Re: WARNING: kernel stack frame pointer has bad value (2)

[syzbot]

syzbot has found a reproducer for the following crash on:

HEAD commit:28619527b8a7 Merge git://git.kernel.org/pub/scm/linux/kern..
git tree:   bpf
console output: https://syzkaller.appspot.com/x/log.txt?x=14800f0a40
kernel config:  https://syzkaller.appspot.com/x/.config?x=8f59875069d721b6
dashboard link: https://syzkaller.appspot.com/bug?extid=903cdd6bce9a6eb832a4
compiler:   gcc (GCC) 8.0.1 20180413 (experimental)
syz repro:  https://syzkaller.appspot.com/x/repro.syz?x=16a79cbe40
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=172a3d0140

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+903cdd6bce9a6eb83...@syzkaller.appspotmail.com

d154fefb: 0044a069 (0x44a069)
6f318b9e: 0033 (0x33)
7d449f84: 0246 (0x246)
e7603b48: 7f129ff8fce8 (0x7f129ff8fce8)
187b73f3: 002b (0x2b)
WARNING: kernel stack frame pointer at c37350d4 in  
syz-executor951:10824 has bad value 530130ef

Re: WARNING: kernel stack frame pointer has bad value (2)

[syzbot]

syzbot has found a reproducer for the following crash on:

HEAD commit:28619527b8a7 Merge git://git.kernel.org/pub/scm/linux/kern..
git tree:   bpf
console output: https://syzkaller.appspot.com/x/log.txt?x=14800f0a40
kernel config:  https://syzkaller.appspot.com/x/.config?x=8f59875069d721b6
dashboard link: https://syzkaller.appspot.com/bug?extid=903cdd6bce9a6eb832a4
compiler:   gcc (GCC) 8.0.1 20180413 (experimental)
syz repro:  https://syzkaller.appspot.com/x/repro.syz?x=16a79cbe40
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=172a3d0140

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+903cdd6bce9a6eb83...@syzkaller.appspotmail.com

d154fefb: 0044a069 (0x44a069)
6f318b9e: 0033 (0x33)
7d449f84: 0246 (0x246)
e7603b48: 7f129ff8fce8 (0x7f129ff8fce8)
187b73f3: 002b (0x2b)
WARNING: kernel stack frame pointer at c37350d4 in  
syz-executor951:10824 has bad value 530130ef

Re: WARNING: kernel stack frame pointer has bad value (2)

[syzbot]

syzbot has found a reproducer for the following crash on:

HEAD commit:2ad0d5269970 Merge git://git.kernel.org/pub/scm/linux/kern..
git tree:   net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14f7f36a40
kernel config:  https://syzkaller.appspot.com/x/.config?x=79e695838ce7a210
dashboard link: https://syzkaller.appspot.com/bug?extid=903cdd6bce9a6eb832a4
compiler:   gcc (GCC) 8.0.1 20180413 (experimental)
syz repro:  https://syzkaller.appspot.com/x/repro.syz?x=13c5a07a40

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+903cdd6bce9a6eb83...@syzkaller.appspotmail.com

77534c7d: 8801d3be2188 (0x8801d3be2188)
d99670e0: 8801cf5dbdf0 (0x8801cf5dbdf0)
92c01301: 8801cf5dbd10 (0x8801cf5dbd10)
39ac4013: 86c00d4a (do_softirq_own_stack+0x2a/0x40)
f205f6c7: 8801cf5dbd10 (0x8801cf5dbd10)
WARNING: kernel stack frame pointer at 92c01301 in  
syz-executor0:4993 has bad value 97e4bf07

==
BUG: KASAN: stack-out-of-bounds in schedule_debug kernel/sched/core.c:3283  
[inline]
BUG: KASAN: stack-out-of-bounds in __schedule+0x1a18/0x1ec0  
kernel/sched/core.c:3393

Read of size 8 at addr 8801cf63 by task syz-executor0/4993

CPU: 1 PID: 4993 Comm: syz-executor0 Not tainted 4.18.0+ #190
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011

Call Trace:

The buggy address belongs to the page:
page:ea00073d8c00 count:1 mapcount:-512 mapping:  
index:0x0

flags: 0x2fffc00()
raw: 02fffc00 dead0100 dead0200 
raw:   0001fdff 8801aee52b80
page dumped because: kasan: bad access detected
page->mem_cgroup:8801aee52b80

Memory state around the buggy address:
 8801cf62ff00: f2 f2 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00
 8801cf62ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

8801cf63: f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2

   ^
 8801cf630080: f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00
 8801cf630100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
==

Re: WARNING: kernel stack frame pointer has bad value (2)

[syzbot]

syzbot has found a reproducer for the following crash on:

HEAD commit:2ad0d5269970 Merge git://git.kernel.org/pub/scm/linux/kern..
git tree:   net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14f7f36a40
kernel config:  https://syzkaller.appspot.com/x/.config?x=79e695838ce7a210
dashboard link: https://syzkaller.appspot.com/bug?extid=903cdd6bce9a6eb832a4
compiler:   gcc (GCC) 8.0.1 20180413 (experimental)
syz repro:  https://syzkaller.appspot.com/x/repro.syz?x=13c5a07a40

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+903cdd6bce9a6eb83...@syzkaller.appspotmail.com

77534c7d: 8801d3be2188 (0x8801d3be2188)
d99670e0: 8801cf5dbdf0 (0x8801cf5dbdf0)
92c01301: 8801cf5dbd10 (0x8801cf5dbd10)
39ac4013: 86c00d4a (do_softirq_own_stack+0x2a/0x40)
f205f6c7: 8801cf5dbd10 (0x8801cf5dbd10)
WARNING: kernel stack frame pointer at 92c01301 in  
syz-executor0:4993 has bad value 97e4bf07

==
BUG: KASAN: stack-out-of-bounds in schedule_debug kernel/sched/core.c:3283  
[inline]
BUG: KASAN: stack-out-of-bounds in __schedule+0x1a18/0x1ec0  
kernel/sched/core.c:3393

Read of size 8 at addr 8801cf63 by task syz-executor0/4993

CPU: 1 PID: 4993 Comm: syz-executor0 Not tainted 4.18.0+ #190
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011

Call Trace:

The buggy address belongs to the page:
page:ea00073d8c00 count:1 mapcount:-512 mapping:  
index:0x0

flags: 0x2fffc00()
raw: 02fffc00 dead0100 dead0200 
raw:   0001fdff 8801aee52b80
page dumped because: kasan: bad access detected
page->mem_cgroup:8801aee52b80

Memory state around the buggy address:
 8801cf62ff00: f2 f2 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00
 8801cf62ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

8801cf63: f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2

   ^
 8801cf630080: f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00
 8801cf630100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
==

Re: WARNING: kernel stack frame pointer has bad value (2)

[Dmitry Vyukov]

On Mon, Jul 16, 2018 at 10:20 AM, syzbot
 wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:c31496dbacc2 Merge tag 'for-linus-4.18-rc5-tag' of git://g..
> git tree:   upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=136d770c40
> kernel config:  https://syzkaller.appspot.com/x/.config?x=25856fac4e580aa7
> dashboard link: https://syzkaller.appspot.com/bug?extid=903cdd6bce9a6eb832a4
> compiler:   gcc (GCC) 8.0.1 20180413 (experimental)
>
> Unfortunately, I don't have any reproducer for this crash yet.
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+903cdd6bce9a6eb83...@syzkaller.appspotmail.com

Most likely this is K512_4, +Megha.

> binder: 23389:23392 ERROR: BC_REGISTER_LOOPER called without request
> binder: 23389:23392 unknown command 0
> binder: 23389:23392 ioctl c0306201 2000efd0 returned -22
> WARNING: kernel stack frame pointer at dd2b4720 in
> syz-executor4:23395 has bad value 35266bf0
> unwind stack type:0 next_sp:  (null) mask:0x2 graph_idx:0
> d307878c: 8801b2e26b80 (0x8801b2e26b80)
> a5e29d4b: 812d369d (__save_stack_trace+0x7d/0xf0)
> 8f1ec963:  ...
> 8a1bd6e7: 8801b2e2 (0x8801b2e2)
> f78e715f: 8801b2e28000 (0x8801b2e28000)
> 2616d809:  ...
> 1b7077a7: 0002 (0x2)
> 90fd08e4: 880198f2a680 (0x880198f2a680)
> dbfa684c: 0101 (0x101)
> cb1132ef: 8801b2e27458 (0x8801b2e27458)
> 38c2a725: 8801b2e26af0 (0x8801b2e26af0)
> 1c5817c2: 815f1750 (lock_release+0xa30/0xa30)
> b1a2:  ...
> f34cc57e: 3aee86f4bec70600 (0x3aee86f4bec70600)
> 0db4bbe9: 8a603b58 (lock_classes+0x9b198/0x29fee0)
> 0e769f75: 8a241a68 (stack_trace+0x121148/0x400020)
> 1a5d9de1: 8a603b5c (lock_classes+0x9b19c/0x29fee0)
> c2d035dd: 0008 (0x8)
> caea43e1: 8801b2e26b90 (0x8801b2e26b90)
> 003a0884: 812d372a (save_stack_trace+0x1a/0x20)
> c939fe29: 8801b2e26bd0 (0x8801b2e26bd0)
> 9341d9a0: 815e0c40 (save_trace+0xe0/0x290)
> 7ad3e489: 8801b2e26bb0 (0x8801b2e26bb0)
> b7e4e22a: 1100365c4d81 (0x1100365c4d81)
> de858161: 880198f2afa8 (0x880198f2afa8)
> 07f566a6: 880198f2afc8 (0x880198f2afc8)
> a1ce690d: 0008 (0x8)
> fde86834: 0100 (0x100)
> e05bd15b: 8801b2e26d10 (0x8801b2e26d10)
> 6543447e: 815e8a9a (mark_lock+0x3aa/0x19f0)
> f1019a5a: 88019eaa65d0 (0x88019eaa65d0)
> 29d7302f: 815e2225 (__lock_is_held+0xb5/0x140)
> 91b9d58b: 41b58ab3 (0x41b58ab3)
> 3115be7f: 880198f2a680 (0x880198f2a680)
> cd482fdc: 88010008 (0x88010008)
> 3698fffe: 41b58ab3 (0x41b58ab3)
> 14c51d07: 88bd7c30 (regoff.34024+0x36a210/0x37af60)
> 4e2df20a: 815e86f0 (print_usage_bug+0xc0/0xc0)
> b9144ede: 899f35f0 (offload_base+0x10/0x10)
> 68b70fd3: 8a5689d0 (lock_classes+0x10/0x29fee0)
> 13a2bdb8: 3aee86f4bec70600 (0x3aee86f4bec70600)
> c700383a: 8801afd007c0 (0x8801afd007c0)
> 01840907: 8801afd007c0 (0x8801afd007c0)
> 688cfa2e: 3aee86f4bec70600 (0x3aee86f4bec70600)
> 806e4815: 1100365c4d92 (0x1100365c4d92)
> b7168aa1: 3aee86f4bec70600 (0x3aee86f4bec70600)
> 570f0e0b: dc00 (0xdc00)
> a37e1002: 88f7b480 (root_cpuacct+0x1000/0x1000)
> cc719769: 8801afd00400 (0x8801afd00400)
> c41a2b95: 88019eaa6540 (0x88019eaa6540)
> 120bcfc4: 88019eaa6610 (0x88019eaa6610)
> d4d0f11d: 8801b2e26eb0 (0x8801b2e26eb0)
> ab11c684: 85f898f3 (dev_hard_start_xmit+0x173/0xc30)
> e6f967a7: 88bd7800 (regoff.34024+0x369de0/0x37af60)
> fcd5bcad: 1100365c4d9d (0x1100365c4d9d)
> 229b017a: 8a603a70 (lock_classes+0x9b0b0/0x29fee0)
> fc2b80a1: 1100365c4da1 (0x1100365c4da1)
> 79dc8117: ed00365c4da1 (0xed00365c4da1)
> c809e95c: 88019eaa6728 (0x88019eaa6728)
> 642ece16: 8801b2e26c01 (0x8801b2e26c01)
> 57bd14b1: 817c0c2a
> (__sanitizer_cov_trace_const_cmp1+0x1a/0x20)
> ebaf14e5: 8801c9c2c700 (0x8801c9c2c700)
> aa8fcf82: 3aee86f4bec70600 (0x3aee86f4bec70600)
> 846403c7: 0763 (0x763)
> 84f33fe0: 880198f2afca (0x880198f2afca)
> 7499e1fc: 0007 (0x7)
> ea4ac45c: 880198f2a680 

Re: WARNING: kernel stack frame pointer has bad value (2)

[Dmitry Vyukov]

On Mon, Jul 16, 2018 at 10:20 AM, syzbot
 wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:c31496dbacc2 Merge tag 'for-linus-4.18-rc5-tag' of git://g..
> git tree:   upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=136d770c40
> kernel config:  https://syzkaller.appspot.com/x/.config?x=25856fac4e580aa7
> dashboard link: https://syzkaller.appspot.com/bug?extid=903cdd6bce9a6eb832a4
> compiler:   gcc (GCC) 8.0.1 20180413 (experimental)
>
> Unfortunately, I don't have any reproducer for this crash yet.
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+903cdd6bce9a6eb83...@syzkaller.appspotmail.com

Most likely this is K512_4, +Megha.

> binder: 23389:23392 ERROR: BC_REGISTER_LOOPER called without request
> binder: 23389:23392 unknown command 0
> binder: 23389:23392 ioctl c0306201 2000efd0 returned -22
> WARNING: kernel stack frame pointer at dd2b4720 in
> syz-executor4:23395 has bad value 35266bf0
> unwind stack type:0 next_sp:  (null) mask:0x2 graph_idx:0
> d307878c: 8801b2e26b80 (0x8801b2e26b80)
> a5e29d4b: 812d369d (__save_stack_trace+0x7d/0xf0)
> 8f1ec963:  ...
> 8a1bd6e7: 8801b2e2 (0x8801b2e2)
> f78e715f: 8801b2e28000 (0x8801b2e28000)
> 2616d809:  ...
> 1b7077a7: 0002 (0x2)
> 90fd08e4: 880198f2a680 (0x880198f2a680)
> dbfa684c: 0101 (0x101)
> cb1132ef: 8801b2e27458 (0x8801b2e27458)
> 38c2a725: 8801b2e26af0 (0x8801b2e26af0)
> 1c5817c2: 815f1750 (lock_release+0xa30/0xa30)
> b1a2:  ...
> f34cc57e: 3aee86f4bec70600 (0x3aee86f4bec70600)
> 0db4bbe9: 8a603b58 (lock_classes+0x9b198/0x29fee0)
> 0e769f75: 8a241a68 (stack_trace+0x121148/0x400020)
> 1a5d9de1: 8a603b5c (lock_classes+0x9b19c/0x29fee0)
> c2d035dd: 0008 (0x8)
> caea43e1: 8801b2e26b90 (0x8801b2e26b90)
> 003a0884: 812d372a (save_stack_trace+0x1a/0x20)
> c939fe29: 8801b2e26bd0 (0x8801b2e26bd0)
> 9341d9a0: 815e0c40 (save_trace+0xe0/0x290)
> 7ad3e489: 8801b2e26bb0 (0x8801b2e26bb0)
> b7e4e22a: 1100365c4d81 (0x1100365c4d81)
> de858161: 880198f2afa8 (0x880198f2afa8)
> 07f566a6: 880198f2afc8 (0x880198f2afc8)
> a1ce690d: 0008 (0x8)
> fde86834: 0100 (0x100)
> e05bd15b: 8801b2e26d10 (0x8801b2e26d10)
> 6543447e: 815e8a9a (mark_lock+0x3aa/0x19f0)
> f1019a5a: 88019eaa65d0 (0x88019eaa65d0)
> 29d7302f: 815e2225 (__lock_is_held+0xb5/0x140)
> 91b9d58b: 41b58ab3 (0x41b58ab3)
> 3115be7f: 880198f2a680 (0x880198f2a680)
> cd482fdc: 88010008 (0x88010008)
> 3698fffe: 41b58ab3 (0x41b58ab3)
> 14c51d07: 88bd7c30 (regoff.34024+0x36a210/0x37af60)
> 4e2df20a: 815e86f0 (print_usage_bug+0xc0/0xc0)
> b9144ede: 899f35f0 (offload_base+0x10/0x10)
> 68b70fd3: 8a5689d0 (lock_classes+0x10/0x29fee0)
> 13a2bdb8: 3aee86f4bec70600 (0x3aee86f4bec70600)
> c700383a: 8801afd007c0 (0x8801afd007c0)
> 01840907: 8801afd007c0 (0x8801afd007c0)
> 688cfa2e: 3aee86f4bec70600 (0x3aee86f4bec70600)
> 806e4815: 1100365c4d92 (0x1100365c4d92)
> b7168aa1: 3aee86f4bec70600 (0x3aee86f4bec70600)
> 570f0e0b: dc00 (0xdc00)
> a37e1002: 88f7b480 (root_cpuacct+0x1000/0x1000)
> cc719769: 8801afd00400 (0x8801afd00400)
> c41a2b95: 88019eaa6540 (0x88019eaa6540)
> 120bcfc4: 88019eaa6610 (0x88019eaa6610)
> d4d0f11d: 8801b2e26eb0 (0x8801b2e26eb0)
> ab11c684: 85f898f3 (dev_hard_start_xmit+0x173/0xc30)
> e6f967a7: 88bd7800 (regoff.34024+0x369de0/0x37af60)
> fcd5bcad: 1100365c4d9d (0x1100365c4d9d)
> 229b017a: 8a603a70 (lock_classes+0x9b0b0/0x29fee0)
> fc2b80a1: 1100365c4da1 (0x1100365c4da1)
> 79dc8117: ed00365c4da1 (0xed00365c4da1)
> c809e95c: 88019eaa6728 (0x88019eaa6728)
> 642ece16: 8801b2e26c01 (0x8801b2e26c01)
> 57bd14b1: 817c0c2a
> (__sanitizer_cov_trace_const_cmp1+0x1a/0x20)
> ebaf14e5: 8801c9c2c700 (0x8801c9c2c700)
> aa8fcf82: 3aee86f4bec70600 (0x3aee86f4bec70600)
> 846403c7: 0763 (0x763)
> 84f33fe0: 880198f2afca (0x880198f2afca)
> 7499e1fc: 0007 (0x7)
> ea4ac45c: 880198f2a680 

WARNING: kernel stack frame pointer has bad value (2)

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit:c31496dbacc2 Merge tag 'for-linus-4.18-rc5-tag' of git://g..
git tree:   upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=136d770c40
kernel config:  https://syzkaller.appspot.com/x/.config?x=25856fac4e580aa7
dashboard link: https://syzkaller.appspot.com/bug?extid=903cdd6bce9a6eb832a4
compiler:   gcc (GCC) 8.0.1 20180413 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+903cdd6bce9a6eb83...@syzkaller.appspotmail.com

binder: 23389:23392 ERROR: BC_REGISTER_LOOPER called without request
binder: 23389:23392 unknown command 0
binder: 23389:23392 ioctl c0306201 2000efd0 returned -22
WARNING: kernel stack frame pointer at dd2b4720 in  
syz-executor4:23395 has bad value 35266bf0

unwind stack type:0 next_sp:  (null) mask:0x2 graph_idx:0
d307878c: 8801b2e26b80 (0x8801b2e26b80)
a5e29d4b: 812d369d (__save_stack_trace+0x7d/0xf0)
8f1ec963:  ...
8a1bd6e7: 8801b2e2 (0x8801b2e2)
f78e715f: 8801b2e28000 (0x8801b2e28000)
2616d809:  ...
1b7077a7: 0002 (0x2)
90fd08e4: 880198f2a680 (0x880198f2a680)
dbfa684c: 0101 (0x101)
cb1132ef: 8801b2e27458 (0x8801b2e27458)
38c2a725: 8801b2e26af0 (0x8801b2e26af0)
1c5817c2: 815f1750 (lock_release+0xa30/0xa30)
b1a2:  ...
f34cc57e: 3aee86f4bec70600 (0x3aee86f4bec70600)
0db4bbe9: 8a603b58 (lock_classes+0x9b198/0x29fee0)
0e769f75: 8a241a68 (stack_trace+0x121148/0x400020)
1a5d9de1: 8a603b5c (lock_classes+0x9b19c/0x29fee0)
c2d035dd: 0008 (0x8)
caea43e1: 8801b2e26b90 (0x8801b2e26b90)
003a0884: 812d372a (save_stack_trace+0x1a/0x20)
c939fe29: 8801b2e26bd0 (0x8801b2e26bd0)
9341d9a0: 815e0c40 (save_trace+0xe0/0x290)
7ad3e489: 8801b2e26bb0 (0x8801b2e26bb0)
b7e4e22a: 1100365c4d81 (0x1100365c4d81)
de858161: 880198f2afa8 (0x880198f2afa8)
07f566a6: 880198f2afc8 (0x880198f2afc8)
a1ce690d: 0008 (0x8)
fde86834: 0100 (0x100)
e05bd15b: 8801b2e26d10 (0x8801b2e26d10)
6543447e: 815e8a9a (mark_lock+0x3aa/0x19f0)
f1019a5a: 88019eaa65d0 (0x88019eaa65d0)
29d7302f: 815e2225 (__lock_is_held+0xb5/0x140)
91b9d58b: 41b58ab3 (0x41b58ab3)
3115be7f: 880198f2a680 (0x880198f2a680)
cd482fdc: 88010008 (0x88010008)
3698fffe: 41b58ab3 (0x41b58ab3)
14c51d07: 88bd7c30 (regoff.34024+0x36a210/0x37af60)
4e2df20a: 815e86f0 (print_usage_bug+0xc0/0xc0)
b9144ede: 899f35f0 (offload_base+0x10/0x10)
68b70fd3: 8a5689d0 (lock_classes+0x10/0x29fee0)
13a2bdb8: 3aee86f4bec70600 (0x3aee86f4bec70600)
c700383a: 8801afd007c0 (0x8801afd007c0)
01840907: 8801afd007c0 (0x8801afd007c0)
688cfa2e: 3aee86f4bec70600 (0x3aee86f4bec70600)
806e4815: 1100365c4d92 (0x1100365c4d92)
b7168aa1: 3aee86f4bec70600 (0x3aee86f4bec70600)
570f0e0b: dc00 (0xdc00)
a37e1002: 88f7b480 (root_cpuacct+0x1000/0x1000)
cc719769: 8801afd00400 (0x8801afd00400)
c41a2b95: 88019eaa6540 (0x88019eaa6540)
120bcfc4: 88019eaa6610 (0x88019eaa6610)
d4d0f11d: 8801b2e26eb0 (0x8801b2e26eb0)
ab11c684: 85f898f3 (dev_hard_start_xmit+0x173/0xc30)
e6f967a7: 88bd7800 (regoff.34024+0x369de0/0x37af60)
fcd5bcad: 1100365c4d9d (0x1100365c4d9d)
229b017a: 8a603a70 (lock_classes+0x9b0b0/0x29fee0)
fc2b80a1: 1100365c4da1 (0x1100365c4da1)
79dc8117: ed00365c4da1 (0xed00365c4da1)
c809e95c: 88019eaa6728 (0x88019eaa6728)
642ece16: 8801b2e26c01 (0x8801b2e26c01)
57bd14b1: 817c0c2a  
(__sanitizer_cov_trace_const_cmp1+0x1a/0x20)

ebaf14e5: 8801c9c2c700 (0x8801c9c2c700)
aa8fcf82: 3aee86f4bec70600 (0x3aee86f4bec70600)
846403c7: 0763 (0x763)
84f33fe0: 880198f2afca (0x880198f2afca)
7499e1fc: 0007 (0x7)
ea4ac45c: 880198f2a680 (0x880198f2a680)
3f39d3ea: 000c (0xc)
52dbda05: 8801b2e270a8 (0x8801b2e270a8)
a6dc2ae0: 815eb00c (__lock_acquire+0x7fc/0x5020)
08b1fc78: 8801b2e26d98 (0x8801b2e26d98)
960a9a88: 

WARNING: kernel stack frame pointer has bad value (2)

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit:c31496dbacc2 Merge tag 'for-linus-4.18-rc5-tag' of git://g..
git tree:   upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=136d770c40
kernel config:  https://syzkaller.appspot.com/x/.config?x=25856fac4e580aa7
dashboard link: https://syzkaller.appspot.com/bug?extid=903cdd6bce9a6eb832a4
compiler:   gcc (GCC) 8.0.1 20180413 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+903cdd6bce9a6eb83...@syzkaller.appspotmail.com

binder: 23389:23392 ERROR: BC_REGISTER_LOOPER called without request
binder: 23389:23392 unknown command 0
binder: 23389:23392 ioctl c0306201 2000efd0 returned -22
WARNING: kernel stack frame pointer at dd2b4720 in  
syz-executor4:23395 has bad value 35266bf0

unwind stack type:0 next_sp:  (null) mask:0x2 graph_idx:0
d307878c: 8801b2e26b80 (0x8801b2e26b80)
a5e29d4b: 812d369d (__save_stack_trace+0x7d/0xf0)
8f1ec963:  ...
8a1bd6e7: 8801b2e2 (0x8801b2e2)
f78e715f: 8801b2e28000 (0x8801b2e28000)
2616d809:  ...
1b7077a7: 0002 (0x2)
90fd08e4: 880198f2a680 (0x880198f2a680)
dbfa684c: 0101 (0x101)
cb1132ef: 8801b2e27458 (0x8801b2e27458)
38c2a725: 8801b2e26af0 (0x8801b2e26af0)
1c5817c2: 815f1750 (lock_release+0xa30/0xa30)
b1a2:  ...
f34cc57e: 3aee86f4bec70600 (0x3aee86f4bec70600)
0db4bbe9: 8a603b58 (lock_classes+0x9b198/0x29fee0)
0e769f75: 8a241a68 (stack_trace+0x121148/0x400020)
1a5d9de1: 8a603b5c (lock_classes+0x9b19c/0x29fee0)
c2d035dd: 0008 (0x8)
caea43e1: 8801b2e26b90 (0x8801b2e26b90)
003a0884: 812d372a (save_stack_trace+0x1a/0x20)
c939fe29: 8801b2e26bd0 (0x8801b2e26bd0)
9341d9a0: 815e0c40 (save_trace+0xe0/0x290)
7ad3e489: 8801b2e26bb0 (0x8801b2e26bb0)
b7e4e22a: 1100365c4d81 (0x1100365c4d81)
de858161: 880198f2afa8 (0x880198f2afa8)
07f566a6: 880198f2afc8 (0x880198f2afc8)
a1ce690d: 0008 (0x8)
fde86834: 0100 (0x100)
e05bd15b: 8801b2e26d10 (0x8801b2e26d10)
6543447e: 815e8a9a (mark_lock+0x3aa/0x19f0)
f1019a5a: 88019eaa65d0 (0x88019eaa65d0)
29d7302f: 815e2225 (__lock_is_held+0xb5/0x140)
91b9d58b: 41b58ab3 (0x41b58ab3)
3115be7f: 880198f2a680 (0x880198f2a680)
cd482fdc: 88010008 (0x88010008)
3698fffe: 41b58ab3 (0x41b58ab3)
14c51d07: 88bd7c30 (regoff.34024+0x36a210/0x37af60)
4e2df20a: 815e86f0 (print_usage_bug+0xc0/0xc0)
b9144ede: 899f35f0 (offload_base+0x10/0x10)
68b70fd3: 8a5689d0 (lock_classes+0x10/0x29fee0)
13a2bdb8: 3aee86f4bec70600 (0x3aee86f4bec70600)
c700383a: 8801afd007c0 (0x8801afd007c0)
01840907: 8801afd007c0 (0x8801afd007c0)
688cfa2e: 3aee86f4bec70600 (0x3aee86f4bec70600)
806e4815: 1100365c4d92 (0x1100365c4d92)
b7168aa1: 3aee86f4bec70600 (0x3aee86f4bec70600)
570f0e0b: dc00 (0xdc00)
a37e1002: 88f7b480 (root_cpuacct+0x1000/0x1000)
cc719769: 8801afd00400 (0x8801afd00400)
c41a2b95: 88019eaa6540 (0x88019eaa6540)
120bcfc4: 88019eaa6610 (0x88019eaa6610)
d4d0f11d: 8801b2e26eb0 (0x8801b2e26eb0)
ab11c684: 85f898f3 (dev_hard_start_xmit+0x173/0xc30)
e6f967a7: 88bd7800 (regoff.34024+0x369de0/0x37af60)
fcd5bcad: 1100365c4d9d (0x1100365c4d9d)
229b017a: 8a603a70 (lock_classes+0x9b0b0/0x29fee0)
fc2b80a1: 1100365c4da1 (0x1100365c4da1)
79dc8117: ed00365c4da1 (0xed00365c4da1)
c809e95c: 88019eaa6728 (0x88019eaa6728)
642ece16: 8801b2e26c01 (0x8801b2e26c01)
57bd14b1: 817c0c2a  
(__sanitizer_cov_trace_const_cmp1+0x1a/0x20)

ebaf14e5: 8801c9c2c700 (0x8801c9c2c700)
aa8fcf82: 3aee86f4bec70600 (0x3aee86f4bec70600)
846403c7: 0763 (0x763)
84f33fe0: 880198f2afca (0x880198f2afca)
7499e1fc: 0007 (0x7)
ea4ac45c: 880198f2a680 (0x880198f2a680)
3f39d3ea: 000c (0xc)
52dbda05: 8801b2e270a8 (0x8801b2e270a8)
a6dc2ae0: 815eb00c (__lock_acquire+0x7fc/0x5020)
08b1fc78: 8801b2e26d98 (0x8801b2e26d98)
960a9a88: 

Re: WARNING: kernel stack frame pointer has bad value

[Dmitry Vyukov]

On Thu, Apr 19, 2018 at 5:57 PM, syzbot
 wrote:
> Hello,
>
> syzbot hit the following crash on upstream commit
> 48023102b7078a6674516b1fe0d639669336049d (Fri Apr 13 23:55:41 2018 +)
> Merge branch 'overlayfs-linus' of
> git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
> syzbot dashboard link:
> https://syzkaller.appspot.com/bug?extid=37035ccfa9a0a017ffcf
>
> So far this crash happened 141 times on net-next, upstream.
> C reproducer: https://syzkaller.appspot.com/x/repro.c?id=5871698234572800
> syzkaller reproducer:
> https://syzkaller.appspot.com/x/repro.syz?id=5086177975599104
> Raw console output:
> https://syzkaller.appspot.com/x/log.txt?id=5110926181138432
> Kernel config:
> https://syzkaller.appspot.com/x/.config?id=-8852471259444315113
> compiler: gcc (GCC) 8.0.1 20180413 (experimental)

This seems to be related to keccakf_rndc, please see the "Raw console
output" link.
+crypto maintainers

> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+37035ccfa9a0a017f...@syzkaller.appspotmail.com
> It will help syzbot understand when the bug is fixed. See footer for
> details.
> If you forward the report, please keep this part and the footer.
>
> ed8ccbe7: 00440169 (0x440169)
> 469f2a79: 0033 (0x33)
> 4636639d: 0246 (0x246)
> aa65aef8: 7ffead676158 (0x7ffead676158)
> e3ef297c: 002b (0x2b)
> WARNING: kernel stack frame pointer at 4832711f in
> syzkaller561281:4479 has bad value 6b4f8502
> WARNING: kernel stack regs at 89e11b3b in syzkaller561281:4479 has
> bad 'bp' value f19a2a3b
> random: crng init done
>
>
> ---
> This bug is generated by a dumb bot. It may contain errors.
> See https://goo.gl/tpsmEJ for details.
> Direct all questions to syzkal...@googlegroups.com.
>
> syzbot will keep track of this bug report.
> If you forgot to add the Reported-by tag, once the fix for this bug is
> merged
> into any tree, please reply to this email with:
> #syz fix: exact-commit-title
> If you want to test a patch for this bug, please reply with:
> #syz test: git://repo/address.git branch
> and provide the patch inline or as an attachment.
> To mark this as a duplicate of another syzbot report, please reply with:
> #syz dup: exact-subject-of-another-report
> If it's a one-off invalid bug report, please reply with:
> #syz invalid
> Note: if the crash happens again, it will cause creation of a new bug
> report.
> Note: all commands must start from beginning of the line in the email body.

Re: WARNING: kernel stack frame pointer has bad value

[Dmitry Vyukov]

On Thu, Apr 19, 2018 at 5:57 PM, syzbot
 wrote:
> Hello,
>
> syzbot hit the following crash on upstream commit
> 48023102b7078a6674516b1fe0d639669336049d (Fri Apr 13 23:55:41 2018 +)
> Merge branch 'overlayfs-linus' of
> git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
> syzbot dashboard link:
> https://syzkaller.appspot.com/bug?extid=37035ccfa9a0a017ffcf
>
> So far this crash happened 141 times on net-next, upstream.
> C reproducer: https://syzkaller.appspot.com/x/repro.c?id=5871698234572800
> syzkaller reproducer:
> https://syzkaller.appspot.com/x/repro.syz?id=5086177975599104
> Raw console output:
> https://syzkaller.appspot.com/x/log.txt?id=5110926181138432
> Kernel config:
> https://syzkaller.appspot.com/x/.config?id=-8852471259444315113
> compiler: gcc (GCC) 8.0.1 20180413 (experimental)

This seems to be related to keccakf_rndc, please see the "Raw console
output" link.
+crypto maintainers

> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+37035ccfa9a0a017f...@syzkaller.appspotmail.com
> It will help syzbot understand when the bug is fixed. See footer for
> details.
> If you forward the report, please keep this part and the footer.
>
> ed8ccbe7: 00440169 (0x440169)
> 469f2a79: 0033 (0x33)
> 4636639d: 0246 (0x246)
> aa65aef8: 7ffead676158 (0x7ffead676158)
> e3ef297c: 002b (0x2b)
> WARNING: kernel stack frame pointer at 4832711f in
> syzkaller561281:4479 has bad value 6b4f8502
> WARNING: kernel stack regs at 89e11b3b in syzkaller561281:4479 has
> bad 'bp' value f19a2a3b
> random: crng init done
>
>
> ---
> This bug is generated by a dumb bot. It may contain errors.
> See https://goo.gl/tpsmEJ for details.
> Direct all questions to syzkal...@googlegroups.com.
>
> syzbot will keep track of this bug report.
> If you forgot to add the Reported-by tag, once the fix for this bug is
> merged
> into any tree, please reply to this email with:
> #syz fix: exact-commit-title
> If you want to test a patch for this bug, please reply with:
> #syz test: git://repo/address.git branch
> and provide the patch inline or as an attachment.
> To mark this as a duplicate of another syzbot report, please reply with:
> #syz dup: exact-subject-of-another-report
> If it's a one-off invalid bug report, please reply with:
> #syz invalid
> Note: if the crash happens again, it will cause creation of a new bug
> report.
> Note: all commands must start from beginning of the line in the email body.

WARNING: kernel stack frame pointer has bad value

[syzbot]

Hello,

syzbot hit the following crash on upstream commit
48023102b7078a6674516b1fe0d639669336049d (Fri Apr 13 23:55:41 2018 +)
Merge branch 'overlayfs-linus' of  
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
syzbot dashboard link:  
https://syzkaller.appspot.com/bug?extid=37035ccfa9a0a017ffcf


So far this crash happened 141 times on net-next, upstream.
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=5871698234572800
syzkaller reproducer:  
https://syzkaller.appspot.com/x/repro.syz?id=5086177975599104
Raw console output:  
https://syzkaller.appspot.com/x/log.txt?id=5110926181138432
Kernel config:  
https://syzkaller.appspot.com/x/.config?id=-8852471259444315113

compiler: gcc (GCC) 8.0.1 20180413 (experimental)

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+37035ccfa9a0a017f...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for  
details.

If you forward the report, please keep this part and the footer.

ed8ccbe7: 00440169 (0x440169)
469f2a79: 0033 (0x33)
4636639d: 0246 (0x246)
aa65aef8: 7ffead676158 (0x7ffead676158)
e3ef297c: 002b (0x2b)
WARNING: kernel stack frame pointer at 4832711f in  
syzkaller561281:4479 has bad value 6b4f8502
WARNING: kernel stack regs at 89e11b3b in syzkaller561281:4479 has  
bad 'bp' value f19a2a3b

random: crng init done


---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzkal...@googlegroups.com.

syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is  
merged

into any tree, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug  
report.

Note: all commands must start from beginning of the line in the email body.

WARNING: kernel stack frame pointer has bad value

[syzbot]

Hello,

syzbot hit the following crash on upstream commit
48023102b7078a6674516b1fe0d639669336049d (Fri Apr 13 23:55:41 2018 +)
Merge branch 'overlayfs-linus' of  
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
syzbot dashboard link:  
https://syzkaller.appspot.com/bug?extid=37035ccfa9a0a017ffcf


So far this crash happened 141 times on net-next, upstream.
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=5871698234572800
syzkaller reproducer:  
https://syzkaller.appspot.com/x/repro.syz?id=5086177975599104
Raw console output:  
https://syzkaller.appspot.com/x/log.txt?id=5110926181138432
Kernel config:  
https://syzkaller.appspot.com/x/.config?id=-8852471259444315113

compiler: gcc (GCC) 8.0.1 20180413 (experimental)

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+37035ccfa9a0a017f...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for  
details.

If you forward the report, please keep this part and the footer.

ed8ccbe7: 00440169 (0x440169)
469f2a79: 0033 (0x33)
4636639d: 0246 (0x246)
aa65aef8: 7ffead676158 (0x7ffead676158)
e3ef297c: 002b (0x2b)
WARNING: kernel stack frame pointer at 4832711f in  
syzkaller561281:4479 has bad value 6b4f8502
WARNING: kernel stack regs at 89e11b3b in syzkaller561281:4479 has  
bad 'bp' value f19a2a3b

random: crng init done


---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzkal...@googlegroups.com.

syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is  
merged

into any tree, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug  
report.

Note: all commands must start from beginning of the line in the email body.

Re: WARNING: kernel stack frame pointer has bad value

[Josh Poimboeuf]

On Wed, Apr 19, 2017 at 10:12:03AM -0400, Steven Rostedt wrote:
> On Wed, 19 Apr 2017 08:44:57 -0500
> Josh Poimboeuf  wrote:
> 
> > On Tue, Apr 18, 2017 at 11:37:14PM -0400, Steven Rostedt wrote:
> > > Josh,
> > > 
> > > I'm starting to get a bunch of these warnings, and I'm thinking they
> > > are false positives. The stack frame error is recorded at a call from
> > > entry_SYSCALL_64_fastpath, where I would expect the bp to not be valid.
> > > 
> > > To trigger this, I only need to go into /sys/kernel/debug/tracing and
> > > echo function > current_tracer then cat trace. Maybe function tracer
> > > stack frames is messing it up some how, but it always fails at the
> > > entry call.
> > > 
> > > Here's the dump;
> > > 
> > >  WARNING: kernel stack frame pointer at 8800bda0ff30 in sshd:1090 has 
> > > bad value 55b32abf1fa8  
> > ...
> > >  8800bda0ff20: 8800bda0ff30 (0x8800bda0ff30)
> > >  8800bda0ff28: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
> > >  8800bda0ff30: 55b32abf1fa8 (0x55b32abf1fa8)
> > >  8800bda0ff38: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
> > >  8800bda0ff40: 55b32abf1fa8 (0x55b32abf1fa8)
> > >  8800bda0ff48: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
> > >  8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad) 
> > >  
> > 
> > Thanks for reporting, I hadn't seen this one yet.
> > 
> > The problem is that the unwinder expects the last frame pointer to be at
> > a certain address (0x8800bda0ff48 in this case), so it can know that
> > it reached the end.  It's confused by the save_mcount_regs macro, which
> > builds some fake frames -- which is good -- but then the last frame is
> > at a different offset than what the unwinder expects.
> > 
> > Would it be possible for ftrace to rewrite the stack so that it looks
> > like this instead?
> > 
> > >  8800bda0ff38: 8800bda0ff48 (0x8800bda0ff48)
> > >  8800bda0ff40: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
> > >  8800bda0ff48: 55b32abf1fa8 (0x55b32abf1fa8)
> > >  8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad) 
> > >  
> > 
> > In other words it would overwrite the "SyS_rt_sigprocmask+0x5/0x1a0"
> > value on the stack at 8800bda0ff48 with the original bp, instead of
> > appending to the existing stack.  If you would be ok with such an
> > approach, I could take a stab at it.
> 
> This is because we have to handle each different config differently.
> This is the case with FENTRY and FRAME_POINTERS. As I like to keep this
> as efficient as possible. To do the above, we need to modify the return
> address and then restore it. And handle that for each config type.
> 
> > 
> > The alternative would be to change the unwinder, but I would rather
> > avoid having to detect another special case if possible.
> 
> I'm not sure what's worse. Modifying all the special cases of ftrace,
> or adding a new one to the undwinder.
> 
> You can take a crack at it if you like, but it needs to be negligible
> in the performance of FENTRY and no frame pointers.

How about something like the following (completely untested):

diff --git a/arch/x86/kernel/mcount_64.S b/arch/x86/kernel/mcount_64.S
index 7b0d3da..54f0f45 100644
--- a/arch/x86/kernel/mcount_64.S
+++ b/arch/x86/kernel/mcount_64.S
@@ -27,19 +27,19 @@ EXPORT_SYMBOL(mcount)
 /* All cases save the original rbp (8 bytes) */
 #ifdef CONFIG_FRAME_POINTER
 # ifdef CC_USING_FENTRY
-/* Save parent and function stack frames (rip and rbp) */
-#  define MCOUNT_FRAME_SIZE(8+16*2)
+/* Save extra stack frame (rip and rbp) */
+#  define MCOUNT_FRAME_SIZE16
 # else
-/* Save just function stack frame (rip and rbp) */
-#  define MCOUNT_FRAME_SIZE(8+16)
+/* Save just rbp */
+#  define MCOUNT_FRAME_SIZE8
 # endif
 #else
 /* No need to save a stack frame */
-# define MCOUNT_FRAME_SIZE 8
+# define MCOUNT_FRAME_SIZE 0
 #endif /* CONFIG_FRAME_POINTER */
 
 /* Size of stack used to save mcount regs in save_mcount_regs */
-#define MCOUNT_REG_SIZE(SS+8 + MCOUNT_FRAME_SIZE)
+#define MCOUNT_REG_SIZE(FRAME_SIZE + MCOUNT_FRAME_SIZE)
 
 /*
  * gcc -pg option adds a call to 'mcount' in most functions.
@@ -66,10 +66,7 @@ EXPORT_SYMBOL(mcount)
  *  %rsi - holds the parent function (traced function's return address)
  *  %rdx - holds the original %rbp
  */
-.macro save_mcount_regs added=0
-
-   /* Always save the original rbp */
-   pushq %rbp
+.macro save_mcount_regs save_flags=0
 
 #ifdef CONFIG_FRAME_POINTER
/*
@@ -80,15 +77,14 @@ EXPORT_SYMBOL(mcount)
 * is called afterward.
 */
 #ifdef CC_USING_FENTRY
-   /* Save the parent pointer (skip orig rbp and our return address) */
-   pushq \added+8*2(%rsp)
-   pushq %rbp
-   movq %rsp, %rbp
-   /* Save the return address (now skip orig rbp, rbp and parent) */
-   pushq \added+8*3(%rsp)
-#else
-   /* Can't 

Re: WARNING: kernel stack frame pointer has bad value

[Josh Poimboeuf]

On Wed, Apr 19, 2017 at 10:12:03AM -0400, Steven Rostedt wrote:
> On Wed, 19 Apr 2017 08:44:57 -0500
> Josh Poimboeuf  wrote:
> 
> > On Tue, Apr 18, 2017 at 11:37:14PM -0400, Steven Rostedt wrote:
> > > Josh,
> > > 
> > > I'm starting to get a bunch of these warnings, and I'm thinking they
> > > are false positives. The stack frame error is recorded at a call from
> > > entry_SYSCALL_64_fastpath, where I would expect the bp to not be valid.
> > > 
> > > To trigger this, I only need to go into /sys/kernel/debug/tracing and
> > > echo function > current_tracer then cat trace. Maybe function tracer
> > > stack frames is messing it up some how, but it always fails at the
> > > entry call.
> > > 
> > > Here's the dump;
> > > 
> > >  WARNING: kernel stack frame pointer at 8800bda0ff30 in sshd:1090 has 
> > > bad value 55b32abf1fa8  
> > ...
> > >  8800bda0ff20: 8800bda0ff30 (0x8800bda0ff30)
> > >  8800bda0ff28: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
> > >  8800bda0ff30: 55b32abf1fa8 (0x55b32abf1fa8)
> > >  8800bda0ff38: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
> > >  8800bda0ff40: 55b32abf1fa8 (0x55b32abf1fa8)
> > >  8800bda0ff48: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
> > >  8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad) 
> > >  
> > 
> > Thanks for reporting, I hadn't seen this one yet.
> > 
> > The problem is that the unwinder expects the last frame pointer to be at
> > a certain address (0x8800bda0ff48 in this case), so it can know that
> > it reached the end.  It's confused by the save_mcount_regs macro, which
> > builds some fake frames -- which is good -- but then the last frame is
> > at a different offset than what the unwinder expects.
> > 
> > Would it be possible for ftrace to rewrite the stack so that it looks
> > like this instead?
> > 
> > >  8800bda0ff38: 8800bda0ff48 (0x8800bda0ff48)
> > >  8800bda0ff40: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
> > >  8800bda0ff48: 55b32abf1fa8 (0x55b32abf1fa8)
> > >  8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad) 
> > >  
> > 
> > In other words it would overwrite the "SyS_rt_sigprocmask+0x5/0x1a0"
> > value on the stack at 8800bda0ff48 with the original bp, instead of
> > appending to the existing stack.  If you would be ok with such an
> > approach, I could take a stab at it.
> 
> This is because we have to handle each different config differently.
> This is the case with FENTRY and FRAME_POINTERS. As I like to keep this
> as efficient as possible. To do the above, we need to modify the return
> address and then restore it. And handle that for each config type.
> 
> > 
> > The alternative would be to change the unwinder, but I would rather
> > avoid having to detect another special case if possible.
> 
> I'm not sure what's worse. Modifying all the special cases of ftrace,
> or adding a new one to the undwinder.
> 
> You can take a crack at it if you like, but it needs to be negligible
> in the performance of FENTRY and no frame pointers.

How about something like the following (completely untested):

diff --git a/arch/x86/kernel/mcount_64.S b/arch/x86/kernel/mcount_64.S
index 7b0d3da..54f0f45 100644
--- a/arch/x86/kernel/mcount_64.S
+++ b/arch/x86/kernel/mcount_64.S
@@ -27,19 +27,19 @@ EXPORT_SYMBOL(mcount)
 /* All cases save the original rbp (8 bytes) */
 #ifdef CONFIG_FRAME_POINTER
 # ifdef CC_USING_FENTRY
-/* Save parent and function stack frames (rip and rbp) */
-#  define MCOUNT_FRAME_SIZE(8+16*2)
+/* Save extra stack frame (rip and rbp) */
+#  define MCOUNT_FRAME_SIZE16
 # else
-/* Save just function stack frame (rip and rbp) */
-#  define MCOUNT_FRAME_SIZE(8+16)
+/* Save just rbp */
+#  define MCOUNT_FRAME_SIZE8
 # endif
 #else
 /* No need to save a stack frame */
-# define MCOUNT_FRAME_SIZE 8
+# define MCOUNT_FRAME_SIZE 0
 #endif /* CONFIG_FRAME_POINTER */
 
 /* Size of stack used to save mcount regs in save_mcount_regs */
-#define MCOUNT_REG_SIZE(SS+8 + MCOUNT_FRAME_SIZE)
+#define MCOUNT_REG_SIZE(FRAME_SIZE + MCOUNT_FRAME_SIZE)
 
 /*
  * gcc -pg option adds a call to 'mcount' in most functions.
@@ -66,10 +66,7 @@ EXPORT_SYMBOL(mcount)
  *  %rsi - holds the parent function (traced function's return address)
  *  %rdx - holds the original %rbp
  */
-.macro save_mcount_regs added=0
-
-   /* Always save the original rbp */
-   pushq %rbp
+.macro save_mcount_regs save_flags=0
 
 #ifdef CONFIG_FRAME_POINTER
/*
@@ -80,15 +77,14 @@ EXPORT_SYMBOL(mcount)
 * is called afterward.
 */
 #ifdef CC_USING_FENTRY
-   /* Save the parent pointer (skip orig rbp and our return address) */
-   pushq \added+8*2(%rsp)
-   pushq %rbp
-   movq %rsp, %rbp
-   /* Save the return address (now skip orig rbp, rbp and parent) */
-   pushq \added+8*3(%rsp)
-#else
-   /* Can't assume that rip is 

Re: WARNING: kernel stack frame pointer has bad value

[Steven Rostedt]

On Wed, 19 Apr 2017 08:44:57 -0500
Josh Poimboeuf  wrote:

> On Tue, Apr 18, 2017 at 11:37:14PM -0400, Steven Rostedt wrote:
> > Josh,
> > 
> > I'm starting to get a bunch of these warnings, and I'm thinking they
> > are false positives. The stack frame error is recorded at a call from
> > entry_SYSCALL_64_fastpath, where I would expect the bp to not be valid.
> > 
> > To trigger this, I only need to go into /sys/kernel/debug/tracing and
> > echo function > current_tracer then cat trace. Maybe function tracer
> > stack frames is messing it up some how, but it always fails at the
> > entry call.
> > 
> > Here's the dump;
> > 
> >  WARNING: kernel stack frame pointer at 8800bda0ff30 in sshd:1090 has 
> > bad value 55b32abf1fa8  
> ...
> >  8800bda0ff20: 8800bda0ff30 (0x8800bda0ff30)
> >  8800bda0ff28: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
> >  8800bda0ff30: 55b32abf1fa8 (0x55b32abf1fa8)
> >  8800bda0ff38: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
> >  8800bda0ff40: 55b32abf1fa8 (0x55b32abf1fa8)
> >  8800bda0ff48: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
> >  8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)  
> 
> Thanks for reporting, I hadn't seen this one yet.
> 
> The problem is that the unwinder expects the last frame pointer to be at
> a certain address (0x8800bda0ff48 in this case), so it can know that
> it reached the end.  It's confused by the save_mcount_regs macro, which
> builds some fake frames -- which is good -- but then the last frame is
> at a different offset than what the unwinder expects.
> 
> Would it be possible for ftrace to rewrite the stack so that it looks
> like this instead?
> 
> >  8800bda0ff38: 8800bda0ff48 (0x8800bda0ff48)
> >  8800bda0ff40: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
> >  8800bda0ff48: 55b32abf1fa8 (0x55b32abf1fa8)
> >  8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)  
> 
> In other words it would overwrite the "SyS_rt_sigprocmask+0x5/0x1a0"
> value on the stack at 8800bda0ff48 with the original bp, instead of
> appending to the existing stack.  If you would be ok with such an
> approach, I could take a stab at it.

This is because we have to handle each different config differently.
This is the case with FENTRY and FRAME_POINTERS. As I like to keep this
as efficient as possible. To do the above, we need to modify the return
address and then restore it. And handle that for each config type.

> 
> The alternative would be to change the unwinder, but I would rather
> avoid having to detect another special case if possible.

I'm not sure what's worse. Modifying all the special cases of ftrace,
or adding a new one to the undwinder.

You can take a crack at it if you like, but it needs to be negligible
in the performance of FENTRY and no frame pointers.

-- Steve

Re: WARNING: kernel stack frame pointer has bad value

[Steven Rostedt]

On Wed, 19 Apr 2017 08:44:57 -0500
Josh Poimboeuf  wrote:

> On Tue, Apr 18, 2017 at 11:37:14PM -0400, Steven Rostedt wrote:
> > Josh,
> > 
> > I'm starting to get a bunch of these warnings, and I'm thinking they
> > are false positives. The stack frame error is recorded at a call from
> > entry_SYSCALL_64_fastpath, where I would expect the bp to not be valid.
> > 
> > To trigger this, I only need to go into /sys/kernel/debug/tracing and
> > echo function > current_tracer then cat trace. Maybe function tracer
> > stack frames is messing it up some how, but it always fails at the
> > entry call.
> > 
> > Here's the dump;
> > 
> >  WARNING: kernel stack frame pointer at 8800bda0ff30 in sshd:1090 has 
> > bad value 55b32abf1fa8  
> ...
> >  8800bda0ff20: 8800bda0ff30 (0x8800bda0ff30)
> >  8800bda0ff28: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
> >  8800bda0ff30: 55b32abf1fa8 (0x55b32abf1fa8)
> >  8800bda0ff38: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
> >  8800bda0ff40: 55b32abf1fa8 (0x55b32abf1fa8)
> >  8800bda0ff48: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
> >  8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)  
> 
> Thanks for reporting, I hadn't seen this one yet.
> 
> The problem is that the unwinder expects the last frame pointer to be at
> a certain address (0x8800bda0ff48 in this case), so it can know that
> it reached the end.  It's confused by the save_mcount_regs macro, which
> builds some fake frames -- which is good -- but then the last frame is
> at a different offset than what the unwinder expects.
> 
> Would it be possible for ftrace to rewrite the stack so that it looks
> like this instead?
> 
> >  8800bda0ff38: 8800bda0ff48 (0x8800bda0ff48)
> >  8800bda0ff40: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
> >  8800bda0ff48: 55b32abf1fa8 (0x55b32abf1fa8)
> >  8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)  
> 
> In other words it would overwrite the "SyS_rt_sigprocmask+0x5/0x1a0"
> value on the stack at 8800bda0ff48 with the original bp, instead of
> appending to the existing stack.  If you would be ok with such an
> approach, I could take a stab at it.

This is because we have to handle each different config differently.
This is the case with FENTRY and FRAME_POINTERS. As I like to keep this
as efficient as possible. To do the above, we need to modify the return
address and then restore it. And handle that for each config type.

> 
> The alternative would be to change the unwinder, but I would rather
> avoid having to detect another special case if possible.

I'm not sure what's worse. Modifying all the special cases of ftrace,
or adding a new one to the undwinder.

You can take a crack at it if you like, but it needs to be negligible
in the performance of FENTRY and no frame pointers.

-- Steve

Re: WARNING: kernel stack frame pointer has bad value

[Josh Poimboeuf]

On Tue, Apr 18, 2017 at 11:37:14PM -0400, Steven Rostedt wrote:
> Josh,
> 
> I'm starting to get a bunch of these warnings, and I'm thinking they
> are false positives. The stack frame error is recorded at a call from
> entry_SYSCALL_64_fastpath, where I would expect the bp to not be valid.
> 
> To trigger this, I only need to go into /sys/kernel/debug/tracing and
> echo function > current_tracer then cat trace. Maybe function tracer
> stack frames is messing it up some how, but it always fails at the
> entry call.
> 
> Here's the dump;
> 
>  WARNING: kernel stack frame pointer at 8800bda0ff30 in sshd:1090 has bad 
> value 55b32abf1fa8
...
>  8800bda0ff20: 8800bda0ff30 (0x8800bda0ff30)
>  8800bda0ff28: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
>  8800bda0ff30: 55b32abf1fa8 (0x55b32abf1fa8)
>  8800bda0ff38: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
>  8800bda0ff40: 55b32abf1fa8 (0x55b32abf1fa8)
>  8800bda0ff48: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
>  8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)

Thanks for reporting, I hadn't seen this one yet.

The problem is that the unwinder expects the last frame pointer to be at
a certain address (0x8800bda0ff48 in this case), so it can know that
it reached the end.  It's confused by the save_mcount_regs macro, which
builds some fake frames -- which is good -- but then the last frame is
at a different offset than what the unwinder expects.

Would it be possible for ftrace to rewrite the stack so that it looks
like this instead?

>  8800bda0ff38: 8800bda0ff48 (0x8800bda0ff48)
>  8800bda0ff40: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
>  8800bda0ff48: 55b32abf1fa8 (0x55b32abf1fa8)
>  8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)

In other words it would overwrite the "SyS_rt_sigprocmask+0x5/0x1a0"
value on the stack at 8800bda0ff48 with the original bp, instead of
appending to the existing stack.  If you would be ok with such an
approach, I could take a stab at it.

The alternative would be to change the unwinder, but I would rather
avoid having to detect another special case if possible.

-- 
Josh

Re: WARNING: kernel stack frame pointer has bad value

[Josh Poimboeuf]

On Tue, Apr 18, 2017 at 11:37:14PM -0400, Steven Rostedt wrote:
> Josh,
> 
> I'm starting to get a bunch of these warnings, and I'm thinking they
> are false positives. The stack frame error is recorded at a call from
> entry_SYSCALL_64_fastpath, where I would expect the bp to not be valid.
> 
> To trigger this, I only need to go into /sys/kernel/debug/tracing and
> echo function > current_tracer then cat trace. Maybe function tracer
> stack frames is messing it up some how, but it always fails at the
> entry call.
> 
> Here's the dump;
> 
>  WARNING: kernel stack frame pointer at 8800bda0ff30 in sshd:1090 has bad 
> value 55b32abf1fa8
...
>  8800bda0ff20: 8800bda0ff30 (0x8800bda0ff30)
>  8800bda0ff28: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
>  8800bda0ff30: 55b32abf1fa8 (0x55b32abf1fa8)
>  8800bda0ff38: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
>  8800bda0ff40: 55b32abf1fa8 (0x55b32abf1fa8)
>  8800bda0ff48: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
>  8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)

Thanks for reporting, I hadn't seen this one yet.

The problem is that the unwinder expects the last frame pointer to be at
a certain address (0x8800bda0ff48 in this case), so it can know that
it reached the end.  It's confused by the save_mcount_regs macro, which
builds some fake frames -- which is good -- but then the last frame is
at a different offset than what the unwinder expects.

Would it be possible for ftrace to rewrite the stack so that it looks
like this instead?

>  8800bda0ff38: 8800bda0ff48 (0x8800bda0ff48)
>  8800bda0ff40: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
>  8800bda0ff48: 55b32abf1fa8 (0x55b32abf1fa8)
>  8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)

In other words it would overwrite the "SyS_rt_sigprocmask+0x5/0x1a0"
value on the stack at 8800bda0ff48 with the original bp, instead of
appending to the existing stack.  If you would be ok with such an
approach, I could take a stab at it.

The alternative would be to change the unwinder, but I would rather
avoid having to detect another special case if possible.

-- 
Josh

WARNING: kernel stack frame pointer has bad value

[Steven Rostedt]

Josh,

I'm starting to get a bunch of these warnings, and I'm thinking they
are false positives. The stack frame error is recorded at a call from
entry_SYSCALL_64_fastpath, where I would expect the bp to not be valid.

To trigger this, I only need to go into /sys/kernel/debug/tracing and
echo function > current_tracer then cat trace. Maybe function tracer
stack frames is messing it up some how, but it always fails at the
entry call.

Here's the dump;

 WARNING: kernel stack frame pointer at 8800bda0ff30 in sshd:1090 has bad 
value 55b32abf1fa8
 unwind stack type:0 next_sp:  (null) mask:6 graph_idx:0
 8800bda0fd28: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
 8800bda0fd30: 810dc940 (sigprocmask+0x150/0x150)
 8800bda0fd38: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
 8800bda0fd40: 8800c7e60040 (0x8800c7e60040)
 8800bda0fd48: 8800bda0fe08 (0x8800bda0fe08)
 8800bda0fd50: 825393c0 (ftrace_trace_arrays+0x40/0x40)
 8800bda0fd58: 8800c7e60040 (0x8800c7e60040)
 8800bda0fd60: 0008 (0x8)
 8800bda0fd68: 001a0800 (0x1a0800)
 8800bda0fd70:  ...
 8800bda0fd78: fbfff04a727c (0xfbfff04a727c)
 8800bda0fd80: 8122c8bb (trace_function+0x2b/0x120)
 8800bda0fd88: dc00 (0xdc00)
 8800bda0fd90: 810dc940 (sigprocmask+0x150/0x150)
 8800bda0fd98: 825393e0 (global_trace+0x20/0x1680)
 8800bda0fda0: ff7d (0xff7d)
 8800bda0fda8: 8122c8bb (trace_function+0x2b/0x120)
 8800bda0fdb0: 0010 (0x10)
 8800bda0fdb8: 0246 (0x246)
 8800bda0fdc0: 8800bda0fdd0 (0x8800bda0fdd0)
 8800bda0fdc8: 0018 (0x18)
 8800bda0fdd0: a02e0077 (0xa02e0077)
 8800bda0fdd8: 0246 (0x246)
 8800bda0fde0: 8800c7e60040 (0x8800c7e60040)
 8800bda0fde8: 8800c7e60040 (0x8800c7e60040)
 8800bda0fdf0: 0007 (0x7)
 8800bda0fdf8: 810dc940 (sigprocmask+0x150/0x150)
 8800bda0fe00: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
 8800bda0fe08: 8800bda0fe68 (0x8800bda0fe68)
 8800bda0fe10: 81238168 (function_trace_call+0x208/0x260)
 8800bda0fe18: 00026f10 (0x26f10)
 8800bda0fe20: 8800c7e621f0 (0x8800c7e621f0)
 8800bda0fe28: 00026f10 (0x26f10)
 8800bda0fe30: 8800d3ea6f10 (0x8800d3ea6f10)
 8800bda0fe38: 8010 (0x8010)
 8800bda0fe40: 7d1f4e80 (0x7d1f4e80)
 8800bda0fe48: 7d1f4e00 (0x7d1f4e00)
 8800bda0fe50:  ...
 8800bda0fe58: 7d1f4f8f (0x7d1f4f8f)
 8800bda0fe60: 55b32a9a2a51 (0x55b32a9a2a51)
 8800bda0fe68: 8800bda0ff20 (0x8800bda0ff20)
 8800bda0fe70: a02e0077 (0xa02e0077)
 8800bda0fe78: 55b32bdc57c0 (0x55b32bdc57c0)
 8800bda0fe80: 41b58ab3 (0x41b58ab3)
 8800bda0fe88: 8233e3f0 (ONEf+0x16e40/0x5840d)
 8800bda0fe90: 8800bda0fed0 (0x8800bda0fed0)
 8800bda0fe98: 55b32abf1fa8 (0x55b32abf1fa8)
 8800bda0fea0: 8800bda0fee0 (0x8800bda0fee0)
 8800bda0fea8: 8800c7e60040 (0x8800c7e60040)
 8800bda0feb0: 81cf5017 (entry_SYSCALL_64_fastpath+0x5/0xad)
 8800bda0feb8: 001a0800 (0x1a0800)
 8800bda0fec0:  ...
 8800bda0fec8: 000e (0xe)
 8800bda0fed0: 0008 (0x8)
 8800bda0fed8: 7d1f4e00 (0x7d1f4e00)
 8800bda0fee0: 7d1f4e80 (0x7d1f4e80)
 8800bda0fee8:  ...
 8800bda0fef0: 8800bda0ff48 (0x8800bda0ff48)
 8800bda0fef8: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
 8800bda0ff00: 8800c7e60040 (0x8800c7e60040)
 8800bda0ff08: 0008 (0x8)
 8800bda0ff10: 001a0800 (0x1a0800)
 8800bda0ff18:  ...
 8800bda0ff20: 8800bda0ff30 (0x8800bda0ff30)
 8800bda0ff28: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
 8800bda0ff30: 55b32abf1fa8 (0x55b32abf1fa8)
 8800bda0ff38: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
 8800bda0ff40: 55b32abf1fa8 (0x55b32abf1fa8)
 8800bda0ff48: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
 8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
 8800bda0ff58: 258c9a9a (0x258c9a9a)
 8800bda0ff60: 9a954c2d (0x9a954c2d)
 8800bda0ff68: fc397de1 (0xfc397de1)
 8800bda0ff70: 2badc874 (0x2badc874)
 8800bda0ff78: 8800bda0ff98 (0x8800bda0ff98)
 8800bda0ff80: 81149040 (trace_hardirqs_off_caller+0xc0/0x110)
 8800bda0ff88: 0246 (0x246)
 8800bda0ff90: 0008 (0x8)
 8800bda0ff98: 001a0800 (0x1a0800)
 8800bda0ffa0:  ...
 

WARNING: kernel stack frame pointer has bad value

[Steven Rostedt]

Josh,

I'm starting to get a bunch of these warnings, and I'm thinking they
are false positives. The stack frame error is recorded at a call from
entry_SYSCALL_64_fastpath, where I would expect the bp to not be valid.

To trigger this, I only need to go into /sys/kernel/debug/tracing and
echo function > current_tracer then cat trace. Maybe function tracer
stack frames is messing it up some how, but it always fails at the
entry call.

Here's the dump;

 WARNING: kernel stack frame pointer at 8800bda0ff30 in sshd:1090 has bad 
value 55b32abf1fa8
 unwind stack type:0 next_sp:  (null) mask:6 graph_idx:0
 8800bda0fd28: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
 8800bda0fd30: 810dc940 (sigprocmask+0x150/0x150)
 8800bda0fd38: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
 8800bda0fd40: 8800c7e60040 (0x8800c7e60040)
 8800bda0fd48: 8800bda0fe08 (0x8800bda0fe08)
 8800bda0fd50: 825393c0 (ftrace_trace_arrays+0x40/0x40)
 8800bda0fd58: 8800c7e60040 (0x8800c7e60040)
 8800bda0fd60: 0008 (0x8)
 8800bda0fd68: 001a0800 (0x1a0800)
 8800bda0fd70:  ...
 8800bda0fd78: fbfff04a727c (0xfbfff04a727c)
 8800bda0fd80: 8122c8bb (trace_function+0x2b/0x120)
 8800bda0fd88: dc00 (0xdc00)
 8800bda0fd90: 810dc940 (sigprocmask+0x150/0x150)
 8800bda0fd98: 825393e0 (global_trace+0x20/0x1680)
 8800bda0fda0: ff7d (0xff7d)
 8800bda0fda8: 8122c8bb (trace_function+0x2b/0x120)
 8800bda0fdb0: 0010 (0x10)
 8800bda0fdb8: 0246 (0x246)
 8800bda0fdc0: 8800bda0fdd0 (0x8800bda0fdd0)
 8800bda0fdc8: 0018 (0x18)
 8800bda0fdd0: a02e0077 (0xa02e0077)
 8800bda0fdd8: 0246 (0x246)
 8800bda0fde0: 8800c7e60040 (0x8800c7e60040)
 8800bda0fde8: 8800c7e60040 (0x8800c7e60040)
 8800bda0fdf0: 0007 (0x7)
 8800bda0fdf8: 810dc940 (sigprocmask+0x150/0x150)
 8800bda0fe00: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
 8800bda0fe08: 8800bda0fe68 (0x8800bda0fe68)
 8800bda0fe10: 81238168 (function_trace_call+0x208/0x260)
 8800bda0fe18: 00026f10 (0x26f10)
 8800bda0fe20: 8800c7e621f0 (0x8800c7e621f0)
 8800bda0fe28: 00026f10 (0x26f10)
 8800bda0fe30: 8800d3ea6f10 (0x8800d3ea6f10)
 8800bda0fe38: 8010 (0x8010)
 8800bda0fe40: 7d1f4e80 (0x7d1f4e80)
 8800bda0fe48: 7d1f4e00 (0x7d1f4e00)
 8800bda0fe50:  ...
 8800bda0fe58: 7d1f4f8f (0x7d1f4f8f)
 8800bda0fe60: 55b32a9a2a51 (0x55b32a9a2a51)
 8800bda0fe68: 8800bda0ff20 (0x8800bda0ff20)
 8800bda0fe70: a02e0077 (0xa02e0077)
 8800bda0fe78: 55b32bdc57c0 (0x55b32bdc57c0)
 8800bda0fe80: 41b58ab3 (0x41b58ab3)
 8800bda0fe88: 8233e3f0 (ONEf+0x16e40/0x5840d)
 8800bda0fe90: 8800bda0fed0 (0x8800bda0fed0)
 8800bda0fe98: 55b32abf1fa8 (0x55b32abf1fa8)
 8800bda0fea0: 8800bda0fee0 (0x8800bda0fee0)
 8800bda0fea8: 8800c7e60040 (0x8800c7e60040)
 8800bda0feb0: 81cf5017 (entry_SYSCALL_64_fastpath+0x5/0xad)
 8800bda0feb8: 001a0800 (0x1a0800)
 8800bda0fec0:  ...
 8800bda0fec8: 000e (0xe)
 8800bda0fed0: 0008 (0x8)
 8800bda0fed8: 7d1f4e00 (0x7d1f4e00)
 8800bda0fee0: 7d1f4e80 (0x7d1f4e80)
 8800bda0fee8:  ...
 8800bda0fef0: 8800bda0ff48 (0x8800bda0ff48)
 8800bda0fef8: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
 8800bda0ff00: 8800c7e60040 (0x8800c7e60040)
 8800bda0ff08: 0008 (0x8)
 8800bda0ff10: 001a0800 (0x1a0800)
 8800bda0ff18:  ...
 8800bda0ff20: 8800bda0ff30 (0x8800bda0ff30)
 8800bda0ff28: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
 8800bda0ff30: 55b32abf1fa8 (0x55b32abf1fa8)
 8800bda0ff38: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
 8800bda0ff40: 55b32abf1fa8 (0x55b32abf1fa8)
 8800bda0ff48: 810dc945 (SyS_rt_sigprocmask+0x5/0x1a0)
 8800bda0ff50: 81cf502a (entry_SYSCALL_64_fastpath+0x18/0xad)
 8800bda0ff58: 258c9a9a (0x258c9a9a)
 8800bda0ff60: 9a954c2d (0x9a954c2d)
 8800bda0ff68: fc397de1 (0xfc397de1)
 8800bda0ff70: 2badc874 (0x2badc874)
 8800bda0ff78: 8800bda0ff98 (0x8800bda0ff98)
 8800bda0ff80: 81149040 (trace_hardirqs_off_caller+0xc0/0x110)
 8800bda0ff88: 0246 (0x246)
 8800bda0ff90: 0008 (0x8)
 8800bda0ff98: 001a0800 (0x1a0800)
 8800bda0ffa0:  ...