Re: perf: fuzzer KASAN unwind_get_return_address

[Vince Weaver]

On Wed, 16 Nov 2016, Peter Zijlstra wrote:

> On Wed, Nov 16, 2016 at 08:37:46AM -0600, Josh Poimboeuf wrote:
> > On Wed, Nov 16, 2016 at 02:03:37PM +0100, Peter Zijlstra wrote:
> > > On Tue, Nov 15, 2016 at 02:57:48PM -0600, Josh Poimboeuf wrote:
> > > > Would you mind posting a disassembly of unwind_get_return_address()?
> > > > Any idea how recreatable it is?  (In particular I'd be interested in
> > > > seeing this dump with the latest unwinder improvements in the -tip tree,
> > > > which dump the pt_regs associated with an interrupt.)
> > > 
> > > Fairly reproducable it seems, doesn't seem to include pt_regs dumps
> > > though :/
> > > 
> > > tip/master as of this morning.
> > 
> > Thanks.  This is actually a different issue than the one reported by
> > Vince.  In this case FRAME_POINTER is disabled, so it uses the "guess"
> > unwinder which scans every address on the stack, looking for text
> > addresses.  So the kasan errors are expected.
> > 
> > (The missing pt_regs are also expected: the guess unwinder doesn't show
> > them.)
> > 
> > I'll work up a patch to fix this.  I still have no idea what's causing
> > Vince's bug in the frame pointer unwinder.
> 
> Hurm,.. by the number of '?' entries in Vince's backtrace I was assuming
> it was without frame pointers.
> 
> Let me enable those and run again, it didn't insta-trigger like it does
> without.

Yes, that machine does have frame pointers enabled.

Sorry for the delay responding, the machine crashed right after I had left 
last night and so I wasn't able to take a look at what was going on until 
right now.

It triggers fairly quickly on the Haswell machine but not my other 
machines (although they possibly don't have quite as many debug options 
turned on).

Vince