Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S937500AbcKNVtQ (ORCPT ); Mon, 14 Nov 2016 16:49:16 -0500 Received: from mail-it0-f65.google.com ([209.85.214.65]:33411 "EHLO mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752842AbcKNVtN (ORCPT ); Mon, 14 Nov 2016 16:49:13 -0500 From: Vince Weaver X-Google-Original-From: Vince Weaver Date: Mon, 14 Nov 2016 16:49:06 -0500 (EST) X-X-Sender: vince@macbook-air To: linux-kernel@vger.kernel.org cc: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , davej@codemonkey.org.uk, dvyukov@google.com, Stephane Eranian Subject: perf: fuzzer KASAN slab-out-of-bounds in snb_uncore_imc_event_del Message-ID: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5842 Lines: 90 After turning modversions off I finally managed to get a 4.9-rc kernel to boot. Anyway as per the suggestion at Linux Plumbers I enabled KASAN and on my haswell machine it falls over in a few minutes of running the perf_fuzzer. [ 205.740194] ================================================================== [ 205.748005] BUG: KASAN: slab-out-of-bounds in snb_uncore_imc_event_del+0x6c/0xa0 at addr ffff8800caa43768 [ 205.758324] Read of size 8 by task perf_fuzzer/6618 [ 205.763589] CPU: 0 PID: 6618 Comm: perf_fuzzer Not tainted 4.9.0-rc5 #4 [ 205.770721] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014 [ 205.778689] ffff8800c3c479b8 ffffffff816bb796 ffff88011ec00600 ffff8800caa43580 [ 205.786759] ffff8800c3c479e0 ffffffff812fb961 ffff8800c3c47a78 ffff8800caa43580 [ 205.794850] ffff8800caa43580 ffff8800c3c47a68 ffffffff812fbbd8 ffff8800c3c47a28 [ 205.802911] Call Trace: [ 205.805559] [] dump_stack+0x63/0x8d [ 205.811135] [] kasan_object_err+0x21/0x70 [ 205.817267] [] kasan_report_error+0x1d8/0x4c0 [ 205.823752] [] ? __lock_is_held+0x75/0xc0 [ 205.829868] [] ? snb_uncore_imc_read_counter+0x42/0x50 [ 205.837198] [] ? uncore_perf_event_update+0xe2/0x160 [ 205.844337] [] kasan_report+0x39/0x40 [ 205.850085] [] ? snb_uncore_imc_event_del+0x6c/0xa0 [ 205.857114] [] __asan_load8+0x5e/0x70 [ 205.862874] [] snb_uncore_imc_event_del+0x6c/0xa0 [ 205.869727] [] event_sched_out.isra.89+0x192/0x690 [ 205.876664] [] group_sched_out+0x97/0x170 [ 205.882760] [] __perf_event_disable+0x140/0x1b0 [ 205.889395] [] event_function+0x117/0x1f0 [ 205.895503] [] ? task_ctx_sched_out+0x60/0x60 [ 205.901959] [] ? update_group_times+0x50/0x50 [ 205.908425] [] ? perf_cgroup_attach+0xb0/0xb0 [ 205.914937] [] remote_function+0x76/0xa0 [ 205.920955] [] generic_exec_single+0xfc/0x170 [ 205.927434] [] ? perf_cgroup_attach+0xb0/0xb0 [ 205.933883] [] smp_call_function_single+0x140/0x1b0 [ 205.940967] [] ? generic_exec_single+0x170/0x170 [ 205.947776] [] event_function_call+0x268/0x270 [ 205.954336] [] ? task_ctx_sched_out+0x60/0x60 [ 205.960806] [] ? task_function_call+0xc0/0xc0 [ 205.967276] [] ? task_ctx_sched_out+0x60/0x60 [ 205.973740] [] ? _perf_event_disable+0x29/0x70 [ 205.980300] [] ? update_group_times+0x50/0x50 [ 205.986750] [] ? _perf_event_disable+0x47/0x70 [ 205.993338] [] ? do_raw_spin_unlock+0x97/0x130 [ 205.999906] [] ? event_function_call+0x270/0x270 [ 206.006674] [] _perf_event_disable+0x58/0x70 [ 206.013069] [] perf_event_for_each_child+0x53/0xd0 [ 206.019990] [] perf_event_task_disable+0x61/0xc0 [ 206.026759] [] SyS_prctl+0x3f2/0x690 [ 206.032409] [] ? SyS_umask+0x40/0x40 [ 206.038059] [] entry_SYSCALL_64_fastpath+0x1e/0xb2 [ 206.045007] Object at ffff8800caa43580, in cache kmalloc-512 size: 512 [ 206.052015] Allocated: [ 206.054565] PID = 1 [ 206.056842] [ 206.058367] [] save_stack_trace+0x1b/0x20 [ 206.064410] [ 206.065933] [] save_stack+0x46/0xd0 [ 206.071416] [ 206.072953] [] kasan_kmalloc+0xad/0xe0 [ 206.078683] [ 206.080214] [] __kmalloc_node+0x4a/0x60 [ 206.086061] [ 206.087590] [] uncore_alloc_box+0x39/0x150 [ 206.093685] [ 206.095208] [] uncore_pci_probe+0xff/0x4f0 [ 206.101357] [ 206.102879] [] local_pci_probe+0x7a/0xd0 [ 206.108816] [ 206.110347] [] pci_device_probe+0x19e/0x1f0 [ 206.116553] [ 206.118073] [] driver_probe_device+0x25d/0x400 [ 206.124566] [ 206.126087] [] __driver_attach+0xdc/0xe0 [ 206.132021] [ 206.133534] [] bus_for_each_dev+0xeb/0x150 [ 206.139654] [ 206.141184] [] driver_attach+0x2b/0x30 [ 206.146948] [ 206.148493] [] bus_add_driver+0x2b0/0x330 [ 206.154519] [ 206.156042] [] driver_register+0xd3/0x190 [ 206.164160] [ 206.165688] [] __pci_register_driver+0xb4/0xc0 [ 206.174265] [ 206.175783] [] intel_uncore_init+0x2f3/0x388 [ 206.184162] [ 206.185672] [] do_one_initcall+0xa8/0x210 [ 206.193721] [ 206.195261] [] kernel_init_freeable+0x27c/0x312 [ 206.203821] [ 206.205349] [] kernel_init+0x13/0x120 [ 206.212889] [ 206.214439] [] ret_from_fork+0x25/0x30 [ 206.222067] Freed: [ 206.226172] PID = 0 [ 206.230341] (stack is not available) [ 206.236044] Memory state around the buggy address: [ 206.243157] ffff8800caa43600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 206.252788] ffff8800caa43680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 206.262437] >ffff8800caa43700: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 206.272071] ^ [ 206.281005] ffff8800caa43780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 206.290640] ffff8800caa43800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 206.300302] ==================================================================