  [<ffffffff8114b569>] ? irq_work_run_list+0x66/0x84
> [118725.724905]  [<ffffffff8114b59b>] ? irq_work_run+0x14/0x29
> [118725.731563]  [<ffffffff81026452>] ? smp_irq_work_interrupt+0x11/0x16
> [118725.739134]  [<ffffffff816cc90f>] ? irq_work_interrupt+0x7f/0x90
> [118725.746386]  <EOI>  [<ffffffff813b3b9d>] ? memcmp+0x1d/0x44
> [118725.753246]  [<ffffffff811d1a57>] ? __asan_load2+0x64/0x64
> [118725.760055]  [<ffffffff813b3ba8>] ? memcmp+0x28/0x44
> [118725.766368]  [<ffffffff813e3101>] ? find_stack+0x3b/0x54
> [118725.773053]  [<ffffffff813e32a6>] ? depot_save_stack+0x136/0x375
> [118725.780468]  [<ffffffff811d157c>] ? save_stack+0x9d/0xa6
> [118725.787218]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.793967]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.800690]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> [118725.807393]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> ...


This is heap OOB rather than stack OOB.
Is there an allocation stack/object size/shadow in the report? It
would greatly help debugging.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: perf: fuzzer KASAN perf_callchain_store on amd
  2016-11-16 16:38 ` Dmitry Vyukov
@ 2016-11-16 18:32   ` Vince Weaver
  0 siblings, 0 replies; 3+ messages in thread
From: Vince Weaver @ 2016-11-16 18:32 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: Vince Weaver, linux-kernel, Peter Zijlstra, Josh Poimboeuf,
	Ingo Molnar, Arnaldo Carvalho de Melo, davej, Stephane Eranian

On Wed, 16 Nov 2016, Dmitry Vyukov wrote:

> On Wed, Nov 16, 2016 at 5:33 PM, Vince Weaver <vincent.weaver@maine.edu> wrote:
> >
> > [118725.787218]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> > [118725.793967]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> > [118725.800690]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> > [118725.807393]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
> > ...
> 
> 
> This is heap OOB rather than stack OOB.
> Is there an allocation stack/object size/shadow in the report? It
> would greatly help debugging.

No, the report just trailed off and then launched into the next KASAN 
report without anything in between (see below).

I am reporting what was in dmesg, I lost the serial console output.  
I'm currently re-running on the same machine, hopefully I can reproduce it.

[118726.110077]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118726.115849]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118726.121615]  [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118726.127385]  [<ffffffff811d

[118726.139200] BAD LUCK: lost 11949 message(s) from NMI context!
[118726.139201] 
==================================================================
[118726.153327] BUG: KASAN: slab-out-of-bounds in perf_callchain_store+0x69/0x84 at addr ffff8801d4fbe800

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-11-16 18:32 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-11-16 16:33 perf: fuzzer KASAN perf_callchain_store on amd Vince Weaver
2016-11-16 16:38 ` Dmitry Vyukov
2016-11-16 18:32   ` Vince Weaver

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).