Bug#1029138: linux-image-6.1.0-1-amd64: refcount_t: underflow; use-after-free in nfsd on a NFS server
Control: tags -1 + moreinfo Hi Laurent, On Thu, Jan 19, 2023 at 07:26:30AM +0100, Salvatore Bonaccorso wrote: > Hi Laurent, > > On Wed, Jan 18, 2023 at 04:59:45PM +0100, Laurent Bonnaud wrote: > > On 1/18/23 16:46, Salvatore Bonaccorso wrote: > > > > > Would it be possible to test 6.1.7, which contains related nfs changes > > > with the nfsd filecache? > > > > Yes, of course, as soon as it is available as a Debian package... > > Ok! 6.1.7-1 has been uploaded now to unstable, so builds should be > triggered. If you can test it with that that would then be great to > know if the issue persist. Did recent 6.1.y uploads address the issue? Regards, Salvatore
Bug#1029138: linux-image-6.1.0-1-amd64: refcount_t: underflow; use-after-free in nfsd on a NFS server
Hi Laurent, On Wed, Jan 18, 2023 at 04:59:45PM +0100, Laurent Bonnaud wrote: > On 1/18/23 16:46, Salvatore Bonaccorso wrote: > > > Would it be possible to test 6.1.7, which contains related nfs changes > > with the nfsd filecache? > > Yes, of course, as soon as it is available as a Debian package... Ok! 6.1.7-1 has been uploaded now to unstable, so builds should be triggered. If you can test it with that that would then be great to know if the issue persist. Regards, Salvatore
Bug#1029138: linux-image-6.1.0-1-amd64: refcount_t: underflow; use-after-free in nfsd on a NFS server
On 1/18/23 16:46, Salvatore Bonaccorso wrote: Would it be possible to test 6.1.7, which contains related nfs changes with the nfsd filecache? Yes, of course, as soon as it is available as a Debian package... Regards, -- Laurent.
Bug#1029138: linux-image-6.1.0-1-amd64: refcount_t: underflow; use-after-free in nfsd on a NFS server
Hi, On Wed, Jan 18, 2023 at 02:42:24PM +0100, Laurent Bonnaud wrote: > > Package: src:linux > Version: 6.1.4-1 > Severity: important > > Dear Maintainer, > > this system is a Debian 11 system that is used as a NFS server with the > following packages: > > ii nfs-common 1:1.3.4-6 > amd64NFS support files common to client and server > ii nfs-kernel-server1:1.3.4-6 > amd64support for NFS kernel server > > I am having trouble with 5.10.x kernels, so I am trying the kernel that will > be probably in Debian 12. > > Unfortunately I see the following warning message from the kernel: > > [16875.235769] svc: svc_tcp_read_marker lockd RPC fragment too large: > 612067950 > [17014.023164] svc: svc_tcp_read_marker nfsd RPC fragment too large: 612067950 > [18029.296553] [ cut here ] > [18029.296558] refcount_t: underflow; use-after-free. > [18029.296572] WARNING: CPU: 2 PID: 6051 at lib/refcount.c:28 > refcount_warn_saturate+0xba/0x110 > [18029.296587] Modules linked in: ipt_REJECT nf_reject_ipv4 xt_multiport > nft_compat nf_tables libcrc32c nfnetlink cts rpcsec_gss_krb5 ipmi_ssif > intel_rapl_msr intel_rapl_common quota_v2 quota_tree skx_edac nfit libnvdimm > x86_pkg_temp_thermal intel_powerclamp coretemp ghash_clmulni_intel > sha512_ssse3 sha512_generic nls_ascii nls_cp437 vfat aesni_intel mgag200 fat > crypto_simd cryptd drm_shmem_helper dell_smbios rapl dcdbas intel_cstate > drm_kms_helper iTCO_wdt intel_pmc_bxt dell_wmi_descriptor iTCO_vendor_support > pcspkr wmi_bmof intel_uncore efi_pstore joydev acpi_ipmi sg mei_me watchdog > i2c_algo_bit mei intel_pch_thermal ipmi_si ipmi_devintf evdev ipmi_msghandler > button nfsd nfs_acl lockd auth_rpcgss grace drm configfs sunrpc fuse efivarfs > ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic hid_generic > usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic > ahci crct10dif_pclmul crct10dif_common crc32_pclmul xhci_pci crc32c_intel > libahci i2c_i801 xhci_hcd > [18029.296738] ixgbe i2c_smbus megaraid_sas tg3 xfrm_algo dca mdio_devres > lpc_ich libata libphy ptp pps_core mdio usbcore scsi_mod wmi usb_common > scsi_common > [18029.296769] CPU: 2 PID: 6051 Comm: kworker/2:1 Not tainted 6.1.0-1-amd64 > #1 Debian 6.1.4-1 > [18029.296775] Hardware name: Dell Inc. PowerEdge R540/0NJK2F, BIOS 2.15.1 > 06/17/2022 > [18029.296779] Workqueue: nfsd_filecache nfsd_file_delayed_close [nfsd] > [18029.296850] RIP: 0010:refcount_warn_saturate+0xba/0x110 > [18029.296857] Code: 01 01 e8 5d 3d 4a 00 0f 0b c3 cc cc cc cc 80 3d 18 4c cd > 01 00 75 85 48 c7 c7 18 a0 14 87 c6 05 08 4c cd 01 01 e8 3a 3d 4a 00 <0f> 0b > c3 cc cc cc cc 80 3d f3 4b cd 01 00 0f 85 5e ff ff ff 48 c7 > [18029.296862] RSP: 0018:aaa746f97e40 EFLAGS: 00010282 > [18029.296867] RAX: RBX: 9bc0d27158f8 RCX: > > [18029.296871] RDX: 0001 RSI: 8713289e RDI: > > [18029.296874] RBP: aaa746f97e68 R08: R09: > aaa746f97cc8 > [18029.296878] R10: 0003 R11: 87ed23c8 R12: > 9bc0d27158f0 > [18029.296881] R13: R14: 9bc197cb06c0 R15: > 9bc040563b08 > [18029.296884] FS: () GS:9bc6e010() > knlGS: > [18029.296889] CS: 0010 DS: ES: CR0: 80050033 > [18029.296892] CR2: 7f627af751c0 CR3: 0001c0744006 CR4: > 007706e0 > [18029.296896] DR0: DR1: DR2: > > [18029.296899] DR3: DR6: fffe0ff0 DR7: > 0400 > [18029.296902] PKRU: 5554 > [18029.296905] Call Trace: > [18029.296909] > [18029.296912] nfsd_file_dispose_list+0x4d/0x70 [nfsd] > [18029.296975] nfsd_file_delayed_close+0x73/0xa0 [nfsd] > [18029.297034] process_one_work+0x1c4/0x380 > [18029.297045] worker_thread+0x4d/0x380 > [18029.297052] ? _raw_spin_lock_irqsave+0x23/0x50 > [18029.297061] ? rescuer_thread+0x3a0/0x3a0 > [18029.297068] kthread+0xe6/0x110 > [18029.297074] ? kthread_complete_and_exit+0x20/0x20 > [18029.297081] ret_from_fork+0x1f/0x30 > [18029.297095] > [18029.297097] ---[ end trace ]--- Would it be possible to test 6.1.7, which contains related nfs changes with the nfsd filecache? Regards, Salvatore
