Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2531414imu;
        Sun, 9 Dec 2018 03:56:17 -0800 (PST)
X-Google-Smtp-Source: AFSGD/VAfMKgUOq9vv6xQ4cDLKkVTEKpdQfhlHz9NDom23q92aOArheawbHOgp19qAvA/HoE+h0Q
X-Received: by 2002:a62:fb07:: with SMTP id x7mr8523892pfm.71.1544356577861;
        Sun, 09 Dec 2018 03:56:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544356577; cv=none;
        d=google.com; s=arc-20160816;
        b=hSJm1Rz/gF4ZcpihnNG8rOOpZYUlFjBGzcgXPzDqv4QIjaXfCQbpF05qDBALDGRlMT
         qEw9mH9/DRRtPRprGtfmFP1cwjNhviMy5I+F5ehAZ9XMzm3rZDSPlczrapAqlqDxnRIA
         1N+xHOZlWCuUTDgJNcosAITjmDgYC/FxR+FGn5Jvp7btAS4rVCPIdWhdCPsN43KXV6rZ
         8mxRU/B3FgwbtmDHn1CqKqmHzox0oNncApfdcnEfDS/zc16zo2XX9FuHbQApjx+M72HQ
         dOW/11hDPY/Rr9eoMk7M7JiPkLR0ZVhLp17iwZ1OQSPX5nO24b3N0tPsGYlr3QQOWWI6
         DnhQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=qagJD+XEV0nT+rivmMw/AdmOeiQZUdga7sxYP+lXKeQ=;
        b=DDNLJpRd25eIB+LlZXcSXpmhkHr1/8p0waVi96Awnosq6i0A0LDL5dcl636QRJy69L
         8/hWltiaVv72m0YfqbDhOhMUWMWTSR55NIoPXmjlsB+6Xmj10bE/nztTZY19Otq/NCmT
         QzfuU4+ELpHfWil4I9nSkFtyLC/r/CYOKr90ByHy1MowML6RHf5x+1IRTxlAdoGAOpDa
         ZJJ3zrtzSZJ6+yY+XM0gNVMxN43+SaNREMOLgScOT2e/jo4DMqLSWzqjvn6UCftE2uG/
         9TKjnQAvxF56LfE/ML7zhH8AGToSCG4DVXpFjCm3jlJr1348iJ1HpjFc7sDo36MBMZBV
         UwIA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j11si7846558plb.253.2018.12.09.03.56.01;
        Sun, 09 Dec 2018 03:56:17 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726233AbeLILz2 (ORCPT <rfc822;tluu11sec@gmail.com> + 99 others);
        Sun, 9 Dec 2018 06:55:28 -0500
Received: from mx1.redhat.com ([209.132.183.28]:55072 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726200AbeLILz2 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 9 Dec 2018 06:55:28 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 5C9C086663;
        Sun,  9 Dec 2018 11:55:27 +0000 (UTC)
Received: from krava (ovpn-204-21.brq.redhat.com [10.40.204.21])
        by smtp.corp.redhat.com (Postfix) with SMTP id E738660C47;
        Sun,  9 Dec 2018 11:55:24 +0000 (UTC)
Date:   Sun, 9 Dec 2018 12:55:23 +0100
From:   Jiri Olsa <jolsa@redhat.com>
To:     Vince Weaver <vincent.weaver@maine.edu>
Cc:     linux-kernel@vger.kernel.org,
        Peter Zijlstra <peterz@infradead.org>,
        Ingo Molnar <mingo@redhat.com>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        Alexander Shishkin <alexander.shishkin@linux.intel.com>,
        Namhyung Kim <namhyung@kernel.org>,
        Andi Kleen <andi@firstfloor.org>
Subject: Re: perf: perf_fuzzer triggers GPF in perf_prepare_sample
Message-ID: <20181209115523.GA3501@krava>
References: <alpine.DEB.2.21.1812041039220.19558@macbook-air>
 <20181205124538.GA19343@krava>
 <20181205163838.GA3836@krava>
 <alpine.DEB.2.21.1812051208580.29892@macbook-air>
 <20181205183326.GE3836@krava>
 <alpine.DEB.2.21.1812061033180.2368@macbook-air>
 <20181206154425.GA21381@krava>
 <alpine.DEB.2.21.1812082105500.12282@macbook-air>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.DEB.2.21.1812082105500.12282@macbook-air>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Sun, 09 Dec 2018 11:55:27 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, Dec 08, 2018 at 09:08:28PM -0500, Vince Weaver wrote:
> On Thu, 6 Dec 2018, Jiri Olsa wrote:
> 
> > On Thu, Dec 06, 2018 at 10:35:28AM -0500, Vince Weaver wrote:
> > > On Wed, 5 Dec 2018, Jiri Olsa wrote:
> > > Maybe it is a corruption issue.  I had applied my own debug patch that 
> > > would dump some info if data->callchain was NULL.
> > > 
> > > But my debug code didn't trigger this time because it looks like 
> > > data->callchain was "1" rather than "0".
> > > 
> > > [27764.840179] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
> > > [27764.840179] PGD 0 P4D 0 
> > > [27764.840180] Oops: 0000 [#1] SMP PTI
> > > [27764.840180] CPU: 1 PID: 18687 Comm: perf_fuzzer Tainted: G        W         4.20.0-rc5+ #125
> > > [27764.840180] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014
> > 
> > actually, you could try that patch from my previous email?
> > 
> still crashes with your patch (see below)
> 
> I've also been able to replicate this crash on a skylake machine in 
> addition to the haswell machine.
> 
> Vince
> 
> [28269.147232] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
> [28269.155628] PGD 0 P4D 0 
> [28269.158360] Oops: 0000 [#1] SMP PTI
> [28269.162087] CPU: 0 PID: 1189 Comm: perf_fuzzer Tainted: G        W         4.20.0-rc5+ #128
> [28269.171011] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014
> [28269.178935] RIP: 0010:perf_prepare_sample+0x82/0x4a0
> [28269.184239] Code: 06 4c 89 ea 4c 89 e6 e8 3c 54 ff ff 40 f6 c5 01 0f 85 28 01 00 00 40 f6 c5 20 74 1c 48 85 ed 0f 89 04 01 00 00 49 8b 44 24 70 <48> 8b 00 8d 04 c5 08 00 00 00 66 01 43 06 f7 c5 00 04 00 00 74 41
> [28269.204249] RSP: 0000:ffffc9000aca7a40 EFLAGS: 00010082
> [28269.209832] RAX: 0000000000000000 RBX: ffffc9000aca7a98 RCX: ffffc9000aca7ad8
> [28269.217484] RDX: 0000000000000000 RSI: ffffc9000aca7b80 RDI: ffffc9000aca7a9e
> [28269.225129] RBP: 80000000000bb068 R08: 0000000000000002 R09: 00000000000215c0
> [28269.232760] R10: ffff8880ce552000 R11: 0000000000000000 R12: ffffc9000aca7b80
> [28269.240380] R13: ffff88803696c800 R14: ffffc9000aca7ad8 R15: ffffe8ffffc06300
> [28269.248014] FS:  00007f5927fe7500(0000) GS:ffff88811aa00000(0000) knlGS:0000000000000000
> [28269.256606] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [28269.262739] CR2: 0000000000000000 CR3: 0000000116d98001 CR4: 00000000001607f0
> [28269.270349] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [28269.277968] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
> [28269.285639] Call Trace:
> [28269.288266]  intel_pmu_drain_bts_buffer+0x151/0x220
> [28269.293476]  ? radix_tree_delete_item+0x69/0xc0
> [28269.298378]  x86_pmu_stop+0x3b/0x90
> [28269.302113]  x86_pmu_del+0x57/0x160

nice, at least it's in different callstack context, that might help

thanks,
jirka