Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753438AbbBMQUZ (ORCPT ); Fri, 13 Feb 2015 11:20:25 -0500 Received: from mail-qc0-f180.google.com ([209.85.216.180]:61701 "EHLO mail-qc0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752362AbbBMQUY (ORCPT ); Fri, 13 Feb 2015 11:20:24 -0500 From: Vince Weaver X-Google-Original-From: Vince Weaver Date: Fri, 13 Feb 2015 11:23:30 -0500 (EST) To: linux-kernel@vger.kernel.org cc: Peter Zijlstra , Paul Mackerras , Ingo Molnar , Arnaldo Carvalho de Melo , Stephane Eranian , Jiri Olsa Subject: perf: fuzzer causes crash in snb_uncore_imc_event_start Message-ID: User-Agent: Alpine 2.11 (DEB 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5358 Lines: 70 With current git on a Haswell machine the perf_fuzzer kicks up this almost instantly and crashes the machine. [ 54.874716] BUG: unable to handle kernel paging request at 0000000000005050 [ 54.882199] IP: [] snb_uncore_imc_event_start+0x54/0xb0 [ 54.889515] PGD 0 [ 54.891697] Oops: 0000 [#1] SMP [ 54.895209] Modules linked in: fuse x86_pkg_temp_thermal intel_powerclamp intel_rapl iosf_mbi coretemp kvm snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic snd_hda_intel crct10dif_pclmul snd_hda_controller crc32_pclmul snd_hda_codec ghash_clmulni_intel snd_hwdep aesni_intel snd_pcm aes_x86_64 lrw i915 drm_kms_helper gf128mul psmouse ppdev drm iTCO_wdt snd_timer glue_helper iTCO_vendor_support evdev serio_raw ablk_helper tpm_tis snd mei_me lpc_ich soundcore xhci_pci xhci_hcd cryptd i2c_algo_bit pcspkr mei tpm parport_pc parport mfd_core processor video battery i2c_i801 button wmi sg sr_mod sd_mod cdrom e1000e ahci libahci libata ehci_pci ptp ehci_hcd crc32c_intel scsi_mod usbcore usb_common pps_core thermal fan thermal_sys [ 54.966637] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.19.0+ #127 [ 54.973262] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014 [ 54.981200] task: ffffffff81c1a580 ti: ffffffff81c00000 task.ti: ffffffff81c00000 [ 54.989225] RIP: 0010:[] [] snb_uncore_imc_event_start+0x54/0xb0 [ 54.999143] RSP: 0018:ffff88011ea03df8 EFLAGS: 00010092 [ 55.004849] RAX: 0000000000005050 RBX: ffff880118f14800 RCX: 0000000000000001 [ 55.012487] RDX: 0000000000000000 RSI: ffff8800d0459f88 RDI: ffff880118f14850 [ 55.020156] RBP: ffff88011ea03e08 R08: ffff8800d0459f88 R09: 0000000000000000 [ 55.027810] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8800d0459e00 [ 55.035439] R13: 0000000000000001 R14: ffffe8ffffc03ea8 R15: 0000000cc6c98879 [ 55.043085] FS: 0000000000000000(0000) GS:ffff88011ea00000(0000) knlGS:0000000000000000 [ 55.051777] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.057954] CR2: 0000000000005050 CR3: 0000000001c13000 CR4: 00000000001407f0 [ 55.065619] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.073329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 [ 55.080993] Stack: [ 55.083142] ffff8800d0459e00 ffff880118f14800 ffff88011ea03e38 ffffffff81035c87 [ 55.091149] ffff88011ea03e38 ffff880118f14800 ffffe8ffffc040f0 ffffe8ffffc040f4 [ 55.099189] ffff88011ea03e78 ffffffff8115ab26 0000000000000000 ffffe8ffffc03ea8 [ 55.107199] Call Trace: [ 55.109825] [ 55.111893] [] snb_uncore_imc_event_add+0x47/0x60 [ 55.118941] [] event_sched_in.isra.73+0xa6/0x310 [ 55.125663] [] group_sched_in+0x6f/0x1e0 [ 55.131670] [] ? native_sched_clock+0x2a/0x90 [ 55.138119] [] __perf_event_enable+0x25c/0x2a0 [ 55.144633] [] ? tick_nohz_irq_exit+0x29/0x30 [ 55.151115] [] remote_function+0x50/0x60 [ 55.157098] [] flush_smp_call_function_queue+0x62/0x140 [ 55.164478] [] ? __atomic_notifier_call_chain+0x5/0x90 [ 55.171773] [] generic_smp_call_function_single_interrupt+0x13/0x60 [ 55.180243] [] smp_call_function_single_interrupt+0x27/0x40 [ 55.187968] [] call_function_single_interrupt+0x6d/0x80 [ 55.195308] [ 55.197382] [] ? lock_release+0xf4/0x260 [ 55.203588] [] __atomic_notifier_call_chain+0x77/0x90 [ 55.210776] [] ? __atomic_notifier_call_chain+0x5/0x90 [ 55.218052] [] ? rcu_eqs_exit_common.isra.46+0x33/0x110 [ 55.225430] [] atomic_notifier_call_chain+0x16/0x20 [ 55.232402] [] arch_cpu_idle_exit+0x2f/0x40 [ 55.238661] [] cpu_startup_entry+0x138/0x3b0 [ 55.245000] [] rest_init+0xb6/0xc0 [ 55.250418] [] start_kernel+0x450/0x45d [ 55.256295] [] ? early_idt_handlers+0x120/0x120 [ 55.262940] [] x86_64_start_reservations+0x2a/0x2c [ 55.269848] [] x86_64_start_kernel+0x143/0x152 [ 55.276358] Code: 04 01 48 8d 90 88 01 00 00 48 8b b0 90 01 00 00 48 8d 7b 50 49 89 c4 e8 7b 29 3e 00 49 8b 94 24 98 01 00 00 48 8b 83 48 01 00 00 <8b> 04 02 48 89 83 a0 01 00 00 41 83 7c 24 04 01 74 0a 5b 41 5c [ 55.297918] RIP [] snb_uncore_imc_event_start+0x54/0xb0 [ 55.305308] RSP [ 55.309770] CR2: 0000000000005050 [ 55.314059] ---[ end trace 3a10e6df5e1c4c87 ]--- [ 55.319696] Kernel panic - not syncing: Fatal exception in interrupt [ 55.327245] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff) [ 55.338941] drm_kms_helper: panic occurred, switching back to text console [ 55.347079] ---[ end Kernel panic - not syncing: Fatal exception in interrupt -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/