From: Sasha Levin <sasha.levin@oracle.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>,
LKML <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Dave Jones <davej@redhat.com>
Subject: mm,x86: page table corruption after adding reserve_memtype
Date: Sun, 06 Apr 2014 10:42:23 -0400 [thread overview]
Message-ID: <534167CF.4060400@oracle.com> (raw)
Hi all,
While fuzzing with trinity inside a KVM tools guest running the latest -next
kernel, I've stumbled on the following spew:
[ 1590.944125] reserve_memtype added [mem 0xffff8800000b0000-0xffff8800000b0fff], track uncached-minus, req uncached-minus, ret uncached-minus
[ 1593.391567] trinity-c184: Corrupted page table at address 7f16a347d000
[ 1593.391567] PGD 120e67067 PUD 104d2c067 PMD 9b71b067 PTE ffff8800000b0235
[ 1593.391567] Bad pagetable: 0009 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 1593.391567] Dumping ftrace buffer:
[ 1593.391567] (ftrace buffer empty)
[ 1593.391567] Modules linked in:
[ 1593.391567] CPU: 8 PID: 8739 Comm: trinity-c184 Not tainted 3.14.0-next-20140403-sasha-00022-g10224c0 #377
[ 1593.391567] task: ffff8800cb8f3000 ti: ffff880113d90000 task.ti: ffff880113d90000
[ 1593.391567] RIP: copy_user_generic_unrolled (arch/x86/lib/copy_user_64.S:142)
[ 1593.391567] RSP: 0018:ffff880113d91e80 EFLAGS: 00010206
[ 1593.391567] RAX: ffff880113d90000 RBX: 00007f16a347d000 RCX: 0000000000000003
[ 1593.391567] RDX: 0000000000000010 RSI: 00007f16a347d000 RDI: ffff880113d91e88
[ 1593.391567] RBP: ffff880113d91f68 R08: 00000000000f5a5a R09: 0000000000000000
[ 1593.391567] R10: 0000000000000000 R11: 0000000000000001 R12: 000000000000009f
[ 1593.391567] R13: 000000000000009f R14: 00007f16a3444ae8 R15: 000000000000009f
[ 1593.391567] FS: 00007f16a346e700(0000) GS:ffff8801ef000000(0000) knlGS:0000000000000000
[ 1593.391567] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 1593.391567] CR2: 00007f16a347d000 CR3: 0000000102ed6000 CR4: 00000000000006a0
[ 1593.391567] DR0: 0000000000696000 DR1: 0000000000696000 DR2: 0000000000000000
[ 1593.391567] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 1593.391567] Stack:
[ 1593.391567] ffffffff8c15f5fa 00007f16a3444ae8 0000000000000082 ffffffff8c27a9c5
[ 1593.391567] ffff8800cb8f3000 000000000000009f 00007f16a3444ae8 ffff880113d91ec8
[ 1593.391567] ffffffff8cb2e853 ffff880113d91ee8 ffffffff8c1c16e4 0000000000000282
[ 1593.391567] Call Trace:
[ 1593.391567] ? SYSC_adjtimex (kernel/time.c:218)
[ 1593.391567] ? context_tracking_user_exit (arch/x86/include/asm/paravirt.h:809 (discriminator 2) kernel/context_tracking.c:182 (discriminator 2))
[ 1593.391567] ? __this_cpu_preempt_check (lib/smp_processor_id.c:63)
[ 1593.391567] ? trace_hardirqs_on_caller (kernel/locking/lockdep.c:2557 kernel/locking/lockdep.c:2599)
[ 1593.391567] ? trace_hardirqs_on (kernel/locking/lockdep.c:2607)
[ 1593.391567] ? syscall_trace_enter (include/linux/context_tracking.h:27 arch/x86/kernel/ptrace.c:1461)
[ 1593.391567] ? tracesys (arch/x86/kernel/entry_64.S:738)
[ 1593.391567] SyS_adjtimex (kernel/time.c:209)
[ 1593.391567] tracesys (arch/x86/kernel/entry_64.S:749)
[ 1593.391567] Code: 82 8c 00 00 00 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 83 e2 3f c1 e9 06 74 4a <4c> 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 4c 89 07 4c 89 4f
[ 1593.391567] RIP copy_user_generic_unrolled (arch/x86/lib/copy_user_64.S:142)
[ 1593.391567] RSP <ffff880113d91e80>
Thanks,
Sasha
reply other threads:[~2014-04-06 14:42 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=534167CF.4060400@oracle.com \
--to=sasha.levin@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=davej@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.