| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d869feec-dc50-070c-a363-6f677ab6d678@maine.edu>
Date: Wed, 30 Jul 2025 09:53:25 -0400 (EDT)
From: Vince Weaver <vincent.weaver@...ne.edu>
To: linux-kernel@...r.kernel.org, linux-perf-users@...r.kernel.org
cc: "Liang, Kan" <kan.liang@...ux.intel.com>,
Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Namhyung Kim <namhyung@...nel.org>, Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...nel.org>, Ian Rogers <irogers@...gle.com>,
Adrian Hunter <adrian.hunter@...el.com>,
"Mi, Dapeng" <dapeng1.mi@...ux.intel.com>
Subject: [perf] fuzzer triggers BUG: KASAN: wild-memory-access in
x86_pmu_stop
Hello
I was fuzzing current git (6.16) on a RaptorLake machine with KASAN
enabled and it turned up this issue. I think this is unrelated to the
other issue I've been tracking on this machine.
Vince Weaver
vincent.weaver@...ne.edu
[62790.535489] ==================================================================
[62790.535493] BUG: KASAN: wild-memory-access in x86_pmu_stop+0x80/0x2b0
[62790.535499] Read of size 8 at addr 1fff888770d28e98 by task perf_fuzzer/1142475
[62790.535502] CPU: 2 UID: 1000 PID: 1142475 Comm: perf_fuzzer Not tainted 6.16.0+ #13 PREEMPT(voluntary)
[62790.535505] Hardware name: Dell Inc. Precision 3660/0VJ7G2, BIOS 2.17.0 08/09/2024
[62790.535507] Call Trace:
[62790.535508] <NMI>
[62790.535509] dump_stack_lvl+0x64/0x80
[62790.535512] kasan_report+0xce/0x100
[62790.535516] ? x86_pmu_stop+0x80/0x2b0
[62790.535519] kasan_check_range+0x100/0x1b0
[62790.535521] x86_pmu_stop+0x80/0x2b0
[62790.535523] __perf_event_account_interrupt+0x3a8/0x560
[62790.535527] __perf_event_overflow+0xf9/0xc00
[62790.535529] ? __pfx_perf_event_output+0x10/0x10
[62790.535530] ? __pfx_perf_event_update_userpage+0x10/0x10
[62790.535533] ? __pfx___perf_event_overflow+0x10/0x10
[62790.535534] ? setup_pebs_adaptive_sample_data+0x18a/0x24e0
[62790.535537] ? intel_pmu_save_and_restart_reload.isra.0+0x169/0x200
[62790.535539] intel_pmu_drain_pebs_icl+0x6da/0xc60
[62790.535542] ? __pfx_intel_pmu_drain_pebs_icl+0x10/0x10
[62790.535544] ? mutex_lock+0x81/0xe0
[62790.535546] ? intel_bts_disable_local+0x53/0xf0
[62790.535551] handle_pmi_common+0x606/0xab0
[62790.535553] ? __pfx_handle_pmi_common+0x10/0x10
[62790.535554] ? nmi_handle.part.0+0xa4/0x2e0
[62790.535558] ? ring_buffer_put+0x18/0x90
[62790.535560] ? intel_bts_interrupt+0x334/0x400
[62790.535562] ? __pfx_intel_bts_interrupt+0x10/0x10
[62790.535564] intel_pmu_handle_irq+0x1bf/0xac0
[62790.535566] perf_event_nmi_handler+0x3b/0x60
[62790.535568] nmi_handle.part.0+0xaa/0x2e0
[62790.535570] ? __pfx_nmi_cpu_backtrace_handler+0x10/0x10
[62790.535572] default_do_nmi+0x40/0x100
[62790.535575] exc_nmi+0x128/0x1a0
[62790.535576] end_repeat_nmi+0xf/0x53
[62790.535578] RIP: 0010:kasan_check_range+0x4d/0x1b0
[62790.535581] Code: cc cc cc 48 b8 00 00 00 00 00 00 00 ff eb 0a 48 b8 00 00 00 00 00 80 ff ff 48 39 c7 0f 82 b3 00 00 00 4c 8d 54 37 ff 48 89 fd <48> b8 00 00 00 00 00 fc ff df 4d 89 d1 48 c1 ed 03 49 c1 e9 03 48
[62790.535583] RSP: 0018:ffff888126247c70 EFLAGS: 00000202
[62790.535585] RAX: ffff800000000000 RBX: ffff888128d1ac08 RCX: ffffffffa18c0551
[62790.535586] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888128d1ac08
[62790.535587] RBP: ffff888128d1ac08 R08: 0000000000000001 R09: ffffed1024c48fa8
[62790.535588] R10: ffff888128d1ac0f R11: 1ffff110ee1a51fa R12: ffff88816bce1ac0
[62790.535589] R13: ffffed102ba8cc7f R14: dffffc0000000000 R15: ffff888128d1ac80
[62790.535591] ? mutex_lock+0x81/0xe0
[62790.535592] ? kasan_check_range+0x4d/0x1b0
[62790.535594] ? kasan_check_range+0x4d/0x1b0
[62790.535596] </NMI>
[62790.535596] <TASK>
[62790.535597] mutex_lock+0x81/0xe0
[62790.535599] ? __pfx_mutex_lock+0x10/0x10
[62790.535600] ? __pfx___perf_event_enable+0x10/0x10
[62790.535602] ? __pfx_event_function_call+0x10/0x10
[62790.535603] perf_event_ctx_lock_nested.constprop.0+0x127/0x1f0
[62790.535605] ? __pfx_perf_event_ctx_lock_nested.constprop.0+0x10/0x10
[62790.535607] ? mutex_unlock+0x82/0xd0
[62790.535609] ? __pfx_mutex_unlock+0x10/0x10
[62790.535611] ? vm_mmap_pgoff+0x2cc/0x3a0
[62790.535614] perf_event_task_enable+0x81/0x1f0
[62790.535617] __do_sys_prctl+0x98d/0x1830
[62790.535620] ? __pfx___do_sys_prctl+0x10/0x10
[62790.535623] ? fput+0x29/0x80
[62790.535625] do_syscall_64+0x82/0x2f0
[62790.535628] ? fpregs_assert_state_consistent+0x63/0xf0
[62790.535631] ? do_syscall_64+0xc9/0x2f0
[62790.535633] ? fpregs_assert_state_consistent+0x63/0xf0
[62790.535635] ? do_syscall_64+0xc9/0x2f0
[62790.535637] ? fpregs_assert_state_consistent+0x63/0xf0
[62790.535639] ? do_syscall_64+0xc9/0x2f0
[62790.535641] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[62790.535642] RIP: 0033:0x7faf2c2e940d
[62790.535644] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 18 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 9d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 1b 48 8b 54 24 18 64 48 2b 14 25 28 00 00 00
[62790.535645] RSP: 002b:00007ffdccacc260 EFLAGS: 00000246 ORIG_RAX: 000000000000009d
[62790.535647] RAX: ffffffffffffffda RBX: 000000000000000e RCX: 00007faf2c2e940d
[62790.535648] RDX: 0000000000000001 RSI: 00007ffdccacc294 RDI: 0000000000000020
[62790.535649] RBP: 00007ffdccacc2d0 R08: 00007faf2c3b2200 R09: 00007faf2c3b2260
[62790.535650] R10: 00007faf2c3b21f4 R11: 0000000000000246 R12: 0000000000000000
[62790.535651] R13: 00007ffdccace728 R14: 0000560c62688dd8 R15: 00007faf2c41c020
[62790.535653] </TASK>
[62790.535654] ==================================================================
[62790.535654] Disabling lock debugging due to kernel taint
Powered by blists - more mailing lists