From: Jiri Olsa <jolsa@redhat.com>
To: Vince Weaver <vincent.weaver@maine.edu>
Cc: linux-kernel@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Namhyung Kim <namhyung@kernel.org>,
Andi Kleen <andi@firstfloor.org>
Subject: Re: perf: perf_fuzzer triggers GPF in perf_prepare_sample
Date: Thu, 6 Dec 2018 16:44:25 +0100 [thread overview]
Message-ID: <20181206154425.GA21381@krava> (raw)
In-Reply-To: <alpine.DEB.2.21.1812061033180.2368@macbook-air>
On Thu, Dec 06, 2018 at 10:35:28AM -0500, Vince Weaver wrote:
> On Wed, 5 Dec 2018, Jiri Olsa wrote:
>
> > On Wed, Dec 05, 2018 at 12:11:19PM -0500, Vince Weaver wrote:
> > > On Wed, 5 Dec 2018, Jiri Olsa wrote:
> > >
> > > > On Wed, Dec 05, 2018 at 01:45:38PM +0100, Jiri Olsa wrote:
> > > > > On Tue, Dec 04, 2018 at 10:54:55AM -0500, Vince Weaver wrote:
> > > > > > Hello,
> > > > > >
> > > > > > I was able to trigger another oops with the perf_fuzzer with current git.
> > > > > >
> > > > > > This is 4.20-rc5 after the fix for the very similar oops I previously
> > > > > > reported got committed.
> > > > > >
> > > > > > It seems to be pointing to the same location in the source as
> > > > > > before, I guess maybe triggered a different way?
> > > > >
> > > > > nice.. yep, looks the same
> > > > >
> > > > > >
> > > > > > Unfortunately this crash is not easily reproducible like the last one was.
> > > > >
> > > > > will check
> > > >
> > > > what model are hitting this on?
> > >
> > > Haswell. 6/60/3.
> > >
> > > While I can't deterministically trigger this, the fuzzer usually hits it
> > > within an hour or two. Is there any debug or printk messages I can
> > > add that would help figure out what's going on?
> >
> > I can't see how we could end up with that config other than
> > some corruption.. the only way I see could be that we touch
> > cpu->events array without checking its active_mask bit
> >
> > but that does not explain why the crash happened in the same
> > place as before
>
> Maybe it is a corruption issue. I had applied my own debug patch that
> would dump some info if data->callchain was NULL.
>
> But my debug code didn't trigger this time because it looks like
> data->callchain was "1" rather than "0".
>
> [27764.840179] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
> [27764.840179] PGD 0 P4D 0
> [27764.840180] Oops: 0000 [#1] SMP PTI
> [27764.840180] CPU: 1 PID: 18687 Comm: perf_fuzzer Tainted: G W 4.20.0-rc5+ #125
> [27764.840180] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014
actually, you could try that patch from my previous email?
thanks,
jirka
next prev parent reply other threads:[~2018-12-06 15:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-04 15:54 perf: perf_fuzzer triggers GPF in perf_prepare_sample Vince Weaver
2018-12-05 12:45 ` Jiri Olsa
2018-12-05 16:38 ` Jiri Olsa
2018-12-05 17:11 ` Vince Weaver
2018-12-05 18:33 ` Jiri Olsa
2018-12-06 15:35 ` Vince Weaver
2018-12-06 15:44 ` Jiri Olsa [this message]
2018-12-09 2:08 ` Vince Weaver
2018-12-09 11:55 ` Jiri Olsa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181206154425.GA21381@krava \
--to=jolsa@redhat.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=andi@firstfloor.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=vincent.weaver@maine.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.