perf: fuzzer triggered warning in intel_pmu_drain_pebs_nhm()

From: Vince Weaver
Date: Thu Jul 02 2015 - 11:12:43 EST



So sad to say the lack of fuzzer reports was because I was out of town for
a bit, not due to the kernel suddenly getting amazingly better.

In any case I am running against current git and getting a lot of
warnings, but most of them seem to be old ones. This following one looks
new though.

This is current linus-git on a Haswell machine with peterz's patch to fix
the aux buffer spinlock recursion (I can still crash the kernel if that
patch is not applied).

It corresponds to:

WARN_ON_ONCE(!event->attr.precise_ip);

[ 584.352324] WARNING: CPU: 2 PID: 18924 at arch/x86/kernel/cpu/perf_event_intel_ds.c:1198 intel_pmu_drain_pebs_nhm+0x283/0x2e0()
[ 584.364649] Modules linked in: fuse x86_pkg_temp_thermal intel_powerclamp intel_rapl iosf_mbi coretemp kvm_intel kvm snd_hda_codec_hdmi crct10dif_pclmul crc32_pclmul ghash_clmulni_intel hmac drbg i915 ansi_cprng snd_hda_codec_realtek snd_hda_codec_generic iTCO_wdt ppdev snd_hda_intel snd_hda_codec aesni_intel aes_x86_64 snd_hda_core lrw evdev snd_hwdep drm_kms_helper drm psmouse iTCO_vendor_support snd_pcm gf128mul glue_helper ablk_helper serio_raw pcspkr cryptd snd_timer i2c_i801 processor battery video snd mei_me parport_pc i2c_algo_bit button soundcore lpc_ich mfd_core tpm_tis mei parport tpm wmi sg sr_mod sd_mod cdrom ehci_pci ehci_hcd ahci libahci libata xhci_pci xhci_hcd e1000e ptp usbcore crc32c_intel fan scsi_mod pps_core usb_common thermal thermal_sys
[ 584.440755] CPU: 2 PID: 18924 Comm: perf_fuzzer Tainted: G W 4.1.0+ #160
[ 584.449736] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014
[ 584.458241] ffffffff81a100e0 ffff8800cd793898 ffffffff8169e763 0000000000000000
[ 584.466868] 0000000000000000 ffff8800cd7938d8 ffffffff8106ecba ffffffff810b7806
[ 584.475466] 0000000000000000 0000000000000001 ffff88011ea8bd80 ffff8801190400c0
[ 584.484101] Call Trace:
[ 584.487287] [<ffffffff8169e763>] dump_stack+0x45/0x57
[ 584.493360] [<ffffffff8106ecba>] warn_slowpath_common+0x8a/0xc0
[ 584.500393] [<ffffffff810b7806>] ? __lock_acquire.isra.31+0x3a6/0xf90
[ 584.507953] [<ffffffff8106edaa>] warn_slowpath_null+0x1a/0x20
[ 584.514770] [<ffffffff8102f783>] intel_pmu_drain_pebs_nhm+0x283/0x2e0
[ 584.522287] [<ffffffff8102ec48>] intel_pmu_drain_pebs_buffer+0x18/0x20
[ 584.529870] [<ffffffff8115bb9b>] ? ___perf_sw_event+0x13b/0x170
[ 584.536856] [<ffffffff811569e8>] ? perf_pmu_sched_task+0xa8/0x140
[ 584.543978] [<ffffffff810303c1>] ? intel_pmu_pebs_disable_all+0x31/0x40
[ 584.551590] [<ffffffff81030a49>] ? __intel_pmu_disable_all+0x49/0x70
[ 584.559021] [<ffffffff81030064>] intel_pmu_pebs_sched_task+0x14/0x20
[ 584.566387] [<ffffffff8103070d>] intel_pmu_sched_task+0x3d/0x40
[ 584.573311] [<ffffffff81028646>] x86_pmu_sched_task+0x16/0x20
[ 584.580002] [<ffffffff81156a01>] perf_pmu_sched_task+0xc1/0x140
[ 584.586954] [<ffffffff8115695e>] ? perf_pmu_sched_task+0x1e/0x140
[ 584.594023] [<ffffffff81158596>] __perf_event_task_sched_out+0x66/0x4c0
[ 584.601657] [<ffffffff810b641d>] ? __lock_is_held+0x4d/0x70
[ 584.608184] [<ffffffff816a0a07>] __schedule+0x427/0xa50
[ 584.614334] [<ffffffff816a1067>] schedule+0x37/0x80
[ 584.620114] [<ffffffff816a502c>] schedule_timeout+0x1bc/0x250
[ 584.626829] [<ffffffff816a2228>] ? wait_for_completion+0x28/0x100
[ 584.633877] [<ffffffff816a22be>] ? wait_for_completion+0xbe/0x100
[ 584.640955] [<ffffffff816a22c6>] wait_for_completion+0xc6/0x100
[ 584.647842] [<ffffffff81098cb0>] ? wake_up_q+0x70/0x70
[ 584.653888] [<ffffffff810d63c0>] ? call_rcu_bh+0x20/0x20
[ 584.660135] [<ffffffff810d2fcd>] wait_rcu_gp+0x5d/0x80
[ 584.666191] [<ffffffff810d2f10>] ? trace_raw_output_rcu_utilization+0x60/0x60
[ 584.674389] [<ffffffff81152156>] ? perf_unpin_context+0x16/0x30
[ 584.681272] [<ffffffff810d52eb>] synchronize_sched+0x3b/0x50
[ 584.687867] [<ffffffff8113d998>] perf_trace_event_unreg.isra.1+0x38/0x90
[ 584.695620] [<ffffffff8113dcec>] perf_trace_destroy+0x3c/0x50
[ 584.702349] [<ffffffff81152d79>] tp_perf_event_destroy+0x9/0x10
[ 584.709207] [<ffffffff81158ed1>] _free_event+0xc1/0x250
[ 584.715306] [<ffffffff811591ff>] free_event+0x1f/0x50
[ 584.721224] [<ffffffff8115c8e0>] SYSC_perf_event_open+0x400/0xd40
[ 584.728289] [<ffffffff8105f89b>] ? __do_page_fault+0x1ab/0x3f0
[ 584.735056] [<ffffffff8115d699>] SyS_perf_event_open+0x9/0x10
[ 584.741649] [<ffffffff816a64b2>] entry_SYSCALL_64_fastpath+0x16/0x7a
[ 584.748915] ---[ end trace e3d880444bf5705b ]---

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/