Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934412AbcKORok (ORCPT ); Tue, 15 Nov 2016 12:44:40 -0500 Received: from mail-it0-f43.google.com ([209.85.214.43]:37900 "EHLO mail-it0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752354AbcKORoh (ORCPT ); Tue, 15 Nov 2016 12:44:37 -0500 From: Vince Weaver X-Google-Original-From: Vince Weaver Date: Tue, 15 Nov 2016 12:43:56 -0500 (EST) X-X-Sender: vince@macbook-air To: "linux-kernel@vger.kernel.org" cc: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , "davej@codemonkey.org.uk" , "dvyukov@google.com" , Stephane Eranian Subject: perf: fuzzer KASAN unwind_get_return_address Message-ID: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 8547 Lines: 124 Running on my haswell machine with the imc/uncore patch applied, the perf_fuzzer next tripped over this issue. [ 202.034495] BAD LUCK: lost 371 message(s) from NMI context! [ 202.034496] ================================================================== [ 202.048327] BUG: KASAN: stack-out-of-bounds in unwind_get_return_address+0x35/0x80 at addr ffff8800cff0bd90 [ 202.058826] Read of size 8 by task perf_fuzzer/16254 [ 202.064186] page:ffffea00033fc2c0 count:1 mapcount:0 mapping: (null) index:0x0^Ac [ 202.073068] flags: 0x1ffff8000000400(reserved) [ 202.077885] page dumped because: kasan: bad access detected [ 202.083880] CPU: 4 PID: 16254 Comm: perf_fuzzer Not tainted 4.9.0-rc5+ #5 [ 202.091204] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014 [ 202.099181] ffff8800cff0b1d8^Ac ffffffff816bb796^Ac ffff8800cff0b270^Ac ffff8800cff0bd90^Ac [ 202.107896] ffff8800cff0b260^Ac ffffffff812fbe95^Ac 00007ffc9d1ab480^Ac 0000000000000000^Ac [ 202.116638] ffffffff8125117d^Ac 0000000000000092^Ac 0000000000000000^Ac ffff8800cff0b7c0^Ac [ 202.125339] Call Trace: [ 202.127994] [] dump_stack+0x63/0x8d [ 202.134184] [] kasan_report_error+0x495/0x4c0 [ 202.140680] [] ? perf_output_begin+0x28d/0x4c0 [ 202.147228] [] kasan_report+0x39/0x40 [ 202.152987] [] ? unwind_get_return_address+0x35/0x80 [ 202.160094] [] __asan_load8+0x5e/0x70 [ 202.165859] [] unwind_get_return_address+0x35/0x80 [ 202.172817] [] perf_callchain_kernel+0x22d/0x270 [ 202.179590] [] ? __asan_load4+0x24/0x80 [ 202.185548] [] ? arch_perf_update_userpage+0x130/0x130 [ 202.192849] [] get_perf_callchain+0x24a/0x3e0 [ 202.199339] [] ? put_callchain_buffers+0x50/0x50 [ 202.206092] [] ? perf_get_regs_user+0x327/0x380 [ 202.212751] [] ? lock_release+0x30/0x540 [ 202.218803] [] perf_callchain+0xc5/0xe0 [ 202.224767] [] ? __asan_load4+0x24/0x80 [ 202.230696] [] perf_prepare_sample+0x489/0x630 [ 202.237275] [] ? lock_release+0x30/0x540 [ 202.243266] [] ? perf_event_output_forward+0xfc/0x130 [ 202.250472] [] ? perf_prepare_sample+0x630/0x630 [ 202.257251] [] perf_event_output+0xae/0x130 [ 202.263564] [] ? perf_event_output_backward+0x130/0x130 [ 202.270964] [] ? perf_event_output_backward+0x130/0x130 [ 202.278373] [] ? perf_event_update_userpage+0x212/0x2b0 [ 202.285772] [] ? perf_event_task_disable+0xc0/0xc0 [ 202.292744] [] ? __asan_loadN+0xf/0x20 [ 202.298581] [] ? setup_pebs_sample_data+0x68d/0x830 [ 202.305622] [] __intel_pmu_pebs_event+0x221/0x3a0 [ 202.312469] [] ? lock_acquire+0x3d/0x190 [ 202.318523] [] ? pebs_update_state+0x150/0x150 [ 202.325060] [] ? get_stack_info+0x3c/0x150 [ 202.331259] [] ? __intel_pmu_enable_all+0x77/0xf0 [ 202.338128] [] ? __asan_load4+0x24/0x80 [ 202.344059] [] ? intel_pmu_disable_bts+0x60/0x60 [ 202.350823] [] ? __asan_load4+0x24/0x80 [ 202.356740] [] ? perf_callchain+0xc5/0xe0 [ 202.362855] [] ? lock_release+0x30/0x540 [ 202.368855] [] ? perf_prepare_sample+0x4c1/0x630 [ 202.375619] [] ? perf_event_output_forward+0xe4/0x130 [ 202.382849] [] intel_pmu_drain_pebs_nhm+0x3ec/0x530 [ 202.389899] [] ? __intel_pmu_pebs_event+0x3a0/0x3a0 [ 202.396959] [] ? perf_event_update_userpage+0x1fa/0x2b0 [ 202.406800] [] ? perf_event_update_userpage+0x212/0x2b0 [ 202.416486] [] ? perf_event_task_disable+0xc0/0xc0 [ 202.425720] [] ? intel_pmu_lbr_read+0x32/0x790 [ 202.434566] [] ? __perf_event_overflow+0x116/0x280 [ 202.443735] [] ? intel_bts_interrupt+0x88/0x1b0 [ 202.452538] [] intel_pmu_handle_irq+0x3ae/0x690 [ 202.461407] [] ? intel_pmu_save_and_restart+0x80/0x80 [ 202.470877] [] ? lock_release+0x30/0x540 [ 202.479131] [] ? native_apic_msr_write+0x2b/0x30 [ 202.488181] [] ? x2apic_send_IPI_self+0x3c/0x50 [ 202.497066] [] ? native_sched_clock+0x62/0x140 [ 202.505919] [] perf_event_nmi_handler+0x2d/0x50 [ 202.514832] [] nmi_handle+0xb1/0x1d0 [ 202.522697] [] ? nmi_handle+0x5/0x1d0 [ 202.530610] [] default_do_nmi+0xe5/0x140 [ 202.538765] [] do_nmi+0x152/0x1b0 [ 202.546254] [] end_repeat_nmi+0x1a/0x1e [ 202.554257] [] ? __intel_pmu_enable_all+0x77/0xf0 [ 202.563167] [] ? perf_event_task_tick+0x48b/0x5f0 [ 202.572060] [] ? perf_event_task_tick+0x48b/0x5f0 [ 202.580864] [] ? perf_event_task_tick+0x48b/0x5f0 [ 202.589703] [] scheduler_tick+0xb1/0x150 [ 202.598985] [] update_process_times+0x47/0x60 [ 202.607433] [] tick_sched_handle.isra.14+0x33/0x80 [ 202.616314] [] tick_sched_timer+0x4b/0x90 [ 202.624322] [] __hrtimer_run_queues+0x21e/0x540 [ 202.632864] [] ? tick_sched_do_timer+0x50/0x50 [ 202.641337] [] ? retrigger_next_event+0xa0/0xa0 [ 202.649947] [] ? ktime_get_update_offsets_now+0xe6/0x190 [ 202.659411] [] ? hrtimer_interrupt+0xb0/0x220 [ 202.667864] [] hrtimer_interrupt+0xef/0x220 [ 202.676069] [] ? perf_cgroup_attach+0xb0/0xb0 [ 202.684444] [] local_apic_timer_interrupt+0x4f/0x80 [ 202.693422] [] smp_apic_timer_interrupt+0x57/0x70 [ 202.702203] [] apic_timer_interrupt+0x82/0x90 [ 202.710591] [] ? perf_cgroup_attach+0xb0/0xb0 [ 202.719609] [] ? smp_call_function_single+0x14a/0x1b0 [ 202.728811] [] ? smp_call_function_single+0x140/0x1b0 [ 202.738039] [] ? generic_exec_single+0x170/0x170 [ 202.746727] [] ? perf_cgroup_attach+0xb0/0xb0 [ 202.755181] [] event_function_call+0x268/0x270 [ 202.763687] [] ? task_ctx_sched_out+0x60/0x60 [ 202.772057] [] ? task_function_call+0xc0/0xc0 [ 202.780404] [] ? task_ctx_sched_out+0x60/0x60 [ 202.788768] [] ? _perf_event_disable+0x29/0x70 [ 202.797258] [] ? update_group_times+0x50/0x50 [ 202.805667] [] ? _perf_event_disable+0x47/0x70 [ 202.814188] [] ? do_raw_spin_unlock+0x97/0x130 [ 202.822733] [] ? event_function_call+0x270/0x270 [ 202.831462] [] _perf_event_disable+0x58/0x70 [ 202.839778] [] perf_event_for_each_child+0x53/0xd0 [ 202.848576] [] perf_event_task_disable+0x61/0xc0 [ 202.857303] [] SyS_prctl+0x3f2/0x690 [ 202.864853] [] ? SyS_umask+0x40/0x40 [ 202.872375] [] ? lockdep_sys_exit+0x1a/0xa0 [ 202.880517] [] ? lockdep_sys_exit_thunk+0x16/0x30 [ 202.889310] [] entry_SYSCALL_64_fastpath+0x1e/0xb2 [ 202.898177] Memory state around the buggy address: [ 202.905288] ffff8800cff0bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 202.915044] ffff8800cff0bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 202.924697] >ffff8800cff0bd80: f3 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 202.934420] ^ [ 202.940352] ffff8800cff0be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 202.950141] ffff8800cff0be80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 202.959835] ==================================================================