lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Tue, 9 Aug 2016 11:17:14 -0400 (EDT)
From:	Vince Weaver <vincent.weaver@...ne.edu>
To:	linux-kernel@...r.kernel.org
cc:	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Ingo Molnar <mingo@...hat.com>,
	Arnaldo Carvalho de Melo <acme@...nel.org>
Subject: perf: fuzzer general protection fault


still processing all the fallout from yesterday's fuzzer run on 
Haswell/4.8-rc1.

This one was a general protection fault, you can see in RAX that it read 
in some slab poisoning.  Not sure if it is related to the other issues.

It looks like it is coming through _perf_event_disable() via ioctl().
	
addr2line says this is kernel/events/core.c:4363
which is WARN_ON_ONCE(event->ctx->parent_ctx); in perf_event_for_each_child()

[22684.639528] general protection fault: 0000 [#1] SMP
[22684.645198] Modules linked in: fuse binfmt_misc intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel snd_hda_codec_hdmi aes_x86_64 lrw gf128mul glue_helper snd_hda_codec_realtek snd_hda_codec_generic ablk_helper ppdev iTCO_wdt snd_hda_intel snd_hda_codec snd_hda_core cryptd evdev iTCO_vendor_support snd_hwdep snd_pcm snd_timer snd i915 drm_kms_helper parport_pc wmi parport psmouse tpm_tis tpm_tis_core pcspkr serio_raw sg button i2c_i801 soundcore lpc_ich drm mei_me mfd_core i2c_smbus tpm mei video battery i2c_algo_bit sr_mod sd_mod cdrom ahci libahci xhci_pci libata ehci_pci xhci_hcd ehci_hcd e1000e usbcore ptp crc32c_intel scsi_mod pps_core usb_common fan thermal
[22684.722394] CPU: 0 PID: 11949 Comm: perf_fuzzer Tainted: G        W       4.8.0-rc1+ #187
[22684.731769] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014
[22684.740236] task: ffff8800d046c080 task.stack: ffff880117ea0000
[22684.747146] RIP: 0010:[<ffffffff811688e8>]  [<ffffffff811688e8>] perf_event_for_each_child+0x18/0xa0
[22684.757481] RSP: 0018:ffff880117ea3e20  EFLAGS: 00010282
[22684.763730] RAX: 6b6b6b6b6b6b6b6b RBX: 0000000000002401 RCX: ffff8800d046c7c0
[22684.771948] RDX: 0000000000000001 RSI: ffffffff81168d40 RDI: ffff8800c7190000
[22684.780158] RBP: ffff880117ea3e40 R08: 0000000000000000 R09: 0d871a7200000000
[22684.788400] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800c7190000
[22684.796607] R13: ffffffff81168d40 R14: ffffffff81168d40 R15: 0000000000000001
[22684.804787] FS:  00007f760fc86700(0000) GS:ffff88011ea00000(0000) knlGS:0000000000000000
[22684.814009] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[22684.820731] CR2: 00007f760fa77520 CR3: 00000001180d5000 CR4: 00000000001407f0
[22684.828982] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000200
[22684.837193] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
[22684.845380] Stack:
[22684.848139]  0000000000002401 ffff8800c7190020 ffff8801150e9000 ffffffff81168d40
[22684.856722]  ffff880117ea3e90 ffffffff811744f0 ffffffff81231de4 ffff880117ea3ea0
[22684.865336]  ffffffff81210bfd ffff880118993ae8 00000000000000bf ffff880115206e00
[22684.873952] Call Trace:
[22684.877191]  [<ffffffff81168d40>] ? event_function_call+0x150/0x150
[22684.884600]  [<ffffffff811744f0>] perf_ioctl+0x300/0x500
[22684.890952]  [<ffffffff81231de4>] ? mntput+0x24/0x40
[22684.896893]  [<ffffffff81210bfd>] ? __fput+0x17d/0x1f0
[22684.903070]  [<ffffffff812233f2>] do_vfs_ioctl+0x92/0x5a0
[22684.909512]  [<ffffffff81210cae>] ? ____fput+0xe/0x10
[22684.915594]  [<ffffffff81095a83>] ? task_work_run+0x83/0xa0
[22684.922213]  [<ffffffff81223979>] SyS_ioctl+0x79/0x90
[22684.928291]  [<ffffffff817221b6>] entry_SYSCALL_64_fastpath+0x1e/0xad
[22684.935814] Code: 5e ff ff ff 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 56 41 55 41 54 53 49 89 fc 48 8b 87 00 02 00 00 49 89 f5 <48> 83 b8 38 01 00 00 00 75 56 4d 8d b4 24 20 02 00 00 31 f6 4c 
[22684.958601] RIP  [<ffffffff811688e8>] perf_event_for_each_child+0x18/0xa0
[22684.966566]  RSP <ffff880117ea3e20>
[22684.973616] ---[ end trace 7ff7a520eaea4ee3 ]---

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ