lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 25 Aug 2018 05:11:07 +0000
From:   bugzilla-daemon@...zilla.kernel.org
To:     linux-ext4@...nel.org
Subject: [Bug 200931] New: use-after-free in ext4_put_super()

https://bugzilla.kernel.org/show_bug.cgi?id=200931

            Bug ID: 200931
           Summary: use-after-free in ext4_put_super()
           Product: File System
           Version: 2.5
    Kernel Version: 4.18
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: ext4
          Assignee: fs_ext4@...nel-bugs.osdl.org
          Reporter: wen.xu@...ech.edu
        Regression: No

Created attachment 278077
  --> https://bugzilla.kernel.org/attachment.cgi?id=278077&action=edit
The (compressed) crafted image which causes crash

- Reproduce
# mkdir mnt
# mount -t ext4 1.img mnt
# gcc 1.c
# ./a.out ./mnt
# umount mnt

- Kernel message
[ 1128.973181] EXT4-fs (loop0): mounted filesystem with ordered data mode.
Opts: (null)
[ 1185.120237] WARNING: CPU: 0 PID: 1483 at fs/inode.c:285 drop_nlink+0x69/0x90
[ 1185.120244] Modules linked in: snd_hda_codec_generic snd_hda_intel
snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_timer snd soundcore mac_hid
i2c_piix4 ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi
scsi_transport_iscsi autofs4 raid10 raid456 async_raid6_recov async_memcpy
async_pq async_xor async_tx raid1 raid0 multipath linear 8139too qxl
drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm
crct10dif_pclmul crc32_pclmul aesni_intel drm aes_x86_64 crypto_simd cryptd
glue_helper 8139cp mii pata_acpi floppy
[ 1185.120666] CPU: 0 PID: 1483 Comm: a.out Not tainted 4.18.0+ #9
[ 1185.120672] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1185.120679] RIP: 0010:drop_nlink+0x69/0x90
[ 1185.120684] Code: e8 7c b5 f8 ff 49 8b 5c 24 28 be 08 00 00 00 48 8d bb 98
04 00 00 e8 26 b9 f8 ff f0 48 ff 83 98 04 00 00 5b 41 5c 41 5d 5d c3 <0f> 0b 4c
89 ef e8 cd b4 f8 ff 41 c7 44 24 48 ff ff ff ff 5b 41 5c
[ 1185.120686] RSP: 0018:ffff8801e62af910 EFLAGS: 00010246
[ 1185.120698] RAX: 0000000000000000 RBX: ffff8801e9dd8ef8 RCX:
ffffffffa541eead
[ 1185.120701] RDX: 0000000000000003 RSI: dffffc0000000000 RDI:
ffff8801e9dd8f40
[ 1185.120703] RBP: ffff8801e62af928 R08: ffffed003df57d32 R09:
ffffed003df57d32
[ 1185.120706] R10: 0000000000000001 R11: ffffed003df57d31 R12:
ffff8801e9dd8ef8
[ 1185.120708] R13: ffff8801e9dd8f40 R14: 0000000000000008 R15:
ffff8801e9da9e80
[ 1185.120712] FS:  00007fcb1db54700(0000) GS:ffff8801f7000000(0000)
knlGS:0000000000000000
[ 1185.120715] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1185.120717] CR2: 00007ffc43283ebf CR3: 00000001e632c000 CR4:
00000000000006f0
[ 1185.120727] Call Trace:
[ 1185.120752]  ext4_rename+0x7af/0xd00
[ 1185.120758]  ? ext4_tmpfile+0x2d0/0x2d0
[ 1185.120770]  ? lockref_put_or_lock+0x160/0x160
[ 1185.120780]  ? link_path_walk+0x516/0x7b0
[ 1185.120792]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1185.120797]  ? legitimize_path.isra.28+0x61/0xa0
[ 1185.120801]  ? unlazy_walk+0xb8/0x150
[ 1185.120808]  ? kasan_check_write+0x14/0x20
[ 1185.120812]  ? lockref_get+0xb5/0x140
[ 1185.120817]  ext4_rename2+0xa6/0x100
[ 1185.120821]  vfs_rename+0xa70/0xda0
[ 1185.120827]  ? path_mountpoint+0x5b0/0x5b0
[ 1185.120839]  ? security_path_rename+0xcb/0x130
[ 1185.120844]  do_renameat2+0x7d2/0x860
[ 1185.120850]  ? user_path_create+0x40/0x40
[ 1185.120854]  ? may_open_dev+0x50/0x50
[ 1185.120862]  ? fsnotify+0x590/0x7d0
[ 1185.120866]  ? putname+0x80/0x90
[ 1185.120870]  ? __kasan_slab_free+0x151/0x1a0
[ 1185.120874]  ? kasan_slab_free+0xe/0x10
[ 1185.120881]  ? kmem_cache_free+0x89/0x1e0
[ 1185.120885]  ? putname+0x80/0x90
[ 1185.120892]  ? filp_open+0x60/0x60
[ 1185.120896]  ? __ia32_sys_mknod+0x50/0x50
[ 1185.120900]  ? do_sys_ftruncate+0x195/0x200
[ 1185.120905]  __x64_sys_rename+0x3b/0x50
[ 1185.120912]  do_syscall_64+0x78/0x170
[ 1185.120916]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1185.120935] RIP: 0033:0x7fcb1d6704d9
[ 1185.120940] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89
f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d 8f 29 2c 00 f7 d8 64 89 01 48
[ 1185.120942] RSP: 002b:00007ffc43280a58 EFLAGS: 00000207 ORIG_RAX:
0000000000000052
[ 1185.120947] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007fcb1d6704d9
[ 1185.120949] RDX: 00007fcb1d6704d9 RSI: 00007ffc43280c30 RDI:
00007ffc43280bf0
[ 1185.120952] RBP: 00007ffc43284ed0 R08: 00007ffc43284fb8 R09:
00007ffc43284fb8
[ 1185.120954] R10: 00007ffc43284fb8 R11: 0000000000000207 R12:
0000000000400530
[ 1185.120957] R13: 00007ffc43284fb0 R14: 0000000000000000 R15:
0000000000000000
[ 1185.120961] ---[ end trace 754084f7e4b34756 ]---
[ 1233.429984] EXT4-fs (loop0): Inode 16 (000000005dedb213): orphan list check
failed!
[ 1233.431636] 000000005dedb213: 0001f30a 00000004 00000000 00000000 
................
[ 1233.431641] 0000000021b53ceb: 00000001 00002602 00000000 00000000 
.....&..........
[ 1233.431650] 000000008c5d364c: 00000000 00000000 00000000 00000000 
................
[ 1233.431655] 000000004186d7d5: 00000000 00000000 00000000 00000000 
................
[ 1233.431660] 000000006db65a73: 00000247 00000000 00000000 00000000 
G...............
[ 1233.431664] 000000002c93c63e: 00080000 00000000 00000000 00000000 
................
[ 1233.431669] 00000000c4d506ed: e9dd8e70 ffff8801 e9dd8e70 ffff8801 
p.......p.......
[ 1233.431674] 00000000fa0356d5: 00000000 00000000 00000000 00000000 
................
[ 1233.431678] 0000000091b782f0: efabdf78 ffff8801 efabdf78 ffff8801 
x.......x.......
[ 1233.431683] 000000002a089815: 00000004 00000000 00000000 00000000 
................
[ 1233.431688] 00000000eb9d11ff: e9dd8eb0 ffff8801 e9dd8eb0 ffff8801 
................
[ 1233.431692] 0000000004e022fc: 00000000 00000000 00000000 00000000 
................
[ 1233.431697] 000000007677b5c8: 00000000 00000000 e9dd8ed8 ffff8801 
................
[ 1233.431701] 000000002e6a43d8: e9dd8ed8 ffff8801 00000000 00000000 
................
[ 1233.431705] 000000003f589dbb: 00000000 00000000 000d8c00 00000000 
................
[ 1233.431710] 00000000350a5c50: 00000000 00000000 00000000 00000000 
................
[ 1233.431714] 0000000082f6b309: ffffffff ffffffff a694b680 ffffffff 
................
[ 1233.431719] 00000000edc23015: efabd500 ffff8801 e9dd9068 ffff8801 
........h.......
[ 1233.431723] 00000000653d76f2: 00000000 00000000 00000010 00000000 
................
[ 1233.431728] 000000007aa73d77: ffffffff 00000000 00000004 00000000 
................
[ 1233.431732] 000000002c163fdf: 5b437ccf 00000000 00000000 00000000 
.|C[............
[ 1233.431737] 00000000d30e1735: 5b437ccf 00000000 00000000 00000000 
.|C[............
[ 1233.431741] 000000007572f0b6: 5b805879 00000000 00000000 00000000 
yX.[............
[ 1233.431746] 000000009f5893db: 00000000 000a0000 00000004 00000000 
................
[ 1233.431750] 00000000521e1048: 00000060 00000000 00000000 00000000 
`...............
[ 1233.431755] 000000004ad9b4e0: e9dd8fa0 ffff8801 e9dd8fa0 ffff8801 
................
[ 1233.431759] 00000000568d5650: 00000000 00000000 00000000 00000000 
................
[ 1233.431763] 00000000bfb6f2e8: 00035e3c 00000001 00000000 00000000 
<^..............
[ 1233.431768] 0000000034be7c52: 00000000 00000000 00000000 00000000 
................
[ 1233.431772] 00000000dcf3946e: e9dd8fe0 ffff8801 e9dd8fe0 ffff8801 
................
[ 1233.431777] 0000000079a7eabd: 00000000 00000000 00000000 00000000 
................
[ 1233.431781] 000000004c6f90ba: e9dd9000 ffff8801 e9dd9000 ffff8801 
................
[ 1233.431786] 00000000df365673: e9dd9010 ffff8801 e9dd9010 ffff8801 
................
[ 1233.431790] 00000000e60be868: e9dd9020 ffff8801 e9dd9020 ffff8801   .......
.......
[ 1233.431795] 000000006477626b: 00000000 00000000 00000000 00000000 
................
[ 1233.431799] 000000006569550a: 00000003 00000000 00000000 00000000 
................
[ 1233.431804] 0000000086f8b4f7: 00000000 00000000 a694b760 ffffffff 
........`.......
[ 1233.431808] 000000004e22c66f: 00000000 00000000 e9dd8ef8 ffff8801 
................
[ 1233.431813] 00000000f929f7bf: 00000000 00580020 00000000 00000000  ....
.X.........
[ 1233.431817] 00000000d32b49c1: 00000000 00000000 00000000 00000000 
................
[ 1233.431821] 00000000bf2e27cc: 00000000 00000000 00000000 00000000 
................
[ 1233.431826] 00000000c31046a4: e9dd90a0 ffff8801 e9dd90a0 ffff8801 
................
[ 1233.431830] 0000000033a2e2b1: 00000000 00000000 00000000 00000000 
................
[ 1233.431834] 00000000989164dc: 00000000 00000000 00000000 00000000 
................
[ 1233.431839] 000000007ed20ecd: 00000000 00000000 a694e3c0 ffffffff 
................
[ 1233.431844] 00000000cba28eac: 00000010 00000000 00000000 006200ca 
..............b.
[ 1233.431848] 00000000e82f1ff2: e9dd90f0 ffff8801 e9dd90f0 ffff8801 
................
[ 1233.431852] 000000006257d8fd: 00000000 00000000 00000000 00000000 
................
[ 1233.431871] 000000009449a89d: e9dd9110 ffff8801 e9dd9110 ffff8801 
................
[ 1233.431877] 00000000708b7ca9: 00000000 00000000 709b874b 00000000 
........K..p....
[ 1233.431881] 000000008a963fc0: 00000000 00000000 00000000 00000000 
................
[ 1233.431885] 0000000095572997: 00000000 00000000 00000000 00000000 
................
[ 1233.431889] 00000000ea473d54: 00000000 00000000 00000000 00000000 
................
[ 1233.431894] 00000000cab08c06: 00000000 00000000 e9dd9168 ffff8801 
........h.......
[ 1233.431898] 00000000d654e3b9: e9dd9168 ffff8801 00000000 00000000 
h...............
[ 1233.431903] 00000000553bf873: 00000000 00000000 00000000 00000000 
................
[ 1233.431907] 00000000d5211a3f: 00000000 00000000 e9dd9198 ffff8801 
................
[ 1233.431912] 00000000f7a69e82: e9dd9198 ffff8801 00000000 00000000 
................
[ 1233.431916] 000000006f459b99: 00000000 ffffffff 00000000 00000000 
................
[ 1233.431921] 000000004b0ba2de: 00000000 00000000 e9dd91c8 ffff8801 
................
[ 1233.431925] 00000000a0778393: 00000000 00000000 00000000 00000000 
................
[ 1233.431930] 00000000b39a322a: e9dd91e0 ffff8801 e9dd91e0 ffff8801 
................
[ 1233.431934] 00000000b6ab4bd9: ffffffe0 0000000f e9dd91f8 ffff8801 
................
[ 1233.431939] 00000000222c700b: e9dd91f8 ffff8801 a558cf90 ffffffff 
..........X.....
[ 1233.431943] 00000000ffa1fafc: 00000000 00000000 00000010 00000006 
................
[ 1233.431947] 00000000d688cabe: 00000000 00000000 00000000 00000000 
................
[ 1233.431952] 0000000074de523e: 00000000 00000000 00000000 00000000 
................
[ 1233.431970] CPU: 0 PID: 1530 Comm: umount Tainted: G        W        
4.18.0+ #9
[ 1233.431976] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1233.431985] Call Trace:
[ 1233.432035]  dump_stack+0x7b/0xb5
[ 1233.432053]  ext4_destroy_inode+0xb5/0xc0
[ 1233.432066]  destroy_inode+0x6a/0x90
[ 1233.432070]  evict+0x1fe/0x290
[ 1233.432075]  dispose_list+0x7e/0xa0
[ 1233.432080]  evict_inodes+0x24f/0x2a0
[ 1233.432084]  ? dispose_list+0xa0/0xa0
[ 1233.432092]  ? fsnotify_unmount_inodes+0x148/0x160
[ 1233.432104]  generic_shutdown_super+0x71/0x1c0
[ 1233.432109]  kill_block_super+0x52/0x80
[ 1233.432113]  deactivate_locked_super+0x6f/0xa0
[ 1233.432118]  deactivate_super+0x130/0x140
[ 1233.432122]  ? mount_ns+0x100/0x100
[ 1233.432127]  ? fsnotify_grab_connector+0x54/0x80
[ 1233.432132]  cleanup_mnt+0x61/0xa0
[ 1233.432136]  __cleanup_mnt+0x12/0x20
[ 1233.432144]  task_work_run+0xc8/0xf0
[ 1233.432153]  exit_to_usermode_loop+0x12c/0x130
[ 1233.432158]  do_syscall_64+0x138/0x170
[ 1233.432163]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1233.432183] RIP: 0033:0x7f83814cd487
[ 1233.432188] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00
31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d e1 c9 2b 00 f7 d8 64 89 01 48
[ 1233.432191] RSP: 002b:00007ffec2a2da48 EFLAGS: 00000246 ORIG_RAX:
00000000000000a6
[ 1233.432200] RAX: 0000000000000000 RBX: 0000000001fa8030 RCX:
00007f83814cd487
[ 1233.432202] RDX: 0000000000000001 RSI: 0000000000000000 RDI:
0000000001faf1e0
[ 1233.432205] RBP: 0000000001faf1e0 R08: 0000000000000000 R09:
0000000000000014
[ 1233.432207] R10: 00000000000006b2 R11: 0000000000000246 R12:
00007f83819d683c
[ 1233.432209] R13: 0000000000000000 R14: 0000000001fa8210 R15:
00007ffec2a2dcd0
[ 1233.879755] EXT4-fs (loop0): sb orphan head is 16
[ 1233.880734] sb_info orphan list:
[ 1233.881417]
==================================================================
[ 1233.882839] BUG: KASAN: use-after-free in ext4_put_super+0x5b2/0x650
[ 1233.884104] Read of size 4 at addr ffff8801e9dd8e4c by task umount/1530

[ 1233.885737] CPU: 0 PID: 1530 Comm: umount Tainted: G        W        
4.18.0+ #9
[ 1233.885740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1233.885742] Call Trace:
[ 1233.885765]  dump_stack+0x7b/0xb5
[ 1233.885774]  print_address_description+0x70/0x290
[ 1233.885779]  kasan_report+0x291/0x390
[ 1233.885783]  ? ext4_put_super+0x5b2/0x650
[ 1233.885788]  __asan_load4+0x78/0x80
[ 1233.885792]  ext4_put_super+0x5b2/0x650
[ 1233.885797]  generic_shutdown_super+0xb9/0x1c0
[ 1233.885801]  kill_block_super+0x52/0x80
[ 1233.885806]  deactivate_locked_super+0x6f/0xa0
[ 1233.885810]  deactivate_super+0x130/0x140
[ 1233.885814]  ? mount_ns+0x100/0x100
[ 1233.885819]  ? fsnotify_grab_connector+0x54/0x80
[ 1233.885824]  cleanup_mnt+0x61/0xa0
[ 1233.885827]  __cleanup_mnt+0x12/0x20
[ 1233.885831]  task_work_run+0xc8/0xf0
[ 1233.885836]  exit_to_usermode_loop+0x12c/0x130
[ 1233.885841]  do_syscall_64+0x138/0x170
[ 1233.885845]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1233.885849] RIP: 0033:0x7f83814cd487
[ 1233.885854] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00
31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d e1 c9 2b 00 f7 d8 64 89 01 48
[ 1233.885856] RSP: 002b:00007ffec2a2da48 EFLAGS: 00000246 ORIG_RAX:
00000000000000a6
[ 1233.885860] RAX: 0000000000000000 RBX: 0000000001fa8030 RCX:
00007f83814cd487
[ 1233.885863] RDX: 0000000000000001 RSI: 0000000000000000 RDI:
0000000001faf1e0
[ 1233.885865] RBP: 0000000001faf1e0 R08: 0000000000000000 R09:
0000000000000014
[ 1233.885867] R10: 00000000000006b2 R11: 0000000000000246 R12:
00007f83819d683c
[ 1233.885870] R13: 0000000000000000 R14: 0000000001fa8210 R15:
00007ffec2a2dcd0

[ 1233.886215] Allocated by task 1483:
[ 1233.886941]  save_stack+0x46/0xd0
[ 1233.886944]  kasan_kmalloc+0xad/0xe0
[ 1233.886948]  kasan_slab_alloc+0x11/0x20
[ 1233.886951]  kmem_cache_alloc+0xc9/0x1e0
[ 1233.886958]  ext4_alloc_inode+0x1f/0x2f0
[ 1233.886961]  alloc_inode+0x35/0xc0
[ 1233.886964]  iget_locked+0x121/0x2a0
[ 1233.886969]  ext4_iget+0xf8/0x1740
[ 1233.886972]  ext4_iget_normal+0x5e/0x70
[ 1233.886976]  ext4_lookup+0x1db/0x330
[ 1233.886981]  __lookup_slow+0x12e/0x240
[ 1233.886984]  lookup_slow+0x44/0x60
[ 1233.886988]  walk_component+0x3f9/0x6b0
[ 1233.886991]  path_lookupat+0x133/0x430
[ 1233.886994]  filename_lookup+0x13c/0x280
[ 1233.886998]  user_path_at_empty+0x36/0x40
[ 1233.887004]  do_fchmodat+0x8f/0x110
[ 1233.887008]  __x64_sys_chmod+0x37/0x40
[ 1233.887011]  do_syscall_64+0x78/0x170
[ 1233.887015]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

[ 1233.887339] Freed by task 0:
[ 1233.887938]  save_stack+0x46/0xd0
[ 1233.887942]  __kasan_slab_free+0x13c/0x1a0
[ 1233.887945]  kasan_slab_free+0xe/0x10
[ 1233.887952]  kmem_cache_free+0x89/0x1e0
[ 1233.887956]  ext4_i_callback+0x1c/0x20
[ 1233.887965]  rcu_process_callbacks+0x31c/0x7a0
[ 1233.887970]  __do_softirq+0x120/0x348

[ 1233.888306] The buggy address belongs to the object at ffff8801e9dd8e10
                which belongs to the cache ext4_inode_cache(21:user.slice) of
size 1072
[ 1233.903236] The buggy address is located 60 bytes inside of
                1072-byte region [ffff8801e9dd8e10, ffff8801e9dd9240)
[ 1233.905556] The buggy address belongs to the page:
[ 1233.906530] page:ffffea0007a77600 count:1 mapcount:0
mapping:ffff8801e5bde380 index:0x0 compound_mapcount: 0
[ 1233.908498] flags: 0x2ffff0000008100(slab|head)
[ 1233.909421] raw: 02ffff0000008100 dead000000000100 dead000000000200
ffff8801e5bde380
[ 1233.910952] raw: 0000000000000000 00000000000d000d 00000001ffffffff
ffff8801ed19a200
[ 1233.912484] page dumped because: kasan: bad access detected
[ 1233.913604] page->mem_cgroup:ffff8801ed19a200

[ 1233.914786] Memory state around the buggy address:
[ 1233.915742]  ffff8801e9dd8d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb
[ 1233.917197]  ffff8801e9dd8d80: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
fc
[ 1233.918630] >ffff8801e9dd8e00: fc fc fb fb fb fb fb fb fb fb fb fb fb fb fb
fb
[ 1233.920063]                                               ^
[ 1233.921205]  ffff8801e9dd8e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb
[ 1233.922642]  ffff8801e9dd8f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb
[ 1233.924066]
==================================================================
[ 1233.925518] Disabling lock debugging due to kernel taint
[ 1233.925605]   inode loop0:16 at 0000000032706161: mode 106000, nlink -1,
next 0
[ 1233.927107] ------------[ cut here ]------------
[ 1233.927110] kernel BUG at fs/ext4/super.c:977!
[ 1233.928105] invalid opcode: 0000 [#1] SMP KASAN PTI
[ 1233.929117] CPU: 0 PID: 1530 Comm: umount Tainted: G    B   W        
4.18.0+ #9
[ 1233.930620] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1233.932497] RIP: 0010:ext4_put_super+0x591/0x650
[ 1233.933436] Code: a0 00 00 00 49 8d 7d 3a e8 fc 23 df ff 4c 89 e7 66 45 89
7d 3a e8 6f 25 df ff 41 f6 46 50 01 0f 85 c1 fb ff ff e9 af fb ff ff <0f> 0b 48
8d 7b 70 e8 54 25 df ff 4c 8b 6b 70 e9 1a fc ff ff 49 8d
[ 1233.937114] RSP: 0018:ffff8801e3db7d10 EFLAGS: 00010206
[ 1233.938168] RAX: ffff8801e9dd8e90 RBX: ffff8801efabdd80 RCX:
ffffffffa55b7c40
[ 1233.939576] RDX: dffffc0000000000 RSI: 0000000000000008 RDI:
ffff8801efabdf78
[ 1233.940983] RBP: ffff8801e3db7d60 R08: ffffed003ee04f49 R09:
ffffed003ee04f49
[ 1233.942405] R10: 0000000000000001 R11: ffffed003ee04f48 R12:
ffff8801efabdf78
[ 1233.943816] R13: ffff8801e9dd8ef8 R14: ffff8801efabd500 R15:
ffff8801efabdf78
[ 1233.945237] FS:  00007f8381bed840(0000) GS:ffff8801f7000000(0000)
knlGS:0000000000000000
[ 1233.946833] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1233.947973] CR2: 00005621001b45b8 CR3: 00000001f3040000 CR4:
00000000000006f0
[ 1233.949405] Call Trace:
[ 1233.949918]  generic_shutdown_super+0xb9/0x1c0
[ 1233.950810]  kill_block_super+0x52/0x80
[ 1233.951590]  deactivate_locked_super+0x6f/0xa0
[ 1233.952486]  deactivate_super+0x130/0x140
[ 1233.953313]  ? mount_ns+0x100/0x100
[ 1233.954030]  ? fsnotify_grab_connector+0x54/0x80
[ 1233.954962]  cleanup_mnt+0x61/0xa0
[ 1233.955661]  __cleanup_mnt+0x12/0x20
[ 1233.956388]  task_work_run+0xc8/0xf0
[ 1233.957118]  exit_to_usermode_loop+0x12c/0x130
[ 1233.958023]  do_syscall_64+0x138/0x170
[ 1233.958786]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1233.959799] RIP: 0033:0x7f83814cd487
[ 1233.960525] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00
31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d e1 c9 2b 00 f7 d8 64 89 01 48
[ 1233.964205] RSP: 002b:00007ffec2a2da48 EFLAGS: 00000246 ORIG_RAX:
00000000000000a6
[ 1233.965730] RAX: 0000000000000000 RBX: 0000000001fa8030 RCX:
00007f83814cd487
[ 1233.967140] RDX: 0000000000000001 RSI: 0000000000000000 RDI:
0000000001faf1e0
[ 1233.968552] RBP: 0000000001faf1e0 R08: 0000000000000000 R09:
0000000000000014
[ 1233.969975] R10: 00000000000006b2 R11: 0000000000000246 R12:
00007f83819d683c
[ 1233.971394] R13: 0000000000000000 R14: 0000000001fa8210 R15:
00007ffec2a2dcd0
[ 1233.972822] Modules linked in: snd_hda_codec_generic snd_hda_intel
snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_timer snd soundcore mac_hid
i2c_piix4 ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi
scsi_transport_iscsi autofs4 raid10 raid456 async_raid6_recov async_memcpy
async_pq async_xor async_tx raid1 raid0 multipath linear 8139too qxl
drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm
crct10dif_pclmul crc32_pclmul aesni_intel drm aes_x86_64 crypto_simd cryptd
glue_helper 8139cp mii pata_acpi floppy
[ 1233.982571] ---[ end trace 754084f7e4b34757 ]---
[ 1233.983513] RIP: 0010:ext4_put_super+0x591/0x650
[ 1233.984487] Code: a0 00 00 00 49 8d 7d 3a e8 fc 23 df ff 4c 89 e7 66 45 89
7d 3a e8 6f 25 df ff 41 f6 46 50 01 0f 85 c1 fb ff ff e9 af fb ff ff <0f> 0b 48
8d 7b 70 e8 54 25 df ff 4c 8b 6b 70 e9 1a fc ff ff 49 8d
[ 1233.988243] RSP: 0018:ffff8801e3db7d10 EFLAGS: 00010206
[ 1233.989304] RAX: ffff8801e9dd8e90 RBX: ffff8801efabdd80 RCX:
ffffffffa55b7c40
[ 1233.990736] RDX: dffffc0000000000 RSI: 0000000000000008 RDI:
ffff8801efabdf78
[ 1233.992191] RBP: ffff8801e3db7d60 R08: ffffed003ee04f49 R09:
ffffed003ee04f49
[ 1233.993630] R10: 0000000000000001 R11: ffffed003ee04f48 R12:
ffff8801efabdf78
[ 1233.995052] R13: ffff8801e9dd8ef8 R14: ffff8801efabd500 R15:
ffff8801efabdf78
[ 1233.996509] FS:  00007f8381bed840(0000) GS:ffff8801f7000000(0000)
knlGS:0000000000000000
[ 1234.023241] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1234.024428] CR2: 00005621001b45b8 CR3: 00000001f3040000 CR4:
00000000000006f0

Reported by Wen Xu (wen.xu@...ech.edu) from SSLab.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ