- Code: Select all
[ 24.902276] PAX: size overflow detected in function virtnet_receive drivers/net/virtio_net.c:354 cicus.799_431 max, count: 117, decl: page_to_s
kb; num: 4; context: fndecl;
[ 24.905374] CPU: 0 PID: 461 Comm: ip Not tainted 4.2.3-grsec-guest #1
[ 24.906690] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 24.908718] 0000000000000000 b8daaf2d35eb05cd 0000000000000000 ffffffff9e4ed970
[ 24.910902] ffffffff9e60f072 ffffffff9e159a55 ffff8800bbbc26a0 ffffffff9e60f0ce
[ 24.913074] 0000000000000001 ffff8800bbbc26a0 ffff8800bbbc2020 ffffffff9e36e39f
[ 24.914952] Call Trace:
[ 24.915511] <IRQ> [<ffffffff9e4ed970>] ? 0xffffffff9e4ed970
[ 24.917080] [<ffffffff9e159a55>] ? 0xffffffff9e159a55
[ 24.918381] [<ffffffff9e36e39f>] ? 0xffffffff9e36e39f
[ 24.919446] [<ffffffff9e13c583>] ? 0xffffffff9e13c583
[ 24.920560] [<ffffffff9e296248>] ? 0xffffffff9e296248
[ 24.921626] [<ffffffff9e36eb93>] ? 0xffffffff9e36eb93
[ 24.922755] [<ffffffff9e3e2a3d>] ? 0xffffffff9e3e2a3d
[ 24.923896] [<ffffffff9e07cc41>] ? 0xffffffff9e07cc41
[ 24.925205] [<ffffffff9e4f390c>] ? 0xffffffff9e4f390c
[ 24.926517] <EOI> [<ffffffff9e07cdb5>] ? 0xffffffff9e07cdb5
[ 24.928211] [<ffffffff9e07ce2b>] ? 0xffffffff9e07ce2b
[ 24.929582] [<ffffffff9e36e15a>] ? 0xffffffff9e36e15a
[ 24.930924] [<ffffffff9e3e3bb4>] ? 0xffffffff9e3e3bb4
[ 24.932191] [<ffffffff9e3e3e3c>] ? 0xffffffff9e3e3e3c
[ 24.933538] [<ffffffff9e3e3ef9>] ? 0xffffffff9e3e3ef9
[ 24.934864] [<ffffffff9e3f2fed>] ? 0xffffffff9e3f2fed
[ 24.936123] [<ffffffff9e3f3d7a>] ? 0xffffffff9e3f3d7a
[ 24.937395] [<ffffffff9e3f3b50>] ? 0xffffffff9e3f3b50
[ 24.938715] [<ffffffff9e3f3b03>] ? 0xffffffff9e3f3b03
[ 24.940097] [<ffffffff9e26f413>] ? 0xffffffff9e26f413
[ 24.941406] [<ffffffff9e3f1d6b>] ? 0xffffffff9e3f1d6b
[ 24.942662] [<ffffffff9e400bd8>] ? 0xffffffff9e400bd8
[ 24.943951] [<ffffffff9e3f1bc1>] ? 0xffffffff9e3f1bc1
[ 24.945205] [<ffffffff9e404787>] ? 0xffffffff9e404787
[ 24.946576] [<ffffffff9e3f1baa>] ? 0xffffffff9e3f1baa
[ 24.947872] [<ffffffff9e402ba4>] ? 0xffffffff9e402ba4
[ 24.949123] [<ffffffff9e403763>] ? 0xffffffff9e403763
[ 24.950499] [<ffffffff9e3c6bc9>] ? 0xffffffff9e3c6bc9
[ 24.951793] [<ffffffff9e3c7dea>] ? 0xffffffff9e3c7dea
[ 24.953048] [<ffffffff9e16cadc>] ? 0xffffffff9e16cadc
[ 24.954319] [<ffffffff9e3c92f4>] ? 0xffffffff9e3c92f4
[ 24.955579] [<ffffffff9e4f20f0>] ? 0xffffffff9e4f20f0
[ 24.956856] [<ffffffff9e4f1ef5>] ? 0xffffffff9e4f1ef5
[ 24.958118] Kernel panic - not syncing: Aiee, killing interrupt handler!
[ 24.959875] Kernel Offset: 0x1d000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 24.960482] ---[ end Kernel panic - not syncing: Aiee, killing interrupt handler!
PAX: size overflow detected in function virtnet_receive
6 posts
• Page 1 of 1
PAX: size overflow detected in function virtnet_receive
by jdoe » Mon Oct 19, 2015 2:11 pm
Using grsecurity-3.1-4.2.3-201510190716.patch on a KVM guest kernel, blows up during boot just after the drives mount.
- jdoe
- Posts: 22
- Joined: Wed Jan 27, 2010 1:47 am
Re: PAX: size overflow detected in function virtnet_receive
by ephox » Mon Oct 19, 2015 4:18 pm
Hi,
Could you please apply this patch and send me the result from dmesg?
Could you please apply this patch and send me the result from dmesg?
- Code: Select all
--- drivers/net/virtio_net.c.orig 2015-10-19 22:36:37.664400965 +0200
+++ drivers/net/virtio_net.c 2015-10-19 22:39:44.548392633 +0200
@@ -351,12 +351,15 @@
struct virtio_net_hdr_mrg_rxbuf *hdr = buf;
u16 num_buf = virtio16_to_cpu(vi->vdev, hdr->num_buffers);
struct page *page = virt_to_head_page(buf);
- int offset = buf - page_address(page);
+ int offset;
unsigned int truesize = max(len, mergeable_ctx_to_buf_truesize(ctx));
+ struct sk_buff *head_skb;
+ struct sk_buff *curr_skb;
- struct sk_buff *head_skb = page_to_skb(vi, rq, page, offset, len,
- truesize);
- struct sk_buff *curr_skb = head_skb;
+ printk(KERN_ERR "PAX overflow: buf: %p page_address(page): %p\n", buf, page_address(page));
+ offset = buf - page_address(page);
+ head_skb = page_to_skb(vi, rq, page, offset, len, truesize);
+ curr_skb = head_skb;
if (unlikely(!curr_skb))
goto err_skb;
- ephox
- Posts: 134
- Joined: Tue Mar 20, 2012 4:36 pm
Re: PAX: size overflow detected in function virtnet_receive
by jdoe » Mon Oct 19, 2015 6:34 pm
It didn't die in the same place this time, I just got a ton of this:
Then a new size_overflow complaint in XFS:
... and then back to more of the debugging messages you had me add, but without a crash. Eventually I gave up and tried to SSH into the machine and got:
What changed that this plugin is suddenly so buggy?
- Code: Select all
[ 24.132975] PAX overflow: buf: ffff8803331d0000 page_address(page): ffff8803331d0000
[ 24.134731] PAX overflow: buf: ffff8803331d0600 page_address(page): ffff8803331d0000
[ 24.136462] PAX overflow: buf: ffff8803331d0c00 page_address(page): ffff8803331d0000
[ 24.138247] PAX overflow: buf: ffff8803331d1200 page_address(page): ffff8803331d0000
[ 24.140043] PAX overflow: buf: ffff8803331d1800 page_address(page): ffff8803331d0000
[ 24.141831] PAX overflow: buf: ffff8803331d1e00 page_address(page): ffff8803331d0000
[ 24.143611] PAX overflow: buf: ffff8803331d2400 page_address(page): ffff8803331d0000
[ 24.143624] PAX overflow: buf: ffff8803331d2a00 page_address(page): ffff8803331d0000
[ 24.143626] PAX overflow: buf: ffff8803331d3000 page_address(page): ffff8803331d0000
[ 24.143627] PAX overflow: buf: ffff8803331d3600 page_address(page): ffff8803331d0000
[ 24.143630] PAX overflow: buf: ffff8803331d3c00 page_address(page): ffff8803331d0000
[ 24.143640] PAX overflow: buf: ffff8803331d4200 page_address(page): ffff8803331d0000
[ 24.143643] PAX overflow: buf: ffff8803331d4800 page_address(page): ffff8803331d0000
[ 24.143644] PAX overflow: buf: ffff8803331d4e00 page_address(page): ffff8803331d0000
[ 24.143656] PAX overflow: buf: ffff8803331d5400 page_address(page): ffff8803331d0000
[ 24.143658] PAX overflow: buf: ffff8803331d5a00 page_address(page): ffff8803331d0000
[ 24.143664] PAX overflow: buf: ffff8803331d6000 page_address(page): ffff8803331d0000
[ 24.143667] PAX overflow: buf: ffff8803331d6600 page_address(page): ffff8803331d0000
[ 24.143669] PAX overflow: buf: ffff8803331d6c00 page_address(page): ffff8803331d0000
[ 24.143671] PAX overflow: buf: ffff8803331d7200 page_address(page): ffff8803331d0000
[ 24.143674] PAX overflow: buf: ffff8803331d7800 page_address(page): ffff8803331d0000
[ 24.143677] PAX overflow: buf: ffff8803331d8000 page_address(page): ffff8803331d8000
[ 24.143678] PAX overflow: buf: ffff8803331d8600 page_address(page): ffff8803331d8000
[ 24.143680] PAX overflow: buf: ffff8803331d8c00 page_address(page): ffff8803331d8000
[ 24.143681] PAX overflow: buf: ffff8803331d9200 page_address(page): ffff8803331d8000
[ 24.143684] PAX overflow: buf: ffff8803331d9800 page_address(page): ffff8803331d8000
[ 24.143686] PAX overflow: buf: ffff8803331d9e00 page_address(page): ffff8803331d8000
[ 24.143688] PAX overflow: buf: ffff8803331da400 page_address(page): ffff8803331d8000
[ 24.143689] PAX overflow: buf: ffff8803331daa00 page_address(page): ffff8803331d8000
[ 24.143690] PAX overflow: buf: ffff8803331db000 page_address(page): ffff8803331d8000
[ 24.143693] PAX overflow: buf: ffff8803331db600 page_address(page): ffff8803331d8000
[ 24.143695] PAX overflow: buf: ffff8803331dbc00 page_address(page): ffff8803331d8000
[ 24.143697] PAX overflow: buf: ffff8803331dc200 page_address(page): ffff8803331d8000
[ 24.143698] PAX overflow: buf: ffff8803331dc800 page_address(page): ffff8803331d8000
[ 24.143701] PAX overflow: buf: ffff8803331dce00 page_address(page): ffff8803331d8000
[ 24.143703] PAX overflow: buf: ffff8803331dd400 page_address(page): ffff8803331d8000
[ 24.143707] PAX overflow: buf: ffff8803331dda00 page_address(page): ffff8803331d8000
[ 24.143710] PAX overflow: buf: ffff8803331de000 page_address(page): ffff8803331d8000
[ 24.143713] PAX overflow: buf: ffff8803331de600 page_address(page): ffff8803331d8000
[ 24.143715] PAX overflow: buf: ffff8803331dec00 page_address(page): ffff8803331d8000
[ 24.143716] PAX overflow: buf: ffff8803331df200 page_address(page): ffff8803331d8000
[ 24.143719] PAX overflow: buf: ffff8803331df800 page_address(page): ffff8803331d8000
[ 24.143725] PAX overflow: buf: ffff8803331e0000 page_address(page): ffff8803331e0000
[ 24.143726] PAX overflow: buf: ffff8803331e0600 page_address(page): ffff8803331e0000
[ 24.143728] PAX overflow: buf: ffff8803331e0c00 page_address(page): ffff8803331e0000
[ 24.143730] PAX overflow: buf: ffff8803331e1200 page_address(page): ffff8803331e0000
[ 24.143732] PAX overflow: buf: ffff8803331e1800 page_address(page): ffff8803331e0000
[ 24.143733] PAX overflow: buf: ffff8803331e1e00 page_address(page): ffff8803331e0000
[ 24.143735] PAX overflow: buf: ffff8803331e2400 page_address(page): ffff8803331e0000
[ 24.143739] PAX overflow: buf: ffff8803331e2a00 page_address(page): ffff8803331e0000
[ 24.143740] PAX overflow: buf: ffff8803331e3000 page_address(page): ffff8803331e0000
[ 24.143741] PAX overflow: buf: ffff8803331e3600 page_address(page): ffff8803331e0000
[ 24.143746] PAX overflow: buf: ffff8803331e3c00 page_address(page): ffff8803331e0000
[ 24.143747] PAX overflow: buf: ffff8803331e4200 page_address(page): ffff8803331e0000
[ 24.143750] PAX overflow: buf: ffff8803331e4800 page_address(page): ffff8803331e0000
[ 24.143751] PAX overflow: buf: ffff8803331e4e00 page_address(page): ffff8803331e0000
[ 24.143754] PAX overflow: buf: ffff8803331e5400 page_address(page): ffff8803331e0000
[ 24.143755] PAX overflow: buf: ffff8803331e5a00 page_address(page): ffff8803331e0000
[ 24.143757] PAX overflow: buf: ffff8803331e6000 page_address(page): ffff8803331e0000
[ 24.143758] PAX overflow: buf: ffff8803331e6600 page_address(page): ffff8803331e0000
[ 24.143760] PAX overflow: buf: ffff8803331e6c00 page_address(page): ffff8803331e0000
[ 24.143763] PAX overflow: buf: ffff8803331e7200 page_address(page): ffff8803331e0000
[ 24.143766] PAX overflow: buf: ffff8803331e7800 page_address(page): ffff8803331e0000
[ 24.143769] PAX overflow: buf: ffff8803331e8000 page_address(page): ffff8803331e8000
[ 24.143778] PAX overflow: buf: ffff8803331e8600 page_address(page): ffff8803331e8000
[ 24.143783] PAX overflow: buf: ffff8803331e8c00 page_address(page): ffff8803331e8000
[ 24.143783] PAX overflow: buf: ffff8803331e8c00 page_address(page): ffff8803331e8000
[ 24.143788] PAX overflow: buf: ffff8803331e9200 page_address(page): ffff8803331e8000
[ 24.143795] PAX overflow: buf: ffff8803331e9800 page_address(page): ffff8803331e8000
[ 24.143798] PAX overflow: buf: ffff8803331e9e00 page_address(page): ffff8803331e8000
[ 24.143801] PAX overflow: buf: ffff8803331ea400 page_address(page): ffff8803331e8000
[ 24.143803] PAX overflow: buf: ffff8803331eaa00 page_address(page): ffff8803331e8000
[ 24.143804] PAX overflow: buf: ffff8803331eb000 page_address(page): ffff8803331e8000
[ 24.143807] PAX overflow: buf: ffff8803331eb600 page_address(page): ffff8803331e8000
[ 24.143807] PAX overflow: buf: ffff8803331ebc00 page_address(page): ffff8803331e8000
[ 24.143811] PAX overflow: buf: ffff8803331ec200 page_address(page): ffff8803331e8000
[ 24.143812] PAX overflow: buf: ffff8803331ec800 page_address(page): ffff8803331e8000
[ 24.143815] PAX overflow: buf: ffff8803331ece00 page_address(page): ffff8803331e8000
[ 24.143817] PAX overflow: buf: ffff8803331ed400 page_address(page): ffff8803331e8000
[ 24.143818] PAX overflow: buf: ffff8803331eda00 page_address(page): ffff8803331e8000
[ 24.143822] PAX overflow: buf: ffff8803331ee000 page_address(page): ffff8803331e8000
[ 24.143823] PAX overflow: buf: ffff8803331ee600 page_address(page): ffff8803331e8000
[ 24.143826] PAX overflow: buf: ffff8803331eec00 page_address(page): ffff8803331e8000
[ 24.143828] PAX overflow: buf: ffff8803331ef200 page_address(page): ffff8803331e8000
[ 24.363496] PAX overflow: buf: ffff8803331ef800 page_address(page): ffff8803331e8000
[ 24.434108] PAX overflow: buf: ffff8803331f0000 page_address(page): ffff8803331f0000
[ 24.436418] PAX overflow: buf: ffff8803331f0600 page_address(page): ffff8803331f0000
[ 24.454080] PAX overflow: buf: ffff8800bb058000 page_address(page): ffff8800bb058000
Then a new size_overflow complaint in XFS:
- Code: Select all
[ 24.649868] PAX: size overflow detected in function xfs_bmbt_set_allf fs/xfs/libxfs/xfs_bmap_btree.c:218 cicus.206_22 max, count: 13, decl: l1; num: 0; context: xfs_bmbt_rec_host;
[ 24.653832] CPU: 1 PID: 585 Comm: rs:main Q:Reg Not tainted 4.2.3-grsec-guest #3
[ 24.655479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 24.657723] 0000000000000001 5858ac999fcdc3e8 0000000000000000 ffffffffb14ed990
[ 24.659917] ffffffffb15c5880 ffffffffb1159a55 0000000800000141 ffffffffb15c58b1
[ 24.662255] ffffffc000a0000e ffff8800374107b8 0000000000000022 ffffffffb11d036d
[ 24.664556] Call Trace:
[ 24.665352] [<ffffffffb14ed990>] ? 0xffffffffb14ed990
[ 24.666718] [<ffffffffb1159a55>] ? 0xffffffffb1159a55
[ 24.668174] [<ffffffffb11d036d>] ? 0xffffffffb11d036d
[ 24.669696] [<ffffffffb11ebdbd>] ? 0xffffffffb11ebdbd
[ 24.670856] [<ffffffffb11c8f67>] ? 0xffffffffb11c8f67
[ 24.672035] [<ffffffffb11ea74e>] ? 0xffffffffb11ea74e
[ 24.673106] [<ffffffffb12a19a3>] ? 0xffffffffb12a19a3
[ 24.674166] [<ffffffffb11caa8b>] ? 0xffffffffb11caa8b
[ 24.675224] [<ffffffffb11ce661>] ? 0xffffffffb11ce661
[ 24.676286] [<ffffffffb120387a>] ? 0xffffffffb120387a
[ 24.677346] [<ffffffffb11f09d0>] ? 0xffffffffb11f09d0
[ 24.678527] [<ffffffffb1181b4f>] ? 0xffffffffb1181b4f
[ 24.679609] [<ffffffffb11f0c79>] ? 0xffffffffb11f0c79
[ 24.680721] [<ffffffffb11efe80>] ? 0xffffffffb11efe80
[ 24.681906] [<ffffffffb103da64>] ? 0xffffffffb103da64
[ 24.683541] [<ffffffffb10f7618>] ? 0xffffffffb10f7618
[ 24.685083] [<ffffffffb11fc8c2>] ? 0xffffffffb11fc8c2
[ 24.686583] [<ffffffffb11fcaa6>] ? 0xffffffffb11fcaa6
[ 24.688130] [<ffffffffb1151f9c>] ? 0xffffffffb1151f9c
[ 24.689811] [<ffffffffb11521be>] ? 0xffffffffb11521be
[ 24.691556] [<ffffffffb116d354>] ? 0xffffffffb116d354
[ 24.693075] [<ffffffffb1152315>] ? 0xffffffffb1152315
[ 24.694758] [<ffffffffb14f2130>] ? 0xffffffffb14f2130
... and then back to more of the debugging messages you had me add, but without a crash. Eventually I gave up and tried to SSH into the machine and got:
- Code: Select all
[ 251.153619] PAX overflow: buf: ffff880330afda00 page_address(page): ffff880330af8000
[ 251.582610] PAX overflow: buf: ffff880330a2da00 page_address(page): ffff880330a28000
[ 251.865668] PAX overflow: buf: ffff880332535400 page_address(page): ffff880332530000
[ 252.416880] PAX overflow: buf: ffff880330b7e000 page_address(page): ffff880330b78000
[ 252.417065] PAX overflow: buf: ffff880330a2e000 page_address(page): ffff880330a28000
[ 254.834767] PAX overflow: buf: ffff880333215a00 page_address(page): ffff880333210000
[ 255.532008] PAX overflow: buf: ffff8800bb05f200 page_address(page): ffff8800bb058000
[ 255.534697] PAX overflow: buf: ffff8800bb05f800 page_address(page): ffff8800bb058000
[ 255.537067] PAX overflow: buf: ffff8800bb060000 page_address(page): ffff8800bb060000
[ 255.569472] PAX overflow: buf: ffff8800bb0d4e00 page_address(page): ffff8800bb0d0000
[ 255.571729] PAX overflow: buf: ffff8800bb0d5400 page_address(page): ffff8800bb0d0000
[ 255.573628] PAX: size overflow detected in function virtnet_receive drivers/net/virtio_net.c:403 cicus.759_391 max, count: 89, decl: skb_add_rx_frag; num: 4; context: fndecl;
[ 255.577512] CPU: 4 PID: 609 Comm: sshd Not tainted 4.2.3-grsec-guest #3
[ 255.579111] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 255.581564] 0000000000000004 226b73bfeb0f4550 0000000000000000 ffffffffb14ed990
[ 255.583772] ffffffffb160f072 ffffffffb1159a55 ffff8800bba65ee0 ffffffffb160f357
[ 255.586027] 0000000000000001 ffff8800bba65ee0 ffff8800bba65860 ffffffffb136e3b9
[ 255.588195] Call Trace:
[ 255.588789] <IRQ> [<ffffffffb14ed990>] ? 0xffffffffb14ed990
[ 255.590301] [<ffffffffb1159a55>] ? 0xffffffffb1159a55
[ 255.591534] [<ffffffffb136e3b9>] ? 0xffffffffb136e3b9
[ 255.592676] [<ffffffffb136ebb7>] ? 0xffffffffb136ebb7
[ 255.593798] [<ffffffffb13e2a61>] ? 0xffffffffb13e2a61
[ 255.594937] [<ffffffffb107cc41>] ? 0xffffffffb107cc41
[ 255.596113] [<ffffffffb107ceee>] ? 0xffffffffb107ceee
[ 255.597223] [<ffffffffb1004113>] ? 0xffffffffb1004113
[ 255.598366] [<ffffffffb14f2c9a>] ? 0xffffffffb14f2c9a
[ 255.599504] <EOI> [<ffffffffb1032823>] ? 0xffffffffb1032823
[ 255.600882] [<ffffffffb10327cc>] ? 0xffffffffb10327cc
[ 255.602114] [<ffffffffb1032e84>] ? 0xffffffffb1032e84
[ 255.603256] [<ffffffffb10327f6>] ? 0xffffffffb10327f6
[ 255.604366] [<ffffffffb103290f>] ? 0xffffffffb103290f
[ 255.605524] [<ffffffffb1117a6e>] ? 0xffffffffb1117a6e
[ 255.606669] [<ffffffffb11190ec>] ? 0xffffffffb11190ec
[ 255.607971] [<ffffffffb111a8d8>] ? 0xffffffffb111a8d8
[ 255.609158] [<ffffffffb128173e>] ? 0xffffffffb128173e
[ 255.610285] [<ffffffffb113bb34>] ? 0xffffffffb113bb34
[ 255.611610] [<ffffffffb1114c51>] ? 0xffffffffb1114c51
[ 255.612738] [<ffffffffb1078883>] ? 0xffffffffb1078883
[ 255.613952] [<ffffffffb1079273>] ? 0xffffffffb1079273
[ 255.615100] [<ffffffffb14f2130>] ? 0xffffffffb14f2130
[ 255.616210] Kernel panic - not syncing: Aiee, killing interrupt handler!
[ 255.617836] Kernel Offset: 0x30000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 255.620249] ---[ end Kernel panic - not syncing: Aiee, killing interrupt handler!
What changed that this plugin is suddenly so buggy?
- jdoe
- Posts: 22
- Joined: Wed Jan 27, 2010 1:47 am
Re: PAX: size overflow detected in function virtnet_receive
by ephox » Mon Oct 19, 2015 6:57 pm
jdoe wrote:What changed that this plugin is suddenly so buggy?
The new features are tracking structure fields and global vars (see the changelog) which found a lot of real bugs.
Could you please apply this patch and send me the results:
- Code: Select all
--- fs/xfs/libxfs/xfs_bmap_btree.c.orig 2015-10-20 01:15:07.459976978 +0200
+++ fs/xfs/libxfs/xfs_bmap_btree.c 2015-10-20 01:18:15.295968603 +0200
@@ -215,6 +215,7 @@
r->l0 = ((xfs_bmbt_rec_base_t)extent_flag << 63) |
((xfs_bmbt_rec_base_t)startoff << 9) |
((xfs_bmbt_rec_base_t)startblock >> 43);
+ printk(KERN_ERR "PAX xfs overflow %lx\n", startblock);
r->l1 = ((xfs_bmbt_rec_base_t)startblock << 21) |
((xfs_bmbt_rec_base_t)blockcount &
(xfs_bmbt_rec_base_t)xfs_mask64lo(21));
--- drivers/net/virtio_net.c.orig 2015-10-19 22:36:37.664400965 +0200
+++ drivers/net/virtio_net.c 2015-10-20 01:19:25.847965458 +0200
@@ -351,12 +351,15 @@
struct virtio_net_hdr_mrg_rxbuf *hdr = buf;
u16 num_buf = virtio16_to_cpu(vi->vdev, hdr->num_buffers);
struct page *page = virt_to_head_page(buf);
- int offset = buf - page_address(page);
+ int offset;
unsigned int truesize = max(len, mergeable_ctx_to_buf_truesize(ctx));
+ struct sk_buff *head_skb;
+ struct sk_buff *curr_skb;
- struct sk_buff *head_skb = page_to_skb(vi, rq, page, offset, len,
- truesize);
- struct sk_buff *curr_skb = head_skb;
+ printk(KERN_ERR "PAX overflow 1: buf: %p page_address(page): %p\n", buf, page_address(page));
+ offset = buf - page_address(page);
+ head_skb = page_to_skb(vi, rq, page, offset, len, truesize);
+ curr_skb = head_skb;
if (unlikely(!curr_skb))
goto err_skb;
@@ -396,6 +399,7 @@
head_skb->len += len;
head_skb->truesize += truesize;
}
+ printk(KERN_ERR "PAX overflow 2: buf: %p page_address(page): %p\n", buf, page_address(page));
offset = buf - page_address(page);
if (skb_can_coalesce(curr_skb, num_skb_frags, page, offset)) {
put_page(page);
- ephox
- Posts: 134
- Joined: Tue Mar 20, 2012 4:36 pm
Re: PAX: size overflow detected in function virtnet_receive
by jdoe » Fri Oct 23, 2015 7:31 pm
I have updated to the grsecurity-3.1-4.2.4-201510222059 patch.
... and so on.
Those happen sporadically:
and
There also seems to be something going on with xfs_bmbt_set_startblock:
I have not been able to reproduce the virtnet issue since updating, but I will leave this running and see what happens.
- Code: Select all
[ 24.045821] XFS (vda1): Ending clean mount
[ 24.280906] PAX overflow 1: buf: ffff8803331f8000 page_address(page): ffff8803331f8000
[ 24.282844] PAX overflow 1: buf: ffff8803331f8600 page_address(page): ffff8803331f8000
[ 24.284835] PAX overflow 1: buf: ffff8803331f8c00 page_address(page): ffff8803331f8000
[ 24.286521] PAX overflow 1: buf: ffff8803331f9200 page_address(page): ffff8803331f8000
[ 24.286523] PAX overflow 1: buf: ffff8803331f9800 page_address(page): ffff8803331f8000
[ 24.286525] PAX overflow 1: buf: ffff8803331f9e00 page_address(page): ffff8803331f8000
[ 24.286527] PAX overflow 1: buf: ffff8803331fa400 page_address(page): ffff8803331f8000
[ 24.286536] PAX overflow 1: buf: ffff8803331faa00 page_address(page): ffff8803331f8000
[ 24.286544] PAX overflow 1: buf: ffff8803331fb000 page_address(page): ffff8803331f8000
[ 24.286548] PAX overflow 1: buf: ffff8803331fb600 page_address(page): ffff8803331f8000
[ 24.286551] PAX overflow 1: buf: ffff8803331fbc00 page_address(page): ffff8803331f8000
[ 24.286554] PAX overflow 1: buf: ffff8803331fc200 page_address(page): ffff8803331f8000
[ 24.286557] PAX overflow 1: buf: ffff8803331fc800 page_address(page): ffff8803331f8000
[ 24.286563] PAX overflow 1: buf: ffff8803331fce00 page_address(page): ffff8803331f8000
[ 24.286568] PAX overflow 1: buf: ffff8803331fd400 page_address(page): ffff8803331f8000
[ 24.286573] PAX overflow 1: buf: ffff8803331fda00 page_address(page): ffff8803331f8000
[ 24.286578] PAX overflow 1: buf: ffff8803331fe000 page_address(page): ffff8803331f8000
[ 24.286580] PAX overflow 1: buf: ffff8803331fe600 page_address(page): ffff8803331f8000
[ 24.286585] PAX overflow 1: buf: ffff8803331fec00 page_address(page): ffff8803331f8000
[ 24.286590] PAX overflow 1: buf: ffff8803331ff200 page_address(page): ffff8803331f8000
[ 24.286592] PAX overflow 1: buf: ffff8803331ff800 page_address(page): ffff8803331f8000
[ 24.286599] PAX overflow 1: buf: ffff880333200000 page_address(page): ffff880333200000
[ 24.286601] PAX overflow 1: buf: ffff880333200600 page_address(page): ffff880333200000
[ 24.286605] PAX overflow 1: buf: ffff880333200c00 page_address(page): ffff880333200000
[ 24.286610] PAX overflow 1: buf: ffff880333201200 page_address(page): ffff880333200000
[ 24.286611] PAX overflow 1: buf: ffff880333201800 page_address(page): ffff880333200000
[ 24.286617] PAX overflow 1: buf: ffff880333201e00 page_address(page): ffff880333200000
[ 24.286619] PAX overflow 1: buf: ffff880333202400 page_address(page): ffff880333200000
[ 24.286624] PAX overflow 1: buf: ffff880333202a00 page_address(page): ffff880333200000
[ 24.286626] PAX overflow 1: buf: ffff880333203000 page_address(page): ffff880333200000
[ 24.286630] PAX overflow 1: buf: ffff880333203600 page_address(page): ffff880333200000
[ 24.286634] PAX overflow 1: buf: ffff880333203c00 page_address(page): ffff880333200000
[ 24.286638] PAX overflow 1: buf: ffff880333204200 page_address(page): ffff880333200000
[ 24.286640] PAX overflow 1: buf: ffff880333204800 page_address(page): ffff880333200000
[ 24.286644] PAX overflow 1: buf: ffff880333204e00 page_address(page): ffff880333200000
[ 24.286648] PAX overflow 1: buf: ffff880333205400 page_address(page): ffff880333200000
[ 24.286652] PAX overflow 1: buf: ffff880333205a00 page_address(page): ffff880333200000
[ 24.286657] PAX overflow 1: buf: ffff880333206000 page_address(page): ffff880333200000
[ 24.286661] PAX overflow 1: buf: ffff880333206600 page_address(page): ffff880333200000
[ 24.286663] PAX overflow 1: buf: ffff880333206c00 page_address(page): ffff880333200000
[ 24.286664] PAX overflow 1: buf: ffff880333207200 page_address(page): ffff880333200000
[ 24.286669] PAX overflow 1: buf: ffff880333207800 page_address(page): ffff880333200000
[ 24.286672] PAX overflow 1: buf: ffff880333208000 page_address(page): ffff880333208000
[ 24.286678] PAX overflow 1: buf: ffff880333208600 page_address(page): ffff880333208000
[ 24.286683] PAX overflow 1: buf: ffff880333208c00 page_address(page): ffff880333208000
[ 24.286688] PAX overflow 1: buf: ffff880333209200 page_address(page): ffff880333208000
[ 24.286690] PAX overflow 1: buf: ffff880333209800 page_address(page): ffff880333208000
[ 24.286691] PAX overflow 1: buf: ffff880333209e00 page_address(page): ffff880333208000
[ 24.286696] PAX overflow 1: buf: ffff88033320a400 page_address(page): ffff880333208000
[ 24.286700] PAX overflow 1: buf: ffff88033320aa00 page_address(page): ffff880333208000
[ 24.286702] PAX overflow 1: buf: ffff88033320b000 page_address(page): ffff880333208000
[ 24.286704] PAX overflow 1: buf: ffff88033320b600 page_address(page): ffff880333208000
[ 24.286708] PAX overflow 1: buf: ffff88033320bc00 page_address(page): ffff880333208000
[ 24.286710] PAX overflow 1: buf: ffff88033320c200 page_address(page): ffff880333208000
[ 24.286714] PAX overflow 1: buf: ffff88033320c800 page_address(page): ffff880333208000
[ 24.286719] PAX overflow 1: buf: ffff88033320ce00 page_address(page): ffff880333208000
[ 24.286720] PAX overflow 1: buf: ffff88033320d400 page_address(page): ffff880333208000
[ 24.286722] PAX overflow 1: buf: ffff88033320da00 page_address(page): ffff880333208000
[ 24.286726] PAX overflow 1: buf: ffff88033320e000 page_address(page): ffff880333208000
[ 24.286730] PAX overflow 1: buf: ffff88033320e600 page_address(page): ffff880333208000
[ 24.286735] PAX overflow 1: buf: ffff88033320ec00 page_address(page): ffff880333208000
[ 24.286741] PAX overflow 1: buf: ffff88033320f200 page_address(page): ffff880333208000
[ 24.286742] PAX overflow 1: buf: ffff88033320f800 page_address(page): ffff880333208000
[ 24.286750] PAX overflow 1: buf: ffff880333210000 page_address(page): ffff880333210000
[ 24.286755] PAX overflow 1: buf: ffff880333210600 page_address(page): ffff880333210000
[ 24.286759] PAX overflow 1: buf: ffff880333210c00 page_address(page): ffff880333210000
[ 24.286761] PAX overflow 1: buf: ffff880333211200 page_address(page): ffff880333210000
[ 24.286766] PAX overflow 1: buf: ffff880333211800 page_address(page): ffff880333210000
[ 24.286770] PAX overflow 1: buf: ffff880333211e00 page_address(page): ffff880333210000
[ 24.286772] PAX overflow 1: buf: ffff880333212400 page_address(page): ffff880333210000
[ 24.286773] PAX overflow 1: buf: ffff880333212a00 page_address(page): ffff880333210000
[ 24.286778] PAX overflow 1: buf: ffff880333213000 page_address(page): ffff880333210000
[ 24.286782] PAX overflow 1: buf: ffff880333213600 page_address(page): ffff880333210000
[ 24.286788] PAX overflow 1: buf: ffff880333213c00 page_address(page): ffff880333210000
[ 24.286790] PAX overflow 1: buf: ffff880333214200 page_address(page): ffff880333210000
[ 24.286794] PAX overflow 1: buf: ffff880333214800 page_address(page): ffff880333210000
[ 24.286796] PAX overflow 1: buf: ffff880333214e00 page_address(page): ffff880333210000
[ 24.286798] PAX overflow 1: buf: ffff880333215400 page_address(page): ffff880333210000
[ 24.286803] PAX overflow 1: buf: ffff880333215a00 page_address(page): ffff880333210000
[ 24.523266] PAX xfs overflow 1004a8
[ 24.760474] PAX overflow 1: buf: ffff880333216000 page_address(page): ffff880333210000
[ 25.160072] PAX overflow 1: buf: ffff88032fbb8000 page_address(page): ffff88032fbb8000
[ 25.318780] PAX xfs overflow ffffffffe0005
[ 25.319906] PAX: size overflow detected in function xfs_bmbt_set_allf fs/xfs/libxfs/xfs_bmap_btree.c:219 cicus.206_23 max, count: 13, decl: l1; num:
0; context: xfs_bmbt_rec_host;
[ 25.323844] CPU: 6 PID: 597 Comm: rs:main Q:Reg Not tainted 4.2.4-grsec-guest #1
[ 25.325469] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 25.327697] 0000000000000006 05a8314428650a79 0000000000000000 ffffffffa75050fa
[ 25.329800] ffffffc000a00003 ffffffffa71d6257 ffffc900041bb7e8 0000000028650a79
[ 25.331938] ffffc900041bb840 0000000000000004 0000000000000004 ffff88017fb2a240
[ 25.333968] Call Trace:
[ 25.334557] [<ffffffffa75050fa>] ? 0xffffffffa75050fa
[ 25.335848] [<ffffffffa71d6257>] ? 0xffffffffa71d6257
[ 25.337083] [<ffffffffa71f2ce4>] ? 0xffffffffa71f2ce4
[ 25.338257] [<ffffffffa71ce49e>] ? 0xffffffffa71ce49e
[ 25.339376] [<ffffffffa71f1526>] ? 0xffffffffa71f1526
[ 25.340506] [<ffffffffa72adf4d>] ? 0xffffffffa72adf4d
[ 25.341672] [<ffffffffa71d02a7>] ? 0xffffffffa71d02a7
[ 25.342792] [<ffffffffa71d43ce>] ? 0xffffffffa71d43ce
[ 25.344018] [<ffffffffa720b852>] ? 0xffffffffa720b852
[ 25.345303] [<ffffffffa71f7b63>] ? 0xffffffffa71f7b63
[ 25.346453] [<ffffffffa71858b1>] ? 0xffffffffa71858b1
[ 25.347703] [<ffffffffa71f7f66>] ? 0xffffffffa71f7f66
[ 25.348855] [<ffffffffa71f6ee2>] ? 0xffffffffa71f6ee2
[ 25.349984] [<ffffffffa703e14d>] ? 0xffffffffa703e14d
[ 25.351423] [<ffffffffa70f8e97>] ? 0xffffffffa70f8e97
[ 25.352912] [<ffffffffa72046d6>] ? 0xffffffffa72046d6
[ 25.354016] [<ffffffffa72048e4>] ? 0xffffffffa72048e4
[ 25.355141] [<ffffffffa715522e>] ? 0xffffffffa715522e
[ 25.356358] [<ffffffffa715544b>] ? 0xffffffffa715544b
[ 25.357513] [<ffffffffa7170b4e>] ? 0xffffffffa7170b4e
[ 25.358619] [<ffffffffa715559c>] ? 0xffffffffa715559c
[ 25.359707] [<ffffffffa75098b0>] ? 0xffffffffa75098b0
[ 25.377019] PAX xfs overflow ffffffffe0005
[ 25.377710] PAX: size overflow detected in function xfs_bmbt_set_allf fs/xfs/libxfs/xfs_bmap_btree.c:219 cicus.206_23 max, count: 13, decl: l1; num:
0; context: xfs_bmbt_rec_host;
[ 25.380187] CPU: 6 PID: 597 Comm: rs:main Q:Reg Not tainted 4.2.4-grsec-guest #1 [30/1606]
[ 25.381331] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 25.384132] 0000000000000006 05a8314428650a79 0000000000000000 ffffffffa75050fa
[ 25.386543] ffffffc000a00002 ffffffffa71d6257 ffffc900041bb7a8 0000000028650a79
[ 25.388867] ffffc900041bb800 0000000000000008 0000000000000008 ffff88017fb2aac0
[ 25.391109] Call Trace:
[ 25.391750] [<ffffffffa75050fa>] ? 0xffffffffa75050fa
[ 25.392825] [<ffffffffa71d6257>] ? 0xffffffffa71d6257
[ 25.393889] [<ffffffffa71f2ce4>] ? 0xffffffffa71f2ce4
[ 25.395041] [<ffffffffa71ce49e>] ? 0xffffffffa71ce49e
[ 25.396103] [<ffffffffa71f1526>] ? 0xffffffffa71f1526
[ 25.397165] [<ffffffffa72adf4d>] ? 0xffffffffa72adf4d
[ 25.398225] [<ffffffffa71d02a7>] ? 0xffffffffa71d02a7
[ 25.399294] [<ffffffffa71d43ce>] ? 0xffffffffa71d43ce
[ 25.400592] [<ffffffffa720b852>] ? 0xffffffffa720b852
[ 25.401964] [<ffffffffa71f7b63>] ? 0xffffffffa71f7b63
[ 25.403284] PAX overflow 1: buf: ffff880333216600 page_address(page): ffff880333210000
[ 25.405287] [<ffffffffa71858b1>] ? 0xffffffffa71858b1
[ 25.405884] PAX overflow 1: buf: ffff8803307b0000 page_address(page): ffff8803307b0000
[ 25.408567] [<ffffffffa71f7f66>] ? 0xffffffffa71f7f66
[ 25.409818] [<ffffffffa71f6ee2>] ? 0xffffffffa71f6ee2
[ 25.411289] [<ffffffffa703e14d>] ? 0xffffffffa703e14d
[ 25.412663] [<ffffffffa70f8e97>] ? 0xffffffffa70f8e97
[ 25.414072] [<ffffffffa72046d6>] ? 0xffffffffa72046d6
[ 25.415445] [<ffffffffa72048e4>] ? 0xffffffffa72048e4
[ 25.416820] [<ffffffffa715522e>] ? 0xffffffffa715522e
[ 25.418090] [<ffffffffa715544b>] ? 0xffffffffa715544b
[ 25.419392] [<ffffffffa7170b4e>] ? 0xffffffffa7170b4e
[ 25.420832] [<ffffffffa715559c>] ? 0xffffffffa715559c
[ 25.422120] [<ffffffffa75098b0>] ? 0xffffffffa75098b0
[ 25.424132] PAX xfs overflow ffffffffe0005
[ 25.425371] PAX: size overflow detected in function xfs_bmbt_set_allf fs/xfs/libxfs/xfs_bmap_btree.c:219 cicus.206_23 max, count: 13, decl: l1; num:
0; context: xfs_bmbt_rec_host;
[ 25.429327] CPU: 6 PID: 597 Comm: rs:main Q:Reg Not tainted 4.2.4-grsec-guest #1
[ 25.431218] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 25.434359] 0000000000000006 05a8314428650a79 0000000000000000 ffffffffa75050fa
[ 25.436749] ffffffc000a00001 ffffffffa71d6257 ffffffffffff4111 0000000028650a79
[ 25.439190] ffffffffffff4111 0000000000000006 0000000000000006 ffff88017fb29580
[ 25.442020] Call Trace:
[ 25.442672] [<ffffffffa75050fa>] ? 0xffffffffa75050fa
[ 25.443875] [<ffffffffa71d6257>] ? 0xffffffffa71d6257
[ 25.445455] [<ffffffffa71f2ce4>] ? 0xffffffffa71f2ce4
[ 25.446732] [<ffffffffa71ce49e>] ? 0xffffffffa71ce49e
[ 25.448025] [<ffffffffa71f1526>] ? 0xffffffffa71f1526
[ 25.449208] [<ffffffffa72adf4d>] ? 0xffffffffa72adf4d
[ 25.451130] [<ffffffffa71d02a7>] ? 0xffffffffa71d02a7
[ 25.452592] [<ffffffffa71d43ce>] ? 0xffffffffa71d43ce
[ 25.453809] [<ffffffffa720b852>] ? 0xffffffffa720b852
[ 25.455415] [<ffffffffa71f7b63>] ? 0xffffffffa71f7b63
[ 25.456724] [<ffffffffa71858b1>] ? 0xffffffffa71858b1
[ 25.457975] [<ffffffffa71f7f66>] ? 0xffffffffa71f7f66
[ 25.459625] [<ffffffffa71f6ee2>] ? 0xffffffffa71f6ee2
[ 25.460836] [<ffffffffa703e14d>] ? 0xffffffffa703e14d
[ 25.462321] [<ffffffffa70f8e97>] ? 0xffffffffa70f8e97
[ 25.463504] [<ffffffffa72046d6>] ? 0xffffffffa72046d6
[ 25.464884] [<ffffffffa72048e4>] ? 0xffffffffa72048e4
[ 25.466596] [<ffffffffa715522e>] ? 0xffffffffa715522e
[ 25.467801] [<ffffffffa715544b>] ? 0xffffffffa715544b
[ 25.469096] [<ffffffffa7170b4e>] ? 0xffffffffa7170b4e
[ 25.470421] [<ffffffffa715559c>] ? 0xffffffffa715559c
[ 25.471752] [<ffffffffa75098b0>] ? 0xffffffffa75098b0
[ 25.473114] [<ffffffffa75098e7>] ? 0xffffffffa75098e7
[ 25.511700] PAX xfs overflow ffffffffe0005
[ 25.513430] PAX xfs overflow ffffffffe0005
[ 25.940863] PAX overflow 1: buf: ffff880333216c00 page_address(page): ffff880333210000
[ 25.950168] PAX overflow 1: buf: ffff880333217200 page_address(page): ffff880333210000
[ 25.953056] PAX overflow 1: buf: ffff8803306d0000 page_address(page): ffff8803306d0000
... and so on.
Those happen sporadically:
- Code: Select all
[ 154.875124] PAX overflow 1: buf: ffff880332635400 page_address(page): ffff880332630000
[ 154.877690] PAX overflow 1: buf: ffff880333228600 page_address(page): ffff880333228000
[ 154.977722] PAX overflow 1: buf: ffff880330753000 page_address(page): ffff880330750000
[ 155.050768] PAX overflow 1: buf: ffff88033ff12a00 page_address(page): ffff88033ff10000
[ 155.052563] PAX xfs overflow ffffffffe0005
[ 155.053457] PAX: size overflow detected in function xfs_bmbt_set_allf fs/xfs/libxfs/xfs_bmap_btree.c:219 cicus.206_23 max, count: 13, decl: l1; num:
0; context: xfs_bmbt_rec_host;
[ 155.056647] CPU: 6 PID: 597 Comm: rs:main Q:Reg Not tainted 4.2.4-grsec-guest #1
[ 155.058147] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 155.060193] 0000000000000006 05a8314428650a79 0000000000000000 ffffffffa75050fa
[ 155.062157] ffffffc000a00010 ffffffffa71d6257 ffffc900041bb7a8 0000000028650a79
[ 155.064029] ffffc900041bb800 0000000000000007 0000000000000007 ffff88017fb29580
[ 155.065901] Call Trace:
[ 155.066462] [<ffffffffa75050fa>] ? 0xffffffffa75050fa
[ 155.067530] [<ffffffffa71d6257>] ? 0xffffffffa71d6257
[ 155.068597] [<ffffffffa71f2ce4>] ? 0xffffffffa71f2ce4
[ 155.069665] [<ffffffffa71ce49e>] ? 0xffffffffa71ce49e
[ 155.070748] [<ffffffffa71f1526>] ? 0xffffffffa71f1526
[ 155.071936] [<ffffffffa72adf4d>] ? 0xffffffffa72adf4d
[ 155.073002] [<ffffffffa71d02a7>] ? 0xffffffffa71d02a7
[ 155.074069] [<ffffffffa71d43ce>] ? 0xffffffffa71d43ce
[ 155.075136] [<ffffffffa720b852>] ? 0xffffffffa720b852
[ 155.076202] [<ffffffffa71f7b63>] ? 0xffffffffa71f7b63
[ 155.077269] [<ffffffffa71858b1>] ? 0xffffffffa71858b1
[ 155.078336] [<ffffffffa71f7f66>] ? 0xffffffffa71f7f66
[ 155.079402] [<ffffffffa71f6ee2>] ? 0xffffffffa71f6ee2
[ 155.080556] [<ffffffffa703e14d>] ? 0xffffffffa703e14d
[ 155.081740] [<ffffffffa70f8e97>] ? 0xffffffffa70f8e97
[ 155.082811] [<ffffffffa72046d6>] ? 0xffffffffa72046d6
[ 155.083877] [<ffffffffa72048e4>] ? 0xffffffffa72048e4
[ 155.084975] [<ffffffffa715522e>] ? 0xffffffffa715522e
[ 155.086045] [<ffffffffa715544b>] ? 0xffffffffa715544b
[ 155.087114] [<ffffffffa7170b4e>] ? 0xffffffffa7170b4e
[ 155.088181] [<ffffffffa715559c>] ? 0xffffffffa715559c
[ 155.089250] [<ffffffffa75098b0>] ? 0xffffffffa75098b0
[ 155.090332] [<ffffffffa75098e7>] ? 0xffffffffa75098e7
[ 155.091529] [<ffffffffa75098e7>] ? 0xffffffffa75098e7
[ 155.417308] PAX overflow 1: buf: ffff880332635a00 page_address(page): ffff880332630000
[ 155.526751] PAX overflow 1: buf: ffff88032f75f800 page_address(page): ffff88032f758000
[ 155.645199] PAX overflow 1: buf: ffff88033ff13000 page_address(page): ffff88033ff10000
[ 156.052824] PAX overflow 1: buf: ffff8800bb86aa00 page_address(page): ffff8800bb868000
and
- Code: Select all
[ 275.176051] PAX overflow 1: buf: ffff88032fed4800 page_address(page): ffff88032fed0000
[ 275.232429] PAX overflow 1: buf: ffff8803306f0000 page_address(page): ffff8803306f0000
[ 275.234205] PAX xfs overflow ffffffffe0005
[ 275.235515] PAX: size overflow detected in function xfs_bmbt_set_allf fs/xfs/libxfs/xfs_bmap_btree.c:219 cicus.206_23 max, count: 13, decl: l1; num: 0; context: x
fs_bmbt_rec_host;
[ 275.240325] CPU: 7 PID: 597 Comm: rs:main Q:Reg Not tainted 4.2.4-grsec-guest #1
[ 275.242601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 275.245690] 0000000000000007 05a8314428650a79 0000000000000000 ffffffffa75050fa
[ 275.248433] ffffffc000a00010 ffffffffa71d6257 ffffc900041bb7c8 0000000028650a79
[ 275.251204] ffffc900041bb820 0000000000000006[ 275.252649] PAX overflow 1: buf: ffff88032f7f3000 page_address(page): ffff88032f7f0000
[ 275.255069] 0000000000000006 ffff88017fb2a240
[ 275.256870] Call Trace:
[ 275.257694] [<ffffffffa75050fa>] ? 0xffffffffa75050fa
[ 275.259295] [<ffffffffa71d6257>] ? 0xffffffffa71d6257
[ 275.260945] [<ffffffffa71f2ce4>] ? 0xffffffffa71f2ce4
[ 275.262563] [<ffffffffa71ce49e>] ? 0xffffffffa71ce49e
[ 275.264166] [<ffffffffa71f1526>] ? 0xffffffffa71f1526
[ 275.265788] [<ffffffffa72adf4d>] ? 0xffffffffa72adf4d
[ 275.267405] [<ffffffffa71d02a7>] ? 0xffffffffa71d02a7
[ 275.269022] [<ffffffffa71d43ce>] ? 0xffffffffa71d43ce
[ 275.270641] [<ffffffffa720b852>] ? 0xffffffffa720b852
[ 275.272263] [<ffffffffa71f7b63>] ? 0xffffffffa71f7b63
[ 275.273863] [<ffffffffa71858b1>] ? 0xffffffffa71858b1
[ 275.275483] [<ffffffffa71f7f66>] ? 0xffffffffa71f7f66
[ 275.277100] [<ffffffffa71f6ee2>] ? 0xffffffffa71f6ee2
[ 275.278719] [<ffffffffa703e14d>] ? 0xffffffffa703e14d
[ 275.280365] [<ffffffffa70f8e97>] ? 0xffffffffa70f8e97
[ 275.281986] [<ffffffffa72046d6>] ? 0xffffffffa72046d6
[ 275.283585] [<ffffffffa72048e4>] ? 0xffffffffa72048e4
[ 275.285209] [<ffffffffa715522e>] ? 0xffffffffa715522e
[ 275.286828] [<ffffffffa715544b>] ? 0xffffffffa715544b
[ 275.288448] [<ffffffffa7170b4e>] ? 0xffffffffa7170b4e
[ 275.290095] [<ffffffffa715559c>] ? 0xffffffffa715559c
[ 275.291711] [<ffffffffa75098b0>] ? 0xffffffffa75098b0
[ 275.293314] [<ffffffffa75098e7>] ? 0xffffffffa75098e7
[ 275.397044] PAX overflow 1: buf: ffff88032fed4e00 page_address(page): ffff88032fed0000
[ 276.138705] PAX overflow 1: buf: ffff880332f1ec00 page_address(page): ffff880332f18000
[ 276.207690] PAX overflow 1: buf: ffff88033323bc00 page_address(page): ffff880333238000
[ 276.235497] PAX overflow 1: buf: ffff8803331fd400 page_address(page): ffff8803331f8000
There also seems to be something going on with xfs_bmbt_set_startblock:
- Code: Select all
[ 481.151014] [<ffffffffa715559c>] ? 0xffffffffa715559c
[ 481.152089] [<ffffffffa75098b0>] ? 0xffffffffa75098b0
[ 481.153569] PAX: size overflow detected in function xfs_bmbt_set_startblock fs/xfs/libxfs/xfs_bmap_btree.c:301 cicus.246_17 max, count: 25, decl: l1; num: 0; context: xfs_bmbt_rec_host;
[ 481.156820] CPU: 7 PID: 597 Comm: rs:main Q:Reg Not tainted 4.2.4-grsec-guest #1
[ 481.158326] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 481.160450] 0000000000000007 05a8314428650a79 0000000000000000 ffffffffa75050fa
[ 481.162336] ffffffc000a00020 ffffffffa71d6402 0000000000000000 000ffffffffe0005
[ 481.164212] ffff88032ff67218 ffffffffa71ce33b 000000000000000a 0000000000000000
[ 481.166087] Call Trace:
[ 481.166649] [<ffffffffa75050fa>] ? 0xffffffffa75050fa
[ 481.167718] [<ffffffffa71d6402>] ? 0xffffffffa71d6402
[ 481.168786] [<ffffffffa71ce33b>] ? 0xffffffffa71ce33b
[ 481.169856] [<ffffffffa72adf4d>] ? 0xffffffffa72adf4d
[ 481.170977] [<ffffffffa71d02a7>] ? 0xffffffffa71d02a7
[ 481.172049] [<ffffffffa71d43ce>] ? 0xffffffffa71d43ce
[ 481.173116] [<ffffffffa720b852>] ? 0xffffffffa720b852
[ 481.174185] [<ffffffffa71f7b63>] ? 0xffffffffa71f7b63
[ 481.175252] [<ffffffffa71858b1>] ? 0xffffffffa71858b1
[ 481.176320] [<ffffffffa71f7f66>] ? 0xffffffffa71f7f66
[ 481.177413] [<ffffffffa71f6ee2>] ? 0xffffffffa71f6ee2
[ 481.178485] [<ffffffffa703e14d>] ? 0xffffffffa703e14d
[ 481.179556] [<ffffffffa70f8e97>] ? 0xffffffffa70f8e97
[ 481.180675] [<ffffffffa72046d6>] ? 0xffffffffa72046d6
[ 481.181745] [<ffffffffa72048e4>] ? 0xffffffffa72048e4
[ 481.182815] [<ffffffffa715522e>] ? 0xffffffffa715522e
[ 481.183883] [<ffffffffa715544b>] ? 0xffffffffa715544b
[ 481.184953] [<ffffffffa7170b4e>] ? 0xffffffffa7170b4e
[ 481.186276] [<ffffffffa715559c>] ? 0xffffffffa715559c
[ 481.187558] [<ffffffffa75098b0>] ? 0xffffffffa75098b0
[ 481.191574] PAX overflow 1: buf: ffff8803307d0000 page_address(page): ffff8803307d0000
[ 481.193553] PAX overflow 1: buf: ffff8803307d0600 page_address(page): ffff8803307d0000
[ 481.195483] PAX overflow 1: buf: ffff8803307d0c00 page_address(page): ffff8803307d0000
I have not been able to reproduce the virtnet issue since updating, but I will leave this running and see what happens.
- jdoe
- Posts: 22
- Joined: Wed Jan 27, 2010 1:47 am
Re: PAX: size overflow detected in function virtnet_receive
by ephox » Sat Oct 24, 2015 8:42 pm
Thanks for the report, it will be fixed in the next grsec patch.
- ephox
- Posts: 134
- Joined: Tue Mar 20, 2012 4:36 pm
6 posts
• Page 1 of 1