Mageia Bugzilla – Attachment 13883 Details for
Bug 32030
no ipv6 due to kernel use-after-free use-after-free with 6.3.8-desktop-2.mga9 on i586 vb guest
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
use-after-free text from the journal
kernel-use-after-free.txt (text/plain), 5.64 KB, created by
Dave Hodgins
on 2023-06-20 06:44:49 CEST
(
hide
)
Description:
use-after-free text from the journal
Filename:
MIME Type:
Creator:
Dave Hodgins
Created:
2023-06-20 06:44:49 CEST
Size:
5.64 KB
patch
obsolete
>Jun 20 00:26:59 kernel: ------------[ cut here ]------------ >Jun 20 00:26:59 kernel: refcount_t: underflow; use-after-free. >Jun 20 00:26:59 kernel: WARNING: CPU: 1 PID: 2868 at lib/refcount.c:28 refcount_warn_saturate+0xb6/0xfc >Jun 20 00:26:59 kernel: Modules linked in: ip6t_REJECT nf_reject_ipv6 xt_comment ip6table_mangle ip6table_nat ip6table_raw ip6table_filter ip6_tables xt_recent ipt_REJECT nf_reject_ipv4 xt_multiport xt_conntrack xt_hashlimit xt_addrtype xt_mark iptable_mangle iptable_nat xt_CT xt_tcpudp iptable_raw xt_NFLOG nfnetlink_log xt_LOG nf_log_syslog nf_nat_tftp nf_nat_snmp_basic nf_conntrack_snmp nf_nat_sip nf_nat_pptp nf_nat_irc nf_nat_h323 nf_nat_ftp nf_nat_amanda ts_kmp nf_conntrack_amanda nf_nat nf_conntrack_sane nf_conntrack_tftp nf_conntrack_sip nf_conntrack_pptp nf_conntrack_netlink nfnetlink nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter af_packet cfg80211 rfkill vboxsf dm_mirror dm_region_hash dm_log snd_intel8x0 snd_ac97_codec joydev ac97_bus snd_pcm snd_timer crc32_pclmul aesni_intel crypto_simd tpm_crb psmouse e1000 cryptd snd tpm_tis tpm_tis_core soundcore vboxguest i2c_piix4 tpm input_leds evdev sch_fq_codel msr >Jun 20 00:26:59 kernel: dm_mod fuse loop configfs dmi_sysfs ip_tables x_tables ipv6 crc_ccitt autofs4 sr_mod ata_generic atkbd ohci_pci pata_acpi crc32c_intel vivaldi_fmap serio_raw ehci_pci ehci_hcd ohci_hcd ata_piix video vmwgfx drm_ttm_helper ttm wmi drm_kms_helper syscopyarea sysfillrect sysimgblt drm >Jun 20 00:26:59 kernel: CPU: 1 PID: 2868 Comm: sddm-greeter Not tainted 6.3.8-desktop-2.mga9 #1 >Jun 20 00:26:59 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 >Jun 20 00:26:59 kernel: EIP: refcount_warn_saturate+0xb6/0xfc >Jun 20 00:26:59 kernel: Code: 42 27 cb cb 01 e8 56 00 ad ff 0f 0b 58 c9 c3 90 80 3d 41 27 cb cb 00 75 8a 68 24 37 a6 cb c6 05 41 27 cb cb 01 e8 36 00 ad ff <0f> 0b 59 c9 c3 80 3d 3f 27 cb cb 00 0f 85 67 ff ff ff 68 7c 37 a6 >Jun 20 00:26:59 kernel: EAX: 00000026 EBX: c2541600 ECX: ef581dc4 EDX: ef581dc0 >Jun 20 00:26:59 kernel: ESI: c2670338 EDI: c3f12838 EBP: c5893df0 ESP: c5893dec >Jun 20 00:26:59 kernel: DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00210286 >Jun 20 00:26:59 kernel: CR0: 80050033 CR2: b3d6bd58 CR3: 01a995c0 CR4: 000406f0 >Jun 20 00:26:59 kernel: Call Trace: >Jun 20 00:26:59 kernel: ? show_regs+0x55/0x5c >Jun 20 00:26:59 kernel: ? refcount_warn_saturate+0xb6/0xfc >Jun 20 00:26:59 kernel: ? __warn+0x74/0x12c >Jun 20 00:26:59 kernel: ? refcount_warn_saturate+0xb6/0xfc >Jun 20 00:26:59 kernel: ? report_bug+0x170/0x194 >Jun 20 00:26:59 kernel: ? exc_overflow+0x38/0x38 >Jun 20 00:26:59 kernel: ? handle_bug+0x2a/0x48 >Jun 20 00:26:59 kernel: ? exc_invalid_op+0x1b/0x58 >Jun 20 00:26:59 kernel: ? handle_exception+0x133/0x133 >Jun 20 00:26:59 kernel: ? exc_overflow+0x38/0x38 >Jun 20 00:26:59 kernel: ? refcount_warn_saturate+0xb6/0xfc >Jun 20 00:26:59 kernel: ? exc_overflow+0x38/0x38 >Jun 20 00:26:59 kernel: ? refcount_warn_saturate+0xb6/0xfc >Jun 20 00:26:59 kernel: drm_gem_object_handle_put_unlocked+0x88/0xec [drm] >Jun 20 00:26:59 kernel: drm_gem_handle_delete+0x78/0xb4 [drm] >Jun 20 00:26:59 kernel: ? vmw_bo_create+0xa0/0xa0 [vmwgfx] >Jun 20 00:26:59 kernel: vmw_bo_unref_ioctl+0x11/0x18 [vmwgfx] >Jun 20 00:26:59 kernel: drm_ioctl_kernel+0xa7/0x154 [drm] >Jun 20 00:26:59 kernel: ? vmw_bo_create+0xa0/0xa0 [vmwgfx] >Jun 20 00:26:59 kernel: drm_ioctl+0x274/0x4e4 [drm] >Jun 20 00:26:59 kernel: ? vmw_bo_create+0xa0/0xa0 [vmwgfx] >Jun 20 00:26:59 kernel: ? __switch_to_asm+0xd1/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0xcb/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0xc5/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0xbf/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0xb9/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0xb3/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0xad/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0xa7/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0xa1/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0x9b/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0x95/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0x8f/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0x89/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0x83/0xf0 >Jun 20 00:26:59 kernel: ? _copy_from_user+0x45/0x5c >Jun 20 00:26:59 kernel: ? __rseq_handle_notify_resume+0x2ad/0x414 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0x4d/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0x47/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0x41/0xf0 >Jun 20 00:26:59 kernel: ? __switch_to_asm+0x3b/0xf0 >Jun 20 00:26:59 kernel: ? raw_spin_rq_unlock+0x12/0x34 >Jun 20 00:26:59 kernel: ? finish_task_switch.isra.0+0x7a/0x274 >Jun 20 00:26:59 kernel: vmw_unlocked_ioctl+0x88/0xdc [vmwgfx] >Jun 20 00:26:59 kernel: ? vmw_pm_suspend+0x4c/0x4c [vmwgfx] >Jun 20 00:26:59 kernel: __ia32_sys_ioctl+0x165/0x940 >Jun 20 00:26:59 kernel: ? exit_to_user_mode_prepare+0xa5/0x170 >Jun 20 00:26:59 kernel: do_int80_syscall_32+0x33/0x80 >Jun 20 00:26:59 kernel: entry_INT80_32+0xf0/0xf0 >Jun 20 00:26:59 kernel: EIP: 0xb5d19080 >Jun 20 00:26:59 kernel: Code: d8 5b 5e 5f 5d c3 66 90 66 90 56 b8 36 00 00 00 e8 ba 29 05 00 81 c6 89 bf 0d 00 53 8b 4c 24 10 8b 54 24 14 8b 5c 24 0c cd 80 <3d> 00 f0 ff ff 77 09 5b 5e c3 8d b6 00 00 00 00 8b 96 c8 fe ff ff >Jun 20 00:26:59 kernel: EAX: ffffffda EBX: 0000000e ECX: 40086442 EDX: bfea12c8 >Jun 20 00:26:59 kernel: ESI: b5df4ff4 EDI: 40086442 EBP: 0000000e ESP: bfea1254 >Jun 20 00:26:59 kernel: DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00200292 >Jun 20 00:26:59 kernel: ---[ end trace 0000000000000000 ]--- >Jun 20 00:26:59 systemd[1]: Starting user@1000.service...
Jun 20 00:26:59 kernel: ------------[ cut here ]------------ Jun 20 00:26:59 kernel: refcount_t: underflow; use-after-free. Jun 20 00:26:59 kernel: WARNING: CPU: 1 PID: 2868 at lib/refcount.c:28 refcount_warn_saturate+0xb6/0xfc Jun 20 00:26:59 kernel: Modules linked in: ip6t_REJECT nf_reject_ipv6 xt_comment ip6table_mangle ip6table_nat ip6table_raw ip6table_filter ip6_tables xt_recent ipt_REJECT nf_reject_ipv4 xt_multiport xt_conntrack xt_hashlimit xt_addrtype xt_mark iptable_mangle iptable_nat xt_CT xt_tcpudp iptable_raw xt_NFLOG nfnetlink_log xt_LOG nf_log_syslog nf_nat_tftp nf_nat_snmp_basic nf_conntrack_snmp nf_nat_sip nf_nat_pptp nf_nat_irc nf_nat_h323 nf_nat_ftp nf_nat_amanda ts_kmp nf_conntrack_amanda nf_nat nf_conntrack_sane nf_conntrack_tftp nf_conntrack_sip nf_conntrack_pptp nf_conntrack_netlink nfnetlink nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter af_packet cfg80211 rfkill vboxsf dm_mirror dm_region_hash dm_log snd_intel8x0 snd_ac97_codec joydev ac97_bus snd_pcm snd_timer crc32_pclmul aesni_intel crypto_simd tpm_crb psmouse e1000 cryptd snd tpm_tis tpm_tis_core soundcore vboxguest i2c_piix4 tpm input_leds evdev sch_fq_codel msr Jun 20 00:26:59 kernel: dm_mod fuse loop configfs dmi_sysfs ip_tables x_tables ipv6 crc_ccitt autofs4 sr_mod ata_generic atkbd ohci_pci pata_acpi crc32c_intel vivaldi_fmap serio_raw ehci_pci ehci_hcd ohci_hcd ata_piix video vmwgfx drm_ttm_helper ttm wmi drm_kms_helper syscopyarea sysfillrect sysimgblt drm Jun 20 00:26:59 kernel: CPU: 1 PID: 2868 Comm: sddm-greeter Not tainted 6.3.8-desktop-2.mga9 #1 Jun 20 00:26:59 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 Jun 20 00:26:59 kernel: EIP: refcount_warn_saturate+0xb6/0xfc Jun 20 00:26:59 kernel: Code: 42 27 cb cb 01 e8 56 00 ad ff 0f 0b 58 c9 c3 90 80 3d 41 27 cb cb 00 75 8a 68 24 37 a6 cb c6 05 41 27 cb cb 01 e8 36 00 ad ff <0f> 0b 59 c9 c3 80 3d 3f 27 cb cb 00 0f 85 67 ff ff ff 68 7c 37 a6 Jun 20 00:26:59 kernel: EAX: 00000026 EBX: c2541600 ECX: ef581dc4 EDX: ef581dc0 Jun 20 00:26:59 kernel: ESI: c2670338 EDI: c3f12838 EBP: c5893df0 ESP: c5893dec Jun 20 00:26:59 kernel: DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00210286 Jun 20 00:26:59 kernel: CR0: 80050033 CR2: b3d6bd58 CR3: 01a995c0 CR4: 000406f0 Jun 20 00:26:59 kernel: Call Trace: Jun 20 00:26:59 kernel: ? show_regs+0x55/0x5c Jun 20 00:26:59 kernel: ? refcount_warn_saturate+0xb6/0xfc Jun 20 00:26:59 kernel: ? __warn+0x74/0x12c Jun 20 00:26:59 kernel: ? refcount_warn_saturate+0xb6/0xfc Jun 20 00:26:59 kernel: ? report_bug+0x170/0x194 Jun 20 00:26:59 kernel: ? exc_overflow+0x38/0x38 Jun 20 00:26:59 kernel: ? handle_bug+0x2a/0x48 Jun 20 00:26:59 kernel: ? exc_invalid_op+0x1b/0x58 Jun 20 00:26:59 kernel: ? handle_exception+0x133/0x133 Jun 20 00:26:59 kernel: ? exc_overflow+0x38/0x38 Jun 20 00:26:59 kernel: ? refcount_warn_saturate+0xb6/0xfc Jun 20 00:26:59 kernel: ? exc_overflow+0x38/0x38 Jun 20 00:26:59 kernel: ? refcount_warn_saturate+0xb6/0xfc Jun 20 00:26:59 kernel: drm_gem_object_handle_put_unlocked+0x88/0xec [drm] Jun 20 00:26:59 kernel: drm_gem_handle_delete+0x78/0xb4 [drm] Jun 20 00:26:59 kernel: ? vmw_bo_create+0xa0/0xa0 [vmwgfx] Jun 20 00:26:59 kernel: vmw_bo_unref_ioctl+0x11/0x18 [vmwgfx] Jun 20 00:26:59 kernel: drm_ioctl_kernel+0xa7/0x154 [drm] Jun 20 00:26:59 kernel: ? vmw_bo_create+0xa0/0xa0 [vmwgfx] Jun 20 00:26:59 kernel: drm_ioctl+0x274/0x4e4 [drm] Jun 20 00:26:59 kernel: ? vmw_bo_create+0xa0/0xa0 [vmwgfx] Jun 20 00:26:59 kernel: ? __switch_to_asm+0xd1/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0xcb/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0xc5/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0xbf/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0xb9/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0xb3/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0xad/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0xa7/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0xa1/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0x9b/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0x95/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0x8f/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0x89/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0x83/0xf0 Jun 20 00:26:59 kernel: ? _copy_from_user+0x45/0x5c Jun 20 00:26:59 kernel: ? __rseq_handle_notify_resume+0x2ad/0x414 Jun 20 00:26:59 kernel: ? __switch_to_asm+0x4d/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0x47/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0x41/0xf0 Jun 20 00:26:59 kernel: ? __switch_to_asm+0x3b/0xf0 Jun 20 00:26:59 kernel: ? raw_spin_rq_unlock+0x12/0x34 Jun 20 00:26:59 kernel: ? finish_task_switch.isra.0+0x7a/0x274 Jun 20 00:26:59 kernel: vmw_unlocked_ioctl+0x88/0xdc [vmwgfx] Jun 20 00:26:59 kernel: ? vmw_pm_suspend+0x4c/0x4c [vmwgfx] Jun 20 00:26:59 kernel: __ia32_sys_ioctl+0x165/0x940 Jun 20 00:26:59 kernel: ? exit_to_user_mode_prepare+0xa5/0x170 Jun 20 00:26:59 kernel: do_int80_syscall_32+0x33/0x80 Jun 20 00:26:59 kernel: entry_INT80_32+0xf0/0xf0 Jun 20 00:26:59 kernel: EIP: 0xb5d19080 Jun 20 00:26:59 kernel: Code: d8 5b 5e 5f 5d c3 66 90 66 90 56 b8 36 00 00 00 e8 ba 29 05 00 81 c6 89 bf 0d 00 53 8b 4c 24 10 8b 54 24 14 8b 5c 24 0c cd 80 <3d> 00 f0 ff ff 77 09 5b 5e c3 8d b6 00 00 00 00 8b 96 c8 fe ff ff Jun 20 00:26:59 kernel: EAX: ffffffda EBX: 0000000e ECX: 40086442 EDX: bfea12c8 Jun 20 00:26:59 kernel: ESI: b5df4ff4 EDI: 40086442 EBP: 0000000e ESP: bfea1254 Jun 20 00:26:59 kernel: DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00200292 Jun 20 00:26:59 kernel: ---[ end trace 0000000000000000 ]--- Jun 20 00:26:59 systemd[1]: Starting user@1000.service...
View Attachment As Raw
Actions:
View
Attachments on
bug 32030
: 13883