Hello, The following program triggers GPF in gfn_to_rmap: https://gist.githubusercontent.com/dvyukov/6669049830e8786d2cfa0ffec5928186/raw/b7d1ec4dc555146ac0175b5b0aae98c1904299eb/gistfile1.txt On commit 015ed9433be2b476ec7e2e6a9a411a56e3b5b035 (Nov 11). general protection fault: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 29153 Comm: syz-executor Not tainted 4.9.0-rc4+ #49 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff8800387e9700 task.stack: ffff88003c200000 RIP: 0010:[<ffffffff810d1c8c>] [< inline >] search_memslots include/linux/kvm_host.h:913 RIP: 0010:[<ffffffff810d1c8c>] [< inline >] __gfn_to_memslot include/linux/kvm_host.h:928 RIP: 0010:[<ffffffff810d1c8c>] [<ffffffff810d1c8c>] gfn_to_rmap+0x33c/0x400 arch/x86/kvm/mmu.c:1060 RSP: 0018:ffff88003c207538 EFLAGS: 00010283 RAX: dffffc0000000000 RBX: ffffc900074980b8 RCX: ffffc90000535000 RDX: 0000000000000867 RSI: ffffc90007498000 RDI: ffffc900074980c0 RBP: ffff88003c207588 R08: 0000000000000000 R09: 000000000003985d R10: ffffffff84da2600 R11: 1ffff10007840eaa R12: 0000000000000002 R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000 FS: 00007f4da434d700(0000) GS:ffff88003ed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000003d850000 CR4: 00000000000026e0 Stack: 1ffff10000000001 ffffc900074a3408 ffff88003b399008 0000000000000002 ffffc90007498000 ffff88003d087000 ffff880039620040 0000000000000000 ffff88003b399008 ffff8800bd087000 ffff88003c207600 ffffffff810d3dbb Call Trace: [< inline >] rmap_add arch/x86/kvm/mmu.c:1079 [<ffffffff810d3dbb>] mmu_set_spte+0x36b/0x6f0 arch/x86/kvm/mmu.c:2654 [<ffffffff810e3e90>] __direct_map.part.115+0x2a0/0x400 arch/x86/kvm/mmu.c:2759 [< inline >] __direct_map arch/x86/kvm/mmu.c:3586 [<ffffffff810e4a0c>] tdp_page_fault+0x4fc/0x5e0 arch/x86/kvm/mmu.c:3586 [<ffffffff810cd727>] kvm_mmu_page_fault+0xe7/0x200 arch/x86/kvm/mmu.c:4530 [<ffffffff8115a8f6>] handle_ept_violation+0x116/0x480 arch/x86/kvm/vmx.c:6195 [<ffffffff8116bd65>] vmx_handle_exit+0x545/0x34c0 arch/x86/kvm/vmx.c:8494 [< inline >] vcpu_enter_guest arch/x86/kvm/x86.c:6767 [< inline >] vcpu_run arch/x86/kvm/x86.c:6826 [<ffffffff810bae42>] kvm_arch_vcpu_ioctl_run+0x29c2/0x5a90 arch/x86/kvm/x86.c:6984 [<ffffffff81060cee>] kvm_vcpu_ioctl+0x61e/0xdd0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2557 [< inline >] vfs_ioctl fs/ioctl.c:43 [<ffffffff816b03cc>] do_vfs_ioctl+0x18c/0x1040 fs/ioctl.c:679 [< inline >] SYSC_ioctl fs/ioctl.c:694 [<ffffffff816b130f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [<ffffffff831f0dc1>] entry_SYSCALL_64_fastpath+0x1f/0xc2 Code: 89 d8 8b 5d c8 89 45 c8 e8 72 be 38 00 8b 45 c8 89 5d c8 44 8d 60 01 e9 41 fe ff ff e8 5e be 38 00 48 b8 00 00 00 00 00 fc ff df <80> 38 00 75 0f 4c 8b 24 25 00 00 00 00 31 db e9 67 ff ff ff 31 RIP [< inline >] search_memslots include/linux/kvm_host.h:913 RIP [< inline >] __gfn_to_memslot include/linux/kvm_host.h:928 RIP [<ffffffff810d1c8c>] gfn_to_rmap+0x33c/0x400 arch/x86/kvm/mmu.c:1060 RSP <ffff88003c207538> ---[ end trace 531b7f0c43302f3c ]--- Kernel panic - not syncing: Fatal exception Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled reboot: cpu_has_vmx: ecx=80a02021 1 -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
