https://bugzilla.kernel.org/show_bug.cgi?id=200931 Bug ID: 200931 Summary: use-after-free in ext4_put_super() Product: File System Version: 2.5 Kernel Version: 4.18 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: ext4 Assignee: fs_ext4@xxxxxxxxxxxxxxxxxxxx Reporter: wen.xu@xxxxxxxxxx Regression: No Created attachment 278077 --> https://bugzilla.kernel.org/attachment.cgi?id=278077&action=edit The (compressed) crafted image which causes crash - Reproduce # mkdir mnt # mount -t ext4 1.img mnt # gcc 1.c # ./a.out ./mnt # umount mnt - Kernel message [ 1128.973181] EXT4-fs (loop0): mounted filesystem with ordered data mode. Opts: (null) [ 1185.120237] WARNING: CPU: 0 PID: 1483 at fs/inode.c:285 drop_nlink+0x69/0x90 [ 1185.120244] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_timer snd soundcore mac_hid i2c_piix4 ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid1 raid0 multipath linear 8139too qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm crct10dif_pclmul crc32_pclmul aesni_intel drm aes_x86_64 crypto_simd cryptd glue_helper 8139cp mii pata_acpi floppy [ 1185.120666] CPU: 0 PID: 1483 Comm: a.out Not tainted 4.18.0+ #9 [ 1185.120672] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1185.120679] RIP: 0010:drop_nlink+0x69/0x90 [ 1185.120684] Code: e8 7c b5 f8 ff 49 8b 5c 24 28 be 08 00 00 00 48 8d bb 98 04 00 00 e8 26 b9 f8 ff f0 48 ff 83 98 04 00 00 5b 41 5c 41 5d 5d c3 <0f> 0b 4c 89 ef e8 cd b4 f8 ff 41 c7 44 24 48 ff ff ff ff 5b 41 5c [ 1185.120686] RSP: 0018:ffff8801e62af910 EFLAGS: 00010246 [ 1185.120698] RAX: 0000000000000000 RBX: ffff8801e9dd8ef8 RCX: ffffffffa541eead [ 1185.120701] RDX: 0000000000000003 RSI: dffffc0000000000 RDI: ffff8801e9dd8f40 [ 1185.120703] RBP: ffff8801e62af928 R08: ffffed003df57d32 R09: ffffed003df57d32 [ 1185.120706] R10: 0000000000000001 R11: ffffed003df57d31 R12: ffff8801e9dd8ef8 [ 1185.120708] R13: ffff8801e9dd8f40 R14: 0000000000000008 R15: ffff8801e9da9e80 [ 1185.120712] FS: 00007fcb1db54700(0000) GS:ffff8801f7000000(0000) knlGS:0000000000000000 [ 1185.120715] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1185.120717] CR2: 00007ffc43283ebf CR3: 00000001e632c000 CR4: 00000000000006f0 [ 1185.120727] Call Trace: [ 1185.120752] ext4_rename+0x7af/0xd00 [ 1185.120758] ? ext4_tmpfile+0x2d0/0x2d0 [ 1185.120770] ? lockref_put_or_lock+0x160/0x160 [ 1185.120780] ? link_path_walk+0x516/0x7b0 [ 1185.120792] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1185.120797] ? legitimize_path.isra.28+0x61/0xa0 [ 1185.120801] ? unlazy_walk+0xb8/0x150 [ 1185.120808] ? kasan_check_write+0x14/0x20 [ 1185.120812] ? lockref_get+0xb5/0x140 [ 1185.120817] ext4_rename2+0xa6/0x100 [ 1185.120821] vfs_rename+0xa70/0xda0 [ 1185.120827] ? path_mountpoint+0x5b0/0x5b0 [ 1185.120839] ? security_path_rename+0xcb/0x130 [ 1185.120844] do_renameat2+0x7d2/0x860 [ 1185.120850] ? user_path_create+0x40/0x40 [ 1185.120854] ? may_open_dev+0x50/0x50 [ 1185.120862] ? fsnotify+0x590/0x7d0 [ 1185.120866] ? putname+0x80/0x90 [ 1185.120870] ? __kasan_slab_free+0x151/0x1a0 [ 1185.120874] ? kasan_slab_free+0xe/0x10 [ 1185.120881] ? kmem_cache_free+0x89/0x1e0 [ 1185.120885] ? putname+0x80/0x90 [ 1185.120892] ? filp_open+0x60/0x60 [ 1185.120896] ? __ia32_sys_mknod+0x50/0x50 [ 1185.120900] ? do_sys_ftruncate+0x195/0x200 [ 1185.120905] __x64_sys_rename+0x3b/0x50 [ 1185.120912] do_syscall_64+0x78/0x170 [ 1185.120916] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1185.120935] RIP: 0033:0x7fcb1d6704d9 [ 1185.120940] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 29 2c 00 f7 d8 64 89 01 48 [ 1185.120942] RSP: 002b:00007ffc43280a58 EFLAGS: 00000207 ORIG_RAX: 0000000000000052 [ 1185.120947] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcb1d6704d9 [ 1185.120949] RDX: 00007fcb1d6704d9 RSI: 00007ffc43280c30 RDI: 00007ffc43280bf0 [ 1185.120952] RBP: 00007ffc43284ed0 R08: 00007ffc43284fb8 R09: 00007ffc43284fb8 [ 1185.120954] R10: 00007ffc43284fb8 R11: 0000000000000207 R12: 0000000000400530 [ 1185.120957] R13: 00007ffc43284fb0 R14: 0000000000000000 R15: 0000000000000000 [ 1185.120961] ---[ end trace 754084f7e4b34756 ]--- [ 1233.429984] EXT4-fs (loop0): Inode 16 (000000005dedb213): orphan list check failed! [ 1233.431636] 000000005dedb213: 0001f30a 00000004 00000000 00000000 ................ [ 1233.431641] 0000000021b53ceb: 00000001 00002602 00000000 00000000 .....&.......... [ 1233.431650] 000000008c5d364c: 00000000 00000000 00000000 00000000 ................ [ 1233.431655] 000000004186d7d5: 00000000 00000000 00000000 00000000 ................ [ 1233.431660] 000000006db65a73: 00000247 00000000 00000000 00000000 G............... [ 1233.431664] 000000002c93c63e: 00080000 00000000 00000000 00000000 ................ [ 1233.431669] 00000000c4d506ed: e9dd8e70 ffff8801 e9dd8e70 ffff8801 p.......p....... [ 1233.431674] 00000000fa0356d5: 00000000 00000000 00000000 00000000 ................ [ 1233.431678] 0000000091b782f0: efabdf78 ffff8801 efabdf78 ffff8801 x.......x....... [ 1233.431683] 000000002a089815: 00000004 00000000 00000000 00000000 ................ [ 1233.431688] 00000000eb9d11ff: e9dd8eb0 ffff8801 e9dd8eb0 ffff8801 ................ [ 1233.431692] 0000000004e022fc: 00000000 00000000 00000000 00000000 ................ [ 1233.431697] 000000007677b5c8: 00000000 00000000 e9dd8ed8 ffff8801 ................ [ 1233.431701] 000000002e6a43d8: e9dd8ed8 ffff8801 00000000 00000000 ................ [ 1233.431705] 000000003f589dbb: 00000000 00000000 000d8c00 00000000 ................ [ 1233.431710] 00000000350a5c50: 00000000 00000000 00000000 00000000 ................ [ 1233.431714] 0000000082f6b309: ffffffff ffffffff a694b680 ffffffff ................ [ 1233.431719] 00000000edc23015: efabd500 ffff8801 e9dd9068 ffff8801 ........h....... [ 1233.431723] 00000000653d76f2: 00000000 00000000 00000010 00000000 ................ [ 1233.431728] 000000007aa73d77: ffffffff 00000000 00000004 00000000 ................ [ 1233.431732] 000000002c163fdf: 5b437ccf 00000000 00000000 00000000 .|C[............ [ 1233.431737] 00000000d30e1735: 5b437ccf 00000000 00000000 00000000 .|C[............ [ 1233.431741] 000000007572f0b6: 5b805879 00000000 00000000 00000000 yX.[............ [ 1233.431746] 000000009f5893db: 00000000 000a0000 00000004 00000000 ................ [ 1233.431750] 00000000521e1048: 00000060 00000000 00000000 00000000 `............... [ 1233.431755] 000000004ad9b4e0: e9dd8fa0 ffff8801 e9dd8fa0 ffff8801 ................ [ 1233.431759] 00000000568d5650: 00000000 00000000 00000000 00000000 ................ [ 1233.431763] 00000000bfb6f2e8: 00035e3c 00000001 00000000 00000000 <^.............. [ 1233.431768] 0000000034be7c52: 00000000 00000000 00000000 00000000 ................ [ 1233.431772] 00000000dcf3946e: e9dd8fe0 ffff8801 e9dd8fe0 ffff8801 ................ [ 1233.431777] 0000000079a7eabd: 00000000 00000000 00000000 00000000 ................ [ 1233.431781] 000000004c6f90ba: e9dd9000 ffff8801 e9dd9000 ffff8801 ................ [ 1233.431786] 00000000df365673: e9dd9010 ffff8801 e9dd9010 ffff8801 ................ [ 1233.431790] 00000000e60be868: e9dd9020 ffff8801 e9dd9020 ffff8801 ....... ....... [ 1233.431795] 000000006477626b: 00000000 00000000 00000000 00000000 ................ [ 1233.431799] 000000006569550a: 00000003 00000000 00000000 00000000 ................ [ 1233.431804] 0000000086f8b4f7: 00000000 00000000 a694b760 ffffffff ........`....... [ 1233.431808] 000000004e22c66f: 00000000 00000000 e9dd8ef8 ffff8801 ................ [ 1233.431813] 00000000f929f7bf: 00000000 00580020 00000000 00000000 .... .X......... [ 1233.431817] 00000000d32b49c1: 00000000 00000000 00000000 00000000 ................ [ 1233.431821] 00000000bf2e27cc: 00000000 00000000 00000000 00000000 ................ [ 1233.431826] 00000000c31046a4: e9dd90a0 ffff8801 e9dd90a0 ffff8801 ................ [ 1233.431830] 0000000033a2e2b1: 00000000 00000000 00000000 00000000 ................ [ 1233.431834] 00000000989164dc: 00000000 00000000 00000000 00000000 ................ [ 1233.431839] 000000007ed20ecd: 00000000 00000000 a694e3c0 ffffffff ................ [ 1233.431844] 00000000cba28eac: 00000010 00000000 00000000 006200ca ..............b. [ 1233.431848] 00000000e82f1ff2: e9dd90f0 ffff8801 e9dd90f0 ffff8801 ................ [ 1233.431852] 000000006257d8fd: 00000000 00000000 00000000 00000000 ................ [ 1233.431871] 000000009449a89d: e9dd9110 ffff8801 e9dd9110 ffff8801 ................ [ 1233.431877] 00000000708b7ca9: 00000000 00000000 709b874b 00000000 ........K..p.... [ 1233.431881] 000000008a963fc0: 00000000 00000000 00000000 00000000 ................ [ 1233.431885] 0000000095572997: 00000000 00000000 00000000 00000000 ................ [ 1233.431889] 00000000ea473d54: 00000000 00000000 00000000 00000000 ................ [ 1233.431894] 00000000cab08c06: 00000000 00000000 e9dd9168 ffff8801 ........h....... [ 1233.431898] 00000000d654e3b9: e9dd9168 ffff8801 00000000 00000000 h............... [ 1233.431903] 00000000553bf873: 00000000 00000000 00000000 00000000 ................ [ 1233.431907] 00000000d5211a3f: 00000000 00000000 e9dd9198 ffff8801 ................ [ 1233.431912] 00000000f7a69e82: e9dd9198 ffff8801 00000000 00000000 ................ [ 1233.431916] 000000006f459b99: 00000000 ffffffff 00000000 00000000 ................ [ 1233.431921] 000000004b0ba2de: 00000000 00000000 e9dd91c8 ffff8801 ................ [ 1233.431925] 00000000a0778393: 00000000 00000000 00000000 00000000 ................ [ 1233.431930] 00000000b39a322a: e9dd91e0 ffff8801 e9dd91e0 ffff8801 ................ [ 1233.431934] 00000000b6ab4bd9: ffffffe0 0000000f e9dd91f8 ffff8801 ................ [ 1233.431939] 00000000222c700b: e9dd91f8 ffff8801 a558cf90 ffffffff ..........X..... [ 1233.431943] 00000000ffa1fafc: 00000000 00000000 00000010 00000006 ................ [ 1233.431947] 00000000d688cabe: 00000000 00000000 00000000 00000000 ................ [ 1233.431952] 0000000074de523e: 00000000 00000000 00000000 00000000 ................ [ 1233.431970] CPU: 0 PID: 1530 Comm: umount Tainted: G W 4.18.0+ #9 [ 1233.431976] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1233.431985] Call Trace: [ 1233.432035] dump_stack+0x7b/0xb5 [ 1233.432053] ext4_destroy_inode+0xb5/0xc0 [ 1233.432066] destroy_inode+0x6a/0x90 [ 1233.432070] evict+0x1fe/0x290 [ 1233.432075] dispose_list+0x7e/0xa0 [ 1233.432080] evict_inodes+0x24f/0x2a0 [ 1233.432084] ? dispose_list+0xa0/0xa0 [ 1233.432092] ? fsnotify_unmount_inodes+0x148/0x160 [ 1233.432104] generic_shutdown_super+0x71/0x1c0 [ 1233.432109] kill_block_super+0x52/0x80 [ 1233.432113] deactivate_locked_super+0x6f/0xa0 [ 1233.432118] deactivate_super+0x130/0x140 [ 1233.432122] ? mount_ns+0x100/0x100 [ 1233.432127] ? fsnotify_grab_connector+0x54/0x80 [ 1233.432132] cleanup_mnt+0x61/0xa0 [ 1233.432136] __cleanup_mnt+0x12/0x20 [ 1233.432144] task_work_run+0xc8/0xf0 [ 1233.432153] exit_to_usermode_loop+0x12c/0x130 [ 1233.432158] do_syscall_64+0x138/0x170 [ 1233.432163] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1233.432183] RIP: 0033:0x7f83814cd487 [ 1233.432188] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 c9 2b 00 f7 d8 64 89 01 48 [ 1233.432191] RSP: 002b:00007ffec2a2da48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1233.432200] RAX: 0000000000000000 RBX: 0000000001fa8030 RCX: 00007f83814cd487 [ 1233.432202] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000001faf1e0 [ 1233.432205] RBP: 0000000001faf1e0 R08: 0000000000000000 R09: 0000000000000014 [ 1233.432207] R10: 00000000000006b2 R11: 0000000000000246 R12: 00007f83819d683c [ 1233.432209] R13: 0000000000000000 R14: 0000000001fa8210 R15: 00007ffec2a2dcd0 [ 1233.879755] EXT4-fs (loop0): sb orphan head is 16 [ 1233.880734] sb_info orphan list: [ 1233.881417] ================================================================== [ 1233.882839] BUG: KASAN: use-after-free in ext4_put_super+0x5b2/0x650 [ 1233.884104] Read of size 4 at addr ffff8801e9dd8e4c by task umount/1530 [ 1233.885737] CPU: 0 PID: 1530 Comm: umount Tainted: G W 4.18.0+ #9 [ 1233.885740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1233.885742] Call Trace: [ 1233.885765] dump_stack+0x7b/0xb5 [ 1233.885774] print_address_description+0x70/0x290 [ 1233.885779] kasan_report+0x291/0x390 [ 1233.885783] ? ext4_put_super+0x5b2/0x650 [ 1233.885788] __asan_load4+0x78/0x80 [ 1233.885792] ext4_put_super+0x5b2/0x650 [ 1233.885797] generic_shutdown_super+0xb9/0x1c0 [ 1233.885801] kill_block_super+0x52/0x80 [ 1233.885806] deactivate_locked_super+0x6f/0xa0 [ 1233.885810] deactivate_super+0x130/0x140 [ 1233.885814] ? mount_ns+0x100/0x100 [ 1233.885819] ? fsnotify_grab_connector+0x54/0x80 [ 1233.885824] cleanup_mnt+0x61/0xa0 [ 1233.885827] __cleanup_mnt+0x12/0x20 [ 1233.885831] task_work_run+0xc8/0xf0 [ 1233.885836] exit_to_usermode_loop+0x12c/0x130 [ 1233.885841] do_syscall_64+0x138/0x170 [ 1233.885845] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1233.885849] RIP: 0033:0x7f83814cd487 [ 1233.885854] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 c9 2b 00 f7 d8 64 89 01 48 [ 1233.885856] RSP: 002b:00007ffec2a2da48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1233.885860] RAX: 0000000000000000 RBX: 0000000001fa8030 RCX: 00007f83814cd487 [ 1233.885863] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000001faf1e0 [ 1233.885865] RBP: 0000000001faf1e0 R08: 0000000000000000 R09: 0000000000000014 [ 1233.885867] R10: 00000000000006b2 R11: 0000000000000246 R12: 00007f83819d683c [ 1233.885870] R13: 0000000000000000 R14: 0000000001fa8210 R15: 00007ffec2a2dcd0 [ 1233.886215] Allocated by task 1483: [ 1233.886941] save_stack+0x46/0xd0 [ 1233.886944] kasan_kmalloc+0xad/0xe0 [ 1233.886948] kasan_slab_alloc+0x11/0x20 [ 1233.886951] kmem_cache_alloc+0xc9/0x1e0 [ 1233.886958] ext4_alloc_inode+0x1f/0x2f0 [ 1233.886961] alloc_inode+0x35/0xc0 [ 1233.886964] iget_locked+0x121/0x2a0 [ 1233.886969] ext4_iget+0xf8/0x1740 [ 1233.886972] ext4_iget_normal+0x5e/0x70 [ 1233.886976] ext4_lookup+0x1db/0x330 [ 1233.886981] __lookup_slow+0x12e/0x240 [ 1233.886984] lookup_slow+0x44/0x60 [ 1233.886988] walk_component+0x3f9/0x6b0 [ 1233.886991] path_lookupat+0x133/0x430 [ 1233.886994] filename_lookup+0x13c/0x280 [ 1233.886998] user_path_at_empty+0x36/0x40 [ 1233.887004] do_fchmodat+0x8f/0x110 [ 1233.887008] __x64_sys_chmod+0x37/0x40 [ 1233.887011] do_syscall_64+0x78/0x170 [ 1233.887015] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1233.887339] Freed by task 0: [ 1233.887938] save_stack+0x46/0xd0 [ 1233.887942] __kasan_slab_free+0x13c/0x1a0 [ 1233.887945] kasan_slab_free+0xe/0x10 [ 1233.887952] kmem_cache_free+0x89/0x1e0 [ 1233.887956] ext4_i_callback+0x1c/0x20 [ 1233.887965] rcu_process_callbacks+0x31c/0x7a0 [ 1233.887970] __do_softirq+0x120/0x348 [ 1233.888306] The buggy address belongs to the object at ffff8801e9dd8e10 which belongs to the cache ext4_inode_cache(21:user.slice) of size 1072 [ 1233.903236] The buggy address is located 60 bytes inside of 1072-byte region [ffff8801e9dd8e10, ffff8801e9dd9240) [ 1233.905556] The buggy address belongs to the page: [ 1233.906530] page:ffffea0007a77600 count:1 mapcount:0 mapping:ffff8801e5bde380 index:0x0 compound_mapcount: 0 [ 1233.908498] flags: 0x2ffff0000008100(slab|head) [ 1233.909421] raw: 02ffff0000008100 dead000000000100 dead000000000200 ffff8801e5bde380 [ 1233.910952] raw: 0000000000000000 00000000000d000d 00000001ffffffff ffff8801ed19a200 [ 1233.912484] page dumped because: kasan: bad access detected [ 1233.913604] page->mem_cgroup:ffff8801ed19a200 [ 1233.914786] Memory state around the buggy address: [ 1233.915742] ffff8801e9dd8d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1233.917197] ffff8801e9dd8d80: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1233.918630] >ffff8801e9dd8e00: fc fc fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1233.920063] ^ [ 1233.921205] ffff8801e9dd8e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1233.922642] ffff8801e9dd8f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1233.924066] ================================================================== [ 1233.925518] Disabling lock debugging due to kernel taint [ 1233.925605] inode loop0:16 at 0000000032706161: mode 106000, nlink -1, next 0 [ 1233.927107] ------------[ cut here ]------------ [ 1233.927110] kernel BUG at fs/ext4/super.c:977! [ 1233.928105] invalid opcode: 0000 [#1] SMP KASAN PTI [ 1233.929117] CPU: 0 PID: 1530 Comm: umount Tainted: G B W 4.18.0+ #9 [ 1233.930620] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1233.932497] RIP: 0010:ext4_put_super+0x591/0x650 [ 1233.933436] Code: a0 00 00 00 49 8d 7d 3a e8 fc 23 df ff 4c 89 e7 66 45 89 7d 3a e8 6f 25 df ff 41 f6 46 50 01 0f 85 c1 fb ff ff e9 af fb ff ff <0f> 0b 48 8d 7b 70 e8 54 25 df ff 4c 8b 6b 70 e9 1a fc ff ff 49 8d [ 1233.937114] RSP: 0018:ffff8801e3db7d10 EFLAGS: 00010206 [ 1233.938168] RAX: ffff8801e9dd8e90 RBX: ffff8801efabdd80 RCX: ffffffffa55b7c40 [ 1233.939576] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8801efabdf78 [ 1233.940983] RBP: ffff8801e3db7d60 R08: ffffed003ee04f49 R09: ffffed003ee04f49 [ 1233.942405] R10: 0000000000000001 R11: ffffed003ee04f48 R12: ffff8801efabdf78 [ 1233.943816] R13: ffff8801e9dd8ef8 R14: ffff8801efabd500 R15: ffff8801efabdf78 [ 1233.945237] FS: 00007f8381bed840(0000) GS:ffff8801f7000000(0000) knlGS:0000000000000000 [ 1233.946833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1233.947973] CR2: 00005621001b45b8 CR3: 00000001f3040000 CR4: 00000000000006f0 [ 1233.949405] Call Trace: [ 1233.949918] generic_shutdown_super+0xb9/0x1c0 [ 1233.950810] kill_block_super+0x52/0x80 [ 1233.951590] deactivate_locked_super+0x6f/0xa0 [ 1233.952486] deactivate_super+0x130/0x140 [ 1233.953313] ? mount_ns+0x100/0x100 [ 1233.954030] ? fsnotify_grab_connector+0x54/0x80 [ 1233.954962] cleanup_mnt+0x61/0xa0 [ 1233.955661] __cleanup_mnt+0x12/0x20 [ 1233.956388] task_work_run+0xc8/0xf0 [ 1233.957118] exit_to_usermode_loop+0x12c/0x130 [ 1233.958023] do_syscall_64+0x138/0x170 [ 1233.958786] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1233.959799] RIP: 0033:0x7f83814cd487 [ 1233.960525] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 c9 2b 00 f7 d8 64 89 01 48 [ 1233.964205] RSP: 002b:00007ffec2a2da48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1233.965730] RAX: 0000000000000000 RBX: 0000000001fa8030 RCX: 00007f83814cd487 [ 1233.967140] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000001faf1e0 [ 1233.968552] RBP: 0000000001faf1e0 R08: 0000000000000000 R09: 0000000000000014 [ 1233.969975] R10: 00000000000006b2 R11: 0000000000000246 R12: 00007f83819d683c [ 1233.971394] R13: 0000000000000000 R14: 0000000001fa8210 R15: 00007ffec2a2dcd0 [ 1233.972822] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_timer snd soundcore mac_hid i2c_piix4 ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid1 raid0 multipath linear 8139too qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm crct10dif_pclmul crc32_pclmul aesni_intel drm aes_x86_64 crypto_simd cryptd glue_helper 8139cp mii pata_acpi floppy [ 1233.982571] ---[ end trace 754084f7e4b34757 ]--- [ 1233.983513] RIP: 0010:ext4_put_super+0x591/0x650 [ 1233.984487] Code: a0 00 00 00 49 8d 7d 3a e8 fc 23 df ff 4c 89 e7 66 45 89 7d 3a e8 6f 25 df ff 41 f6 46 50 01 0f 85 c1 fb ff ff e9 af fb ff ff <0f> 0b 48 8d 7b 70 e8 54 25 df ff 4c 8b 6b 70 e9 1a fc ff ff 49 8d [ 1233.988243] RSP: 0018:ffff8801e3db7d10 EFLAGS: 00010206 [ 1233.989304] RAX: ffff8801e9dd8e90 RBX: ffff8801efabdd80 RCX: ffffffffa55b7c40 [ 1233.990736] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8801efabdf78 [ 1233.992191] RBP: ffff8801e3db7d60 R08: ffffed003ee04f49 R09: ffffed003ee04f49 [ 1233.993630] R10: 0000000000000001 R11: ffffed003ee04f48 R12: ffff8801efabdf78 [ 1233.995052] R13: ffff8801e9dd8ef8 R14: ffff8801efabd500 R15: ffff8801efabdf78 [ 1233.996509] FS: 00007f8381bed840(0000) GS:ffff8801f7000000(0000) knlGS:0000000000000000 [ 1234.023241] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1234.024428] CR2: 00005621001b45b8 CR3: 00000001f3040000 CR4: 00000000000006f0 Reported by Wen Xu (wen.xu@xxxxxxxxxx) from SSLab. -- You are receiving this mail because: You are watching the assignee of the bug.
