lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20161116145849.GR3157@twins.programming.kicks-ass.net>
Date:   Wed, 16 Nov 2016 15:58:49 +0100
From:   Peter Zijlstra <peterz@...radead.org>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
Cc:     Vince Weaver <vincent.weaver@...ne.edu>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        "davej@...emonkey.org.uk" <davej@...emonkey.org.uk>,
        "dvyukov@...gle.com" <dvyukov@...gle.com>,
        Stephane Eranian <eranian@...il.com>
Subject: Re: perf: fuzzer KASAN unwind_get_return_address

On Wed, Nov 16, 2016 at 03:49:43PM +0100, Peter Zijlstra wrote:
> Let me enable those and run again, it didn't insta-trigger like it does
> without.

Tada!

$ objdump -D ivb-dbg/vmlinux | awk '/<[^>]*>:/ { p = 0; } /<unwind_get_return_address>:/ { p = 1; } { if (p) print $0; }'

ffffffff811c70d0 <unwind_get_return_address>:
ffffffff811c70d0:       e8 8b 61 0e 02          callq  ffffffff832ad260 <__fentry__>
ffffffff811c70d5:       48 b8 00 00 00 00 00    movabs $0xdffffc0000000000,%rax
ffffffff811c70dc:       fc ff df 
ffffffff811c70df:       55                      push   %rbp
ffffffff811c70e0:       48 89 fa                mov    %rdi,%rdx
ffffffff811c70e3:       48 89 e5                mov    %rsp,%rbp
ffffffff811c70e6:       48 c1 ea 03             shr    $0x3,%rdx
ffffffff811c70ea:       41 56                   push   %r14
ffffffff811c70ec:       41 55                   push   %r13
ffffffff811c70ee:       41 54                   push   %r12
ffffffff811c70f0:       53                      push   %rbx
ffffffff811c70f1:       48 89 fb                mov    %rdi,%rbx
ffffffff811c70f4:       48 83 ec 10             sub    $0x10,%rsp
ffffffff811c70f8:       0f b6 14 02             movzbl (%rdx,%rax,1),%edx
ffffffff811c70fc:       48 89 f8                mov    %rdi,%rax
ffffffff811c70ff:       83 e0 07                and    $0x7,%eax
ffffffff811c7102:       83 c0 03                add    $0x3,%eax
ffffffff811c7105:       38 d0                   cmp    %dl,%al
ffffffff811c7107:       7c 08                   jl     ffffffff811c7111 <unwind_get_return_address+0x41>
ffffffff811c7109:       84 d2                   test   %dl,%dl
ffffffff811c710b:       0f 85 0e 01 00 00       jne    ffffffff811c721f <unwind_get_return_address+0x14f>
ffffffff811c7111:       8b 03                   mov    (%rbx),%eax
ffffffff811c7113:       85 c0                   test   %eax,%eax
ffffffff811c7115:       0f 84 c9 00 00 00       je     ffffffff811c71e4 <unwind_get_return_address+0x114>
ffffffff811c711b:       48 8d 7b 40             lea    0x40(%rbx),%rdi
ffffffff811c711f:       48 b8 00 00 00 00 00    movabs $0xdffffc0000000000,%rax
ffffffff811c7126:       fc ff df 
ffffffff811c7129:       48 89 fa                mov    %rdi,%rdx
ffffffff811c712c:       48 c1 ea 03             shr    $0x3,%rdx
ffffffff811c7130:       80 3c 02 00             cmpb   $0x0,(%rdx,%rax,1)
ffffffff811c7134:       0f 85 ef 00 00 00       jne    ffffffff811c7229 <unwind_get_return_address+0x159>
ffffffff811c713a:       4c 8b 63 40             mov    0x40(%rbx),%r12
ffffffff811c713e:       4d 85 e4                test   %r12,%r12
ffffffff811c7141:       0f 84 ac 00 00 00       je     ffffffff811c71f3 <unwind_get_return_address+0x123>
ffffffff811c7147:       49 8d bc 24 88 00 00    lea    0x88(%r12),%rdi
ffffffff811c714e:       00 
ffffffff811c714f:       48 b8 00 00 00 00 00    movabs $0xdffffc0000000000,%rax
ffffffff811c7156:       fc ff df 
ffffffff811c7159:       48 89 f9                mov    %rdi,%rcx
ffffffff811c715c:       48 c1 e9 03             shr    $0x3,%rcx
ffffffff811c7160:       80 3c 01 00             cmpb   $0x0,(%rcx,%rax,1)
ffffffff811c7164:       0f 85 4f 01 00 00       jne    ffffffff811c72b9 <unwind_get_return_address+0x1e9>
ffffffff811c716a:       41 f6 84 24 88 00 00    testb  $0x3,0x88(%r12)
ffffffff811c7171:       00 03 
ffffffff811c7173:       75 6f                   jne    ffffffff811c71e4 <unwind_get_return_address+0x114>
ffffffff811c7175:       49 83 ec 80             sub    $0xffffffffffffff80,%r12
ffffffff811c7179:       48 b8 00 00 00 00 00    movabs $0xdffffc0000000000,%rax
ffffffff811c7180:       fc ff df 
ffffffff811c7183:       4c 89 e2                mov    %r12,%rdx
ffffffff811c7186:       48 c1 ea 03             shr    $0x3,%rdx
ffffffff811c718a:       80 3c 02 00             cmpb   $0x0,(%rdx,%rax,1)
ffffffff811c718e:       0f 85 2f 01 00 00       jne    ffffffff811c72c3 <unwind_get_return_address+0x1f3>
ffffffff811c7194:       4c 8d 73 28             lea    0x28(%rbx),%r14
ffffffff811c7198:       49 8b 14 24             mov    (%r12),%rdx
ffffffff811c719c:       48 b8 00 00 00 00 00    movabs $0xdffffc0000000000,%rax
ffffffff811c71a3:       fc ff df 
ffffffff811c71a6:       48 8d 73 30             lea    0x30(%rbx),%rsi
ffffffff811c71aa:       4c 89 f1                mov    %r14,%rcx
ffffffff811c71ad:       48 c1 e9 03             shr    $0x3,%rcx
ffffffff811c71b1:       80 3c 01 00             cmpb   $0x0,(%rcx,%rax,1)
ffffffff811c71b5:       0f 85 15 01 00 00       jne    ffffffff811c72d0 <unwind_get_return_address+0x200>
ffffffff811c71bb:       48 8b 7b 28             mov    0x28(%rbx),%rdi
ffffffff811c71bf:       4c 89 e1                mov    %r12,%rcx
ffffffff811c71c2:       e8 59 7a 2c 00          callq  ffffffff8148ec20 <ftrace_graph_ret_addr>
ffffffff811c71c7:       48 89 c7                mov    %rax,%rdi
ffffffff811c71ca:       49 89 c5                mov    %rax,%r13
ffffffff811c71cd:       e8 9e 30 0c 00          callq  ffffffff8128a270 <__kernel_text_address>
ffffffff811c71d2:       89 c2                   mov    %eax,%edx
ffffffff811c71d4:       4c 89 e8                mov    %r13,%rax
ffffffff811c71d7:       85 d2                   test   %edx,%edx
ffffffff811c71d9:       75 0b                   jne    ffffffff811c71e6 <unwind_get_return_address+0x116>
ffffffff811c71db:       80 3d 18 29 f9 02 00    cmpb   $0x0,0x2f92918(%rip)        # ffffffff84159afa <__print_once.27085>
ffffffff811c71e2:       74 4f                   je     ffffffff811c7233 <unwind_get_return_address+0x163>
ffffffff811c71e4:       31 c0                   xor    %eax,%eax
ffffffff811c71e6:       48 83 c4 10             add    $0x10,%rsp
ffffffff811c71ea:       5b                      pop    %rbx
ffffffff811c71eb:       41 5c                   pop    %r12
ffffffff811c71ed:       41 5d                   pop    %r13
ffffffff811c71ef:       41 5e                   pop    %r14
ffffffff811c71f1:       5d                      pop    %rbp
ffffffff811c71f2:       c3                      retq   
ffffffff811c71f3:       48 8d 7b 38             lea    0x38(%rbx),%rdi
ffffffff811c71f7:       48 b8 00 00 00 00 00    movabs $0xdffffc0000000000,%rax
ffffffff811c71fe:       fc ff df 
ffffffff811c7201:       48 89 fa                mov    %rdi,%rdx
ffffffff811c7204:       48 c1 ea 03             shr    $0x3,%rdx
ffffffff811c7208:       80 3c 02 00             cmpb   $0x0,(%rdx,%rax,1)
ffffffff811c720c:       0f 85 9d 00 00 00       jne    ffffffff811c72af <unwind_get_return_address+0x1df>
ffffffff811c7212:       48 8b 43 38             mov    0x38(%rbx),%rax
ffffffff811c7216:       4c 8d 60 08             lea    0x8(%rax),%r12
ffffffff811c721a:       e9 5a ff ff ff          jmpq   ffffffff811c7179 <unwind_get_return_address+0xa9>
ffffffff811c721f:       e8 6c b0 45 00          callq  ffffffff81622290 <__asan_report_load4_noabort>
ffffffff811c7224:       e9 e8 fe ff ff          jmpq   ffffffff811c7111 <unwind_get_return_address+0x41>
ffffffff811c7229:       e8 b2 b0 45 00          callq  ffffffff816222e0 <__asan_report_load8_noabort>
ffffffff811c722e:       e9 07 ff ff ff          jmpq   ffffffff811c713a <unwind_get_return_address+0x6a>
ffffffff811c7233:       4c 89 f2                mov    %r14,%rdx
ffffffff811c7236:       c6 05 bd 28 f9 02 01    movb   $0x1,0x2f928bd(%rip)        # ffffffff84159afa <__print_once.27085>
ffffffff811c723d:       48 b8 00 00 00 00 00    movabs $0xdffffc0000000000,%rax
ffffffff811c7244:       fc ff df 
ffffffff811c7247:       48 c1 ea 03             shr    $0x3,%rdx
ffffffff811c724b:       80 3c 02 00             cmpb   $0x0,(%rdx,%rax,1)
ffffffff811c724f:       75 4d                   jne    ffffffff811c729e <unwind_get_return_address+0x1ce>
ffffffff811c7251:       48 b8 00 00 00 00 00    movabs $0xdffffc0000000000,%rax
ffffffff811c7258:       fc ff df 
ffffffff811c725b:       48 8b 5b 28             mov    0x28(%rbx),%rbx
ffffffff811c725f:       48 8d bb c0 04 00 00    lea    0x4c0(%rbx),%rdi
ffffffff811c7266:       48 89 fa                mov    %rdi,%rdx
ffffffff811c7269:       48 c1 ea 03             shr    $0x3,%rdx
ffffffff811c726d:       0f b6 04 02             movzbl (%rdx,%rax,1),%eax
ffffffff811c7271:       84 c0                   test   %al,%al
ffffffff811c7273:       74 04                   je     ffffffff811c7279 <unwind_get_return_address+0x1a9>
ffffffff811c7275:       3c 03                   cmp    $0x3,%al
ffffffff811c7277:       7e 2f                   jle    ffffffff811c72a8 <unwind_get_return_address+0x1d8>
ffffffff811c7279:       44 8b 83 c0 04 00 00    mov    0x4c0(%rbx),%r8d
ffffffff811c7280:       48 8d 8b 58 06 00 00    lea    0x658(%rbx),%rcx
ffffffff811c7287:       4c 89 e2                mov    %r12,%rdx
ffffffff811c728a:       4c 89 ee                mov    %r13,%rsi
ffffffff811c728d:       48 c7 c7 e0 1d 45 83    mov    $0xffffffff83451de0,%rdi
ffffffff811c7294:       e8 49 8c 35 00          callq  ffffffff8151fee2 <printk_deferred>
ffffffff811c7299:       e9 46 ff ff ff          jmpq   ffffffff811c71e4 <unwind_get_return_address+0x114>
ffffffff811c729e:       4c 89 f7                mov    %r14,%rdi
ffffffff811c72a1:       e8 3a b0 45 00          callq  ffffffff816222e0 <__asan_report_load8_noabort>
ffffffff811c72a6:       eb a9                   jmp    ffffffff811c7251 <unwind_get_return_address+0x181>
ffffffff811c72a8:       e8 e3 af 45 00          callq  ffffffff81622290 <__asan_report_load4_noabort>
ffffffff811c72ad:       eb ca                   jmp    ffffffff811c7279 <unwind_get_return_address+0x1a9>
ffffffff811c72af:       e8 2c b0 45 00          callq  ffffffff816222e0 <__asan_report_load8_noabort>
ffffffff811c72b4:       e9 59 ff ff ff          jmpq   ffffffff811c7212 <unwind_get_return_address+0x142>
ffffffff811c72b9:       e8 22 b0 45 00          callq  ffffffff816222e0 <__asan_report_load8_noabort>
ffffffff811c72be:       e9 a7 fe ff ff          jmpq   ffffffff811c716a <unwind_get_return_address+0x9a>
ffffffff811c72c3:       4c 89 e7                mov    %r12,%rdi
ffffffff811c72c6:       e8 15 b0 45 00          callq  ffffffff816222e0 <__asan_report_load8_noabort>
ffffffff811c72cb:       e9 c4 fe ff ff          jmpq   ffffffff811c7194 <unwind_get_return_address+0xc4>
ffffffff811c72d0:       4c 89 f7                mov    %r14,%rdi
ffffffff811c72d3:       48 89 75 d0             mov    %rsi,-0x30(%rbp)
ffffffff811c72d7:       48 89 55 d8             mov    %rdx,-0x28(%rbp)
ffffffff811c72db:       e8 00 b0 45 00          callq  ffffffff816222e0 <__asan_report_load8_noabort>
ffffffff811c72e0:       48 8b 75 d0             mov    -0x30(%rbp),%rsi
ffffffff811c72e4:       48 8b 55 d8             mov    -0x28(%rbp),%rdx
ffffffff811c72e8:       e9 ce fe ff ff          jmpq   ffffffff811c71bb <unwind_get_return_address+0xeb>
ffffffff811c72ed:       0f 1f 00                nopl   (%rax)


---
3==================================================================
3BUG: KASAN: stack-out-of-bounds in unwind_get_return_address+0x1fb/0x220 at addr ffff88042f88bba0
3Read of size 8 by task swapper/2/0
0page:ffffea0010be22c0 count:1 mapcount:0 mapping:          (null) index:0x0c
0flags: 0x2ffff8000000400(reserved)
1page dumped because: kasan: bad access detected
dCPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.9.0-rc5-00530-gd8866fc-dirty #3
dHardware name: Intel Corporation S2600GZ/S2600GZ, BIOS SE5C600.86B.02.02.0002.122320131210 12/23/2013
dCall Trace:
d <NMI>
d dump_stack+0x67/0x94
d kasan_report_error+0x4a1/0x4d0
d ? printk+0xef/0xef
d __asan_report_load8_noabort+0x43/0x50
d ? unwind_get_return_address+0x1fb/0x220
d unwind_get_return_address+0x1fb/0x220
d perf_callchain_kernel+0x356/0x550
d ? arch_perf_update_userpage+0x350/0x350
d ? __perf_event_header__init_id+0x500/0x500
d get_perf_callchain+0x276/0x670
d ? put_callchain_buffers+0x50/0x50
d ? sched_clock_cpu+0x11c/0x1a0
d perf_callchain+0x128/0x1a0
d perf_prepare_sample+0x70e/0xfb0
d perf_event_output_forward+0x93/0x110
d ? perf_prepare_sample+0xfb0/0xfb0
d ? arch_perf_update_userpage+0x26c/0x350
d ? sched_clock_cpu+0x11c/0x1a0
d __perf_event_overflow+0x1a3/0x570
d perf_event_overflow+0x14/0x20
d __intel_pmu_pebs_event+0x3ca/0x610
d ? pebs_update_state+0x310/0x310
d ? acpi_map_lookup+0x40/0xad
d ? intel_pmu_disable_bts+0xc0/0xc0
d ? acpi_map_lookup+0x40/0xad
d ? put_dec+0x1c/0xb0
d ? number+0x71c/0xa70
d ? put_dec+0xb0/0xb0
d intel_pmu_drain_pebs_nhm+0x5f6/0xbf0
d ? __intel_pmu_pebs_event+0x610/0x610
d ? early_serial_putc+0x41/0x70
d ? early_serial_write+0x7c/0xf0
d ? trace_raw_output_console+0x160/0x160
d intel_pmu_handle_irq+0x4b2/0xa90
d ? intel_pmu_save_and_restart+0xe0/0xe0
d ? acpi_os_read_memory+0x228/0x262
d ? acpi_os_get_timer+0x1a/0x1a
d ? vunmap_page_range+0x269/0x400
d ? ghes_copy_tofrom_phys+0x149/0x270
d ? ghes_read_estatus+0x11e/0x6b0
d ? ghes_copy_tofrom_phys+0x270/0x270
d perf_event_nmi_handler+0x2d/0x50
d nmi_handle+0x9e/0x250
d default_do_nmi+0x111/0x180
d do_nmi+0x1a2/0x210
d end_repeat_nmi+0x1a/0x1e
dRIP: 0010:irq_exit+0x10/0x1d0
dRSP: 0000:ffff88042f887fc8 EFLAGS: 00000046c
dRAX: 0000000000000000 RBX: ffffffff83a77980 RCX: 1ffff10080965faf
dRDX: 1ffff10085f13747 RSI: 0000000000000000 RDI: ffff88042f89ba38
dRBP: ffff88042f887fd0 R08: ffff8804060b1a08 R09: 1ffff10085f1276e
dR10: ffffed0080c16369 R11: ffff88042f89dd04 R12: 00000023af3410aa
dR13: 0000000000000004 R14: 0000000000000004 R15: 0000000000000180
d ? irq_exit+0x10/0x1d0
d ? irq_exit+0x10/0x1d0
d <EOE>
d <IRQ>
d smp_call_function_single_interrupt+0x70/0x90
d call_function_single_interrupt+0x90/0xa0
dRIP: 0010:cpuidle_enter_state+0x121/0x7a0
dRSP: 0000:ffff88042caffe28 EFLAGS: 00000246c ORIG_RAX: ffffffffffffff04
dRAX: 0000000000000000 RBX: ffff88042f8ab720 RCX: 000000000000001f
dRDX: 1ffff10085f142f9 RSI: 000000002dd33691 RDI: ffff88042f8a17c8
dRBP: ffff88042caffe88 R08: 0000000000000018 R09: ffffffff83f3f320
dR10: 071c71c71c71c71c R11: ffff88042f89dd04 R12: 00000023af3410aa
dR13: 0000000000000004 R14: 0000000000000004 R15: 0000000000000180
d <EOI>
d ? cpuidle_enter_state+0x11c/0x7a0
d cpuidle_enter+0x17/0x20
d call_cpuidle+0x47/0xc0
d ? cpuidle_select+0x59/0x80
d cpu_startup_entry+0x1a6/0x2d0
d start_secondary+0x245/0x2d0
d start_cpu+0x5/0x14
3Memory state around the buggy address:
3 ffff88042f88ba80: f2 00 00 f4 f4 f2 f2 f2 f2 00 00 f4 f4 f3 f3 f3
3 ffff88042f88bb00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3>ffff88042f88bb80: f1 f1 f1 f1 f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2
3                               ^
3 ffff88042f88bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 ffff88042f88bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3==================================================================
4Disabling lock debugging due to kernel taint
3==================================================================
3BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x5fc/0x780 at addr ffff88042f88bb98
3Read of size 8 by task swapper/2/0
0page:ffffea0010be22c0 count:1 mapcount:0 mapping:          (null) index:0x0c
0flags: 0x2ffff8000000400(reserved)
1page dumped because: kasan: bad access detected
dCPU: 2 PID: 0 Comm: swapper/2 Tainted: G    B           4.9.0-rc5-00530-gd8866fc-dirty #3
dHardware name: Intel Corporation S2600GZ/S2600GZ, BIOS SE5C600.86B.02.02.0002.122320131210 12/23/2013
dCall Trace:
d <NMI>
d dump_stack+0x67/0x94
d kasan_report_error+0x4a1/0x4d0
d ? kasan_report_error+0x420/0x4d0
d __asan_report_load8_noabort+0x43/0x50
d ? unwind_next_frame+0x5fc/0x780
d unwind_next_frame+0x5fc/0x780
d perf_callchain_kernel+0x341/0x550
d ? arch_perf_update_userpage+0x350/0x350
d ? __perf_event_header__init_id+0x500/0x500
d get_perf_callchain+0x276/0x670
d ? put_callchain_buffers+0x50/0x50
d ? sched_clock_cpu+0x11c/0x1a0
d perf_callchain+0x128/0x1a0
d perf_prepare_sample+0x70e/0xfb0
d perf_event_output_forward+0x93/0x110
d ? perf_prepare_sample+0xfb0/0xfb0
d ? arch_perf_update_userpage+0x26c/0x350
d ? sched_clock_cpu+0x11c/0x1a0
d __perf_event_overflow+0x1a3/0x570
d perf_event_overflow+0x14/0x20
d __intel_pmu_pebs_event+0x3ca/0x610
d ? pebs_update_state+0x310/0x310
d ? acpi_map_lookup+0x40/0xad
d ? intel_pmu_disable_bts+0xc0/0xc0
d ? acpi_map_lookup+0x40/0xad
d ? put_dec+0x1c/0xb0
d ? number+0x71c/0xa70
d ? put_dec+0xb0/0xb0
d intel_pmu_drain_pebs_nhm+0x5f6/0xbf0
d ? __intel_pmu_pebs_event+0x610/0x610
d ? early_serial_putc+0x41/0x70
d ? early_serial_write+0x7c/0xf0
d ? trace_raw_output_console+0x160/0x160
d intel_pmu_handle_irq+0x4b2/0xa90
d ? intel_pmu_save_and_restart+0xe0/0xe0
d ? acpi_os_read_memory+0x228/0x262
d ? acpi_os_get_timer+0x1a/0x1a
d ? vunmap_page_range+0x269/0x400
d ? ghes_copy_tofrom_phys+0x149/0x270
d ? ghes_read_estatus+0x11e/0x6b0
d ? ghes_copy_tofrom_phys+0x270/0x270
d perf_event_nmi_handler+0x2d/0x50
d nmi_handle+0x9e/0x250
d default_do_nmi+0x111/0x180
d do_nmi+0x1a2/0x210
d end_repeat_nmi+0x1a/0x1e
dRIP: 0010:irq_exit+0x10/0x1d0
dRSP: 0000:ffff88042f887fc8 EFLAGS: 00000046c
dRAX: 0000000000000000 RBX: ffffffff83a77980 RCX: 1ffff10080965faf
dRDX: 1ffff10085f13747 RSI: 0000000000000000 RDI: ffff88042f89ba38
dRBP: ffff88042f887fd0 R08: ffff8804060b1a08 R09: 1ffff10085f1276e
dR10: ffffed0080c16369 R11: ffff88042f89dd04 R12: 00000023af3410aa
dR13: 0000000000000004 R14: 0000000000000004 R15: 0000000000000180
d ? irq_exit+0x10/0x1d0
d ? irq_exit+0x10/0x1d0
d <EOE>
d <IRQ>
d smp_call_function_single_interrupt+0x70/0x90
d call_function_single_interrupt+0x90/0xa0
dRIP: 0010:cpuidle_enter_state+0x121/0x7a0
dRSP: 0000:ffff88042caffe28 EFLAGS: 00000246c ORIG_RAX: ffffffffffffff04
dRAX: 0000000000000000 RBX: ffff88042f8ab720 RCX: 000000000000001f
dRDX: 1ffff10085f142f9 RSI: 000000002dd33691 RDI: ffff88042f8a17c8
dRBP: ffff88042caffe88 R08: 0000000000000018 R09: ffffffff83f3f320
dR10: 071c71c71c71c71c R11: ffff88042f89dd04 R12: 00000023af3410aa
dR13: 0000000000000004 R14: 0000000000000004 R15: 0000000000000180
d <EOI>
d ? cpuidle_enter_state+0x11c/0x7a0
d cpuidle_enter+0x17/0x20
d call_cpuidle+0x47/0xc0
d ? cpuidle_select+0x59/0x80
d cpu_startup_entry+0x1a6/0x2d0
d start_secondary+0x245/0x2d0
d start_cpu+0x5/0x14
3Memory state around the buggy address:
3 ffff88042f88ba80: f2 00 00 f4 f4 f2 f2 f2 f2 00 00 f4 f4 f3 f3 f3
3 ffff88042f88bb00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3>ffff88042f88bb80: f1 f1 f1 f1 f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2
3                            ^
3 ffff88042f88bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 ffff88042f88bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3==================================================================

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ