[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8760nl1z2m.fsf@tassilo.jf.intel.com>
Date: Thu, 17 Nov 2016 15:11:45 -0800
From: Andi Kleen <andi@...stfloor.org>
To: Vince Weaver <vincent.weaver@...ne.edu>
Cc: "linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
"dvyukov\@google.com" <dvyukov@...gle.com>,
alexander.shishkin@...el.com
Subject: Re: perf: fuzzer KASAN: global-out-of-bounds in match_token
Vince Weaver <vincent.weaver@...ne.edu> writes:
Adding Alex since it seems to be related to PT code.
> So got my skylake machine re-compiled with gcc-5 and got this.
>
> Should I keep reporting these, or is everyone fuzzing now so you're all
> hitting them too?
>
> [ 911.507365] ==================================================================
> [ 911.514824] BUG: KASAN: global-out-of-bounds in match_token+0x268/0x310 at addr ffffffffb14ad058
> [ 911.523912] Read of size 8 by task perf_fuzzer/20662
> [ 911.528945] Address belongs to variable if_tokens+0x78/0xa0
> [ 911.534619] CPU: 7 PID: 20662 Comm: perf_fuzzer Tainted: G L 4.9.0-rc5+ #12
> [ 911.534620] Hardware name: LENOVO 10FY0017US/SKYBAY, BIOS FWKT53A 06/06/2016
> [ 911.534622] ffff8801efd2f970 ffffffffb0f17c88 ffff8801efd2fa08 ffffffffb14ad058
> [ 911.534624] ffff8801efd2f9f8 ffffffffb0d0a9f3 1ffff1003dfa5f38 ffff8801efd2fc38
> [ 911.534627] ffff8801f12ca100 0000000000000297 ffff8801efd2fc38 ffff8801efd2fa38
> [ 911.534629] Call Trace:
> [ 911.534633] [<ffffffffb0f17c88>] dump_stack+0x63/0x8b
> [ 911.534636] [<ffffffffb0d0a9f3>] kasan_report_error+0x493/0x4c0
> [ 911.534638] [<ffffffffb0f27a43>] ? simple_strtoull+0x93/0xe0
> [ 911.534640] [<ffffffffb0d0b038>] kasan_report+0x58/0x60
> [ 911.534642] [<ffffffffb0f31008>] ? match_token+0x268/0x310
> [ 911.534644] [<ffffffffb0d0949e>] __asan_load8+0x5e/0x70
> [ 911.534646] [<ffffffffb0f31008>] match_token+0x268/0x310
> [ 911.534649] [<ffffffffb0d058f8>] ? kmem_cache_alloc_node_trace+0x108/0x5a0
> [ 911.534651] [<ffffffffb0f30da0>] ? match_wildcard+0x130/0x130
> [ 911.534653] [<ffffffffb0cbb4b5>] ? wp_page_copy+0x6f5/0xb80
> [ 911.534656] [<ffffffffb0c49668>] ? perf_event_set_addr_filter+0x1f8/0x630
> [ 911.534658] [<ffffffffb0c496bb>] perf_event_set_addr_filter+0x24b/0x630
> [ 911.534660] [<ffffffffb0c49470>] ? perf_pin_task_context+0xd0/0xd0
> [ 911.534663] [<ffffffffb0d09976>] ? kasan_unpoison_shadow+0x36/0x50
> [ 911.534665] [<ffffffffb0d09add>] ? kasan_kmalloc+0xad/0xe0
> [ 911.534667] [<ffffffffb0d06a0b>] ? __kmalloc_track_caller+0x10b/0x580
> [ 911.534669] [<ffffffffb0cbccd0>] ? vm_normal_page+0x130/0x130
> [ 911.534671] [<ffffffffb0c9fe06>] ? strndup_user+0x46/0x70
> [ 911.534673] [<ffffffffb0d097d4>] ? kasan_check_write+0x14/0x20
> [ 911.534675] [<ffffffffb0c9fd8d>] ? memdup_user+0x4d/0x80
> [ 911.534677] [<ffffffffb0c56a7a>] perf_ioctl+0x5fa/0x810
> [ 911.534680] [<ffffffffb0c56480>] ? SYSC_perf_event_open+0x11e0/0x11e0
> [ 911.534682] [<ffffffffb0cc1472>] ? handle_mm_fault+0x602/0x1c30
> [ 911.534684] [<ffffffffb0d589bb>] do_vfs_ioctl+0x14b/0x920
> [ 911.534686] [<ffffffffb0d58870>] ? ioctl_preallocate+0x160/0x160
> [ 911.534689] [<ffffffffb0e36be3>] ? security_file_permission+0xd3/0x100
> [ 911.534692] [<ffffffffb0c59af8>] ? __perf_sw_event+0x98/0xc0
> [ 911.534694] [<ffffffffb0aa0639>] ? __do_page_fault+0x579/0x650
> [ 911.534696] [<ffffffffb0d59209>] SyS_ioctl+0x79/0x90
> [ 911.534699] [<ffffffffb13f493b>] entry_SYSCALL_64_fastpath+0x1e/0xad
> [ 911.534700] Memory state around the buggy address:
> [ 911.539563] ffffffffb14acf00: fa fa fa fa 06 fa fa fa fa fa fa fa 06 fa fa fa
> [ 911.546942] ffffffffb14acf80: fa fa fa fa 03 fa fa fa fa fa fa fa 00 00 00 00
> [ 911.554269] >ffffffffb14ad000: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
> [ 911.561598] ^
> [ 911.567800] ffffffffb14ad080: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
> [ 911.575138] ffffffffb14ad100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
> [ 911.582492] ==================================================================
Powered by blists - more mailing lists