linux-kernel - WARNING: CPU: 3 PID: 23469 at lib/refcount.c:186 refcount_sub_and

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date:   Sat, 4 Nov 2017 11:33:16 +0100
From:   Toralf Förster <toralf.foerster@....de>
To:     Linux Kernel <linux-kernel@...r.kernel.org>
Subject: WARNING: CPU: 3 PID: 23469 at lib/refcount.c:186
 refcount_sub_and_test+0x9b/0xd0

Hello,

toray I realized this warning at a hardened stable Gentoo Linux server :

Nov  3 23:57:49 mr-fox kernel: [109232.200147] refcount_t: underflow; use-after-free.
Nov  3 23:57:49 mr-fox kernel: [109232.200160] ------------[ cut here ]------------
Nov  3 23:57:49 mr-fox kernel: [109232.200166] WARNING: CPU: 3 PID: 23469 at lib/refcount.c:186 refcount_sub_and_test+0x9b/0xd0
Nov  3 23:57:49 mr-fox kernel: [109232.200169] CPU: 3 PID: 23469 Comm: test_shutdown_s Not tainted 4.13.11 #15
Nov  3 23:57:49 mr-fox kernel: [109232.200170] Hardware name:                  /DX79TO, BIOS SIX7910J.86A.0650.2014.0307.0138 03/07/2014
Nov  3 23:57:49 mr-fox kernel: [109232.200171] task: ffff8da5c6b42700 task.stack: ffffa56bc1210000
Nov  3 23:57:49 mr-fox kernel: [109232.200173] RIP: 0010:refcount_sub_and_test+0x9b/0xd0
Nov  3 23:57:49 mr-fox kernel: [109232.200174] RSP: 0018:ffff8da8bfac3bb0 EFLAGS: 00010282
Nov  3 23:57:49 mr-fox kernel: [109232.200176] RAX: 0000000000000026 RBX: 0000000000000000 RCX: 0000000000000004
Nov  3 23:57:49 mr-fox kernel: [109232.200177] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8da8bfacca58
Nov  3 23:57:49 mr-fox kernel: [109232.200178] RBP: ffff8da8bfac3bd0 R08: 000000000003a068 R09: 0000000000021356
Nov  3 23:57:49 mr-fox kernel: [109232.200179] R10: ffff8da8761a9700 R11: 0000000000000002 R12: 0000000000000001
Nov  3 23:57:49 mr-fox kernel: [109232.200180] R13: ffff8da879cff800 R14: ffff8da879cff800 R15: 0000000000000000
Nov  3 23:57:49 mr-fox kernel: [109232.200182] FS:  00007f44c12cd700(0000) GS:ffff8da8bfac0000(0000) knlGS:0000000000000000
Nov  3 23:57:49 mr-fox kernel: [109232.200182] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Nov  3 23:57:49 mr-fox kernel: [109232.200184] CR2: 00007f44b409bcb8 CR3: 0000000f76192000 CR4: 00000000000406e0
Nov  3 23:57:49 mr-fox kernel: [109232.200185] Call Trace:
Nov  3 23:57:49 mr-fox kernel: [109232.200187]  <IRQ>
Nov  3 23:57:49 mr-fox kernel: [109232.200189]  refcount_dec_and_test+0x11/0x20
Nov  3 23:57:49 mr-fox kernel: [109232.200192]  reqsk_put+0x19/0x100
Nov  3 23:57:49 mr-fox kernel: [109232.200194]  tcp_v4_rcv+0x75d/0xce0
Nov  3 23:57:49 mr-fox kernel: [109232.200197]  ip_local_deliver_finish+0x85/0x380
Nov  3 23:57:49 mr-fox kernel: [109232.200198]  ip_local_deliver+0x8e/0x150
Nov  3 23:57:49 mr-fox kernel: [109232.200200]  ? ip_rcv_finish+0x6a0/0x6a0
Nov  3 23:57:49 mr-fox kernel: [109232.200201]  ip_rcv_finish+0x187/0x6a0
Nov  3 23:57:49 mr-fox kernel: [109232.200205]  ? nf_hook_slow+0x30/0xe0
Nov  3 23:57:49 mr-fox kernel: [109232.200206]  ip_rcv+0x2d6/0x4f0
Nov  3 23:57:49 mr-fox kernel: [109232.200208]  ? inet_del_offload+0x40/0x40
Nov  3 23:57:49 mr-fox kernel: [109232.200209]  ? ip_local_deliver+0x150/0x150
Nov  3 23:57:49 mr-fox kernel: [109232.200212]  __netif_receive_skb_core+0x625/0xfb0
Nov  3 23:57:49 mr-fox kernel: [109232.200213]  __netif_receive_skb+0x1f/0x120
Nov  3 23:57:49 mr-fox kernel: [109232.200214]  process_backlog+0xeb/0x340
Nov  3 23:57:49 mr-fox kernel: [109232.200216]  net_rx_action+0x31e/0xd60
Nov  3 23:57:49 mr-fox kernel: [109232.200219]  __do_softirq+0x12c/0x4b0
Nov  3 23:57:49 mr-fox kernel: [109232.200222]  ? flush_smp_call_function_queue+0xbe/0x1f0
Nov  3 23:57:49 mr-fox kernel: [109232.200226]  do_softirq_own_stack+0x1c/0x30
Nov  3 23:57:49 mr-fox kernel: [109232.200227]  </IRQ>
Nov  3 23:57:49 mr-fox kernel: [109232.200229]  do_softirq.part.15+0x33/0x40
Nov  3 23:57:49 mr-fox kernel: [109232.200231]  __local_bh_enable_ip+0x56/0x70
Nov  3 23:57:49 mr-fox kernel: [109232.200232]  ip_finish_output2+0x1da/0x590
Nov  3 23:57:49 mr-fox kernel: [109232.200235]  ip_finish_output+0x184/0x3f0
Nov  3 23:57:49 mr-fox kernel: [109232.200236]  ? nf_hook_slow+0x30/0xe0
Nov  3 23:57:49 mr-fox kernel: [109232.200238]  ip_output+0x92/0x170
Nov  3 23:57:49 mr-fox kernel: [109232.200239]  ? ip_fragment.constprop.25+0x130/0x130
Nov  3 23:57:49 mr-fox kernel: [109232.200240]  ip_local_out+0x3b/0x70
Nov  3 23:57:49 mr-fox kernel: [109232.200241]  ip_queue_xmit+0x1d6/0x6a0
Nov  3 23:57:49 mr-fox kernel: [109232.200244]  ? __kmalloc_track_caller+0x1af/0x320
Nov  3 23:57:49 mr-fox kernel: [109232.200245]  tcp_transmit_skb+0x4e1/0x1070
Nov  3 23:57:49 mr-fox kernel: [109232.200246]  tcp_send_ack.part.17+0xe1/0x1a0
Nov  3 23:57:49 mr-fox kernel: [109232.200248]  tcp_send_ack+0x1d/0x30
Nov  3 23:57:49 mr-fox kernel: [109232.200249]  tcp_rcv_state_process+0xd94/0x1370
Nov  3 23:57:49 mr-fox kernel: [109232.200251]  tcp_v4_do_rcv+0x75/0x310
Nov  3 23:57:49 mr-fox kernel: [109232.200253]  ? tcp_v4_do_rcv+0x75/0x310
Nov  3 23:57:49 mr-fox kernel: [109232.200255]  __release_sock+0x67/0x100
Nov  3 23:57:49 mr-fox kernel: [109232.200257]  release_sock+0x36/0xe0
Nov  3 23:57:49 mr-fox kernel: [109232.200259]  inet_stream_connect+0x47/0x70
Nov  3 23:57:49 mr-fox kernel: [109232.200262]  ? __inet_stream_connect+0x640/0x640
Nov  3 23:57:49 mr-fox kernel: [109232.200265]  SYSC_connect+0xa4/0x170
Nov  3 23:57:49 mr-fox kernel: [109232.200267]  ? do_fcntl+0x4a8/0x7c0
Nov  3 23:57:49 mr-fox kernel: [109232.200268]  SyS_connect+0x9/0x10
Nov  3 23:57:49 mr-fox kernel: [109232.200270]  entry_SYSCALL_64_fastpath+0x13/0x94
Nov  3 23:57:49 mr-fox kernel: [109232.200271] RIP: 0033:0x7f44c53cba2d
Nov  3 23:57:49 mr-fox kernel: [109232.200271] RSP: 002b:00007f44c12cc160 EFLAGS: 00000293 ORIG_RAX: 000000000000002a
Nov  3 23:57:49 mr-fox kernel: [109232.200273] RAX: ffffffffffffffda RBX: 00007f44a0004790 RCX: 00007f44c53cba2d
Nov  3 23:57:49 mr-fox kernel: [109232.200273] RDX: 0000000000000010 RSI: 00007f44800122f8 RDI: 0000000000000016
Nov  3 23:57:49 mr-fox kernel: [109232.200274] RBP: 00007f44a0004790 R08: 0000000000000000 R09: 00007f44c12cb724
Nov  3 23:57:49 mr-fox kernel: [109232.200280] R10: cccccccccccccccd R11: 0000000000000293 R12: 000000000000000c
Nov  3 23:57:49 mr-fox kernel: [109232.200281] R13: 00007f44a0004810 R14: 00007f44c12cc21c R15: 0000000000d32690
Nov  3 23:57:49 mr-fox kernel: [109232.200282] Code: 44 29 e2 39 d0 73 c1 0f b6 1d 1c 85 27 01 80 fb 01 77 34 83 e3 01 75 da 48 c7 c7 a0 51 39 be c6 05 04 85 27 01 01 e8 8f e5 99 ff <0f> ff eb a9 e8 6c b3 91 ff 31 f6 48 c7 c7 e0 72 a5 be e8 7e 76 
Nov  3 23:57:49 mr-fox kernel: [109232.200308] ---[ end trace da213a4ee21df757 ]---

-- 
Toralf
PGP C4EACDDE 0076E94E