| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202508190403.33c83ece-lkp@intel.com>
Date: Tue, 19 Aug 2025 10:44:49 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Robin Murphy <robin.murphy@....com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
<linux-arm-kernel@...ts.infradead.org>, <linuxppc-dev@...ts.ozlabs.org>,
<linux-s390@...r.kernel.org>, <linux-perf-users@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <linux-rockchip@...ts.infradead.org>,
<dmaengine@...r.kernel.org>, <linux-fpga@...r.kernel.org>,
<amd-gfx@...ts.freedesktop.org>, <intel-gfx@...ts.freedesktop.org>,
<intel-xe@...ts.freedesktop.org>, <coresight@...ts.linaro.org>,
<iommu@...ts.linux.dev>, <linux-amlogic@...ts.infradead.org>,
<linux-cxl@...r.kernel.org>, <linux-arm-msm@...r.kernel.org>,
<linux-pm@...r.kernel.org>, <peterz@...radead.org>, <mingo@...hat.com>,
<will@...nel.org>, <mark.rutland@....com>, <acme@...nel.org>,
<namhyung@...nel.org>, <alexander.shishkin@...ux.intel.com>,
<jolsa@...nel.org>, <irogers@...gle.com>, <adrian.hunter@...el.com>,
<kan.liang@...ux.intel.com>, <linux-alpha@...r.kernel.org>,
<linux-snps-arc@...ts.infradead.org>, <imx@...ts.linux.dev>,
<linux-csky@...r.kernel.org>, <loongarch@...ts.linux.dev>,
<linux-mips@...r.kernel.org>, <linux-sh@...r.kernel.org>,
<sparclinux@...r.kernel.org>, <dri-devel@...ts.freedesktop.org>,
<linux-riscv@...ts.infradead.org>, <oliver.sang@...el.com>
Subject: Re: [PATCH 19/19] perf: Garbage-collect event_init checks
Hello,
kernel test robot noticed "BUG:unable_to_handle_page_fault_for_address" on:
commit: 1ba20479196e5af3ebbedf9321de6b26f2a0cdd3 ("[PATCH 19/19] perf: Garbage-collect event_init checks")
url: https://github.com/intel-lab-lkp/linux/commits/Robin-Murphy/perf-arm-cmn-Fix-event-validation/20250814-010626
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 91325f31afc1026de28665cf1a7b6e157fa4d39d
patch link: https://lore.kernel.org/all/ace3532a8a438a96338bf349a27636d8294c7111.1755096883.git.robin.murphy@arm.com/
patch subject: [PATCH 19/19] perf: Garbage-collect event_init checks
in testcase: perf-sanity-tests
version:
with following parameters:
perf_compiler: clang
group: group-02
config: x86_64-rhel-9.4-bpf
compiler: gcc-12
test machine: 8 threads 1 sockets Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz (Kaby Lake) with 32G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202508190403.33c83ece-lkp@intel.com
[ 307.132412][ T7614] BUG: unable to handle page fault for address: ffffffff8674015c
[ 307.140048][ T7614] #PF: supervisor read access in kernel mode
[ 307.145926][ T7614] #PF: error_code(0x0000) - not-present page
[ 307.151801][ T7614] PGD 819477067 P4D 819477067 PUD 819478063 PMD 1002c3063 PTE 800ffff7e48bf062
[ 307.160663][ T7614] Oops: Oops: 0000 [#1] SMP KASAN PTI
[ 307.165931][ T7614] CPU: 0 UID: 0 PID: 7614 Comm: perf Tainted: G I 6.17.0-rc1-00048-g1ba20479196e #1 PREEMPT(voluntary)
[ 307.178456][ T7614] Tainted: [I]=FIRMWARE_WORKAROUND
[ 307.183459][ T7614] Hardware name: Dell Inc. OptiPlex 7050/062KRH, BIOS 1.2.0 12/22/2016
[ 307.191609][ T7614] RIP: 0010:uncore_pmu_event_init (arch/x86/events/intel/uncore.c:141 arch/x86/events/intel/uncore.c:739) intel_uncore
[ 307.198867][ T7614] Code: c1 4c 63 ab 0c 03 00 00 4a 8d 3c ed a0 3e c8 83 e8 17 de 3a c1 4e 03 24 ed a0 3e c8 83 49 8d bc 24 fc 00 00 00 e8 a2 dc 3a c1 <45> 8b a4 24 fc 00 00 00 44 3b 25 03 3d 35 00 0f 83 5b 04 00 00 48
All code
========
0: c1 4c 63 ab 0c rorl $0xc,-0x55(%rbx,%riz,2)
5: 03 00 add (%rax),%eax
7: 00 4a 8d add %cl,-0x73(%rdx)
a: 3c ed cmp $0xed,%al
c: a0 3e c8 83 e8 17 de movabs 0xc13ade17e883c83e,%al
13: 3a c1
15: 4e 03 24 ed a0 3e c8 add -0x7c37c160(,%r13,8),%r12
1c: 83
1d: 49 8d bc 24 fc 00 00 lea 0xfc(%r12),%rdi
24: 00
25: e8 a2 dc 3a c1 call 0xffffffffc13adccc
2a:* 45 8b a4 24 fc 00 00 mov 0xfc(%r12),%r12d <-- trapping instruction
31: 00
32: 44 3b 25 03 3d 35 00 cmp 0x353d03(%rip),%r12d # 0x353d3c
39: 0f 83 5b 04 00 00 jae 0x49a
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 45 8b a4 24 fc 00 00 mov 0xfc(%r12),%r12d
7: 00
8: 44 3b 25 03 3d 35 00 cmp 0x353d03(%rip),%r12d # 0x353d12
f: 0f 83 5b 04 00 00 jae 0x470
15: 48 rex.W
[ 307.218475][ T7614] RSP: 0018:ffff8881b30ef8d8 EFLAGS: 00010246
[ 307.224450][ T7614] RAX: 0000000000000000 RBX: ffff8881193547b8 RCX: dffffc0000000000
[ 307.232353][ T7614] RDX: 0000000000000007 RSI: ffffffffc05230ae RDI: ffffffff8674015c
[ 307.240255][ T7614] RBP: ffff88810468d000 R08: 0000000000000000 R09: fffffbfff0ae31b4
[ 307.248151][ T7614] R10: ffffffff85718da7 R11: 0000000067e9e64c R12: ffffffff86740060
[ 307.256042][ T7614] R13: ffffffffffffffff R14: ffff888119354890 R15: ffffffff81727da9
[ 307.263933][ T7614] FS: 00007f54bdb88880(0000) GS:ffff8887a24e8000(0000) knlGS:0000000000000000
[ 307.272787][ T7614] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 307.279279][ T7614] CR2: ffffffff8674015c CR3: 00000002e3e06003 CR4: 00000000003726f0
[ 307.287168][ T7614] Call Trace:
[ 307.290337][ T7614] <TASK>
[ 307.293157][ T7614] ? perf_init_event (include/linux/rcupdate.h:331 include/linux/rcupdate.h:841 include/linux/rcupdate.h:1155 kernel/events/core.c:12690)
[ 307.298005][ T7614] perf_try_init_event (kernel/events/core.c:12579)
[ 307.303538][ T7614] ? perf_init_event (include/linux/rcupdate.h:331 include/linux/rcupdate.h:841 include/linux/rcupdate.h:1155 kernel/events/core.c:12690)
[ 307.308370][ T7614] perf_init_event (kernel/events/core.c:12697)
[ 307.313031][ T7614] perf_event_alloc (kernel/events/core.c:12972)
[ 307.317862][ T7614] ? __pfx_perf_event_output_forward (kernel/events/core.c:8496)
[ 307.323919][ T7614] ? __lock_release+0x5d/0x160
[ 307.329194][ T7614] __do_sys_perf_event_open (kernel/events/core.c:13492)
[ 307.334732][ T7614] ? __pfx___do_sys_perf_event_open (kernel/events/core.c:13374)
[ 307.340702][ T7614] ? trace_contention_end (include/trace/events/lock.h:122 (discriminator 21))
[ 307.345808][ T7614] ? lock_acquire (kernel/locking/lockdep.c:470 kernel/locking/lockdep.c:5870 kernel/locking/lockdep.c:5825)
[ 307.350379][ T7614] ? find_held_lock (kernel/locking/lockdep.c:5350)
[ 307.354947][ T7614] ? rcu_is_watching (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/context_tracking.h:128 kernel/rcu/tree.c:751)
[ 307.359623][ T7614] do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)
[ 307.364020][ T7614] ? __do_sys_perf_event_open (include/linux/srcu.h:167 include/linux/srcu.h:375 include/linux/srcu.h:479 kernel/events/core.c:13454)
[ 307.369726][ T7614] ? __lock_release+0x5d/0x160
[ 307.375006][ T7614] ? __do_sys_perf_event_open (include/linux/srcu.h:167 include/linux/srcu.h:375 include/linux/srcu.h:479 kernel/events/core.c:13454)
[ 307.380713][ T7614] ? lock_release (kernel/locking/lockdep.c:470 kernel/locking/lockdep.c:5891)
[ 307.385194][ T7614] ? __srcu_read_unlock (kernel/rcu/srcutree.c:770)
[ 307.390112][ T7614] ? __do_sys_perf_event_open (include/linux/srcu.h:377 include/linux/srcu.h:479 kernel/events/core.c:13454)
[ 307.395823][ T7614] ? __pfx___do_sys_perf_event_open (kernel/events/core.c:13374)
[ 307.401798][ T7614] ? rcu_is_watching (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/context_tracking.h:128 kernel/rcu/tree.c:751)
[ 307.406455][ T7614] ? trace_irq_enable+0xac/0xe0
[ 307.412248][ T7614] ? rcu_is_watching (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/context_tracking.h:128 kernel/rcu/tree.c:751)
[ 307.416904][ T7614] ? trace_irq_enable+0xac/0xe0
[ 307.422698][ T7614] ? rcu_is_watching (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/context_tracking.h:128 kernel/rcu/tree.c:751)
[ 307.427355][ T7614] ? trace_irq_enable+0xac/0xe0
[ 307.433149][ T7614] ? do_syscall_64 (arch/x86/entry/syscall_64.c:113)
[ 307.437808][ T7614] ? handle_mm_fault (include/linux/rcupdate.h:341 include/linux/rcupdate.h:871 include/linux/memcontrol.h:981 include/linux/memcontrol.h:987 mm/memory.c:6229 mm/memory.c:6390)
[ 307.442652][ T7614] ? __lock_release+0x5d/0x160
[ 307.447923][ T7614] ? find_held_lock (kernel/locking/lockdep.c:5350)
[ 307.452491][ T7614] ? rcu_is_watching (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/context_tracking.h:128 kernel/rcu/tree.c:751)
[ 307.457151][ T7614] ? trace_irq_enable+0xac/0xe0
[ 307.462954][ T7614] ? do_syscall_64 (arch/x86/entry/syscall_64.c:113)
[ 307.467631][ T7614] ? lock_release (kernel/locking/lockdep.c:470 kernel/locking/lockdep.c:5891)
[ 307.472122][ T7614] ? do_user_addr_fault (arch/x86/include/asm/atomic.h:93 include/linux/atomic/atomic-arch-fallback.h:949 include/linux/atomic/atomic-instrumented.h:401 include/linux/refcount.h:389 include/linux/refcount.h:432 include/linux/mmap_lock.h:143 include/linux/mmap_lock.h:267 arch/x86/mm/fault.c:1338)
[ 307.477225][ T7614] ? rcu_is_watching (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/context_tracking.h:128 kernel/rcu/tree.c:751)
[ 307.481892][ T7614] ? trace_irq_enable+0xac/0xe0
[ 307.487692][ T7614] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4351 kernel/locking/lockdep.c:4410)
[ 307.493487][ T7614] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 307.499281][ T7614] RIP: 0033:0x7f54c9b4d719
[ 307.503585][ T7614] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 06 0d 00 f7 d8 64 89 01 48
All code
========
0: 08 89 e8 5b 5d c3 or %cl,-0x3ca2a418(%rcx)
6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
d: 00 00 00
10: 90 nop
11: 48 89 f8 mov %rdi,%rax
14: 48 89 f7 mov %rsi,%rdi
17: 48 89 d6 mov %rdx,%rsi
1a: 48 89 ca mov %rcx,%rdx
1d: 4d 89 c2 mov %r8,%r10
20: 4d 89 c8 mov %r9,%r8
23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 ret
33: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06f1
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 ret
9: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06c7
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250819/202508190403.33c83ece-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists