| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Feb 2015 11:23:30 -0500 (EST) From: Vince Weaver <vincent.weaver@...ne.edu> To: linux-kernel@...r.kernel.org cc: Peter Zijlstra <a.p.zijlstra@...llo.nl>, Paul Mackerras <paulus@...ba.org>, Ingo Molnar <mingo@...hat.com>, Arnaldo Carvalho de Melo <acme@...nel.org>, Stephane Eranian <eranian@...il.com>, Jiri Olsa <jolsa@...nel.org> Subject: perf: fuzzer causes crash in snb_uncore_imc_event_start With current git on a Haswell machine the perf_fuzzer kicks up this almost instantly and crashes the machine. [ 54.874716] BUG: unable to handle kernel paging request at 0000000000005050 [ 54.882199] IP: [<ffffffff81035be4>] snb_uncore_imc_event_start+0x54/0xb0 [ 54.889515] PGD 0 [ 54.891697] Oops: 0000 [#1] SMP [ 54.895209] Modules linked in: fuse x86_pkg_temp_thermal intel_powerclamp intel_rapl iosf_mbi coretemp kvm snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic snd_hda_intel crct10dif_pclmul snd_hda_controller crc32_pclmul snd_hda_codec ghash_clmulni_intel snd_hwdep aesni_intel snd_pcm aes_x86_64 lrw i915 drm_kms_helper gf128mul psmouse ppdev drm iTCO_wdt snd_timer glue_helper iTCO_vendor_support evdev serio_raw ablk_helper tpm_tis snd mei_me lpc_ich soundcore xhci_pci xhci_hcd cryptd i2c_algo_bit pcspkr mei tpm parport_pc parport mfd_core processor video battery i2c_i801 button wmi sg sr_mod sd_mod cdrom e1000e ahci libahci libata ehci_pci ptp ehci_hcd crc32c_intel scsi_mod usbcore usb_common pps_core thermal fan thermal_sys [ 54.966637] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.19.0+ #127 [ 54.973262] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014 [ 54.981200] task: ffffffff81c1a580 ti: ffffffff81c00000 task.ti: ffffffff81c00000 [ 54.989225] RIP: 0010:[<ffffffff81035be4>] [<ffffffff81035be4>] snb_uncore_imc_event_start+0x54/0xb0 [ 54.999143] RSP: 0018:ffff88011ea03df8 EFLAGS: 00010092 [ 55.004849] RAX: 0000000000005050 RBX: ffff880118f14800 RCX: 0000000000000001 [ 55.012487] RDX: 0000000000000000 RSI: ffff8800d0459f88 RDI: ffff880118f14850 [ 55.020156] RBP: ffff88011ea03e08 R08: ffff8800d0459f88 R09: 0000000000000000 [ 55.027810] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8800d0459e00 [ 55.035439] R13: 0000000000000001 R14: ffffe8ffffc03ea8 R15: 0000000cc6c98879 [ 55.043085] FS: 0000000000000000(0000) GS:ffff88011ea00000(0000) knlGS:0000000000000000 [ 55.051777] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.057954] CR2: 0000000000005050 CR3: 0000000001c13000 CR4: 00000000001407f0 [ 55.065619] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.073329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 [ 55.080993] Stack: [ 55.083142] ffff8800d0459e00 ffff880118f14800 ffff88011ea03e38 ffffffff81035c87 [ 55.091149] ffff88011ea03e38 ffff880118f14800 ffffe8ffffc040f0 ffffe8ffffc040f4 [ 55.099189] ffff88011ea03e78 ffffffff8115ab26 0000000000000000 ffffe8ffffc03ea8 [ 55.107199] Call Trace: [ 55.109825] <IRQ> [ 55.111893] [<ffffffff81035c87>] snb_uncore_imc_event_add+0x47/0x60 [ 55.118941] [<ffffffff8115ab26>] event_sched_in.isra.73+0xa6/0x310 [ 55.125663] [<ffffffff8115adff>] group_sched_in+0x6f/0x1e0 [ 55.131670] [<ffffffff8101db0a>] ? native_sched_clock+0x2a/0x90 [ 55.138119] [<ffffffff8115b65c>] __perf_event_enable+0x25c/0x2a0 [ 55.144633] [<ffffffff810eba89>] ? tick_nohz_irq_exit+0x29/0x30 [ 55.151115] [<ffffffff81156150>] remote_function+0x50/0x60 [ 55.157098] [<ffffffff810f0c72>] flush_smp_call_function_queue+0x62/0x140 [ 55.164478] [<ffffffff8108f045>] ? __atomic_notifier_call_chain+0x5/0x90 [ 55.171773] [<ffffffff810f1293>] generic_smp_call_function_single_interrupt+0x13/0x60 [ 55.180243] [<ffffffff810472d7>] smp_call_function_single_interrupt+0x27/0x40 [ 55.187968] [<ffffffff816c943d>] call_function_single_interrupt+0x6d/0x80 [ 55.195308] <EOI> [ 55.197382] [<ffffffff810b7ed4>] ? lock_release+0xf4/0x260 [ 55.203588] [<ffffffff8108f0b7>] __atomic_notifier_call_chain+0x77/0x90 [ 55.210776] [<ffffffff8108f045>] ? __atomic_notifier_call_chain+0x5/0x90 [ 55.218052] [<ffffffff810d3833>] ? rcu_eqs_exit_common.isra.46+0x33/0x110 [ 55.225430] [<ffffffff8108f0e6>] atomic_notifier_call_chain+0x16/0x20 [ 55.232402] [<ffffffff8101f47f>] arch_cpu_idle_exit+0x2f/0x40 [ 55.238661] [<ffffffff810af5b8>] cpu_startup_entry+0x138/0x3b0 [ 55.245000] [<ffffffff816b4666>] rest_init+0xb6/0xc0 [ 55.250418] [<ffffffff81d20f7e>] start_kernel+0x450/0x45d [ 55.256295] [<ffffffff81d20120>] ? early_idt_handlers+0x120/0x120 [ 55.262940] [<ffffffff81d204d7>] x86_64_start_reservations+0x2a/0x2c [ 55.269848] [<ffffffff81d2061c>] x86_64_start_kernel+0x143/0x152 [ 55.276358] Code: 04 01 48 8d 90 88 01 00 00 48 8b b0 90 01 00 00 48 8d 7b 50 49 89 c4 e8 7b 29 3e 00 49 8b 94 24 98 01 00 00 48 8b 83 48 01 00 00 <8b> 04 02 48 89 83 a0 01 00 00 41 83 7c 24 04 01 74 0a 5b 41 5c [ 55.297918] RIP [<ffffffff81035be4>] snb_uncore_imc_event_start+0x54/0xb0 [ 55.305308] RSP <ffff88011ea03df8> [ 55.309770] CR2: 0000000000005050 [ 55.314059] ---[ end trace 3a10e6df5e1c4c87 ]--- [ 55.319696] Kernel panic - not syncing: Fatal exception in interrupt [ 55.327245] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff) [ 55.338941] drm_kms_helper: panic occurred, switching back to text console [ 55.347079] ---[ end Kernel panic - not syncing: Fatal exception in interrupt -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists