| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Nov 2016 11:33:41 -0500 (EST)
From: Vince Weaver <vincent.weaver@...ne.edu>
To: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
cc: Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
"davej@...emonkey.org.uk" <davej@...emonkey.org.uk>,
"dvyukov@...gle.com" <dvyukov@...gle.com>,
Stephane Eranian <eranian@...il.com>
Subject: perf: fuzzer KASAN perf_callchain_store on amd
Possibly related to the other reports, I'm getting this on the AMD a10
machine. I don't have the earliest trigger for this because my testing
setup is poorly designed so the haswell machine crashing the ethernet
switch caused the serial port logs to be lost.
It turns out the framepointer wasn't enabled on this machine, I'm
re-enabling and I'll see if I can reproduce.
As an aside, it might be random chance, but I am noticing
"perf_event_output_backward" is involved in a lot of these
traces.
[118724.973843] BAD LUCK: lost 45131 message(s) from NMI context!
[118724.973845] ==================================================================
[118724.988303] BUG: KASAN: slab-out-of-bounds in perf_callchain_store+0x69/0x84 at addr ffff8801d4fbe800
[118724.998335] Write of size 8 by task perf_fuzzer/17994
[118725.004205] CPU: 0 PID: 17994 Comm: perf_fuzzer Tainted: G B W L 4.9.0-rc5+ #39
[118725.013189] Hardware name: Hewlett-Packard HP Compaq Pro 6305 SFF/1850, BIOS K06 v02.57 08/16/2013
[118725.023108] 0000000000000000^Ac ffffffff813a8d66^Ac ffff8801d4fbf700^Ac ffff8801ed800a00^Ac
[118725.032198] ffffffff811d229c^Ac ffff8801d4fbd700^Ac 1ffff1003a9f7d00^Ac ffffed003a9f7d00^Ac
[118725.041297] ffffffff811d263e^Ac 0000000000000096^Ac ffff8801eabb7d30^Ac ffff8801edc0ba88^Ac
[118725.050433] Call Trace:
[118725.053940] <NMI> [<ffffffff813a8d66>] ? dump_stack+0x46/0x59
[118725.061001] [<ffffffff811d229c>] ? kasan_object_err+0x17/0x6b
[118725.068017] [<ffffffff811d263e>] ? kasan_report+0x2c0/0x41a
[118725.074880] [<ffffffff810f490d>] ? __module_text_address+0xc/0x86
[118725.082302] [<ffffffff81067d7f>] ? copy_process.part.40+0x12d/0x2789
[118725.090027] [<ffffffff810032bc>] ? perf_callchain_store+0x69/0x84
[118725.097519] [<ffffffff810063da>] ? perf_callchain_kernel+0xdd/0xf7
[118725.105117] [<ffffffff8116aab6>] ? get_perf_callchain+0x1ad/0x2af
[118725.112667] [<ffffffff8116ac62>] ? perf_callchain+0xaa/0xb5
[118725.119719] [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
[118725.127333] [<ffffffff81166785>] ? perf_prepare_sample+0xd8/0x5c0
[118725.134977] [<ffffffff810062dc>] ? arch_perf_update_userpage+0x104/0x125
[118725.143273] [<ffffffff81166cdb>] ? perf_event_output_backward+0x1a/0x54
[118725.151511] [<ffffffff81163a48>] ? __perf_event_overflow+0x188/0x222
[118725.159528] [<ffffffff81005b60>] ? x86_pmu_handle_irq+0x147/0x184
[118725.167321] [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
[118725.175144] [<ffffffff810094af>] ? perf_ibs_handle_irq+0x54c/0x54c
[118725.183086] [<ffffffff81024cdb>] ? perf_trace_nmi_handler+0x123/0x14a
[118725.191319] [<ffffffff8102a0fe>] ? cycles_2_ns+0x5c/0xe4
[118725.198452] [<ffffffff8102a0fe>] ? cycles_2_ns+0x5c/0xe4
[118725.205588] [<ffffffff81003efd>] ? perf_event_nmi_handler+0x22/0x39
[118725.213722] [<ffffffff81003efd>] ? perf_event_nmi_handler+0x22/0x39
[118725.221856] [<ffffffff8102520c>] ? nmi_handle+0x62/0x153
[118725.229057] [<ffffffff810094af>] ? perf_ibs_handle_irq+0x54c/0x54c
[118725.237169] [<ffffffff81024bb8>] ? local_touch_nmi+0xd/0xd
[118725.244619] [<ffffffff810254e3>] ? default_do_nmi+0x55/0x101
[118725.252262] [<ffffffff8102562d>] ? do_nmi+0x9e/0x10f
[118725.259234] [<ffffffff816cbb87>] ? end_repeat_nmi+0x1a/0x1e
[118725.266843] [<ffffffff810536d3>] ? unwind_next_frame+0x26/0xa7
[118725.274746] [<ffffffff8108c752>] ? core_kernel_text+0x29/0x48
[118725.282588] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.289936] [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
[118725.298209] [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
[118725.306469] [<ffffffff8108c752>] ? core_kernel_text+0x29/0x48
[118725.314414] [<ffffffff8108c78a>] ? __kernel_text_address+0x1/0x3d
[118725.322728] <EOE> <IRQ> [<ffffffff810536dc>] ? unwind_next_frame+0x2f/0xa7
[118725.332078] [<ffffffff810316aa>] ? __save_stack_trace+0xab/0xba
[118725.340327] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.347870] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.355340] [<ffffffff811d157c>] ? save_stack+0x9d/0xa6
[118725.362749] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.370065] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.377344] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.384532] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.391641] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.398711] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.405740] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.412698] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.419610] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.426474] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.433327] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.440135] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.446910] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.453654] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.460383] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.467072] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.473730] [<ffffffff81168e39>] ? perf_output_copy+0x58/0xf1
[118725.480913] [<ffffffff81168b51>] ? perf_output_put_handle+0x46/0xa0
[118725.488625] [<ffffffff811635f5>] ? perf_log_throttle+0xfa/0x10c
[118725.495964] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.502598] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.509193] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.515754] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.522282] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.528779] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.535247] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.541679] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.548113] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.554508] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.560899] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.567254] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.573573] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.579862] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.586132] [<ffffffff811d1aa8>] ? kasan_unpoison_shadow+0xf/0x2e
[118725.593285] [<ffffffff811d1bae>] ? kasan_kmalloc+0x8b/0x9a
[118725.599818] [<ffffffff811ce5de>] ? slab_post_alloc_hook+0x31/0x3c
[118725.606966] [<ffffffff811cf827>] ? kmem_cache_alloc+0xc6/0x145
[118725.613851] [<ffffffff81078994>] ? __sigqueue_alloc+0x5a/0x152
[118725.620734] [<ffffffff8107aa8d>] ? __send_signal+0x105/0x30b
[118725.627428] [<ffffffff8107b9d5>] ? do_send_sig_info+0x3d/0x73
[118725.634241] [<ffffffff811f88f6>] ? send_sigio_to_task+0xb6/0xe4
[118725.641230] [<ffffffff8115f24c>] ? perf_pmu_enable+0x2f/0x3d
[118725.647962] [<ffffffff810e03f3>] ? task_cputime_zero+0x2c/0x3a
[118725.654837] [<ffffffff810e1fab>] ? run_posix_cpu_timers+0xd8/0x687
[118725.662038] [<ffffffff810a94e2>] ? nohz_balance_exit_idle+0x36/0x81
[118725.669327] [<ffffffff810d46e4>] ? rcu_accelerate_cbs+0x1da/0x39a
[118725.676481] [<ffffffff810d2630>] ? rcu_report_qs_rnp+0x77/0x18b
[118725.683485] [<ffffffff810d2c93>] ? cpu_needs_another_gp+0xbb/0x11a
[118725.690771] [<ffffffff811f9068>] ? send_sigio+0xb6/0x10c
[118725.697215] [<ffffffff811f915c>] ? kill_fasync+0x9e/0xdd
[118725.703673] [<ffffffff811633c7>] ? perf_event_wakeup+0x6e/0xd6
[118725.710695] [<ffffffff81167cf5>] ? perf_pending_event+0x70/0x8a
[118725.717830] [<ffffffff8114b569>] ? irq_work_run_list+0x66/0x84
[118725.724905] [<ffffffff8114b59b>] ? irq_work_run+0x14/0x29
[118725.731563] [<ffffffff81026452>] ? smp_irq_work_interrupt+0x11/0x16
[118725.739134] [<ffffffff816cc90f>] ? irq_work_interrupt+0x7f/0x90
[118725.746386] <EOI> [<ffffffff813b3b9d>] ? memcmp+0x1d/0x44
[118725.753246] [<ffffffff811d1a57>] ? __asan_load2+0x64/0x64
[118725.760055] [<ffffffff813b3ba8>] ? memcmp+0x28/0x44
[118725.766368] [<ffffffff813e3101>] ? find_stack+0x3b/0x54
[118725.773053] [<ffffffff813e32a6>] ? depot_save_stack+0x136/0x375
[118725.780468] [<ffffffff811d157c>] ? save_stack+0x9d/0xa6
[118725.787218] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.793967] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.800690] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
[118725.807393] [<ffffffff811d1512>] ? save_stack+0x33/0xa6
...
Powered by blists - more mailing lists