| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Dec 2016 20:50:54 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
"x86@...nel.org" <x86@...nel.org>, KVM list <kvm@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Alan Stern <stern@...land.harvard.edu>,
Steve Rutherford <srutherford@...gle.com>
Cc: syzkaller <syzkaller@...glegroups.com>
Subject: kvm: WARNING in mmu_spte_clear_track_bits
Hello,
The following program:
https://gist.githubusercontent.com/dvyukov/23d8bd622fd526d7701ac2057bbbc9c2/raw/aacd20451e6f460232f5e1da262b653fb3155613/gistfile1.txt
leads to WARNING in mmu_spte_clear_track_bits and later to splash of
BUG: Bad page state in process a.out pfn:619b5
On commit e7aa8c2eb11ba69b1b69099c3c7bd6be3087b0ba (Dec 12).
------------[ cut here ]------------
WARNING: CPU: 0 PID: 6907 at mmu_spte_clear_track_bits+0x326/0x3a0
arch/x86/kvm/mmu.c:614
Modules linked in:
CPU: 0 PID: 6907 Comm: a.out Not tainted 4.9.0+ #85
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[< none >] dump_stack+0x2ee/0x3ef lib/dump_stack.c:51
[< none >] __warn+0x1a4/0x1e0 kernel/panic.c:550
[< none >] warn_slowpath_null+0x31/0x40 kernel/panic.c:585
[< none >] mmu_spte_clear_track_bits+0x326/0x3a0
arch/x86/kvm/mmu.c:614
[< none >] drop_spte+0x29/0x220 arch/x86/kvm/mmu.c:1182
[< none >] mmu_page_zap_pte+0x209/0x300 arch/x86/kvm/mmu.c:2306
[< inline >] kvm_mmu_page_unlink_children arch/x86/kvm/mmu.c:2328
[< none >] kvm_mmu_prepare_zap_page+0x1cd/0x1240
arch/x86/kvm/mmu.c:2372
[< inline >] kvm_zap_obsolete_pages arch/x86/kvm/mmu.c:4915
[< none >] kvm_mmu_invalidate_zap_all_pages+0x4af/0x6f0
arch/x86/kvm/mmu.c:4956
[< none >] kvm_arch_flush_shadow_all+0x1a/0x20
arch/x86/kvm/x86.c:8177
[< none >] kvm_mmu_notifier_release+0x76/0xb0
arch/x86/kvm/../../../virt/kvm/kvm_main.c:467
[< none >] __mmu_notifier_release+0x1fe/0x6c0 mm/mmu_notifier.c:74
[< inline >] mmu_notifier_release ./include/linux/mmu_notifier.h:235
[< none >] exit_mmap+0x3d1/0x4a0 mm/mmap.c:2918
[< inline >] __mmput kernel/fork.c:868
[< none >] mmput+0x1fd/0x690 kernel/fork.c:890
[< inline >] exit_mm kernel/exit.c:521
[< none >] do_exit+0x9e7/0x2930 kernel/exit.c:826
[< none >] do_group_exit+0x14e/0x420 kernel/exit.c:943
[< inline >] SYSC_exit_group kernel/exit.c:954
[< none >] SyS_exit_group+0x22/0x30 kernel/exit.c:952
[< none >] entry_SYSCALL_64_fastpath+0x23/0xc6
arch/x86/entry/entry_64.S:203
RIP: 0033:0x43f4d9
RSP: 002b:00007ffc7e83f548 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00000000006d6660 RCX: 000000000043f4d9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: 000000000000003c R09: 00000000000000e7
R10: ffffffffffffffd0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fe58e3869c0 R15: 00007fe58e386700
---[ end trace 37ef4e3d7e4c81a9 ]---
BUG: Bad page state in process a.out pfn:61fb5
page:ffffea000187ed40 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x5fffc0000000014(referenced|dirty)
raw: 05fffc0000000014 0000000000000000 0000000000000000 00000000ffffffff
raw: 0000000000000000 ffffea000187ed60 0000000000000000 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set
bad because of flags: 0x14(referenced|dirty)
Modules linked in:
CPU: 2 PID: 7169 Comm: a.out Tainted: G W 4.9.0+ #85
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[< none >] dump_stack+0x2ee/0x3ef lib/dump_stack.c:51
[< none >] bad_page+0x29c/0x320 mm/page_alloc.c:550
[< none >] check_new_page_bad+0x203/0x2f0 mm/page_alloc.c:1682
[< inline >] check_new_page mm/page_alloc.c:1694
[< inline >] check_new_pages mm/page_alloc.c:1731
[< none >] buffered_rmqueue+0x1770/0x2900 mm/page_alloc.c:2668
[< none >] get_page_from_freelist+0x213/0x1180
mm/page_alloc.c:2985
[< none >] __alloc_pages_nodemask+0x3b2/0xc90 mm/page_alloc.c:3801
[< inline >] __alloc_pages ./include/linux/gfp.h:433
[< inline >] __alloc_pages_node ./include/linux/gfp.h:446
[< none >] alloc_pages_vma+0x723/0xa30 mm/mempolicy.c:2012
[< none >] do_huge_pmd_anonymous_page+0x35f/0x1b10
mm/huge_memory.c:704
[< inline >] create_huge_pmd mm/memory.c:3476
[< inline >] __handle_mm_fault mm/memory.c:3626
[< none >] handle_mm_fault+0x1975/0x2b90 mm/memory.c:3687
[< none >] __do_page_fault+0x4fb/0xb60 arch/x86/mm/fault.c:1396
[< none >] trace_do_page_fault+0x159/0x810
arch/x86/mm/fault.c:1489
[< none >] do_async_page_fault+0x77/0xd0 arch/x86/kernel/kvm.c:264
[< none >] async_page_fault+0x28/0x30
arch/x86/entry/entry_64.S:1011
RIP: 0033:0x401f5f
RSP: 002b:00007fe592b8ece0 EFLAGS: 00010246
RAX: 0000000020017fe0 RBX: 0000000000000000 RCX: 0000000000403894
RDX: b93bc4d4f06f7d0e RSI: 0000000000000000 RDI: 00007fe592b8f608
RBP: 00007fe592b8ed10 R08: 00007fe592b8f700 R09: 00007fe592b8f700
R10: 00007fe592b8f9d0 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fe592b8f9c0 R15: 00007fe592b8f700
BUG: Bad page state in process a.out pfn:619b5
page:ffffea0001866d40 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x5fffc0000000014(referenced|dirty)
raw: 05fffc0000000014 0000000000000000 0000000000000000 00000000ffffffff
raw: 0000000000000000 ffffea0001866d60 0000000000000000 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set
bad because of flags: 0x14(referenced|dirty)
Modules linked in:
CPU: 2 PID: 7169 Comm: a.out Tainted: G B W 4.9.0+ #85
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[< none >] dump_stack+0x2ee/0x3ef lib/dump_stack.c:51
[< none >] bad_page+0x29c/0x320 mm/page_alloc.c:550
[< none >] check_new_page_bad+0x203/0x2f0 mm/page_alloc.c:1682
[< inline >] check_new_page mm/page_alloc.c:1694
[< inline >] check_new_pages mm/page_alloc.c:1731
[< none >] buffered_rmqueue+0x1770/0x2900 mm/page_alloc.c:2668
[< none >] get_page_from_freelist+0x213/0x1180
mm/page_alloc.c:2985
[< none >] __alloc_pages_nodemask+0x3b2/0xc90 mm/page_alloc.c:3801
[< inline >] __alloc_pages ./include/linux/gfp.h:433
[< inline >] __alloc_pages_node ./include/linux/gfp.h:446
[< none >] alloc_pages_vma+0x723/0xa30 mm/mempolicy.c:2012
[< none >] do_huge_pmd_anonymous_page+0x35f/0x1b10
mm/huge_memory.c:704
[< inline >] create_huge_pmd mm/memory.c:3476
[< inline >] __handle_mm_fault mm/memory.c:3626
[< none >] handle_mm_fault+0x1975/0x2b90 mm/memory.c:3687
[< none >] __do_page_fault+0x4fb/0xb60 arch/x86/mm/fault.c:1396
[< none >] trace_do_page_fault+0x159/0x810
arch/x86/mm/fault.c:1489
[< none >] do_async_page_fault+0x77/0xd0 arch/x86/kernel/kvm.c:264
[< none >] async_page_fault+0x28/0x30
arch/x86/entry/entry_64.S:1011
RIP: 0033:0x401f5f
RSP: 002b:00007fe592b8ece0 EFLAGS: 00010246
RAX: 0000000020017fe0 RBX: 0000000000000000 RCX: 0000000000403894
RDX: b93bc4d4f06f7d0e RSI: 0000000000000000 RDI: 00007fe592b8f608
RBP: 00007fe592b8ed10 R08: 00007fe592b8f700 R09: 00007fe592b8f700
R10: 00007fe592b8f9d0 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fe592b8f9c0 R15: 00007fe592b8f700
Powered by blists - more mailing lists