kernel 5.4: refcount_t: increment on 0; use-after-free (in keyring_search_rcu called when nfs_idmap_lookup)

From: Wolfgang Walter
Date: Thu Jan 16 2020 - 15:39:05 EST

Next message: Steven Rostedt: "Unresolved reference for histogram variable"
Previous message: Rafael J. Wysocki: "Re: [PATCH][next] driver core: platform: fix u32 greater or equal to zero comparison"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

with 5.4.5 and later (but didn't test lower 5.4 versions) I get the following kernel failure:

Jan 13 17:32:23 konstanz kernel: [2072916.589221] ------------[ cut here ]------------
Jan 13 17:32:23 konstanz kernel: [2072916.589228] refcount_t: increment on 0; use-after-free.
Jan 13 17:32:23 konstanz kernel: [2072916.589271] WARNING: CPU: 1 PID: 28813 at lib/refcount.c:156 refcount_inc_checked+0x26/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.589273] Modules linked in: rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) fscache(E) binfmt_misc(E) intel_rapl_msr(E) intel_rapl_common(E) kvm_intel(E) kvm(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) crypto_simd(E) cryptd(E) glue_helper(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_nhlt(E) snd_hda_codec(E) snd_hda_core(E) snd_hwdep(E) cirrus(E) snd_pcm(E) evdev(E) joydev(E) snd_timer(E) serio_raw(E) virtio_balloon(E) snd(E) drm_kms_helper(E) soundcore(E) pcspkr(E) drm(E) button(E) auth_rpcgss(E) sunrpc(E) virtio_rng(E) rng_core(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) hid(E) ata_generic(E) virtio_net(E) net_failover(E) failover(E) virtio_blk(E) uhci_hcd(E) ehci_hcd(E) ahci(E) libahci(E) ata_piix(E) crc32c_intel(E) psmouse(E) i2c_piix4(E) usbcore(E) virtio_pci(E) libata(E) virtio_ring(E) virtio(E) scsi_mod(E) floppy(E)
Jan 13 17:32:23 konstanz kernel: [2072916.589496] CPU: 1 PID: 28813 Comm: tljob.exe Tainted: G E 5.4.5-debian64.all+1.1 #1
Jan 13 17:32:23 konstanz kernel: [2072916.589497] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Jan 13 17:32:23 konstanz kernel: [2072916.589501] RIP: 0010:refcount_inc_checked+0x26/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.589503] Code: 00 00 00 00 e8 9b ff ff ff 84 c0 74 01 c3 80 3d 6e f9 ce 00 00 75 f6 48 c7 c7 f0 b1 8d 9d c6 05 5e f9 ce 00 01 e8 a8 32 c7 ff <0f> 0b c3 0f 1f 80 00 00 00 00 41 54 8b 06 83 f8 ff 74 1d 31 c9 39
Jan 13 17:32:23 konstanz kernel: [2072916.589505] RSP: 0018:ffffb5f3809e3768 EFLAGS: 00010286
Jan 13 17:32:23 konstanz kernel: [2072916.589507] RAX: 0000000000000000 RBX: ffffb5f3809e3808 RCX: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.589508] RDX: 0000000000000001 RSI: 0000000000000096 RDI: 00000000ffffffff
Jan 13 17:32:23 konstanz kernel: [2072916.589509] RBP: ffff8f08bbe3b300 R08: 0000000000000205 R09: 0000000000000004
Jan 13 17:32:23 konstanz kernel: [2072916.589510] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8f08bd78fc00
Jan 13 17:32:23 konstanz kernel: [2072916.589511] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.589513] FS: 00000000003f4000(006b) GS:ffff8f08bdb00000(0063) knlGS:0000000002893b40
Jan 13 17:32:23 konstanz kernel: [2072916.589515] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
Jan 13 17:32:23 konstanz kernel: [2072916.589528] CR2: 0000000010028600 CR3: 0000000026ece000 CR4: 00000000000406e0
Jan 13 17:32:23 konstanz kernel: [2072916.589534] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.589535] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 13 17:32:23 konstanz kernel: [2072916.589537] Call Trace:
Jan 13 17:32:23 konstanz kernel: [2072916.589579] keyring_search_rcu+0x87/0x90
Jan 13 17:32:23 konstanz kernel: [2072916.589609] search_cred_keyrings_rcu+0x2f/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.589614] search_process_keyrings_rcu+0x11/0xc0
Jan 13 17:32:23 konstanz kernel: [2072916.589618] request_key_and_link+0x116/0x760
Jan 13 17:32:23 konstanz kernel: [2072916.589622] ? keyring_alloc+0x70/0x70
Jan 13 17:32:23 konstanz kernel: [2072916.589624] ? key_default_cmp+0x20/0x20
Jan 13 17:32:23 konstanz kernel: [2072916.589627] request_key_tag+0x44/0xa0
Jan 13 17:32:23 konstanz kernel: [2072916.589717] nfs_idmap_get_key+0x118/0x1f0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589748] nfs_idmap_lookup_id+0x30/0x80 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589764] nfs_map_name_to_uid+0x13b/0x150 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589778] decode_getfattr_attrs+0xdbd/0x1110 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589786] ? _raw_spin_unlock_irqrestore+0x20/0x40
Jan 13 17:32:23 konstanz kernel: [2072916.589789] ? __wake_up_common_lock+0x8a/0xc0
Jan 13 17:32:23 konstanz kernel: [2072916.589803] nfs4_decode_dirent+0x173/0x2b0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589868] nfs_readdir_page_filler+0x161/0x650 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589890] nfs_readdir_xdr_to_array+0x20c/0x3d0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589894] ? xas_store+0x1b7/0x5e0
Jan 13 17:32:23 konstanz kernel: [2072916.589899] ? __add_to_page_cache_locked+0x258/0x360
Jan 13 17:32:23 konstanz kernel: [2072916.589909] nfs_readdir_filler+0x1e/0x80 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589911] do_read_cache_page+0x2e4/0x810
Jan 13 17:32:23 konstanz kernel: [2072916.589922] ? nfs_readdir_xdr_to_array+0x3d0/0x3d0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589926] ? verify_dirent_name+0x16/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.589928] ? filldir64+0x3a/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.589938] nfs_readdir+0x122/0x4e0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589953] ? nfs4_xdr_dec_lookupp+0xd0/0xd0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589956] iterate_dir+0x92/0x1a0
Jan 13 17:32:23 konstanz kernel: [2072916.589960] ksys_getdents64+0x9c/0x130
Jan 13 17:32:23 konstanz kernel: [2072916.589963] ? filldir+0x170/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.589966] __ia32_sys_getdents64+0x15/0x20
Jan 13 17:32:23 konstanz kernel: [2072916.589970] do_fast_syscall_32+0x9a/0x216
Jan 13 17:32:23 konstanz kernel: [2072916.589979] entry_SYSENTER_compat+0x7f/0x91
Jan 13 17:32:23 konstanz kernel: [2072916.589992] ---[ end trace 149edb431f1235b8 ]---
Jan 13 17:32:23 konstanz kernel: [2072916.590020] ------------[ cut here ]------------
Jan 13 17:32:23 konstanz kernel: [2072916.590021] refcount_t: underflow; use-after-free.
Jan 13 17:32:23 konstanz kernel: [2072916.590038] WARNING: CPU: 1 PID: 28813 at lib/refcount.c:190 refcount_sub_and_test_checked+0x55/0x60
Jan 13 17:32:23 konstanz kernel: [2072916.590039] Modules linked in: rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) fscache(E) binfmt_misc(E)
intel_rapl_msr(E) intel_rapl_common(E) kvm_intel(E) kvm(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) crypto_simd(E) c
ryptd(E) glue_helper(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_nhlt(E) snd_hda_codec(E) snd_hda_core(E) snd_hwdep(E) cirrus(E) snd_pc
m(E) evdev(E) joydev(E) snd_timer(E) serio_raw(E) virtio_balloon(E) snd(E) drm_kms_helper(E) soundcore(E) pcspkr(E) drm(E) button(E) auth_rpcgss(E) sunrpc(E) virti
o_rng(E) rng_core(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) hid(E) ata_generic(E) virtio_net(E) net_failover(E) failover(E) virtio_blk(E) uhci_hcd(E) ehci_hcd(E) ahci(E) libahci(E) ata_piix(E) crc32c_intel(E) psmouse(E) i2c_piix4(E) usbcore(E) virtio_pci(E) libata(E) virtio_ring(E) virtio(E) scsi_mod(E) floppy(E)
Jan 13 17:32:23 konstanz kernel: [2072916.590069] CPU: 1 PID: 28813 Comm: tljob.exe Tainted: G W E 5.4.5-debian64.all+1.1 #1
Jan 13 17:32:23 konstanz kernel: [2072916.590070] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Jan 13 17:32:23 konstanz kernel: [2072916.590073] RIP: 0010:refcount_sub_and_test_checked+0x55/0x60
Jan 13 17:32:23 konstanz kernel: [2072916.590075] Code: e0 41 5c c3 44 89 e0 41 5c c3 44 0f b6 25 11 f9 ce 00 45 84 e4 75 e4 48 c7 c7 20 b2 8d 9d c6 05 fe f8 ce 00 01 e8 49 32 c7 ff <0f> 0b eb d0 0f 1f 80 00 00 00 00 48 89 fe bf 01 00 00 00 eb 96 66
Jan 13 17:32:23 konstanz kernel: [2072916.590076] RSP: 0018:ffffb5f3809e38e8 EFLAGS: 00010282
Jan 13 17:32:23 konstanz kernel: [2072916.590078] RAX: 0000000000000000 RBX: 000000000000001c RCX: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.590079] RDX: 0000000000000001 RSI: 0000000000000092 RDI: 00000000ffffffff
Jan 13 17:32:23 konstanz kernel: [2072916.590080] RBP: ffff8f0867406200 R08: 0000000000000239 R09: 0000000000000004
Jan 13 17:32:23 konstanz kernel: [2072916.590081] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.590082] R13: ffffffffc0aed8a8 R14: ffff8f0867406200 R15: ffff8f0874c284c0
Jan 13 17:32:23 konstanz kernel: [2072916.590084] FS: 00000000003f4000(006b) GS:ffff8f08bdb00000(0063) knlGS:0000000002893b40
Jan 13 17:32:23 konstanz kernel: [2072916.590085] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
Jan 13 17:32:23 konstanz kernel: [2072916.590086] CR2: 0000000010028600 CR3: 0000000026ece000 CR4: 00000000000406e0
Jan 13 17:32:23 konstanz kernel: [2072916.590091] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.590092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 13 17:32:23 konstanz kernel: [2072916.590093] Call Trace:
Jan 13 17:32:23 konstanz kernel: [2072916.590096] key_put+0xf/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.590113] nfs_idmap_get_key+0x1ac/0x1f0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590127] nfs_idmap_lookup_id+0x30/0x80 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590139] nfs_map_name_to_uid+0x13b/0x150 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590151] decode_getfattr_attrs+0xdbd/0x1110 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590155] ? _raw_spin_unlock_irqrestore+0x20/0x40
Jan 13 17:32:23 konstanz kernel: [2072916.590157] ? __wake_up_common_lock+0x8a/0xc0
Jan 13 17:32:23 konstanz kernel: [2072916.590168] nfs4_decode_dirent+0x173/0x2b0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590178] nfs_readdir_page_filler+0x161/0x650 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590190] nfs_readdir_xdr_to_array+0x20c/0x3d0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590193] ? xas_store+0x1b7/0x5e0
Jan 13 17:32:23 konstanz kernel: [2072916.590196] ? __add_to_page_cache_locked+0x258/0x360
Jan 13 17:32:23 konstanz kernel: [2072916.590204] nfs_readdir_filler+0x1e/0x80 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590207] do_read_cache_page+0x2e4/0x810
Jan 13 17:32:23 konstanz kernel: [2072916.590215] ? nfs_readdir_xdr_to_array+0x3d0/0x3d0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590218] ? verify_dirent_name+0x16/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.590220] ? filldir64+0x3a/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.590228] nfs_readdir+0x122/0x4e0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590240] ? nfs4_xdr_dec_lookupp+0xd0/0xd0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590243] iterate_dir+0x92/0x1a0
Jan 13 17:32:23 konstanz kernel: [2072916.590246] ksys_getdents64+0x9c/0x130
Jan 13 17:32:23 konstanz kernel: [2072916.590249] ? filldir+0x170/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.590252] __ia32_sys_getdents64+0x15/0x20
Jan 13 17:32:23 konstanz kernel: [2072916.590255] do_fast_syscall_32+0x9a/0x216
Jan 13 17:32:23 konstanz kernel: [2072916.590257] entry_SYSENTER_compat+0x7f/0x91
Jan 13 17:32:23 konstanz kernel: [2072916.590261] ---[ end trace 149edb431f1235b9 ]---

Here with 5.4.12:

Jan 16 20:26:18 konstanz kernel: [ 5.548117] Key type id_resolver registered
Jan 16 20:26:18 konstanz kernel: [ 5.548118] Key type id_legacy registered
Jan 16 20:41:37 konstanz kernel: [ 924.090960] ------------[ cut here ]------------
Jan 16 20:41:37 konstanz kernel: [ 924.090965] refcount_t: increment on 0; use-after-free.
Jan 16 20:41:37 konstanz kernel: [ 924.091001] WARNING: CPU: 1 PID: 1247 at lib/refcount.c:156 refcount_inc_checked+0x26/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091003] Modules linked in: rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) fscache(E) intel_rapl_msr(E) intel_rapl_common(E) kvm_intel(E) kvm(E) irqbypass(E) binfmt_misc(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) crypto_simd(E) cryptd(E) glue_helper(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_nhlt(E) snd_hda_codec(E) cirrus(E) snd_hda_core(E) drm_kms_helper(E) snd_hwdep(E) snd_pcm(E) snd_timer(E) snd(E) evdev(E) joydev(E) serio_raw(E) pcspkr(E) soundcore(E) virtio_balloon(E) drm(E) button(E) auth_rpcgss(E) sunrpc(E) virtio_rng(E) rng_core(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) hid(E) ata_generic(E) virtio_net(E) net_failover(E) failover(E) virtio_blk(E) uhci_hcd(E) ahci(E) ehci_hcd(E) ata_piix(E) libahci(E) virtio_pci(E) virtio_ring(E) crc32c_intel(E) psmouse(E) virtio(E) libata(E) i2c_piix4(E) usbcore(E) scsi_mod(E) floppy(E)
Jan 16 20:41:37 konstanz kernel: [ 924.091205] CPU: 1 PID: 1247 Comm: tljob.exe Tainted: G E 5.4.12-debian64.all+1.1 #1
Jan 16 20:41:37 konstanz kernel: [ 924.091205] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Jan 16 20:41:37 konstanz kernel: [ 924.091207] RIP: 0010:refcount_inc_checked+0x26/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091210] Code: 00 00 00 00 e8 9b ff ff ff 84 c0 74 01 c3 80 3d 7e f1 ce 00 00 75 f6 48 c7 c7 40 ba ad bd c6 05 6e f1 ce 00 01 e8 18 2b c7 ff <0f> 0b c3 0f 1f 80 00 00 00 00 41 54 8b 06 83 f8 ff 74 1d 31 c9 39
Jan 16 20:41:37 konstanz kernel: [ 924.091211] RSP: 0018:ffffb9ea01183768 EFLAGS: 00010286
Jan 16 20:41:37 konstanz kernel: [ 924.091212] RAX: 0000000000000000 RBX: ffffb9ea01183808 RCX: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091213] RDX: 0000000000000001 RSI: 0000000000000096 RDI: 00000000ffffffff
Jan 16 20:41:37 konstanz kernel: [ 924.091214] RBP: ffff9018f4a81100 R08: 0000000000000204 R09: 0000000000000004
Jan 16 20:41:37 konstanz kernel: [ 924.091215] R10: 0000000000000000 R11: 0000000000000001 R12: ffff9018f50bb9c0
Jan 16 20:41:37 konstanz kernel: [ 924.091215] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091216] FS: 00000000003f4000(006b) GS:ffff90193db00000(0063) knlGS:0000000002893b40
Jan 16 20:41:37 konstanz kernel: [ 924.091217] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
Jan 16 20:41:37 konstanz kernel: [ 924.091218] CR2: 00007ffc3a1d4668 CR3: 000000007aa9e000 CR4: 00000000000406e0
Jan 16 20:41:37 konstanz kernel: [ 924.091220] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091221] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 16 20:41:37 konstanz kernel: [ 924.091221] Call Trace:
Jan 16 20:41:37 konstanz kernel: [ 924.091241] keyring_search_rcu+0x87/0x90
Jan 16 20:41:37 konstanz kernel: [ 924.091269] search_cred_keyrings_rcu+0x2f/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091287] search_process_keyrings_rcu+0x11/0xc0
Jan 16 20:41:37 konstanz kernel: [ 924.091290] request_key_and_link+0x116/0x760
Jan 16 20:41:37 konstanz kernel: [ 924.091293] ? keyring_alloc+0x70/0x70
Jan 16 20:41:37 konstanz kernel: [ 924.091295] ? key_default_cmp+0x20/0x20
Jan 16 20:41:37 konstanz kernel: [ 924.091298] request_key_tag+0x44/0xa0
Jan 16 20:41:37 konstanz kernel: [ 924.091349] nfs_idmap_get_key+0x118/0x1f0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091368] nfs_idmap_lookup_id+0x30/0x80 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091378] nfs_map_name_to_uid+0x13b/0x150 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091441] ? xdr_set_next_buffer+0x32/0xa0 [sunrpc]
Jan 16 20:41:37 konstanz kernel: [ 924.091451] decode_getfattr_attrs+0xdbd/0x1110 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091486] ? nfs_set_cache_invalid+0x33/0xa0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091494] nfs4_decode_dirent+0x173/0x2b0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091501] nfs_readdir_page_filler+0x161/0x650 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091517] nfs_readdir_xdr_to_array+0x20c/0x3d0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091520] ? xas_store+0x1b7/0x5e0
Jan 16 20:41:37 konstanz kernel: [ 924.091524] ? __add_to_page_cache_locked+0x248/0x360
Jan 16 20:41:37 konstanz kernel: [ 924.091530] nfs_readdir_filler+0x1e/0x80 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091531] do_read_cache_page+0x2e4/0x810
Jan 16 20:41:37 konstanz kernel: [ 924.091538] ? nfs_readdir_xdr_to_array+0x3d0/0x3d0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091540] ? verify_dirent_name+0x16/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091542] ? filldir64+0x3a/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091548] nfs_readdir+0x122/0x4e0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091556] ? nfs4_xdr_dec_lookupp+0xd0/0xd0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091558] iterate_dir+0x92/0x1a0
Jan 16 20:41:37 konstanz kernel: [ 924.091561] ksys_getdents64+0x9c/0x130
Jan 16 20:41:37 konstanz kernel: [ 924.091562] ? filldir+0x170/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091564] __ia32_sys_getdents64+0x15/0x20
Jan 16 20:41:37 konstanz kernel: [ 924.091567] do_fast_syscall_32+0x9a/0x216
Jan 16 20:41:37 konstanz kernel: [ 924.091572] entry_SYSENTER_compat+0x7f/0x91
Jan 16 20:41:37 konstanz kernel: [ 924.091580] ---[ end trace 43098646b595d492 ]---
Jan 16 20:41:37 konstanz kernel: [ 924.091599] ------------[ cut here ]------------
Jan 16 20:41:37 konstanz kernel: [ 924.091599] refcount_t: underflow; use-after-free.
Jan 16 20:41:37 konstanz kernel: [ 924.091609] WARNING: CPU: 1 PID: 1247 at lib/refcount.c:190 refcount_sub_and_test_checked+0x55/0x60
Jan 16 20:41:37 konstanz kernel: [ 924.091609] Modules linked in: rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) fscache(E) intel_rapl_msr(E) intel_rapl_common(E) kvm_intel(E) kvm(E) irqbypass(E) binfmt_misc(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) crypto_simd(E) cryptd(E) glue_helper(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_nhlt(E) snd_hda_codec(E) cirrus(E) snd_hda_core(E) drm_kms_helper(E) snd_hwdep(E) snd_pcm(E) snd_timer(E) snd(E) evdev(E) joydev(E) serio_raw(E) pcspkr(E) soundcore(E) virtio_balloon(E) drm(E) button(E) auth_rpcgss(E) sunrpc(E) virtio_rng(E) rng_core(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) hid(E) ata_generic(E) virtio_net(E) net_failover(E) failover(E) virtio_blk(E) uhci_hcd(E) ahci(E) ehci_hcd(E) ata_piix(E) libahci(E) virtio_pci(E) virtio_ring(E) crc32c_intel(E) psmouse(E) virtio(E) libata(E) i2c_piix4(E) usbcore(E) scsi_mod(E) floppy(E)
Jan 16 20:41:37 konstanz kernel: [ 924.091640] CPU: 1 PID: 1247 Comm: tljob.exe Tainted: G W E 5.4.12-debian64.all+1.1 #1
Jan 16 20:41:37 konstanz kernel: [ 924.091641] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Jan 16 20:41:37 konstanz kernel: [ 924.091643] RIP: 0010:refcount_sub_and_test_checked+0x55/0x60
Jan 16 20:41:37 konstanz kernel: [ 924.091659] Code: e0 41 5c c3 44 89 e0 41 5c c3 44 0f b6 25 21 f1 ce 00 45 84 e4 75 e4 48 c7 c7 70 ba ad bd c6 05 0e f1 ce 00 01 e8 b9 2a c7 ff <0f> 0b eb d0 0f 1f 80 00 00 00 00 48 89 fe bf 01 00 00 00 eb 96 66
Jan 16 20:41:37 konstanz kernel: [ 924.091660] RSP: 0018:ffffb9ea011838e8 EFLAGS: 00010282
Jan 16 20:41:37 konstanz kernel: [ 924.091661] RAX: 0000000000000000 RBX: 000000000000001b RCX: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091662] RDX: 0000000000000001 RSI: 0000000000000092 RDI: 00000000ffffffff
Jan 16 20:41:37 konstanz kernel: [ 924.091663] RBP: ffff90193c29bf00 R08: 0000000000000238 R09: 0000000000000004
Jan 16 20:41:37 konstanz kernel: [ 924.091663] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091664] R13: ffffffffc0be18a8 R14: ffff90193c29bf00 R15: ffff90193ae69000
Jan 16 20:41:37 konstanz kernel: [ 924.091665] FS: 00000000003f4000(006b) GS:ffff90193db00000(0063) knlGS:0000000002893b40
Jan 16 20:41:37 konstanz kernel: [ 924.091666] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
Jan 16 20:41:37 konstanz kernel: [ 924.091667] CR2: 00007ffc3a1d4668 CR3: 000000007aa9e000 CR4: 00000000000406e0
Jan 16 20:41:37 konstanz kernel: [ 924.091684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091685] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 16 20:41:37 konstanz kernel: [ 924.091685] Call Trace:
Jan 16 20:41:37 konstanz kernel: [ 924.091688] key_put+0xf/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091697] nfs_idmap_get_key+0x1ac/0x1f0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091705] nfs_idmap_lookup_id+0x30/0x80 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091713] nfs_map_name_to_uid+0x13b/0x150 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091722] ? xdr_set_next_buffer+0x32/0xa0 [sunrpc]
Jan 16 20:41:37 konstanz kernel: [ 924.091730] decode_getfattr_attrs+0xdbd/0x1110 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091736] ? nfs_set_cache_invalid+0x33/0xa0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091743] nfs4_decode_dirent+0x173/0x2b0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091748] nfs_readdir_page_filler+0x161/0x650 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091754] nfs_readdir_xdr_to_array+0x20c/0x3d0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091756] ? xas_store+0x1b7/0x5e0
Jan 16 20:41:37 konstanz kernel: [ 924.091758] ? __add_to_page_cache_locked+0x248/0x360
Jan 16 20:41:37 konstanz kernel: [ 924.091763] nfs_readdir_filler+0x1e/0x80 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091764] do_read_cache_page+0x2e4/0x810
Jan 16 20:41:37 konstanz kernel: [ 924.091769] ? nfs_readdir_xdr_to_array+0x3d0/0x3d0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091771] ? verify_dirent_name+0x16/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091772] ? filldir64+0x3a/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091792] nfs_readdir+0x122/0x4e0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091799] ? nfs4_xdr_dec_lookupp+0xd0/0xd0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091801] iterate_dir+0x92/0x1a0
Jan 16 20:41:37 konstanz kernel: [ 924.091803] ksys_getdents64+0x9c/0x130
Jan 16 20:41:37 konstanz kernel: [ 924.091805] ? filldir+0x170/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091807] __ia32_sys_getdents64+0x15/0x20
Jan 16 20:41:37 konstanz kernel: [ 924.091809] do_fast_syscall_32+0x9a/0x216
Jan 16 20:41:37 konstanz kernel: [ 924.091810] entry_SYSENTER_compat+0x7f/0x91
Jan 16 20:41:37 konstanz kernel: [ 924.091812] ---[ end trace 43098646b595d493 ]---

4.19.96 works fine.

Regards,
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts

Next message: Steven Rostedt: "Unresolved reference for histogram variable"
Previous message: Rafael J. Wysocki: "Re: [PATCH][next] driver core: platform: fix u32 greater or equal to zero comparison"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]