Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754617AbbFOUYt (ORCPT <rfc822;w@1wt.eu>);
	Mon, 15 Jun 2015 16:24:49 -0400
Received: from mail-wg0-f54.google.com ([74.125.82.54]:34176 "EHLO
	mail-wg0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751941AbbFOUYk (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 15 Jun 2015 16:24:40 -0400
Date: Mon, 15 Jun 2015 22:24:36 +0200
From: Ingo Molnar <mingo@kernel.org>
To: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
        Vince Weaver <vincent.weaver@maine.edu>, linux-kernel@vger.kernel.org,
        Ingo Molnar <mingo@redhat.com>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        Stephane Eranian <eranian@gmail.com>
Subject: Re: perf: aux area related crash and warnings
Message-ID: <20150615202435.GB12450@gmail.com>
References: <alpine.DEB.2.20.1506112305510.2757@vincent-weaver-1.umelst.maine.edu>
 <alpine.DEB.2.20.1506121431190.4444@vincent-weaver-1.umelst.maine.edu>
 <20150615122054.GY3644@twins.programming.kicks-ass.net>
 <87egld2l2o.fsf@ashishki-desk.ger.corp.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87egld2l2o.fsf@ashishki-desk.ger.corp.intel.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1993
Lines: 46


* Alexander Shishkin <alexander.shishkin@linux.intel.com> wrote:

> Peter Zijlstra <peterz@infradead.org> writes:
> 
> > Alex, any clue?
> 
> Let me look into it. Definitely haven't seen anything like that in my
> tests.

That's natural: Vince is running randomize fuzzing tests, so you should look out 
for boundary conditions and 'nonsensical' values that won't normally trigger in 
functional testing.

In fact Vince is using 'directed fuzzing': i.e. the fuzzer is aware of the general 
perf ABI structure and will try to generate partially valid, partially randomized 
requests, to be able to test 'leaf' functionality of the perf ABI as well, which 
would otherwise need astronomical odds to occur in a pure fuzzing test.

These crashes started popping up when Vince added 'AUX area awareness' to the 
fuzzer.

> >> [36299.068111]  [<ffffffff810c2acf>] do_raw_spin_lock+0x13f/0x180
> >> [36299.074897]  [<ffffffff816de6e9>] _raw_spin_lock+0x39/0x40
> >> [36299.081276]  [<ffffffff8117a039>] ? free_pcppages_bulk+0x39/0x620
> >> [36299.088340]  [<ffffffff8117a039>] free_pcppages_bulk+0x39/0x620
> >> [36299.095182]  [<ffffffff81177e14>] ? free_pages_prepare+0x3a4/0x550
> >> [36299.102291]  [<ffffffff811c9936>] ? kfree_debugcheck+0x16/0x40
> >> [36299.108987]  [<ffffffff8117a938>] free_hot_cold_page+0x178/0x1a0
> >> [36299.115850]  [<ffffffff8117aa47>] __free_pages+0x37/0x50
> >> [36299.121991]  [<ffffffff8116ae0a>] rb_free_aux+0xba/0xf0
> 
> This one goes to free aux pages from nmi context, looks like aux buffer was 
> unmapped while the event was running, so here it dropped the last reference.

Yeah, that in itself is an absolute no-no - so I guess refcounting went wrong 
somewhere? (assuming it exists properly).

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/