[linus:master] [perf] 382c27f4ed: WARNING:at_kernel/events/core.c:#perf_event_validate_size

From: kernel test robot
Date: Tue Dec 12 2023 - 09:20:04 EST

Next message: Google: "Re: [PATCH v2] ring-buffer: Never use absolute timestamp for first event"
Previous message: Binbin Wu: "Re: [PATCH v17 020/116] KVM: TDX: create/destroy VM structure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

we reported
"[tip:perf/urgent] [perf] 382c27f4ed: WARNING:at_kernel/events/core.c:#__do_sys_perf_event_open"
in
https://lore.kernel.org/all/202312052248.1270bdba-oliver.sang@xxxxxxxxx/
when this commit is
commit: 382c27f4ed28f803b1f1473ac2d8db0afc795a1b ("perf: Fix perf_event_validate_size()")
https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git perf/urgent

now we noticed it is merged into mainline, and observed below issue FYI.

kernel test robot noticed "WARNING:at_kernel/events/core.c:#perf_event_validate_size" on:

commit: 382c27f4ed28f803b1f1473ac2d8db0afc795a1b ("perf: Fix perf_event_validate_size()")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

[test failed on linus/master 26aff849438cebcd05f1a647390c4aa700d5c0f1]
[test failed on linux-next/master abb240f7a2bd14567ab53e602db562bb683391e6]

in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:

runtime: 300s
group: group-00
nr_groups: 5

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/

compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)

+-----------------------------------------------------------+----------+------------+
| | v6.7-rc3 | 382c27f4ed |
+-----------------------------------------------------------+----------+------------+
| WARNING:at_kernel/events/core.c:#perf_event_validate_size | 0 | 12 |
| RIP:perf_event_validate_size | 0 | 12 |
+-----------------------------------------------------------+----------+------------+

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202312122135.dcf51112-oliver.sang@xxxxxxxxx

[ 180.010094][ T3401] ------------[ cut here ]------------
[ 180.010717][ T3401] WARNING: CPU: 0 PID: 3401 at kernel/events/core.c:1950 perf_event_validate_size (kernel/events/core.c:1950 (discriminator 31))
[ 180.011699][ T3401] Modules linked in: floppy evbug qemu_fw_cfg fuse
[ 180.012385][ T3401] CPU: 0 PID: 3401 Comm: trinity-main Not tainted 6.7.0-rc3-00001-g382c27f4ed28 #1 934d94ae775b173a8bcc12c6e74f54b31bec9e32
[ 180.013690][ T3401] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 180.014751][ T3401] RIP: 0010:perf_event_validate_size (kernel/events/core.c:1950 (discriminator 31))
[ 180.015371][ T3401] Code: e8 1a cd 73 02 31 f6 48 c7 c7 50 ac 16 86 83 f8 01 89 c3 40 0f 95 c6 31 c9 31 d2 e8 bf e8 f6 ff 83 fb 01 0f 84 83 fe ff ff 90 <0f> 0b 90 be 01 00 00 00 e9 77 fe ff ff 4c 89 f7 e8 60 b2 1d 00 e9
All code
========
0: e8 1a cd 73 02 call 0x273cd1f
5: 31 f6 xor %esi,%esi
7: 48 c7 c7 50 ac 16 86 mov $0xffffffff8616ac50,%rdi
e: 83 f8 01 cmp $0x1,%eax
11: 89 c3 mov %eax,%ebx
13: 40 0f 95 c6 setne %sil
17: 31 c9 xor %ecx,%ecx
19: 31 d2 xor %edx,%edx
1b: e8 bf e8 f6 ff call 0xfffffffffff6e8df
20: 83 fb 01 cmp $0x1,%ebx
23: 0f 84 83 fe ff ff je 0xfffffffffffffeac
29: 90 nop
2a:* 0f 0b ud2 <-- trapping instruction
2c: 90 nop
2d: be 01 00 00 00 mov $0x1,%esi
32: e9 77 fe ff ff jmp 0xfffffffffffffeae
37: 4c 89 f7 mov %r14,%rdi
3a: e8 60 b2 1d 00 call 0x1db29f
3f: e9 .byte 0xe9

Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 90 nop
3: be 01 00 00 00 mov $0x1,%esi
8: e9 77 fe ff ff jmp 0xfffffffffffffe84
d: 4c 89 f7 mov %r14,%rdi
10: e8 60 b2 1d 00 call 0x1db275
15: e9 .byte 0xe9
[ 180.017292][ T3401] RSP: 0018:ffffc90002abfd10 EFLAGS: 00010297
[ 180.017871][ T3401] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 180.018648][ T3401] RDX: 1ffffffff0c2d58e RSI: 0000000000000001 RDI: ffffffff8616ac70
[ 180.019419][ T3401] RBP: ffffc90002abfd30 R08: 0000000000000001 R09: fffffbfff0dffeff
[ 180.020209][ T3401] R10: ffffffff86fff7ff R11: ffff8881563f88e2 R12: ffff888157f3b040
[ 180.020959][ T3401] R13: 0000000000000001 R14: ffff888157f3b0c0 R15: fffffffffffffff9
[ 180.021788][ T3401] FS: 0000000000000000(0000) GS:ffffffff852df000(0063) knlGS:00000000f7edb280
[ 180.022713][ T3401] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 180.023413][ T3401] CR2: 0000000057cff06c CR3: 000000015654e000 CR4: 00000000000406f0
[ 180.024212][ T3401] Call Trace:
[ 180.024558][ T3401] <TASK>
[ 180.024869][ T3401] ? show_regs (arch/x86/kernel/dumpstack.c:479)
[ 180.025372][ T3401] ? __warn (kernel/panic.c:677)
[ 180.025795][ T3401] ? perf_event_validate_size (kernel/events/core.c:1950 (discriminator 31))
[ 180.026407][ T3401] ? report_bug (lib/bug.c:180 lib/bug.c:219)
[ 180.026866][ T3401] ? handle_bug (arch/x86/kernel/traps.c:237)
[ 180.027322][ T3401] ? exc_invalid_op (arch/x86/kernel/traps.c:258 (discriminator 1))
[ 180.027797][ T3401] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:568)
[ 180.028342][ T3401] ? perf_event_validate_size (kernel/events/core.c:1950 (discriminator 31))
[ 180.028931][ T3401] __do_sys_perf_event_open (kernel/events/core.c:12655)
[ 180.029576][ T3401] ? __pfx___do_sys_perf_event_open (kernel/events/core.c:12391)
[ 180.030215][ T3401] ? __lock_release+0x10a/0x580
[ 180.030741][ T3401] ? __ct_user_exit (kernel/context_tracking.c:623)
[ 180.031295][ T3401] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4567)
[ 180.031960][ T3401] ? syscall_enter_from_user_mode_prepare (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:122)
[ 180.032669][ T3401] __ia32_sys_perf_event_open (kernel/events/core.c:12388)
[ 180.033281][ T3401] __do_fast_syscall_32 (arch/x86/entry/common.c:164 arch/x86/entry/common.c:230)
[ 180.033807][ T3401] do_fast_syscall_32 (arch/x86/entry/common.c:255)
[ 180.034360][ T3401] do_SYSENTER_32 (arch/x86/entry/common.c:294)
[ 180.034816][ T3401] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:121)
[ 180.035486][ T3401] RIP: 0023:0xf7ee0589
[ 180.035922][ T3401] Code: 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
All code
========
0: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20:* 00 51 52 add %dl,0x52(%rcx) <-- trapping instruction
23: 55 push %rbp
24: 89 e5 mov %esp,%ebp
26: 0f 34 sysenter
28: cd 80 int $0x80
2a: 5d pop %rbp
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 90 nop
33: 90 nop
34: 90 nop
35: 90 nop
36: 90 nop
37: 90 nop
38: 90 nop
39: 90 nop
3a: 90 nop
3b: 90 nop
3c: 90 nop
3d: 90 nop
3e: 90 nop
3f: 90 nop

Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 90 nop
9: 90 nop
a: 90 nop
b: 90 nop
c: 90 nop
d: 90 nop
e: 90 nop
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 90 nop

The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20231212/202312122135.dcf51112-oliver.sang@xxxxxxxxx

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Next message: Google: "Re: [PATCH v2] ring-buffer: Never use absolute timestamp for first event"
Previous message: Binbin Wu: "Re: [PATCH v17 020/116] KVM: TDX: create/destroy VM structure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]