From: Borislav Petkov <bp@alien8.de>
To: Frederic Weisbecker <frederic@kernel.org>
Cc: Dmitry Vyukov <dvyukov@google.com>,
syzbot <syzbot+370a6b0f11867bf13515@syzkaller.appspotmail.com>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
"H. Peter Anvin" <hpa@zytor.com>,
LKML <linux-kernel@vger.kernel.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
Thomas Gleixner <tglx@linutronix.de>,
the arch/x86 maintainers <x86@kernel.org>
Subject: Re: WARNING in arch_install_hw_breakpoint
Date: Wed, 27 Mar 2019 18:48:41 +0100 [thread overview]
Message-ID: <20190327174841.GI32571@zn.tnic> (raw)
In-Reply-To: <20190327151725.GH32571@zn.tnic>
On Wed, Mar 27, 2019 at 04:17:25PM +0100, Borislav Petkov wrote:
> On Wed, Mar 27, 2019 at 02:45:24PM +0100, Dmitry Vyukov wrote:
> > And run this program:
> > https://syzkaller.appspot.com/text?tag=ReproC&x=15439f27200000
>
> Yap, that worked in my guest, after segfaulting a lot first:
>
> [ 101.600512][ T7333] Code: Bad RIP value.
> [ 101.606103][ T7337] repro[7337]: segfault at 155555585 ip 0000000155555585 sp 00007ffff7fdaf10 error 14 in repro[555555554000+1000]
> [ 101.606248][ T7338] repro[7338]: segfault at 25555554e ip 000000025555554e sp 00007ffff7fdaf10 error 14 in repro[555555554000+1000]
> [ 101.608498][ T7337] Code: Bad RIP value.
> [ 101.610442][ T7338] Code: Bad RIP value.
> [ 101.611417][ T7341] repro[7341]: segfault at 0 ip 0000000000000000 sp 00000000200002c8 error 14
> [ 101.613342][ T7341] Code: Bad RIP value.
> [ 101.613798][ T7345] repro[7345]: segfault at 0 ip 0000000000000000 sp 00000000200002c8 error 14
> [ 101.614292][ T7342] repro[7342]: segfault at 45555554e ip 000000045555554e sp 00007ffff7f98f10 error 14 in repro[555555554000+1000]
> [ 101.615809][ T7345] Code: Bad RIP value.
> [ 101.616777][ T7348] repro[7348]: segfault at 155555585 ip 0000000155555585 sp 00007ffff7fdaf10 error 14 in repro[555555554000+1000]
> [ 101.616802][ T7348] Code: Bad RIP value.
> [ 101.617733][ T7342] Code: Bad RIP value.
> [ 105.321676][T11024] ------------[ cut here ]------------
> [ 105.324183][T11024] Can't find any breakpoint slot
> [ 105.324229][T11024] WARNING: CPU: 0 PID: 11024 at arch/x86/kernel/hw_breakpoint.c:121 arch_install_hw_breakpoint+0x2d1/0x3a0
Ok, after adding some debug output, it looks like this (newlines mine):
[ 200.921625][ T8029] repro-8029 0d..4 200923254us : arch_install_hw_breakpoint: i: 0, slot: ffff888069668080
[ 200.922507][ T8029] repro-8029 0d..4 200923257us : arch_install_hw_breakpoint: i: 0, slot: ffff888069668080
[ 200.923397][ T8029] repro-8029 0d..4 200923259us : arch_install_hw_breakpoint: i: 1, slot: ffff888060200d40
[ 200.924294][ T8029] repro-8029 0d..4 200923262us : arch_install_hw_breakpoint: i: 0, slot: ffff888069668080
[ 200.925175][ T8029] repro-8029 0d..4 200923264us : arch_install_hw_breakpoint: i: 1, slot: ffff888060200d40
[ 200.926054][ T8029] repro-8029 0d..4 200923266us : arch_install_hw_breakpoint: i: 2, slot: ffff8880602004c0
[ 200.926933][ T8029] repro-8029 0d..4 200923270us : arch_install_hw_breakpoint: i: 0, slot: ffff888069668080
[ 200.927816][ T8029] repro-8029 0d..4 200923271us : arch_install_hw_breakpoint: i: 1, slot: ffff888060200d40
[ 200.928695][ T8029] repro-8029 0d..4 200923273us : arch_install_hw_breakpoint: i: 2, slot: ffff8880602004c0
[ 200.929573][ T8029] repro-8029 0d..4 200923275us : arch_install_hw_breakpoint: i: 3, slot: ffff88806991ed00
which basically shows how this thread adds 4 breakpoints and hits the
warn on on the 5th.
Now, that code I've seen only once or twice so I don't have a very smart
guess but it looks to me like arch_install_hw_breakpoint() or something
scheduling the events above that, should check HBP_NUM and not schedule
more than 4 hw breakpoints. Or..?
Frederic, I know you know this code... :-)
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
next prev parent reply other threads:[~2019-03-27 17:48 UTC|newest]
Thread overview: 233+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-24 6:22 WARNING in arch_install_hw_breakpoint syzbot
2019-03-24 6:23 ` syzbot
2019-03-24 6:24 ` syzbot
2019-03-24 6:25 ` syzbot
2019-03-24 6:26 ` syzbot
2019-03-24 6:27 ` syzbot
2019-03-24 6:28 ` syzbot
2019-03-24 6:29 ` syzbot
2019-03-24 6:30 ` syzbot
2019-03-24 6:31 ` syzbot
2019-03-24 6:32 ` syzbot
2019-03-24 6:33 ` syzbot
2019-03-24 6:34 ` syzbot
2019-03-24 6:35 ` syzbot
2019-03-24 6:36 ` syzbot
2019-03-24 6:37 ` syzbot
2019-03-24 6:38 ` syzbot
2019-03-24 6:39 ` syzbot
2019-03-24 6:40 ` syzbot
2019-03-24 6:41 ` syzbot
2019-03-24 6:42 ` syzbot
2019-03-24 6:43 ` syzbot
2019-03-24 6:44 ` syzbot
2019-03-24 6:45 ` syzbot
2019-03-24 6:46 ` syzbot
2019-03-24 6:47 ` syzbot
2019-03-24 6:48 ` syzbot
2019-03-24 6:49 ` syzbot
2019-03-24 6:50 ` syzbot
2019-03-24 6:51 ` syzbot
2019-03-24 6:52 ` syzbot
2019-03-24 6:53 ` syzbot
2019-03-24 6:54 ` syzbot
2019-03-24 6:55 ` syzbot
2019-03-24 6:56 ` syzbot
2019-03-24 6:57 ` syzbot
2019-03-24 6:58 ` syzbot
2019-03-24 6:59 ` syzbot
2019-03-24 7:00 ` syzbot
2019-03-24 7:01 ` syzbot
2019-03-24 7:02 ` syzbot
2019-03-24 7:03 ` syzbot
2019-03-24 7:04 ` syzbot
2019-03-24 7:05 ` syzbot
2019-03-24 7:06 ` syzbot
2019-03-24 7:07 ` syzbot
2019-03-24 7:08 ` syzbot
2019-03-24 7:09 ` syzbot
2019-03-24 7:10 ` syzbot
2019-03-24 7:11 ` syzbot
2019-03-24 7:12 ` syzbot
2019-03-24 7:13 ` syzbot
2019-03-24 7:14 ` syzbot
2019-03-24 7:15 ` syzbot
2019-03-24 7:16 ` syzbot
2019-03-24 7:17 ` syzbot
2019-03-24 7:18 ` syzbot
2019-03-24 7:19 ` syzbot
2019-03-24 7:20 ` syzbot
2019-03-24 7:21 ` syzbot
2019-03-24 7:22 ` syzbot
2019-03-24 7:23 ` syzbot
2019-03-24 7:24 ` syzbot
2019-03-24 7:25 ` syzbot
2019-03-24 7:26 ` syzbot
2019-03-24 7:27 ` syzbot
2019-03-24 7:28 ` syzbot
2019-03-24 7:29 ` syzbot
2019-03-24 7:30 ` syzbot
2019-03-24 7:31 ` syzbot
2019-03-24 7:32 ` syzbot
2019-03-24 7:33 ` syzbot
2019-03-24 7:34 ` syzbot
2019-03-24 7:35 ` syzbot
2019-03-24 7:36 ` syzbot
2019-03-24 7:37 ` syzbot
2019-03-24 7:38 ` syzbot
2019-03-24 7:39 ` syzbot
2019-03-24 7:40 ` syzbot
2019-03-24 7:41 ` syzbot
2019-03-24 7:42 ` syzbot
2019-03-24 7:43 ` syzbot
2019-03-24 7:44 ` syzbot
2019-03-24 7:45 ` syzbot
2019-03-24 7:46 ` syzbot
2019-03-24 7:47 ` syzbot
2019-03-24 7:48 ` syzbot
2019-03-24 7:49 ` syzbot
2019-03-24 7:50 ` syzbot
2019-03-24 7:51 ` syzbot
2019-03-24 7:52 ` syzbot
2019-03-24 7:53 ` syzbot
2019-03-24 7:54 ` syzbot
2019-03-24 7:55 ` syzbot
2019-03-24 7:56 ` syzbot
2019-03-24 7:57 ` syzbot
2019-03-24 7:58 ` syzbot
2019-03-24 7:59 ` syzbot
2019-03-24 8:00 ` syzbot
2019-03-24 8:01 ` syzbot
2019-03-24 8:02 ` syzbot
2019-03-24 8:03 ` syzbot
2019-03-24 8:04 ` syzbot
2019-03-24 8:05 ` syzbot
2019-03-24 8:06 ` syzbot
2019-03-24 8:07 ` syzbot
2019-03-24 8:08 ` syzbot
2019-03-24 8:09 ` syzbot
2019-03-24 8:10 ` syzbot
2019-03-24 8:11 ` syzbot
2019-03-24 8:12 ` syzbot
2019-03-24 8:13 ` syzbot
2019-03-24 8:14 ` syzbot
2019-03-24 8:15 ` syzbot
2019-03-24 8:16 ` syzbot
2019-03-24 8:17 ` syzbot
2019-03-24 8:18 ` syzbot
2019-03-24 8:19 ` syzbot
2019-03-24 8:20 ` syzbot
2019-03-24 8:21 ` syzbot
2019-03-24 8:22 ` syzbot
2019-03-24 8:23 ` syzbot
2019-03-24 8:24 ` syzbot
2019-03-24 8:25 ` syzbot
2019-03-24 8:26 ` syzbot
2019-03-24 8:27 ` syzbot
2019-03-24 8:28 ` syzbot
2019-03-24 8:29 ` syzbot
2019-03-24 8:30 ` syzbot
2019-03-24 8:31 ` syzbot
2019-03-24 8:32 ` syzbot
2019-03-24 8:33 ` syzbot
2019-03-24 8:34 ` syzbot
2019-03-24 8:35 ` syzbot
2019-03-24 8:36 ` syzbot
2019-03-24 8:37 ` syzbot
2019-03-24 8:38 ` syzbot
2019-03-24 8:39 ` syzbot
2019-03-24 8:40 ` syzbot
2019-03-24 8:41 ` syzbot
2019-03-24 8:42 ` syzbot
2019-03-24 8:43 ` syzbot
2019-03-24 8:44 ` syzbot
2019-03-24 8:45 ` syzbot
2019-03-24 8:46 ` syzbot
2019-03-24 8:47 ` syzbot
2019-03-24 8:48 ` syzbot
2019-03-24 8:49 ` syzbot
2019-03-24 8:50 ` syzbot
2019-03-24 8:51 ` syzbot
2019-03-24 8:52 ` syzbot
2019-03-24 8:53 ` syzbot
2019-03-24 8:54 ` syzbot
2019-03-24 8:55 ` syzbot
2019-03-24 8:56 ` syzbot
2019-03-24 8:57 ` syzbot
2019-03-24 8:58 ` syzbot
2019-03-24 8:59 ` syzbot
2019-03-24 9:00 ` syzbot
2019-03-24 9:01 ` syzbot
2019-03-24 9:02 ` syzbot
2019-03-24 9:03 ` syzbot
2019-03-24 9:04 ` syzbot
2019-03-24 9:05 ` syzbot
2019-03-24 9:06 ` syzbot
2019-03-24 9:07 ` syzbot
2019-03-24 9:07 ` Borislav Petkov
2019-03-24 13:07 ` Dmitry Vyukov
2019-03-24 14:00 ` Borislav Petkov
2019-03-24 9:08 ` syzbot
2019-03-24 9:09 ` syzbot
2019-03-24 9:10 ` syzbot
2019-03-24 9:11 ` syzbot
2019-03-24 9:12 ` syzbot
2019-03-24 9:13 ` syzbot
2019-03-24 9:14 ` syzbot
2019-03-24 9:15 ` syzbot
2019-03-24 9:16 ` syzbot
2019-03-24 9:17 ` syzbot
2019-03-24 9:18 ` syzbot
2019-03-24 9:19 ` syzbot
2019-03-24 9:20 ` syzbot
2019-03-24 9:21 ` syzbot
2019-03-24 9:22 ` syzbot
2019-03-24 9:23 ` syzbot
2019-03-24 9:24 ` syzbot
2019-03-24 9:25 ` syzbot
2019-03-24 9:26 ` syzbot
2019-03-24 9:27 ` syzbot
2019-03-24 9:28 ` syzbot
2019-03-24 9:29 ` syzbot
2019-03-24 9:30 ` syzbot
2019-03-24 9:31 ` syzbot
2019-03-24 9:32 ` syzbot
2019-03-24 9:33 ` syzbot
2019-03-24 9:34 ` syzbot
2019-03-24 9:35 ` syzbot
2019-03-24 9:36 ` syzbot
2019-03-24 9:37 ` syzbot
2019-03-24 9:38 ` syzbot
2019-03-24 9:39 ` syzbot
2019-03-24 9:40 ` syzbot
2019-03-24 9:41 ` syzbot
2019-03-24 9:42 ` syzbot
2019-03-24 9:43 ` syzbot
2019-03-24 9:44 ` syzbot
2019-03-24 9:45 ` syzbot
2019-03-24 9:46 ` syzbot
2019-03-24 9:47 ` syzbot
2019-03-24 9:48 ` syzbot
2019-03-24 9:49 ` syzbot
2019-03-24 9:50 ` syzbot
2019-03-24 9:51 ` syzbot
2019-03-24 9:52 ` syzbot
2019-03-24 9:53 ` syzbot
2019-03-24 9:54 ` syzbot
2019-03-24 9:55 ` syzbot
2019-03-24 9:56 ` syzbot
2019-03-24 9:57 ` syzbot
2019-03-24 9:58 ` syzbot
2019-03-24 9:59 ` syzbot
2019-03-24 10:00 ` syzbot
2019-03-24 10:01 ` syzbot
2019-03-24 10:02 ` syzbot
2019-03-24 10:03 ` syzbot
2019-03-27 13:28 ` Borislav Petkov
2019-03-27 13:45 ` Dmitry Vyukov
2019-03-27 15:17 ` Borislav Petkov
2019-03-27 17:48 ` Borislav Petkov [this message]
2019-03-28 5:27 ` Frederic Weisbecker
2019-12-08 15:33 ` syzbot
2019-12-10 0:10 ` Kees Cook
2019-12-10 9:23 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190327174841.GI32571@zn.tnic \
--to=bp@alien8.de \
--cc=dvyukov@google.com \
--cc=frederic@kernel.org \
--cc=gustavo@embeddedor.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=syzbot+370a6b0f11867bf13515@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.