perf: fuzzer causes crash in snb_uncore_imc_event_start

From: Vince Weaver
Date: Fri Feb 13 2015 - 11:20:29 EST

Next message: Philipp Zabel: "Re: [PATCH 12/14] ARM: dts: Introduce STM32F429 MCU"
Previous message: Miroslav Benes: "Re: [RFC PATCH 8/9] livepatch: allow patch modules to be removed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

With current git on a Haswell machine the perf_fuzzer kicks up this
almost instantly and crashes the machine.

[ 54.874716] BUG: unable to handle kernel paging request at 0000000000005050
[ 54.882199] IP: [<ffffffff81035be4>] snb_uncore_imc_event_start+0x54/0xb0
[ 54.889515] PGD 0
[ 54.891697] Oops: 0000 [#1] SMP
[ 54.895209] Modules linked in: fuse x86_pkg_temp_thermal intel_powerclamp intel_rapl iosf_mbi coretemp kvm snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic snd_hda_intel crct10dif_pclmul snd_hda_controller crc32_pclmul snd_hda_codec ghash_clmulni_intel snd_hwdep aesni_intel snd_pcm aes_x86_64 lrw i915 drm_kms_helper gf128mul psmouse ppdev drm iTCO_wdt snd_timer glue_helper iTCO_vendor_support evdev serio_raw ablk_helper tpm_tis snd mei_me lpc_ich soundcore xhci_pci xhci_hcd cryptd i2c_algo_bit pcspkr mei tpm parport_pc parport mfd_core processor video battery i2c_i801 button wmi sg sr_mod sd_mod cdrom e1000e ahci libahci libata ehci_pci ptp ehci_hcd crc32c_intel scsi_mod usbcore usb_common pps_core thermal fan thermal_sys
[ 54.966637] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.19.0+ #127
[ 54.973262] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014
[ 54.981200] task: ffffffff81c1a580 ti: ffffffff81c00000 task.ti: ffffffff81c00000
[ 54.989225] RIP: 0010:[<ffffffff81035be4>] [<ffffffff81035be4>] snb_uncore_imc_event_start+0x54/0xb0
[ 54.999143] RSP: 0018:ffff88011ea03df8 EFLAGS: 00010092
[ 55.004849] RAX: 0000000000005050 RBX: ffff880118f14800 RCX: 0000000000000001
[ 55.012487] RDX: 0000000000000000 RSI: ffff8800d0459f88 RDI: ffff880118f14850
[ 55.020156] RBP: ffff88011ea03e08 R08: ffff8800d0459f88 R09: 0000000000000000
[ 55.027810] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8800d0459e00
[ 55.035439] R13: 0000000000000001 R14: ffffe8ffffc03ea8 R15: 0000000cc6c98879
[ 55.043085] FS: 0000000000000000(0000) GS:ffff88011ea00000(0000) knlGS:0000000000000000
[ 55.051777] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.057954] CR2: 0000000000005050 CR3: 0000000001c13000 CR4: 00000000001407f0
[ 55.065619] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 55.073329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
[ 55.080993] Stack:
[ 55.083142] ffff8800d0459e00 ffff880118f14800 ffff88011ea03e38 ffffffff81035c87
[ 55.091149] ffff88011ea03e38 ffff880118f14800 ffffe8ffffc040f0 ffffe8ffffc040f4
[ 55.099189] ffff88011ea03e78 ffffffff8115ab26 0000000000000000 ffffe8ffffc03ea8
[ 55.107199] Call Trace:
[ 55.109825] <IRQ>
[ 55.111893] [<ffffffff81035c87>] snb_uncore_imc_event_add+0x47/0x60
[ 55.118941] [<ffffffff8115ab26>] event_sched_in.isra.73+0xa6/0x310
[ 55.125663] [<ffffffff8115adff>] group_sched_in+0x6f/0x1e0
[ 55.131670] [<ffffffff8101db0a>] ? native_sched_clock+0x2a/0x90
[ 55.138119] [<ffffffff8115b65c>] __perf_event_enable+0x25c/0x2a0
[ 55.144633] [<ffffffff810eba89>] ? tick_nohz_irq_exit+0x29/0x30
[ 55.151115] [<ffffffff81156150>] remote_function+0x50/0x60
[ 55.157098] [<ffffffff810f0c72>] flush_smp_call_function_queue+0x62/0x140
[ 55.164478] [<ffffffff8108f045>] ? __atomic_notifier_call_chain+0x5/0x90
[ 55.171773] [<ffffffff810f1293>] generic_smp_call_function_single_interrupt+0x13/0x60
[ 55.180243] [<ffffffff810472d7>] smp_call_function_single_interrupt+0x27/0x40
[ 55.187968] [<ffffffff816c943d>] call_function_single_interrupt+0x6d/0x80
[ 55.195308] <EOI>
[ 55.197382] [<ffffffff810b7ed4>] ? lock_release+0xf4/0x260
[ 55.203588] [<ffffffff8108f0b7>] __atomic_notifier_call_chain+0x77/0x90
[ 55.210776] [<ffffffff8108f045>] ? __atomic_notifier_call_chain+0x5/0x90
[ 55.218052] [<ffffffff810d3833>] ? rcu_eqs_exit_common.isra.46+0x33/0x110
[ 55.225430] [<ffffffff8108f0e6>] atomic_notifier_call_chain+0x16/0x20
[ 55.232402] [<ffffffff8101f47f>] arch_cpu_idle_exit+0x2f/0x40
[ 55.238661] [<ffffffff810af5b8>] cpu_startup_entry+0x138/0x3b0
[ 55.245000] [<ffffffff816b4666>] rest_init+0xb6/0xc0
[ 55.250418] [<ffffffff81d20f7e>] start_kernel+0x450/0x45d
[ 55.256295] [<ffffffff81d20120>] ? early_idt_handlers+0x120/0x120
[ 55.262940] [<ffffffff81d204d7>] x86_64_start_reservations+0x2a/0x2c
[ 55.269848] [<ffffffff81d2061c>] x86_64_start_kernel+0x143/0x152
[ 55.276358] Code: 04 01 48 8d 90 88 01 00 00 48 8b b0 90 01 00 00 48 8d 7b 50 49 89 c4 e8 7b 29 3e 00 49 8b 94 24 98 01 00 00 48 8b 83 48 01 00 00 <8b> 04 02 48 89 83 a0 01 00 00 41 83 7c 24 04 01 74 0a 5b 41 5c
[ 55.297918] RIP [<ffffffff81035be4>] snb_uncore_imc_event_start+0x54/0xb0
[ 55.305308] RSP <ffff88011ea03df8>
[ 55.309770] CR2: 0000000000005050
[ 55.314059] ---[ end trace 3a10e6df5e1c4c87 ]---
[ 55.319696] Kernel panic - not syncing: Fatal exception in interrupt
[ 55.327245] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff)
[ 55.338941] drm_kms_helper: panic occurred, switching back to text console
[ 55.347079] ---[ end Kernel panic - not syncing: Fatal exception in interrupt

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Philipp Zabel: "Re: [PATCH 12/14] ARM: dts: Introduce STM32F429 MCU"
Previous message: Miroslav Benes: "Re: [RFC PATCH 8/9] livepatch: allow patch modules to be removed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]