- Linux-stable-mirror - lists.linaro.org

[PATCH net v3] net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()

by Shaurya Rane

prp_get_untagged_frame() calls __pskb_copy() to create frame->skb_std but doesn't check if the allocation failed. If __pskb_copy() returns NULL, skb_clone() is called with a NULL pointer, causing a crash: Oops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f] CPU: 0 UID: 0 PID: 5625 Comm: syz.1.18 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:skb_clone+0xd7/0x3a0 net/core/skbuff.c:2041 Code: 03 42 80 3c 20 00 74 08 4c 89 f7 e8 23 29 05 f9 49 83 3e 00 0f 85 a0 01 00 00 e8 94 dd 9d f8 48 8d 6b 7e 49 89 ee 49 c1 ee 03 <43> 0f b6 04 26 84 c0 0f 85 d1 01 00 00 44 0f b6 7d 00 41 83 e7 0c RSP: 0018:ffffc9000d00f200 EFLAGS: 00010207 RAX: ffffffff892235a1 RBX: 0000000000000000 RCX: ffff88803372a480 RDX: 0000000000000000 RSI: 0000000000000820 RDI: 0000000000000000 RBP: 000000000000007e R08: ffffffff8f7d0f77 R09: 1ffffffff1efa1ee R10: dffffc0000000000 R11: fffffbfff1efa1ef R12: dffffc0000000000 R13: 0000000000000820 R14: 000000000000000f R15: ffff88805144cc00 FS: 0000555557f6d500(0000) GS:ffff88808d72f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555581d35808 CR3: 000000005040e000 CR4: 0000000000352ef0 Call Trace: <TASK> hsr_forward_do net/hsr/hsr_forward.c:-1 [inline] hsr_forward_skb+0x1013/0x2860 net/hsr/hsr_forward.c:741 hsr_handle_frame+0x6ce/0xa70 net/hsr/hsr_slave.c:84 __netif_receive_skb_core+0x10b9/0x4380 net/core/dev.c:5966 __netif_receive_skb_one_core net/core/dev.c:6077 [inline] __netif_receive_skb+0x72/0x380 net/core/dev.c:6192 netif_receive_skb_internal net/core/dev.c:6278 [inline] netif_receive_skb+0x1cb/0x790 net/core/dev.c:6337 tun_rx_batched+0x1b9/0x730 drivers/net/tun.c:1485 tun_get_user+0x2b65/0x3e90 drivers/net/tun.c:1953 tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1999 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x5c9/0xb30 fs/read_write.c:686 ksys_write+0x145/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f0449f8e1ff Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 RSP: 002b:00007ffd7ad94c90 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f044a1e5fa0 RCX: 00007f0449f8e1ff RDX: 000000000000003e RSI: 0000200000000500 RDI: 00000000000000c8 RBP: 00007ffd7ad94d20 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001 R13: 00007f044a1e5fa0 R14: 00007f044a1e5fa0 R15: 0000000000000003 </TASK> Add a NULL check immediately after __pskb_copy() to handle allocation failures gracefully. Reported-by: syzbot+2fa344348a579b779e05(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=2fa344348a579b779e05 Fixes: f266a683a480 ("net/hsr: Better frame dispatch") Cc: stable(a)vger.kernel.org Signed-off-by: Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> --- v3: - Keep only prp_get_untagged_frame() fix as the other two NETIF_F_HW_HSR_TAG_INS checks are not needed for this bug - Move NULL check immediately after __pskb_copy() call v2: - Add stack trace to commit message - Target net tree with [PATCH net] - Add Cc: stable(a)vger.kernel.org --- net/hsr/hsr_forward.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/hsr/hsr_forward.c b/net/hsr/hsr_forward.c index 339f0d220212..aefc9b6936ba 100644 --- a/net/hsr/hsr_forward.c +++ b/net/hsr/hsr_forward.c @@ -205,6 +205,8 @@ struct sk_buff *prp_get_untagged_frame(struct hsr_frame_info *frame, __pskb_copy(frame->skb_prp, skb_headroom(frame->skb_prp), GFP_ATOMIC); + if (!frame->skb_std) + return NULL; } else { /* Unexpected */ WARN_ONCE(1, "%s:%d: Unexpected frame received (port_src %s)\n", -- 2.34.1

4 days, 20 hours

4
3
0 0

kernel crash when use zstd compress 256gb qemu raw image file

by 罗勇刚(Yonggang Luo)

Dec 04 03:29:28 32core systemd-modules-load[916]: Failed to find module 'vendor-reset' Dec 04 03:29:28 32core systemd-udevd[938]: Using default interface naming scheme 'v257'. Dec 04 03:29:28 32core lvm[908]: 5 logical volume(s) in volume group "pve" monitored Dec 04 03:29:28 32core systemd-modules-load[916]: Inserted module 'vhost_net' Dec 04 03:29:28 32core systemd[1]: Starting systemd-journal-flush.service - Flush Journal to Persistent Storage... Dec 04 03:29:28 32core kernel: input: Generic USB Audio Consumer Control as /devices/pci0000:40/0000:40:01.1/0000:41:00.0/0000:42:08.0/0000:48:00.3/usb9/9-5/9-5:1.7/0003:26CE:0A01.0006/input/input10 Dec 04 03:29:28 32core kernel: input: Generic USB Audio as /devices/pci0000:40/0000:40:01.1/0000:41:00.0/0000:42:08.0/0000:48:00.3/usb9/9-5/9-5:1.7/0003:26CE:0A01.0006/input/input11 Dec 04 03:29:28 32core kernel: hid-generic 0003:26CE:0A01.0006: input,hiddev2,hidraw5: USB HID v1.11 Device [Generic USB Audio] on usb-0000:48:00.3-5/input7 Dec 04 03:29:28 32core (udev-worker)[954]: lo: Invalid network interface name, ignoring: Dec 04 03:29:28 32core systemd[1]: Found device dev-pve-swap.device - /dev/pve/swap. Dec 04 03:29:28 32core lvm[1079]: PV /dev/nvme2n1p3 online, VG pve is complete. Dec 04 03:29:28 32core lvm[1079]: VG pve finished Dec 04 03:29:29 32core kernel: mc: Linux media interface: v0.10 Dec 04 03:29:29 32core kernel: input: PC Speaker as /devices/platform/pcspkr/input/input12 Dec 04 03:29:29 32core kernel: RAPL PMU: API unit is 2^-32 Joules, 2 fixed counters, 163840 ms ovfl timer Dec 04 03:29:29 32core kernel: RAPL PMU: hw unit of domain package 2^-16 Joules Dec 04 03:29:29 32core kernel: RAPL PMU: hw unit of domain core 2^-16 Joules Dec 04 03:29:29 32core kernel: ee1004 1-0051: 512 byte EE1004-compliant SPD EEPROM, read-only Dec 04 03:29:29 32core kernel: ccp 0000:22:00.1: enabling device (0000 -> 0002) Dec 04 03:29:29 32core kernel: ccp 0000:22:00.1: ccp enabled Dec 04 03:29:29 32core kernel: ccp 0000:22:00.1: psp enabled Dec 04 03:29:29 32core kernel: ee1004 1-0053: 512 byte EE1004-compliant SPD EEPROM, read-only Dec 04 03:29:29 32core kernel: ee1004 1-0055: 512 byte EE1004-compliant SPD EEPROM, read-only Dec 04 03:29:29 32core kernel: ee1004 1-0057: 512 byte EE1004-compliant SPD EEPROM, read-only Dec 04 03:29:29 32core kernel: ee1004 3-0057: Failed to select page 0 (-6) Dec 04 03:29:29 32core kernel: ee1004 3-0057: 512 byte EE1004-compliant SPD EEPROM, read-only Dec 04 03:29:29 32core systemd[1]: Activating swap dev-pve-swap.swap - /dev/pve/swap... Dec 04 03:29:29 32core systemd[1]: Finished systemd-udev-trigger.service - Coldplug All udev Devices. Dec 04 03:29:29 32core systemd-journald[915]: Time spent on flushing to /var/log/journal/9b05606f693a449bb4ef49b502ff7c47 is 14.486ms for 1566 entries. Dec 04 03:29:29 32core systemd-journald[915]: System Journal (/var/log/journal/9b05606f693a449bb4ef49b502ff7c47) is 3.1G, max 4G, 907.3M free. Dec 04 03:29:29 32core systemd-journald[915]: Received client request to flush runtime journal. Dec 04 03:29:29 32core systemd-journald[915]: File /var/log/journal/9b05606f693a449bb4ef49b502ff7c47/system.journal corrupted or uncleanly shut down, renaming and replacing. Dec 04 03:29:29 32core kernel: Adding 8388604k swap on /dev/mapper/pve-swap. Priority:-2 extents:1 across:8388604k SS Dec 04 03:29:29 32core systemd[1]: Activated swap dev-pve-swap.swap - /dev/pve/swap. Dec 04 03:29:29 32core systemd[1]: Found device dev-disk-by\x2duuid-9EA6\x2dDCA3.device - THNSN51T02DU7 TOSHIBA 2. Dec 04 03:29:29 32core systemd[1]: Found device dev-disk-by\x2duuid-c1ab544a\x2d4190\x2d426a\x2d8cdd\x2d8d6af66f97fa.device - Asgard AN2TNVMe M.2/80 1. Dec 04 03:29:29 32core systemd[1]: Reached target swap.target - Swaps. Dec 04 03:29:29 32core systemd-fsck[1210]: fsck.fat 4.2 (2021-01-31) Dec 04 03:29:29 32core systemd-fsck[1210]: There are differences between boot sector and its backup. Dec 04 03:29:29 32core systemd-fsck[1210]: This is mostly harmless. Differences: (offset:original/backup) Dec 04 03:29:29 32core systemd-fsck[1210]: 65:01/00 Dec 04 03:29:29 32core systemd-fsck[1210]: Not automatically fixing this. Dec 04 03:29:29 32core systemd-fsck[1210]: Dirty bit is set. Fs was not properly unmounted and some data may be corrupt. Dec 04 03:29:29 32core systemd-fsck[1210]: Automatically removing dirty bit. Dec 04 03:29:29 32core systemd-fsck[1210]: *** Filesystem was changed *** Dec 04 03:29:29 32core systemd-fsck[1210]: Writing changes. Dec 04 03:29:29 32core systemd-fsck[1210]: /dev/nvme2n1p2: 5 files, 88/130812 clusters Dec 04 03:29:29 32core systemd[1]: Reached target tpm2.target - Trusted Platform Module. Dec 04 03:29:29 32core systemd[1]: Listening on systemd-rfkill.socket - Load/Save RF Kill Switch Status /dev/rfkill Watch. Dec 04 03:29:29 32core systemd[1]: Starting ifupdown2-pre.service - Helper to synchronize boot up for ifupdown... Dec 04 03:29:29 32core systemd[1]: Starting systemd-fsck(a)dev-disk-by\x2duuid-9EA6\x2dDCA3.service - File System Check on /dev/disk/by-uuid/9EA6-DCA3... Dec 04 03:29:29 32core systemd[1]: Starting systemd-udev-settle.service - Wait for udev To Complete Device Initialization... Dec 04 03:29:29 32core udevadm[1208]: systemd-udev-settle.service is deprecated. Please fix zfs-import-scan.service, zfs-import-cache.service not to pull it in. Dec 04 03:29:29 32core systemd[1]: Finished systemd-fsck(a)dev-disk-by\x2duuid-9EA6\x2dDCA3.service - File System Check on /dev/disk/by-uuid/9EA6-DCA3. Dec 04 03:29:29 32core systemd[1]: Finished systemd-journal-flush.service - Flush Journal to Persistent Storage. Dec 04 03:29:29 32core kernel: kvm_amd: TSC scaling supported Dec 04 03:29:29 32core kernel: kvm_amd: Nested Virtualization enabled Dec 04 03:29:29 32core kernel: kvm_amd: Nested Paging enabled Dec 04 03:29:29 32core kernel: kvm_amd: LBR virtualization supported Dec 04 03:29:29 32core kernel: kvm_amd: SEV disabled (ASIDs 1 - 509) Dec 04 03:29:29 32core kernel: kvm_amd: SEV-ES disabled (ASIDs 0 - 0) Dec 04 03:29:29 32core kernel: kvm_amd: Virtual VMLOAD VMSAVE supported Dec 04 03:29:29 32core kernel: kvm_amd: Virtual GIF supported Dec 04 03:29:29 32core kernel: snd_hda_intel 0000:01:00.1: Force to non-snoop mode Dec 04 03:29:29 32core kernel: snd_hda_intel 0000:22:00.4: enabling device (0000 -> 0002) Dec 04 03:29:29 32core kernel: snd_hda_intel 0000:22:00.4: no codecs found! Dec 04 03:29:29 32core kernel: ZFS: Loaded module v2.3.4-pve1, ZFS pool version 5000, ZFS filesystem version 5 Dec 04 03:29:29 32core systemd-modules-load[916]: Inserted module 'zfs' Dec 04 03:29:29 32core systemd[1]: Finished systemd-modules-load.service - Load Kernel Modules. Dec 04 03:29:29 32core kernel: [drm] radeon kernel modesetting enabled. Dec 04 03:29:29 32core systemd[1]: Starting systemd-sysctl.service - Apply Kernel Variables... Dec 04 03:29:29 32core kernel: MCE: In-kernel MCE decoding enabled. Dec 04 03:29:29 32core systemd[1]: Reached target sound.target - Sound Card. Dec 04 03:29:29 32core kernel: input: HDA ATI HDMI HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:01.1/0000:01:00.1/sound/card1/input13 Dec 04 03:29:29 32core kernel: Console: switching to colour dummy device 80x25 Dec 04 03:29:29 32core systemd[1]: Finished systemd-sysctl.service - Apply Kernel Variables. Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: vgaarb: deactivate vga console Dec 04 03:29:29 32core kernel: [drm] initializing kernel modesetting (OLAND 0x1002:0x6613 0x1002:0x2B0A 0x81). Dec 04 03:29:29 32core kernel: ATOM BIOS: C57701 Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: VRAM: 1024M 0x0000000000000000 - 0x000000003FFFFFFF (1024M used) Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: GTT: 2048M 0x0000000040000000 - 0x00000000BFFFFFFF Dec 04 03:29:29 32core kernel: [drm] Detected VRAM RAM=1024M, BAR=256M Dec 04 03:29:29 32core kernel: [drm] RAM width 128bits DDR Dec 04 03:29:29 32core kernel: [drm] radeon: 1024M of VRAM memory ready Dec 04 03:29:29 32core kernel: [drm] radeon: 2048M of GTT memory ready. Dec 04 03:29:29 32core kernel: [drm] Loading oland Microcode Dec 04 03:29:29 32core kernel: [drm] Internal thermal controller with fan control Dec 04 03:29:29 32core kernel: [drm] radeon: dpm initialized Dec 04 03:29:29 32core kernel: [drm] GART: num cpu pages 524288, num gpu pages 524288 Dec 04 03:29:29 32core kernel: intel_rapl_common: Found RAPL domain package Dec 04 03:29:29 32core kernel: intel_rapl_common: Found RAPL domain core Dec 04 03:29:29 32core kernel: amd_atl: AMD Address Translation Library initialized Dec 04 03:29:29 32core kernel: [drm] PCIE GART of 2048M enabled (table at 0x0000000000165000). Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: WB enabled Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: fence driver on ring 0 uses gpu addr 0x0000000040000c00 Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: fence driver on ring 1 uses gpu addr 0x0000000040000c04 Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: fence driver on ring 2 uses gpu addr 0x0000000040000c08 Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: fence driver on ring 3 uses gpu addr 0x0000000040000c0c Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: fence driver on ring 4 uses gpu addr 0x0000000040000c10 Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: fence driver on ring 5 uses gpu addr 0x0000000000075a18 Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: radeon: MSI limited to 32-bit Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: radeon: using MSI. Dec 04 03:29:29 32core kernel: [drm] radeon: irq initialized. Dec 04 03:29:29 32core systemd[1]: Mounting boot-efi.mount - /boot/efi... Dec 04 03:29:29 32core systemd[1]: Mounting mnt-pve-asgard\x2d2tb.mount - Mount storage 'asgard-2tb' under /mnt/pve... Dec 04 03:29:29 32core systemd[1]: tmp.mount: Directory /tmp to mount over is not empty, mounting anyway. Dec 04 03:29:29 32core systemd[1]: Mounting tmp.mount - Temporary Directory /tmp... Dec 04 03:29:29 32core kernel: [drm] ring test on 0 succeeded in 1 usecs Dec 04 03:29:29 32core kernel: [drm] ring test on 1 succeeded in 1 usecs Dec 04 03:29:29 32core kernel: [drm] ring test on 2 succeeded in 1 usecs Dec 04 03:29:29 32core kernel: [drm] ring test on 3 succeeded in 3 usecs Dec 04 03:29:29 32core kernel: [drm] ring test on 4 succeeded in 3 usecs Dec 04 03:29:30 32core kernel: [drm] ring test on 5 succeeded in 1 usecs Dec 04 03:29:30 32core kernel: [drm] UVD initialized successfully. Dec 04 03:29:30 32core kernel: snd_hda_intel 0000:01:00.1: bound 0000:01:00.0 (ops radeon_audio_component_bind_ops [radeon]) Dec 04 03:29:30 32core kernel: [drm] ib test on ring 0 succeeded in 0 usecs Dec 04 03:29:30 32core kernel: [drm] ib test on ring 1 succeeded in 0 usecs Dec 04 03:29:30 32core kernel: [drm] ib test on ring 2 succeeded in 0 usecs Dec 04 03:29:30 32core kernel: [drm] ib test on ring 3 succeeded in 0 usecs Dec 04 03:29:30 32core kernel: [drm] ib test on ring 4 succeeded in 0 usecs Dec 04 03:29:30 32core kernel: [drm] ib test on ring 5 succeeded Dec 04 03:29:30 32core kernel: [drm] Radeon Display Connectors Dec 04 03:29:30 32core kernel: [drm] Connector 0: Dec 04 03:29:30 32core kernel: [drm] HDMI-A-1 Dec 04 03:29:30 32core kernel: [drm] HPD1 Dec 04 03:29:30 32core kernel: [drm] DDC: 0x6540 0x6540 0x6544 0x6544 0x6548 0x6548 0x654c 0x654c Dec 04 03:29:30 32core kernel: [drm] Encoders: Dec 04 03:29:30 32core kernel: [drm] DFP1: INTERNAL_UNIPHY Dec 04 03:29:30 32core kernel: [drm] Connector 1: Dec 04 03:29:30 32core kernel: [drm] DVI-D-1 Dec 04 03:29:30 32core kernel: [drm] HPD2 Dec 04 03:29:30 32core kernel: [drm] DDC: 0x6530 0x6530 0x6534 0x6534 0x6538 0x6538 0x653c 0x653c Dec 04 03:29:30 32core kernel: [drm] Encoders: Dec 04 03:29:30 32core kernel: [drm] DFP2: INTERNAL_UNIPHY Dec 04 03:29:30 32core kernel: [drm] Connector 2: Dec 04 03:29:30 32core kernel: [drm] VGA-1 Dec 04 03:29:30 32core kernel: [drm] DDC: 0x65c0 0x65c0 0x65c4 0x65c4 0x65c8 0x65c8 0x65cc 0x65cc Dec 04 03:29:30 32core kernel: [drm] Encoders: Dec 04 03:29:30 32core kernel: [drm] CRT1: INTERNAL_KLDSCP_DAC1 Dec 04 03:29:30 32core kernel: [drm] Initialized radeon 2.51.0 for 0000:01:00.0 on minor 0 Dec 04 03:29:30 32core kernel: [drm] fb mappable at 0xD0571000 Dec 04 03:29:30 32core kernel: [drm] vram apper at 0xD0000000 Dec 04 03:29:30 32core kernel: [drm] size 35389440 Dec 04 03:29:30 32core kernel: [drm] fb depth is 24 Dec 04 03:29:30 32core kernel: [drm] pitch is 16384 Dec 04 03:29:30 32core kernel: fbcon: radeondrmfb (fb0) is primary device Dec 04 03:29:30 32core kernel: Console: switching to colour frame buffer device 256x67 Dec 04 03:29:30 32core kernel: radeon 0000:01:00.0: [drm] fb0: radeondrmfb frame buffer device Dec 04 03:29:31 32core systemd[1]: Mounted tmp.mount - Temporary Directory /tmp. Dec 04 03:29:31 32core systemd[1]: Mounted boot-efi.mount - /boot/efi. Dec 04 03:29:31 32core kernel: EXT4-fs (nvme1n1p1): recovery complete Dec 04 03:29:31 32core kernel: EXT4-fs (nvme1n1p1): mounted filesystem c1ab544a-4190-426a-8cdd-8d6af66f97fa r/w with ordered data mode. Quota mode: none. Dec 04 03:29:31 32core systemd[1]: Mounted mnt-pve-asgard\x2d2tb.mount - Mount storage 'asgard-2tb' under /mnt/pve. Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: enabling device (0000 -> 0003) Dec 04 03:29:32 32core kernel: [drm] initializing kernel modesetting (RV380 0x1002:0x5B64 0x1002:0x0102 0x80). Dec 04 03:29:32 32core kernel: [drm] amdgpu kernel modesetting enabled. Dec 04 03:29:32 32core kernel: amdgpu: Virtual CRAT table created for CPU Dec 04 03:29:32 32core kernel: amdgpu: Topology: Add CPU node Dec 04 03:29:32 32core kernel: [drm] GPU not posted. posting now... Dec 04 03:29:32 32core kernel: [drm] Generation 2 PCI interface, using max accessible memory Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: VRAM: 128M 0x00000000B0000000 - 0x00000000B7FFFFFF (128M used) Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: GTT: 2048M 0x0000000030000000 - 0x00000000AFFFFFFF Dec 04 03:29:32 32core kernel: debugfs: 'radeon_gpu_reset' already exists in '/' Dec 04 03:29:32 32core kernel: debugfs: 'radeon_fence_info' already exists in '/' Dec 04 03:29:32 32core kernel: [drm] Detected VRAM RAM=128M, BAR=128M Dec 04 03:29:32 32core kernel: [drm] RAM width 128bits DDR Dec 04 03:29:32 32core kernel: [drm] radeon: 128M of VRAM memory ready Dec 04 03:29:32 32core kernel: [drm] radeon: 2048M of GTT memory ready. Dec 04 03:29:32 32core kernel: debugfs: 'radeon_vram' already exists in '/' Dec 04 03:29:32 32core kernel: debugfs: 'radeon_gtt' already exists in '/' Dec 04 03:29:32 32core kernel: debugfs: 'ttm_page_pool' already exists in '/' Dec 04 03:29:32 32core kernel: debugfs: 'radeon_vram_mm' already exists in '/' Dec 04 03:29:32 32core kernel: debugfs: 'radeon_gtt_mm' already exists in '/' Dec 04 03:29:32 32core kernel: [drm] GART: num cpu pages 524288, num gpu pages 524288 Dec 04 03:29:32 32core kernel: [drm] radeon: 1 quad pipes, 1 Z pipes initialized Dec 04 03:29:32 32core kernel: [drm] PCIE GART of 2048M enabled (table at 0x00000000B0040000). Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: WB enabled Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: fence driver on ring 0 uses gpu addr 0x0000000030000000 Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: radeon: MSI limited to 32-bit Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: radeon: using MSI. Dec 04 03:29:32 32core kernel: [drm] radeon: irq initialized. Dec 04 03:29:32 32core kernel: [drm] Loading R300 Microcode Dec 04 03:29:32 32core kernel: debugfs: 'radeon_ring_gfx' already exists in '/' Dec 04 03:29:32 32core kernel: [drm] radeon: ring at 0x0000000030001000 Dec 04 03:29:32 32core kernel: [drm] ring test succeeded in 1 usecs Dec 04 03:29:32 32core kernel: debugfs: 'radeon_sa_info' already exists in '/' Dec 04 03:29:32 32core kernel: debugfs: 'radeon_gem_info' already exists in '/' Dec 04 03:29:32 32core kernel: [drm] ib test succeeded in 0 usecs Dec 04 03:29:32 32core kernel: [drm] Radeon Display Connectors Dec 04 03:29:32 32core kernel: [drm] Connector 0: Dec 04 03:29:32 32core kernel: [drm] VGA-2 Dec 04 03:29:32 32core kernel: [drm] DDC: 0x60 0x60 0x60 0x60 0x60 0x60 0x60 0x60 Dec 04 03:29:32 32core kernel: [drm] Encoders: Dec 04 03:29:32 32core kernel: [drm] CRT1: INTERNAL_DAC1 Dec 04 03:29:32 32core kernel: [drm] Connector 1: Dec 04 03:29:32 32core kernel: [drm] DVI-I-1 Dec 04 03:29:32 32core kernel: [drm] HPD1 Dec 04 03:29:32 32core kernel: [drm] DDC: 0x64 0x64 0x64 0x64 0x64 0x64 0x64 0x64 Dec 04 03:29:32 32core kernel: [drm] Encoders: Dec 04 03:29:32 32core kernel: [drm] CRT2: INTERNAL_DAC2 Dec 04 03:29:32 32core kernel: [drm] DFP1: INTERNAL_TMDS1 Dec 04 03:29:32 32core kernel: [drm] Initialized radeon 2.51.0 for 0000:4d:00.0 on minor 1 Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: [drm] Cannot find any crtc or sizes Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: [drm] Cannot find any crtc or sizes Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: [drm] Cannot find any crtc or sizes Dec 04 03:29:32 32core kernel: usbcore: registered new interface driver snd-usb-audio Dec 04 03:29:32 32core kernel: Bluetooth: Core ver 2.22 Dec 04 03:29:32 32core kernel: cfg80211: Loading compiled-in X.509 certificates for regulatory database Dec 04 03:29:32 32core kernel: Loaded X.509 cert 'benh(a)debian.org: 577e021cb980e0e820821ba7b54b4961b8b4fadf' Dec 04 03:29:32 32core kernel: Loaded X.509 cert 'romain.perier(a)gmail.com: 3abbc6ec146e09d1b6016ab9d6cf71dd233f0328' Dec 04 03:29:32 32core kernel: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7' Dec 04 03:29:32 32core kernel: Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600' Dec 04 03:29:32 32core kernel: faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 Dec 04 03:29:32 32core kernel: cfg80211: failed to load regulatory.db Dec 04 03:29:32 32core kernel: NET: Registered PF_BLUETOOTH protocol family Dec 04 03:29:32 32core kernel: Bluetooth: HCI device and connection manager initialized Dec 04 03:29:32 32core kernel: Bluetooth: HCI socket layer initialized Dec 04 03:29:32 32core kernel: Bluetooth: L2CAP socket layer initialized Dec 04 03:29:32 32core kernel: Bluetooth: SCO socket layer initialized Dec 04 03:29:32 32core kernel: iwlwifi 0000:46:00.0: enabling device (0000 -> 0002) Dec 04 03:29:32 32core kernel: iwlwifi 0000:46:00.0: Detected crf-id 0x3617, cnv-id 0x100530 wfpm id 0x80000000 Dec 04 03:29:32 32core kernel: iwlwifi 0000:46:00.0: PCI dev 2723/0084, rev=0x340, rfid=0x10a100 Dec 04 03:29:32 32core kernel: iwlwifi 0000:46:00.0: Detected Intel(R) Wi-Fi 6 AX200 160MHz Dec 04 03:29:32 32core kernel: usbcore: registered new interface driver btusb Dec 04 03:29:32 32core systemd[1]: Starting systemd-rfkill.service - Load/Save RF Kill Switch Status... Dec 04 03:29:32 32core systemd[1]: Reached target bluetooth.target - Bluetooth Support. Dec 04 03:29:32 32core kernel: iwlwifi 0000:46:00.0: loaded firmware version 77.6eaf654b.0 cc-a0-77.ucode op_mode iwlmvm Dec 04 03:29:32 32core systemd[1]: Started systemd-rfkill.service - Load/Save RF Kill Switch Status. Dec 04 03:29:32 32core kernel: Bluetooth: hci0: Found device firmware: intel/ibt-20-1-3.sfi Dec 04 03:29:32 32core kernel: Bluetooth: hci0: Boot Address: 0x24800 Dec 04 03:29:32 32core kernel: Bluetooth: hci0: Firmware Version: 193-33.24 Dec 04 03:29:32 32core kernel: Bluetooth: hci0: Firmware already loaded Dec 04 03:29:32 32core kernel: Bluetooth: hci0: HCI LE Coded PHY feature bit is set, but its usage is not supported. Dec 04 03:29:32 32core systemd[1]: Finished systemd-udev-settle.service - Wait for udev To Complete Device Initialization. Dec 04 03:29:32 32core systemd[1]: zfs-import-cache.service - Import ZFS pools by cache file was skipped because of an unmet condition check (ConditionFileNotEmpty=/etc/zfs/zpool.cache). Dec 04 03:29:32 32core systemd[1]: Starting zfs-import-scan.service - Import ZFS pools by device scanning... Dec 04 03:29:32 32core systemd[1]: Finished ifupdown2-pre.service - Helper to synchronize boot up for ifupdown. Dec 04 03:29:33 32core zpool[1304]: no pools available to import Dec 04 03:29:33 32core systemd[1]: Finished zfs-import-scan.service - Import ZFS pools by device scanning. Dec 04 03:29:33 32core systemd[1]: Reached target zfs-import.target - ZFS pool import target. Dec 04 03:29:33 32core systemd[1]: Starting zfs-mount.service - Mount ZFS filesystems... Dec 04 03:29:33 32core systemd[1]: Starting zfs-volume-wait.service - Wait for ZFS Volume (zvol) links in /dev... Dec 04 03:29:33 32core zvol_wait[1370]: No zvols found, nothing to do. Dec 04 03:29:33 32core systemd[1]: Finished zfs-mount.service - Mount ZFS filesystems. Dec 04 03:29:33 32core systemd[1]: Finished zfs-volume-wait.service - Wait for ZFS Volume (zvol) links in /dev. Dec 04 03:29:33 32core systemd[1]: Reached target local-fs.target - Local File Systems. Dec 04 03:29:33 32core systemd[1]: Reached target zfs-volumes.target - ZFS volumes are ready. Dec 04 03:29:33 32core systemd[1]: Listening on systemd-sysext.socket - System Extension Image Management. Dec 04 03:29:33 32core kernel: iwlwifi 0000:46:00.0: Detected RF HR B3, rfid=0x10a100 Dec 04 03:29:33 32core systemd[1]: Starting apparmor.service - Load AppArmor profiles... Dec 04 03:29:33 32core systemd[1]: Starting console-setup.service - Set console font and keymap... Dec 04 03:29:33 32core systemd[1]: Starting networking.service - Network initialization... Dec 04 03:29:33 32core systemd[1]: Starting pvebanner.service - Proxmox VE Login Banner... Dec 04 03:29:33 32core systemd[1]: Starting pvefw-logger.service - Proxmox VE firewall logger... Dec 04 03:29:33 32core systemd[1]: Starting pvenetcommit.service - Commit Proxmox VE network changes... Dec 04 03:29:33 32core systemd[1]: Starting systemd-binfmt.service - Set Up Additional Binary Formats... Dec 04 03:29:33 32core systemd[1]: Starting systemd-tmpfiles-setup.service - Create System Files and Directories... Dec 04 03:29:33 32core systemd[1]: Finished console-setup.service - Set console font and keymap. Dec 04 03:29:33 32core apparmor.systemd[1377]: Restarting AppArmor Dec 04 03:29:33 32core apparmor.systemd[1377]: Reloading AppArmor profiles Dec 04 03:29:33 32core networking[1379]: networking: Configuring network interfaces Dec 04 03:29:33 32core systemd[1]: proc-sys-fs-binfmt_misc.automount: Got automount request for /proc/sys/fs/binfmt_misc, triggered by 1385 (systemd-binfmt) Dec 04 03:29:33 32core systemd[1]: Mounting proc-sys-fs-binfmt_misc.mount - Arbitrary Executable File Formats File System... Dec 04 03:29:33 32core systemd-tmpfiles[1387]: /usr/lib/tmpfiles.d/legacy.conf:14: Duplicate line for path "/run/lock", ignoring. Dec 04 03:29:33 32core pvefw-logger[1405]: starting pvefw logger Dec 04 03:29:33 32core systemd[1]: Finished pvenetcommit.service - Commit Proxmox VE network changes. Dec 04 03:29:33 32core systemd[1]: Started pvefw-logger.service - Proxmox VE firewall logger. Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.086:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="linux-sandbox" pid=1440 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.086:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="QtWebEngineProcess" pid=1410 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.086:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="1password" pid=1407 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.086:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="chromium" pid=1420 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.087:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="balena-etcher" pid=1412 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.087:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lc-compliance" pid=1438 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.087:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="github-desktop" pid=1433 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.087:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="vscode" pid=1421 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.087:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="ch-checkns" pid=1417 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.087:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="loupe" pid=1441 comm="apparmor_parser" Dec 04 03:29:33 32core systemd[1]: Mounted proc-sys-fs-binfmt_misc.mount - Arbitrary Executable File Formats File System. Dec 04 03:29:33 32core systemd[1]: Finished systemd-binfmt.service - Set Up Additional Binary Formats. Dec 04 03:29:33 32core systemd[1]: Finished systemd-tmpfiles-setup.service - Create System Files and Directories. Dec 04 03:29:33 32core systemd[1]: Mounting run-rpc_pipefs.mount - RPC Pipe File System... Dec 04 03:29:33 32core systemd[1]: ldconfig.service - Rebuild Dynamic Linker Cache was skipped because no trigger condition checks were met. Dec 04 03:29:33 32core systemd[1]: Starting rpcbind.service - RPC bind portmap service... Dec 04 03:29:33 32core systemd[1]: systemd-firstboot.service - First Boot Wizard was skipped because of an unmet condition check (ConditionFirstBoot=yes). Dec 04 03:29:33 32core systemd[1]: first-boot-complete.target - First Boot Complete was skipped because of an unmet condition check (ConditionFirstBoot=yes). Dec 04 03:29:33 32core systemd[1]: systemd-journal-catalog-update.service - Rebuild Journal Catalog was skipped because of an unmet condition check (ConditionNeedsUpdate=/var). Dec 04 03:29:33 32core systemd[1]: systemd-machine-id-commit.service - Save Transient machine-id to Disk was skipped because of an unmet condition check (ConditionPathIsMountPoint=/etc/machine-id). Dec 04 03:29:33 32core systemd[1]: systemd-update-done.service - Update is Completed was skipped because no trigger condition checks were met. Dec 04 03:29:33 32core systemd[1]: Finished apparmor.service - Load AppArmor profiles. Dec 04 03:29:33 32core systemd[1]: Reached target sysinit.target - System Initialization. Dec 04 03:29:33 32core systemd[1]: Started apt-daily.timer - Daily apt download activities. Dec 04 03:29:33 32core systemd[1]: Started apt-daily-upgrade.timer - Daily apt upgrade and clean activities. Dec 04 03:29:33 32core systemd[1]: Started dpkg-db-backup.timer - Daily dpkg database backup timer. Dec 04 03:29:33 32core systemd[1]: Started e2scrub_all.timer - Periodic ext4 Online Metadata Check for All Filesystems. Dec 04 03:29:33 32core systemd[1]: Started fstrim.timer - Discard unused filesystem blocks once a week. Dec 04 03:29:33 32core systemd[1]: Started fwupd-refresh.timer - Refresh fwupd metadata regularly. Dec 04 03:29:33 32core systemd[1]: Started logrotate.timer - Daily rotation of log files. Dec 04 03:29:33 32core systemd[1]: Started man-db.timer - Daily man-db regeneration. Dec 04 03:29:33 32core systemd[1]: Started pve-daily-update.timer - Daily PVE download activities. Dec 04 03:29:33 32core systemd[1]: Started systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories. Dec 04 03:29:33 32core systemd[1]: Started xfs_scrub_all.timer - Periodic XFS Online Metadata Check for All Filesystems. Dec 04 03:29:33 32core systemd[1]: Reached target timers.target - Timer Units. Dec 04 03:29:33 32core systemd[1]: Listening on dbus.socket - D-Bus System Message Bus Socket. Dec 04 03:29:33 32core systemd[1]: Listening on iscsid.socket - Open-iSCSI iscsid Socket. Dec 04 03:29:33 32core systemd[1]: Listening on netavark-dhcp-proxy.socket - Netavark DHCP proxy socket. Dec 04 03:29:33 32core systemd[1]: Listening on rrdcached.socket - sockets activating rrdcached. Dec 04 03:29:33 32core systemd[1]: Listening on sshd-unix-local.socket - OpenSSH Server Socket (systemd-ssh-generator, AF_UNIX Local). Dec 04 03:29:33 32core systemd[1]: Listening on systemd-hostnamed.socket - Hostname Service Socket. Dec 04 03:29:33 32core systemd[1]: Reached target sockets.target - Socket Units. Dec 04 03:29:33 32core systemd[1]: systemd-pcrphase-sysinit.service - TPM PCR Barrier (Initialization) was skipped because of an unmet condition check (ConditionSecurity=measured-uki). Dec 04 03:29:33 32core systemd[1]: Reached target basic.target - Basic System. Dec 04 03:29:33 32core systemd[1]: System is tainted: unmerged-bin Dec 04 03:29:33 32core kernel: iwlwifi 0000:46:00.0: base HW address: 50:e0:85:f3:21:e5 Dec 04 03:29:33 32core systemd[1]: Starting chrony.service - chrony, an NTP client/server... Dec 04 03:29:33 32core systemd[1]: Starting dbus.service - D-Bus System Message Bus... Dec 04 03:29:33 32core systemd[1]: Starting e2scrub_reap.service - Remove Stale Online ext4 Metadata Check Snapshots... Dec 04 03:29:33 32core systemd[1]: getty-static.service - getty on tty2-tty6 if dbus and logind are not available was skipped because of an unmet condition check (ConditionPathExists=!/usr/bin/dbus-daemon). Dec 04 03:29:33 32core systemd[1]: Starting grub-common.service - Record successful boot for GRUB... Dec 04 03:29:33 32core systemd[1]: Starting hardinfo2.service - Hardinfo2 support for root access... Dec 04 03:29:33 32core systemd[1]: Starting ksmtuned.service - Kernel Samepage Merging (KSM) Tuning Daemon... Dec 04 03:29:33 32core systemd[1]: Starting lm-sensors.service - Initialize hardware monitoring sensors... Dec 04 03:29:33 32core systemd[1]: Starting lxcfs.service - FUSE filesystem for LXC... Dec 04 03:29:33 32core systemd[1]: Starting netavark-dhcp-proxy.service - Netavark DHCP proxy service... Dec 04 03:29:33 32core systemd[1]: Starting polkit.service - Authorization Manager... Dec 04 03:29:33 32core systemd[1]: proxmox-boot-cleanup.service - Clean up bootloader next-boot setting was skipped because of an unmet condition check (ConditionPathExists=/etc/kernel/next-boot-pin). Dec 04 03:29:33 32core systemd[1]: Starting pve-lxc-syscalld.service - Proxmox VE LXC Syscall Daemon... Dec 04 03:29:33 32core systemd[1]: Starting pve-query-machine-capabilities.service - PVE Query Machine Capabilities... Dec 04 03:29:33 32core systemd[1]: Starting qmeventd.service - PVE Qemu Event Daemon... Dec 04 03:29:33 32core systemd[1]: Started rrdcached.service - Data caching daemon for rrdtool. Dec 04 03:29:33 32core systemd[1]: Starting rsyslog.service - System Logging Service... Dec 04 03:29:33 32core systemd[1]: Starting smartmontools.service - Self Monitoring and Reporting Technology (SMART) Daemon... Dec 04 03:29:33 32core systemd[1]: sshd-keygen.service - Generate sshd host keys on first boot was skipped because of an unmet condition check (ConditionFirstBoot=yes). Dec 04 03:29:33 32core query-machine-capabilities[1543]: AuthenticAMD Dec 04 03:29:33 32core systemd[1]: Starting systemd-logind.service - User Login Management... Dec 04 03:29:33 32core systemd[1]: Starting udisks2.service - Disk Manager... Dec 04 03:29:33 32core systemd[1]: Started watchdog-mux.service - Proxmox VE watchdog multiplexer. Dec 04 03:29:33 32core systemd[1]: Starting zfs-share.service - ZFS file system shares... Dec 04 03:29:33 32core systemd[1]: Started zfs-zed.service - ZFS Event Daemon (zed). Dec 04 03:29:33 32core systemd[1]: Started netavark-dhcp-proxy.service - Netavark DHCP proxy service. Dec 04 03:29:33 32core systemd[1]: Started rpcbind.service - RPC bind portmap service. Dec 04 03:29:33 32core systemd[1]: Started pve-lxc-syscalld.service - Proxmox VE LXC Syscall Daemon. Dec 04 03:29:33 32core systemd[1]: e2scrub_reap.service: Deactivated successfully. Dec 04 03:29:33 32core systemd[1]: Finished e2scrub_reap.service - Remove Stale Online ext4 Metadata Check Snapshots. Dec 04 03:29:33 32core systemd[1]: Started ksmtuned.service - Kernel Samepage Merging (KSM) Tuning Daemon. Dec 04 03:29:33 32core systemd[1]: Started lxcfs.service - FUSE filesystem for LXC. Dec 04 03:29:33 32core systemd[1]: Finished pve-query-machine-capabilities.service - PVE Query Machine Capabilities. Dec 04 03:29:33 32core systemd[1]: Started qmeventd.service - PVE Qemu Event Daemon. Dec 04 03:29:33 32core systemd[1]: Finished zfs-share.service - ZFS file system shares. Dec 04 03:29:33 32core zed[1582]: ZFS Event Daemon 2.3.4-pve1 (PID 1582) Dec 04 03:29:33 32core systemd[1]: Reached target rpcbind.target - RPC Port Mapper. Dec 04 03:29:33 32core systemd[1]: Reached target zfs.target - ZFS startup target. Dec 04 03:29:33 32core kernel: iwlwifi 0000:46:00.0 wlp70s0: renamed from wlan0 Dec 04 03:29:33 32core zed[1582]: Processing events since eid=0 Dec 04 03:29:33 32core udisksd[1558]: udisks daemon version 2.10.1 starting Dec 04 03:29:33 32core lxcfs[1636]: Starting LXCFS at /usr/bin/lxcfs Dec 04 03:29:33 32core watchdog-mux[1559]: Watchdog driver 'Software Watchdog', version 0 Dec 04 03:29:33 32core kernel: softdog: initialized. soft_noboot=0 soft_margin=60 sec soft_panic=0 (nowayout=0) Dec 04 03:29:33 32core kernel: softdog: soft_reboot_cmd=<not set> soft_active_on_boot=0 Dec 04 03:29:33 32core smartd[1551]: smartd 7.4 2024-10-15 r5620 [x86_64-linux-6.17.2-2-pve] (local build) Dec 04 03:29:33 32core smartd[1551]: Opened configuration file /etc/smartd.conf Dec 04 03:29:33 32core smartd[1551]: Drive: DEVICESCAN, implied '-a' Directive on line 18 of file /etc/smartd.conf Dec 04 03:29:33 32core smartd[1551]: Configuration file /etc/smartd.conf was parsed, found DEVICESCAN, scanning devices Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], opened Dec 04 03:29:33 32core lxcfs[1636]: Using runtime path /run Dec 04 03:29:33 32core lxcfs[1636]: Running lxcfslib_init to reload liblxcfs Dec 04 03:29:33 32core lxcfs[1636]: mount namespace: 7 Dec 04 03:29:33 32core lxcfs[1636]: hierarchies: Dec 04 03:29:33 32core lxcfs[1636]: 0: fd: 8: cpuset,cpu,io,memory,hugetlb,pids,rdma,misc,dmem Dec 04 03:29:33 32core lxcfs[1636]: Kernel supports pidfds Dec 04 03:29:33 32core lxcfs[1636]: Kernel supports swap accounting Dec 04 03:29:33 32core lxcfs[1636]: api_extensions: Dec 04 03:29:33 32core lxcfs[1636]: - cgroups Dec 04 03:29:33 32core lxcfs[1636]: - sys_cpu_online Dec 04 03:29:33 32core lxcfs[1636]: - proc_cpuinfo Dec 04 03:29:33 32core lxcfs[1636]: - proc_diskstats Dec 04 03:29:33 32core lxcfs[1636]: - proc_loadavg Dec 04 03:29:33 32core lxcfs[1636]: - proc_meminfo Dec 04 03:29:33 32core lxcfs[1636]: - proc_stat Dec 04 03:29:33 32core lxcfs[1636]: - proc_swaps Dec 04 03:29:33 32core lxcfs[1636]: - proc_uptime Dec 04 03:29:33 32core lxcfs[1636]: - proc_slabinfo Dec 04 03:29:33 32core lxcfs[1636]: - shared_pidns Dec 04 03:29:33 32core lxcfs[1636]: - cpuview_daemon Dec 04 03:29:33 32core lxcfs[1636]: - loadavg_daemon Dec 04 03:29:33 32core lxcfs[1636]: - pidfds Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], WDC WD10JMVW-11S5XS0, S/N:WD-WXC1EC2KL905, WWN:5-0014ee-6ade71d74, FW:01.01A01, 1.00 TB Dec 04 03:29:33 32core dbus-daemon[1527]: [system] AppArmor D-Bus mediation is enabled Dec 04 03:29:33 32core systemd[1]: Started dbus.service - D-Bus System Message Bus. Dec 04 03:29:33 32core kernel: RPC: Registered named UNIX socket transport module. Dec 04 03:29:33 32core kernel: RPC: Registered udp transport module. Dec 04 03:29:33 32core kernel: RPC: Registered tcp transport module. Dec 04 03:29:33 32core kernel: RPC: Registered tcp-with-tls transport module. Dec 04 03:29:33 32core kernel: RPC: Registered tcp NFSv4.1 backchannel transport module. Dec 04 03:29:33 32core systemd[1]: Mounted run-rpc_pipefs.mount - RPC Pipe File System. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], found in smartd database 7.3/5528: Western Digital Elements / My Passport (USB, AF) Dec 04 03:29:33 32core systemd[1]: grub-common.service: Deactivated successfully. Dec 04 03:29:33 32core systemd[1]: Finished grub-common.service - Record successful boot for GRUB. Dec 04 03:29:33 32core systemd[1]: Reached target rpc_pipefs.target. Dec 04 03:29:33 32core systemd[1]: Starting nfs-blkmap.service - pNFS block layout mapping daemon... Dec 04 03:29:33 32core systemd[1]: rpc-gssd.service - RPC security service for NFS client and server was skipped because of an unmet condition check (ConditionPathExists=/etc/krb5.keytab). Dec 04 03:29:33 32core addgroup[1542]: The group `hardinfo2' already exists. Dec 04 03:29:33 32core systemd[1]: Reached target nfs-client.target - NFS client services. Dec 04 03:29:33 32core blkmapd[1691]: open pipe file /run/rpc_pipefs/nfs/blocklayout failed: No such file or directory Dec 04 03:29:33 32core systemd[1]: Started nfs-blkmap.service - pNFS block layout mapping daemon. Dec 04 03:29:33 32core systemd-logind[1555]: New seat seat0. Dec 04 03:29:33 32core dbus-daemon[1527]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service' requested by ':1.0' (uid=0 pid=1558 comm="/usr/libexec/udisks2/udisksd" label="unconfined") Dec 04 03:29:33 32core systemd-logind[1555]: Watching system buttons on /dev/input/event1 (Power Button) Dec 04 03:29:33 32core systemd-logind[1555]: Watching system buttons on /dev/input/event0 (Power Button) Dec 04 03:29:33 32core chronyd[1703]: chronyd version 4.6.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG) Dec 04 03:29:33 32core systemd-logind[1555]: Watching system buttons on /dev/input/event3 (Logitech USB Receiver) Dec 04 03:29:33 32core systemd-logind[1555]: Watching system buttons on /dev/input/event5 (Logitech USB Receiver Consumer Control) Dec 04 03:29:33 32core systemd-logind[1555]: Watching system buttons on /dev/input/event6 (Logitech USB Receiver System Control) Dec 04 03:29:33 32core systemd-logind[1555]: Watching system buttons on /dev/input/event9 (Generic USB Audio Consumer Control) Dec 04 03:29:33 32core chronyd[1703]: Loaded 0 symmetric keys Dec 04 03:29:33 32core systemd[1]: Started systemd-logind.service - User Login Management. Dec 04 03:29:33 32core chronyd[1703]: Using leap second list /usr/share/zoneinfo/leap-seconds.list Dec 04 03:29:33 32core chronyd[1703]: Frequency -27.572 +/- 2.569 ppm read from /var/lib/chrony/chrony.drift Dec 04 03:29:33 32core chronyd[1703]: Loaded seccomp filter (level 1) Dec 04 03:29:33 32core systemd[1]: Started chrony.service - chrony, an NTP client/server. Dec 04 03:29:33 32core rsyslogd[1550]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2504.0] Dec 04 03:29:33 32core rsyslogd[1550]: [origin software="rsyslogd" swVersion="8.2504.0" x-pid="1550" x-info="https://www.rsyslog.com"] start Dec 04 03:29:33 32core systemd[1]: Started rsyslog.service - System Logging Service. Dec 04 03:29:33 32core polkitd[1538]: Started polkitd version 126 Dec 04 03:29:33 32core polkitd[1538]: Loading rules from directory /etc/polkit-1/rules.d Dec 04 03:29:33 32core polkitd[1538]: Loading rules from directory /run/polkit-1/rules.d Dec 04 03:29:33 32core polkitd[1538]: Error opening rules directory: Error opening directory “/run/polkit-1/rules.d”: No such file or directory (g-file-error-quark, 4) Dec 04 03:29:33 32core systemd[1]: hardinfo2.service: Deactivated successfully. Dec 04 03:29:33 32core polkitd[1538]: Loading rules from directory /usr/local/share/polkit-1/rules.d Dec 04 03:29:33 32core polkitd[1538]: Error opening rules directory: Error opening directory “/usr/local/share/polkit-1/rules.d”: No such file or directory (g-file-error-quark, 4) Dec 04 03:29:33 32core polkitd[1538]: Loading rules from directory /usr/share/polkit-1/rules.d Dec 04 03:29:33 32core systemd[1]: Finished hardinfo2.service - Hardinfo2 support for root access. Dec 04 03:29:33 32core polkitd[1538]: Finished loading, compiling and executing 4 rules Dec 04 03:29:33 32core systemd[1]: Started polkit.service - Authorization Manager. Dec 04 03:29:33 32core dbus-daemon[1527]: [system] Successfully activated service 'org.freedesktop.PolicyKit1' Dec 04 03:29:33 32core polkitd[1538]: Acquired the name org.freedesktop.PolicyKit1 on the system bus Dec 04 03:29:33 32core systemd[1]: Starting ModemManager.service - Modem Manager... Dec 04 03:29:33 32core kernel: nvme nvme0: using unchecked data buffer Dec 04 03:29:33 32core sensors[1674]: iwlwifi_1-virtual-0 Dec 04 03:29:33 32core sensors[1674]: Adapter: Virtual device Dec 04 03:29:33 32core sensors[1674]: temp1: N/A Dec 04 03:29:33 32core sensors[1674]: k10temp-pci-00c3 Dec 04 03:29:33 32core sensors[1674]: Adapter: PCI adapter Dec 04 03:29:33 32core sensors[1674]: Tctl: +58.4°C Dec 04 03:29:33 32core sensors[1674]: Tccd1: +46.0°C Dec 04 03:29:33 32core sensors[1674]: Tccd3: +44.2°C Dec 04 03:29:33 32core sensors[1674]: Tccd5: +59.0°C Dec 04 03:29:33 32core sensors[1674]: Tccd7: +48.2°C Dec 04 03:29:33 32core sensors[1674]: nvme-pci-4b00 Dec 04 03:29:33 32core sensors[1674]: Adapter: PCI adapter Dec 04 03:29:33 32core sensors[1674]: Composite: +45.9°C (low = -0.1°C, high = +74.8°C) Dec 04 03:29:33 32core sensors[1674]: (crit = +79.8°C) Dec 04 03:29:33 32core sensors[1674]: nvme-pci-4300 Dec 04 03:29:33 32core sensors[1674]: Adapter: PCI adapter Dec 04 03:29:33 32core sensors[1674]: Composite: +28.9°C (low = -20.1°C, high = +74.8°C) Dec 04 03:29:33 32core sensors[1674]: (crit = +79.8°C) Dec 04 03:29:33 32core sensors[1674]: radeon-pci-0100 Dec 04 03:29:33 32core sensors[1674]: Adapter: PCI adapter Dec 04 03:29:33 32core sensors[1674]: temp1: +34.0°C (crit = +120.0°C, hyst = +90.0°C) Dec 04 03:29:33 32core sensors[1674]: pwm1: 36% Dec 04 03:29:33 32core sensors[1674]: freq1: 300 MHz Dec 04 03:29:33 32core sensors[1674]: enp69s0-pci-4500 Dec 04 03:29:33 32core sensors[1674]: Adapter: PCI adapter Dec 04 03:29:33 32core sensors[1674]: PHY Temperature: +51.3°C Dec 04 03:29:33 32core sensors[1674]: MAC Temperature: +51.9°C Dec 04 03:29:33 32core sensors[1674]: nvme-pci-4c00 Dec 04 03:29:33 32core sensors[1674]: Adapter: PCI adapter Dec 04 03:29:33 32core sensors[1674]: Composite: +54.9°C (low = -20.1°C, high = +84.8°C) Dec 04 03:29:33 32core sensors[1674]: (crit = +81.8°C) Dec 04 03:29:33 32core sensors[1674]: Sensor 1: +54.9°C (low = -20.1°C, high = +84.8°C) Dec 04 03:29:33 32core systemd[1]: Finished lm-sensors.service - Initialize hardware monitoring sensors. Dec 04 03:29:33 32core udisksd[1558]: Error probing device: Error sending ATA command IDENTIFY DEVICE to '/dev/sda': Unexpected sense data returned: 0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ (g-io-error-quark, 0) Dec 04 03:29:33 32core ModemManager[1735]: <msg> ModemManager (version 1.24.0) starting in system bus... Dec 04 03:29:33 32core systemd[1]: Finished pvebanner.service - Proxmox VE Login Banner. Dec 04 03:29:33 32core kernel: NET: Registered PF_QIPCRTR protocol family Dec 04 03:29:33 32core systemd[1]: Started ModemManager.service - Modem Manager. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], not capable of SMART Health Status check Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], no ATA CHECK POWER STATUS support, ignoring -n Directive Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], is SMART capable. Adding to "monitor" list. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], state read from /var/lib/smartmontools/smartd.WDC_WD10JMVW_11S5XS0-WD_WXC1EC2KL905.ata.state Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme0, opened Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme0, PNY CS2130 4TB SSD, S/N:PNY21122103150100005, FW:CS213530, 4.00 TB Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme0, is SMART capable. Adding to "monitor" list. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme0, state read from /var/lib/smartmontools/smartd.PNY_CS2130_4TB_SSD-PNY21122103150100005.nvme.state Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme1, opened Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme1, Asgard AN2TNVMe M.2/80, S/N:100000000074, FW:FWSS0104 Dec 04 03:29:33 32core systemd[1]: Started udisks2.service - Disk Manager. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme1, is SMART capable. Adding to "monitor" list. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme1, state read from /var/lib/smartmontools/smartd.Asgard_AN2TNVMe_M_2_80-100000000074.nvme.state Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme2, opened Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme2, THNSN51T02DU7 TOSHIBA, S/N:76IS1009TTQV, FW:57HA4103 Dec 04 03:29:33 32core udisksd[1558]: Acquired the name org.freedesktop.UDisks2 on the system message bus Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme2, is SMART capable. Adding to "monitor" list. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme2, state read from /var/lib/smartmontools/smartd.THNSN51T02DU7_TOSHIBA-76IS1009TTQV.nvme.state Dec 04 03:29:33 32core smartd[1551]: Monitoring 1 ATA/SATA, 0 SCSI/SAS and 3 NVMe devices Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], SMART Prefailure Attribute: 3 Spin_Up_Time changed from 188 to 187 Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme0, NVMe error count increased from 853 to 856 (0 new, 1 ignored, 2 unknown) Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], state written to /var/lib/smartmontools/smartd.WDC_WD10JMVW_11S5XS0-WD_WXC1EC2KL905.ata.state Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme0, state written to /var/lib/smartmontools/smartd.PNY_CS2130_4TB_SSD-PNY21122103150100005.nvme.state Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme1, state written to /var/lib/smartmontools/smartd.Asgard_AN2TNVMe_M_2_80-100000000074.nvme.state Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme2, state written to /var/lib/smartmontools/smartd.THNSN51T02DU7_TOSHIBA-76IS1009TTQV.nvme.state Dec 04 03:29:33 32core systemd[1]: Started smartmontools.service - Self Monitoring and Reporting Technology (SMART) Daemon. Dec 04 03:29:33 32core networking[1757]: error: vmbr0: bridge port enp68s0 does not exist Dec 04 03:29:33 32core /usr/sbin/ifup[1757]: error: vmbr0: bridge port enp68s0 does not exist Dec 04 03:29:33 32core networking[1757]: error: vmbr0: bridge port enp70s0 does not exist Dec 04 03:29:33 32core /usr/sbin/ifup[1757]: error: vmbr0: bridge port enp70s0 does not exist Dec 04 03:29:33 32core networking[1757]: error: vmbr0: bridge port enp72s0 does not exist Dec 04 03:29:33 32core /usr/sbin/ifup[1757]: error: vmbr0: bridge port enp72s0 does not exist Dec 04 03:29:33 32core kernel: vmbr0: port 1(enp69s0) entered blocking state Dec 04 03:29:33 32core kernel: vmbr0: port 1(enp69s0) entered disabled state Dec 04 03:29:33 32core kernel: atlantic 0000:45:00.0 enp69s0: entered allmulticast mode Dec 04 03:29:33 32core kernel: atlantic 0000:45:00.0 enp69s0: entered promiscuous mode Dec 04 03:29:33 32core kernel: vmbr0: port 2(enp71s0) entered blocking state Dec 04 03:29:33 32core kernel: vmbr0: port 2(enp71s0) entered disabled state Dec 04 03:29:33 32core kernel: r8169 0000:47:00.0 enp71s0: entered allmulticast mode Dec 04 03:29:33 32core kernel: r8169 0000:47:00.0 enp71s0: entered promiscuous mode Dec 04 03:29:33 32core networking[1757]: warning: vmbr0: apply bridge ports settings: bridge configuration failed (missing ports) Dec 04 03:29:33 32core /usr/sbin/ifup[1757]: warning: vmbr0: apply bridge ports settings: bridge configuration failed (missing ports) Dec 04 03:29:34 32core kernel: Realtek Internal NBASE-T PHY r8169-0-4700:00: attached PHY driver (mii_bus:phy_addr=r8169-0-4700:00, irq=MAC) Dec 04 03:29:34 32core kernel: r8169 0000:47:00.0 enp71s0: Link is Down Dec 04 03:29:34 32core kernel: vmbr0: port 2(enp71s0) entered blocking state Dec 04 03:29:34 32core kernel: vmbr0: port 2(enp71s0) entered forwarding state Dec 04 03:29:34 32core networking[1757]: error: >>> Full logs available in: /var/log/ifupdown2/network_config_ifupdown2_282_Dec-04-2025_03:29:33.465229 <<< Dec 04 03:29:34 32core /usr/sbin/ifup[1757]: >>> Full logs available in: /var/log/ifupdown2/network_config_ifupdown2_282_Dec-04-2025_03:29:33.465229 <<< Dec 04 03:29:34 32core systemd[1]: Finished networking.service - Network initialization. Dec 04 03:29:34 32core systemd[1]: Reached target network.target - Network. Dec 04 03:29:34 32core systemd[1]: Reached target network-online.target - Network is Online. Dec 04 03:29:34 32core systemd[1]: Starting iscsid.service - iSCSI initiator daemon (iscsid)... Dec 04 03:29:34 32core systemd[1]: Started lxc-monitord.service - LXC Container Monitoring Daemon. Dec 04 03:29:34 32core systemd[1]: Starting lxc-net.service - LXC network bridge setup... Dec 04 03:29:34 32core systemd[1]: Starting postfix.service - Postfix Mail Transport Agent (main/default instance)... Dec 04 03:29:34 32core systemd[1]: Starting pve-cluster.service - The Proxmox VE cluster filesystem... Dec 04 03:29:34 32core kernel: vmbr0: port 2(enp71s0) entered disabled state Dec 04 03:29:34 32core systemd[1]: Starting rbdmap.service - Map RBD devices... Dec 04 03:29:34 32core systemd[1]: Starting rpc-statd-notify.service - Notify NFS peers of a restart... Dec 04 03:29:34 32core systemd[1]: rsync.service - fast remote file copy program daemon was skipped because of an unmet condition check (ConditionPathExists=/etc/rsyncd.conf). Dec 04 03:29:34 32core systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 04 03:29:34 32core sm-notify[1838]: Version 2.8.3 starting Dec 04 03:29:34 32core systemd[1]: Finished rbdmap.service - Map RBD devices. Dec 04 03:29:34 32core systemd[1]: Started rpc-statd-notify.service - Notify NFS peers of a restart. Dec 04 03:29:34 32core pmxcfs[1832]: [main] notice: resolved node name '32core' to '192.168.199.12' for default node IP address Dec 04 03:29:34 32core pmxcfs[1832]: [main] notice: resolved node name '32core' to '192.168.199.12' for default node IP address Dec 04 03:29:34 32core postfix[1831]: postfix: Postfix is using backwards-compatible default settings Dec 04 03:29:34 32core postfix[1831]: postfix: See https://www.postfix.org/COMPATIBILITY_README.html for details Dec 04 03:29:34 32core postfix[1831]: postfix: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload" Dec 04 03:29:34 32core postfix[1831]: Postfix is using backwards-compatible default settings Dec 04 03:29:34 32core postfix[1831]: See https://www.postfix.org/COMPATIBILITY_README.html for details Dec 04 03:29:34 32core postfix[1831]: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload" Dec 04 03:29:34 32core iscsid[1840]: iSCSI logger with pid=1846 started! Dec 04 03:29:34 32core systemd[1]: Started iscsid.service - iSCSI initiator daemon (iscsid). Dec 04 03:29:34 32core systemd[1]: open-iscsi.service - Login to default iSCSI targets was skipped because no trigger condition checks were met. Dec 04 03:29:34 32core systemd[1]: Reached target remote-fs-pre.target - Preparation for Remote File Systems. Dec 04 03:29:34 32core systemd[1]: Reached target remote-fs.target - Remote File Systems. Dec 04 03:29:34 32core systemd[1]: Reached target pve-storage.target - PVE Storage Target. Dec 04 03:29:34 32core systemd[1]: Starting blk-availability.service - Availability of block devices... Dec 04 03:29:34 32core systemd[1]: systemd-pcrphase.service - TPM PCR Barrier (User) was skipped because of an unmet condition check (ConditionSecurity=measured-uki). Dec 04 03:29:34 32core systemd[1]: Starting systemd-user-sessions.service - Permit User Sessions... Dec 04 03:29:34 32core systemd[1]: Finished lxc-net.service - LXC network bridge setup. Dec 04 03:29:34 32core systemd[1]: Finished blk-availability.service - Availability of block devices. Dec 04 03:29:34 32core kernel: Loading iSCSI transport class v2.0-870. Dec 04 03:29:34 32core systemd[1]: Starting lxc.service - LXC Container Initialization and Autoboot Code... Dec 04 03:29:34 32core systemd[1]: Finished systemd-user-sessions.service - Permit User Sessions. Dec 04 03:29:34 32core systemd[1]: Started getty(a)tty1.service - Getty on tty1. Dec 04 03:29:34 32core systemd[1]: Reached target getty.target - Login Prompts. Dec 04 03:29:34 32core sshd[1855]: Server listening on 0.0.0.0 port 22. Dec 04 03:29:34 32core sshd[1855]: Server listening on :: port 22. Dec 04 03:29:34 32core systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 04 03:29:34 32core systemd[1]: Finished lxc.service - LXC Container Initialization and Autoboot Code. Dec 04 03:29:34 32core postfix[1986]: postfix: Postfix is using backwards-compatible default settings Dec 04 03:29:34 32core postfix[1986]: postfix: See https://www.postfix.org/COMPATIBILITY_README.html for details Dec 04 03:29:34 32core postfix[1986]: postfix: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload" Dec 04 03:29:34 32core postfix[1986]: Postfix is using backwards-compatible default settings Dec 04 03:29:34 32core postfix[1986]: See https://www.postfix.org/COMPATIBILITY_README.html for details Dec 04 03:29:34 32core postfix[1986]: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload" Dec 04 03:29:34 32core postfix/master[1994]: daemon started -- version 3.10.5, configuration /etc/postfix Dec 04 03:29:34 32core systemd[1]: Started postfix.service - Postfix Mail Transport Agent (main/default instance). Dec 04 03:29:35 32core iscsid[1846]: iSCSI daemon with pid=1847 started! Dec 04 03:29:35 32core systemd[1]: Started pve-cluster.service - The Proxmox VE cluster filesystem. Dec 04 03:29:35 32core systemd[1]: corosync.service - Corosync Cluster Engine was skipped because of an unmet condition check (ConditionPathExists=/etc/corosync/corosync.conf). Dec 04 03:29:35 32core systemd[1]: Started cron.service - Regular background program processing daemon. Dec 04 03:29:35 32core systemd[1]: Starting pve-firewall-commit.service - Commit Proxmox VE Firewall changes... Dec 04 03:29:35 32core systemd[1]: Starting pve-firewall.service - Proxmox VE firewall... Dec 04 03:29:35 32core systemd[1]: Starting pve-sdn-commit.service - Commit Proxmox VE SDN changes... Dec 04 03:29:35 32core systemd[1]: Starting pvedaemon.service - PVE API Daemon... Dec 04 03:29:35 32core systemd[1]: Starting pvestatd.service - PVE Status Daemon... Dec 04 03:29:35 32core cron[2002]: (CRON) INFO (pidfile fd = 3) Dec 04 03:29:35 32core cron[2002]: (CRON) INFO (Running @reboot jobs) Dec 04 03:29:35 32core systemd[1]: Finished pve-firewall-commit.service - Commit Proxmox VE Firewall changes. Dec 04 03:29:35 32core pve-sdn-commit[2005]: No changes to SDN configuration detected, skipping reload Dec 04 03:29:35 32core systemd[1]: Finished pve-sdn-commit.service - Commit Proxmox VE SDN changes. Dec 04 03:29:36 32core pve-firewall[2018]: starting server Dec 04 03:29:36 32core pvestatd[2020]: starting server Dec 04 03:29:36 32core systemd[1]: Started pve-firewall.service - Proxmox VE firewall. Dec 04 03:29:36 32core systemd[1]: Started pvestatd.service - PVE Status Daemon. Dec 04 03:29:36 32core pvedaemon[2046]: starting server Dec 04 03:29:36 32core pvedaemon[2046]: starting 3 worker(s) Dec 04 03:29:36 32core pvedaemon[2046]: worker 2047 started Dec 04 03:29:36 32core pvedaemon[2046]: worker 2048 started Dec 04 03:29:36 32core pvedaemon[2046]: worker 2049 started Dec 04 03:29:36 32core systemd[1]: Started pvedaemon.service - PVE API Daemon. Dec 04 03:29:36 32core systemd[1]: Starting pve-ha-crm.service - PVE Cluster HA Resource Manager Daemon... Dec 04 03:29:36 32core systemd[1]: Starting pveproxy.service - PVE API Proxy Server... Dec 04 03:29:37 32core pve-ha-crm[2056]: starting server Dec 04 03:29:37 32core pve-ha-crm[2056]: status change startup => wait_for_quorum Dec 04 03:29:37 32core systemd[1]: Started pve-ha-crm.service - PVE Cluster HA Resource Manager Daemon. Dec 04 03:29:37 32core ModemManager[1735]: <msg> [base-manager] couldn't check support for device '/sys/devices/pci0000:40/0000:40:01.1/0000:41:00.0/0000:42:03.0/0000:45:00.0': not supported by any plugin Dec 04 03:29:37 32core ModemManager[1735]: <msg> [base-manager] couldn't check support for device '/sys/devices/pci0000:40/0000:40:01.1/0000:41:00.0/0000:42:04.0/0000:46:00.0': not supported by any plugin Dec 04 03:29:37 32core ModemManager[1735]: <msg> [base-manager] couldn't check support for device '/sys/devices/pci0000:40/0000:40:01.1/0000:41:00.0/0000:42:05.0/0000:47:00.0': not supported by any plugin Dec 04 03:29:37 32core pveproxy[2058]: starting server Dec 04 03:29:37 32core pveproxy[2058]: starting 3 worker(s) Dec 04 03:29:37 32core pveproxy[2058]: worker 2059 started Dec 04 03:29:37 32core pveproxy[2058]: worker 2060 started Dec 04 03:29:37 32core pveproxy[2058]: worker 2061 started Dec 04 03:29:37 32core systemd[1]: Started pveproxy.service - PVE API Proxy Server. Dec 04 03:29:37 32core systemd[1]: Starting pve-ha-lrm.service - PVE Local HA Resource Manager Daemon... Dec 04 03:29:37 32core systemd[1]: Starting spiceproxy.service - PVE SPICE Proxy Server... Dec 04 03:29:37 32core spiceproxy[2067]: starting server Dec 04 03:29:37 32core spiceproxy[2067]: starting 1 worker(s) Dec 04 03:29:37 32core spiceproxy[2067]: worker 2068 started Dec 04 03:29:37 32core systemd[1]: Started spiceproxy.service - PVE SPICE Proxy Server. Dec 04 03:29:38 32core pve-ha-lrm[2070]: starting server Dec 04 03:29:38 32core pve-ha-lrm[2070]: status change startup => wait_for_agent_lock Dec 04 03:29:38 32core systemd[1]: Started pve-ha-lrm.service - PVE Local HA Resource Manager Daemon. Dec 04 03:29:38 32core systemd[1]: Starting pve-guests.service - PVE guests... Dec 04 03:29:38 32core systemd[1]: systemd-rfkill.service: Deactivated successfully. Dec 04 03:29:38 32core pve-guests[2075]: <root@pam> starting task UPID:32core:0000081C:000005D6:69308FA2:startall::root@pam: Dec 04 03:29:38 32core pve-guests[2075]: <root@pam> end task UPID:32core:0000081C:000005D6:69308FA2:startall::root@pam: OK Dec 04 03:29:38 32core systemd[1]: Finished pve-guests.service - PVE guests. Dec 04 03:29:38 32core systemd[1]: Starting pvescheduler.service - Proxmox VE scheduler... Dec 04 03:29:39 32core kernel: atlantic 0000:45:00.0 enp69s0: atlantic: link change old 0 new 10000 Dec 04 03:29:39 32core kernel: vmbr0: port 1(enp69s0) entered blocking state Dec 04 03:29:39 32core kernel: vmbr0: port 1(enp69s0) entered forwarding state Dec 04 03:29:39 32core pvescheduler[2079]: starting server Dec 04 03:29:39 32core systemd[1]: Started pvescheduler.service - Proxmox VE scheduler. Dec 04 03:29:39 32core systemd[1]: Reached target multi-user.target - Multi-User System. Dec 04 03:29:39 32core systemd[1]: Reached target graphical.target - Graphical Interface. Dec 04 03:29:39 32core systemd[1]: Startup finished in 40.684s (firmware) + 6.890s (loader) + 4.456s (kernel) + 11.103s (userspace) = 1min 3.135s. Dec 04 03:30:03 32core netavark[1535]: timeout met: exiting after 30 secs of inactivity Dec 04 03:30:03 32core systemd[1]: netavark-dhcp-proxy.service: Deactivated successfully. Dec 04 03:30:07 32core pvedaemon[2047]: <root@pam> successful auth for user 'root@pam' Dec 04 03:30:17 32core chronyd[1703]: Selected source 15.204.87.223 (2.debian.pool.ntp.org) Dec 04 03:30:17 32core chronyd[1703]: System clock TAI offset set to 37 seconds Dec 04 03:30:17 32core sshd-session[2221]: Accepted password for root from 192.168.199.2 port 6648 ssh2 Dec 04 03:30:17 32core sshd-session[2221]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0) Dec 04 03:30:17 32core systemd[1]: Created slice user-0.slice - User Slice of UID 0. Dec 04 03:30:17 32core systemd[1]: Starting user-runtime-dir(a)0.service - User Runtime Directory /run/user/0... Dec 04 03:30:17 32core systemd-logind[1555]: New session 1 of user root. Dec 04 03:30:17 32core systemd[1]: Finished user-runtime-dir(a)0.service - User Runtime Directory /run/user/0. Dec 04 03:30:17 32core systemd[1]: Starting user(a)0.service - User Manager for UID 0... Dec 04 03:30:17 32core (systemd)[2227]: pam_unix(systemd-user:session): session opened for user root(uid=0) by root(uid=0) Dec 04 03:30:17 32core systemd-logind[1555]: New session 2 of user root. Dec 04 03:30:17 32core systemd[2227]: Queued start job for default target default.target. Dec 04 03:30:17 32core systemd[2227]: Created slice app.slice - User Application Slice. Dec 04 03:30:17 32core systemd[2227]: Reached target paths.target - Paths. Dec 04 03:30:17 32core systemd[2227]: Reached target timers.target - Timers. Dec 04 03:30:17 32core systemd[2227]: Starting dbus.socket - D-Bus User Message Bus Socket... Dec 04 03:30:17 32core systemd[2227]: Listening on dirmngr.socket - GnuPG network certificate management daemon. Dec 04 03:30:17 32core systemd[2227]: Listening on gpg-agent-browser.socket - GnuPG cryptographic agent and passphrase cache (access for web browsers). Dec 04 03:30:17 32core systemd[2227]: Listening on gpg-agent-extra.socket - GnuPG cryptographic agent and passphrase cache (restricted). Dec 04 03:30:17 32core systemd[2227]: Starting gpg-agent-ssh.socket - GnuPG cryptographic agent (ssh-agent emulation)... Dec 04 03:30:17 32core systemd[2227]: Starting gpg-agent.socket - GnuPG cryptographic agent and passphrase cache... Dec 04 03:30:17 32core systemd[2227]: Listening on keyboxd.socket - GnuPG public key management service. Dec 04 03:30:17 32core systemd[2227]: Starting ssh-agent.socket - OpenSSH Agent socket... Dec 04 03:30:17 32core systemd[2227]: Listening on dbus.socket - D-Bus User Message Bus Socket. Dec 04 03:30:17 32core systemd[2227]: Listening on ssh-agent.socket - OpenSSH Agent socket. Dec 04 03:30:17 32core systemd[2227]: Listening on gpg-agent-ssh.socket - GnuPG cryptographic agent (ssh-agent emulation). Dec 04 03:30:17 32core systemd[2227]: Listening on gpg-agent.socket - GnuPG cryptographic agent and passphrase cache. Dec 04 03:30:17 32core systemd[2227]: Reached target sockets.target - Sockets. Dec 04 03:30:17 32core systemd[2227]: Reached target basic.target - Basic System. Dec 04 03:30:17 32core systemd[2227]: Reached target default.target - Main User Target. Dec 04 03:30:17 32core systemd[2227]: Startup finished in 272ms. Dec 04 03:30:17 32core systemd[1]: Started user(a)0.service - User Manager for UID 0. Dec 04 03:30:18 32core systemd[1]: Started session-1.scope - Session 1 of User root. Dec 04 03:30:19 32core chronyd[1703]: Selected source 12.205.28.193 (2.debian.pool.ntp.org) Dec 04 03:30:26 32core kernel: NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 Dec 04 03:31:57 32core kernel: BUG: kernel NULL pointer dereference, address: 0000000000000008 Dec 04 03:31:57 32core kernel: #PF: supervisor write access in kernel mode Dec 04 03:31:57 32core kernel: #PF: error_code(0x0002) - not-present page Dec 04 03:31:57 32core kernel: PGD 0 P4D 0 Dec 04 03:31:57 32core kernel: Oops: Oops: 0002 [#1] SMP NOPTI Dec 04 03:31:57 32core kernel: CPU: 50 UID: 0 PID: 2365 Comm: zstd Tainted: P O 6.17.2-2-pve #1 PREEMPT(voluntary) Dec 04 03:31:57 32core kernel: Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE Dec 04 03:31:57 32core kernel: Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./TRX40 Creator, BIOS P1.88C 12/23/2024 Dec 04 03:31:57 32core kernel: RIP: 0010:list_lru_del+0xc0/0x180 Dec 04 03:31:57 32core kernel: Code: 00 00 00 00 00 00 00 80 48 39 c2 74 64 e8 58 62 db ff 49 8b 55 00 49 39 d5 0f 84 9c 00 00 00 49 8b 4d 00 49 8b 55 08 4c 89 e7 <48> 89 51 08 48 89 0a 4d 89 6d 00 4d 89 6d 08 49 83 6f 10 01 e8 f7 Dec 04 03:31:57 32core kernel: RSP: 0018:ffffd3ed589ef600 EFLAGS: 00010086 Dec 04 03:31:57 32core kernel: RAX: 0000000000000000 RBX: ffffffff997f07e0 RCX: 0000000000000000 Dec 04 03:31:57 32core kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8b43c3fa30e8 Dec 04 03:31:57 32core kernel: RBP: ffffd3ed589ef640 R08: 0000000000000000 R09: 0000000000000000 Dec 04 03:31:57 32core kernel: R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b43c3fa30e8 Dec 04 03:31:57 32core kernel: R13: ffff8b61a34319e8 R14: ffff8b43dfcfabc0 R15: ffff8b43c3fa30d0 Dec 04 03:31:57 32core kernel: FS: 00007ea767a956c0(0000) GS:ffff8b6325286000(0000) knlGS:0000000000000000 Dec 04 03:31:57 32core kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Dec 04 03:31:57 32core kernel: CR2: 0000000000000008 CR3: 000000014b096000 CR4: 0000000000350ef0 Dec 04 03:31:57 32core kernel: Call Trace: Dec 04 03:31:57 32core kernel: <TASK> Dec 04 03:31:57 32core kernel: list_lru_del_obj+0x7f/0xe0 Dec 04 03:31:57 32core kernel: workingset_update_node+0x61/0xb0 Dec 04 03:31:57 32core kernel: xas_store+0x25f/0x6d0 Dec 04 03:31:57 32core kernel: __filemap_add_folio+0x234/0x510 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? __pfx_workingset_update_node+0x10/0x10 Dec 04 03:31:57 32core kernel: filemap_add_folio+0x99/0xf0 Dec 04 03:31:57 32core kernel: page_cache_ra_order+0x205/0x3b0 Dec 04 03:31:57 32core kernel: page_cache_async_ra+0x19f/0x1f0 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? filemap_get_read_batch+0x15b/0x2e0 Dec 04 03:31:57 32core kernel: filemap_readahead.isra.0+0x73/0xb0 Dec 04 03:31:57 32core kernel: filemap_get_pages+0x40f/0x740 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? sched_clock_noinstr+0x9/0x10 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: filemap_read+0x114/0x4a0 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: generic_file_read_iter+0xbb/0x110 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? apparmor_file_permission+0x1f/0x30 Dec 04 03:31:57 32core kernel: ext4_file_read_iter+0x60/0x200 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: vfs_read+0x274/0x390 Dec 04 03:31:57 32core kernel: ksys_read+0x6f/0xf0 Dec 04 03:31:57 32core kernel: __x64_sys_read+0x19/0x30 Dec 04 03:31:57 32core kernel: x64_sys_call+0x1e95/0x2330 Dec 04 03:31:57 32core kernel: do_syscall_64+0x80/0xa30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? ksys_read+0xd9/0xf0 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? __x64_sys_read+0x19/0x30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? x64_sys_call+0x1e95/0x2330 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? ext4_file_read_iter+0x60/0x200 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? vfs_read+0x274/0x390 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? ksys_read+0xd9/0xf0 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? __x64_sys_read+0x19/0x30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? x64_sys_call+0x1e95/0x2330 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e Dec 04 03:31:57 32core kernel: RIP: 0033:0x7ea7684929ee Dec 04 03:31:57 32core kernel: Code: 08 0f 85 f5 4b ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 Dec 04 03:31:57 32core kernel: RSP: 002b:00007ea767a94d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 Dec 04 03:31:57 32core kernel: RAX: ffffffffffffffda RBX: 00007ea767a956c0 RCX: 00007ea7684929ee Dec 04 03:31:57 32core kernel: RDX: 0000000000020000 RSI: 00007ea76716c010 RDI: 0000000000000003 Dec 04 03:31:57 32core kernel: RBP: 00007ea7685ddfd0 R08: 0000000000000000 R09: 0000000000000000 Dec 04 03:31:57 32core kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 00007ea76716c010 Dec 04 03:31:57 32core kernel: R13: 0000000000020000 R14: 00007ea7685dde80 R15: 0000000000020000 Dec 04 03:31:57 32core kernel: </TASK> Dec 04 03:31:57 32core kernel: Modules linked in: ebtable_filter ebtables ip_set ip6table_raw iptable_raw ip6table_filter ip6_tables iptable_filter scsi_transport_iscsi nf_tables qrtr bonding tls at24 spd5118 softdog sunrpc binfmt_misc nfnetlink_log iwlmvm mac80211 libarc4 btusb btrtl btintel btbcm btmtk iwlwifi bluetooth input_leds cfg80211 amd_atl intel_rapl_msr intel_rapl_common sch_fq_codel amdgpu amdxcp snd_hda_codec_atihdmi edac_mce_amd drm_panel_backlight_quirks snd_hda_codec_hdmi snd_hda_intel gpu_sched radeon snd_hda_codec drm_buddy snd_usb_audio kvm_amd snd_hda_core drm_ttm_helper snd_usbmidi_lib ttm drm_exec snd_intel_dspcfg snd_ump drm_suballoc_helper snd_intel_sdw_acpi snd_rawmidi snd_hwdep kvm snd_seq_device drm_display_helper snd_pcm cec polyval_clmulni snd_timer rc_core ghash_clmulni_intel snd aesni_intel joydev i2c_algo_bit rapl wmi_bmof pcspkr ccp mxm_wmi ee1004 video k10temp soundcore mac_hid mc zfs(PO) spl(O) vhost_net vhost vhost_iotlb tap nct6683 lm83 vfio_pci vfio_pci_core irqbypass vfio_iommu_type1 vfio iommufd Dec 04 03:31:57 32core kernel: msr efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic xor raid6_pq hid_multitouch uas usb_storage usbkbd usbmouse hid_generic usbhid hid dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio nvme atlantic r8169 nvme_core xhci_pci ahci nvme_keyring libahci macsec realtek nvme_auth xhci_hcd i2c_piix4 i2c_smbus wmi Dec 04 03:31:57 32core kernel: CR2: 0000000000000008 Dec 04 03:31:57 32core kernel: ---[ end trace 0000000000000000 ]--- Dec 04 03:31:57 32core kernel: RIP: 0010:list_lru_del+0xc0/0x180 Dec 04 03:31:57 32core kernel: Code: 00 00 00 00 00 00 00 80 48 39 c2 74 64 e8 58 62 db ff 49 8b 55 00 49 39 d5 0f 84 9c 00 00 00 49 8b 4d 00 49 8b 55 08 4c 89 e7 <48> 89 51 08 48 89 0a 4d 89 6d 00 4d 89 6d 08 49 83 6f 10 01 e8 f7 Dec 04 03:31:57 32core kernel: RSP: 0018:ffffd3ed589ef600 EFLAGS: 00010086 Dec 04 03:31:57 32core kernel: RAX: 0000000000000000 RBX: ffffffff997f07e0 RCX: 0000000000000000 Dec 04 03:31:57 32core kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8b43c3fa30e8 Dec 04 03:31:57 32core kernel: RBP: ffffd3ed589ef640 R08: 0000000000000000 R09: 0000000000000000 Dec 04 03:31:57 32core kernel: R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b43c3fa30e8 Dec 04 03:31:57 32core kernel: R13: ffff8b61a34319e8 R14: ffff8b43dfcfabc0 R15: ffff8b43c3fa30d0 Dec 04 03:31:57 32core kernel: FS: 00007ea767a956c0(0000) GS:ffff8b6325286000(0000) knlGS:0000000000000000 Dec 04 03:31:57 32core kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Dec 04 03:31:57 32core kernel: CR2: 0000000000000008 CR3: 000000014b096000 CR4: 0000000000350ef0 Dec 04 03:31:57 32core kernel: note: zstd[2365] exited with irqs disabled Dec 04 03:31:57 32core kernel: note: zstd[2365] exited with preempt_count 2 Dec 04 03:32:33 32core kernel: Oops: general protection fault, probably for non-canonical address 0x9a3ae555524f6ec2: 0000 [#2] SMP NOPTI Dec 04 03:32:33 32core kernel: CPU: 50 UID: 0 PID: 1547 Comm: ksmtuned Tainted: P D O 6.17.2-2-pve #1 PREEMPT(voluntary) Dec 04 03:32:33 32core kernel: Tainted: [P]=PROPRIETARY_MODULE, [D]=DIE, [O]=OOT_MODULE Dec 04 03:32:33 32core kernel: Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./TRX40 Creator, BIOS P1.88C 12/23/2024 Dec 04 03:32:33 32core kernel: RIP: 0010:kmem_cache_alloc_noprof+0x203/0x3e0 Dec 04 03:32:33 32core kernel: Code: 84 ce fe ff ff 48 85 db 0f 84 c5 fe ff ff 48 8b 03 48 c1 e8 36 41 39 c2 0f 85 b5 fe ff ff 41 8b 44 24 28 49 8b 34 24 48 01 f8 <48> 8b 18 48 89 c1 49 33 9c 24 b8 00 00 00 48 89 f8 48 0f c9 48 31 Dec 04 03:32:33 32core kernel: RSP: 0018:ffffd3ed42de3990 EFLAGS: 00010282 Dec 04 03:32:33 32core kernel: RAX: 9a3ae555524f6ec2 RBX: fffffc073b8d0c00 RCX: 0000000000000000 Dec 04 03:32:33 32core kernel: RDX: 0000000033e52032 RSI: ffffffff996b42d0 RDI: 9a3ae555524f6c82 Dec 04 03:32:33 32core kernel: RBP: ffffd3ed42de39d8 R08: 0000000000000028 R09: 0000000000000000 Dec 04 03:32:33 32core kernel: R10: 00000000ffffffff R11: 00000000003fffff R12: ffff8b43c0055e00 Dec 04 03:32:33 32core kernel: R13: 0000000000002820 R14: 0000000000000240 R15: ffffffff97cac677 Dec 04 03:32:33 32core kernel: FS: 000074d3ea109740(0000) GS:ffff8b6325286000(0000) knlGS:0000000000000000 Dec 04 03:32:33 32core kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Dec 04 03:32:33 32core kernel: CR2: 000074d3ea2f57b0 CR3: 00000001112c5000 CR4: 0000000000350ef0 Dec 04 03:32:33 32core kernel: Call Trace: Dec 04 03:32:33 32core kernel: <TASK> Dec 04 03:32:33 32core kernel: radix_tree_node_alloc.constprop.0+0xb7/0x100 Dec 04 03:32:33 32core kernel: idr_get_free+0x26d/0x330 Dec 04 03:32:33 32core kernel: idr_alloc_u32+0x7d/0xf0 Dec 04 03:32:33 32core kernel: idr_alloc_cyclic+0x57/0xc0 Dec 04 03:32:33 32core kernel: alloc_pid+0x1b8/0x410 Dec 04 03:32:33 32core kernel: copy_process+0x1298/0x1ca0 Dec 04 03:32:33 32core kernel: kernel_clone+0xb6/0x4b0 Dec 04 03:32:33 32core kernel: __do_sys_clone+0x68/0xa0 Dec 04 03:32:33 32core kernel: __x64_sys_clone+0x25/0x40 Dec 04 03:32:33 32core kernel: x64_sys_call+0x1b4d/0x2330 Dec 04 03:32:33 32core kernel: do_syscall_64+0x80/0xa30 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? __handle_mm_fault+0xadb/0xfd0 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? count_memcg_events+0xd7/0x1a0 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? __set_task_blocked+0x29/0x80 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? _copy_to_user+0x31/0x60 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? __x64_sys_rt_sigprocmask+0xee/0x160 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? x64_sys_call+0x178d/0x2330 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? x64_sys_call+0x178d/0x2330 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:32:33 32core kernel: ? irqentry_exit+0x43/0x50 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? exc_page_fault+0x90/0x1b0 Dec 04 03:32:33 32core kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e Dec 04 03:32:33 32core kernel: RIP: 0033:0x74d3ea1e9202 Dec 04 03:32:33 32core kernel: Code: 89 e7 e8 71 3b f6 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 89 c5 85 c0 75 31 64 48 8b 04 25 10 00 00 Dec 04 03:32:33 32core kernel: RSP: 002b:00007ffd24e48590 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 Dec 04 03:32:33 32core kernel: RAX: ffffffffffffffda RBX: 00007ffd24e48590 RCX: 000074d3ea1e9202 Dec 04 03:32:33 32core kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 Dec 04 03:32:33 32core kernel: RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 Dec 04 03:32:33 32core kernel: R10: 000074d3ea109a10 R11: 0000000000000246 R12: 00007ffd24e48700 Dec 04 03:32:33 32core kernel: R13: 0000000000000000 R14: 0000000000000000 R15: 00000000ffffffff Dec 04 03:32:33 32core kernel: </TASK> Dec 04 03:32:33 32core kernel: Modules linked in: ebtable_filter ebtables ip_set ip6table_raw iptable_raw ip6table_filter ip6_tables iptable_filter scsi_transport_iscsi nf_tables qrtr bonding tls at24 spd5118 softdog sunrpc binfmt_misc nfnetlink_log iwlmvm mac80211 libarc4 btusb btrtl btintel btbcm btmtk iwlwifi bluetooth input_leds cfg80211 amd_atl intel_rapl_msr intel_rapl_common sch_fq_codel amdgpu amdxcp snd_hda_codec_atihdmi edac_mce_amd drm_panel_backlight_quirks snd_hda_codec_hdmi snd_hda_intel gpu_sched radeon snd_hda_codec drm_buddy snd_usb_audio kvm_amd snd_hda_core drm_ttm_helper snd_usbmidi_lib ttm drm_exec snd_intel_dspcfg snd_ump drm_suballoc_helper snd_intel_sdw_acpi snd_rawmidi snd_hwdep kvm snd_seq_device drm_display_helper snd_pcm cec polyval_clmulni snd_timer rc_core ghash_clmulni_intel snd aesni_intel joydev i2c_algo_bit rapl wmi_bmof pcspkr ccp mxm_wmi ee1004 video k10temp soundcore mac_hid mc zfs(PO) spl(O) vhost_net vhost vhost_iotlb tap nct6683 lm83 vfio_pci vfio_pci_core irqbypass vfio_iommu_type1 vfio iommufd Dec 04 03:32:33 32core kernel: msr efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic xor raid6_pq hid_multitouch uas usb_storage usbkbd usbmouse hid_generic usbhid hid dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio nvme atlantic r8169 nvme_core xhci_pci ahci nvme_keyring libahci macsec realtek nvme_auth xhci_hcd i2c_piix4 i2c_smbus wmi Dec 04 03:32:33 32core kernel: ---[ end trace 0000000000000000 ]--- Dec 04 03:32:33 32core kernel: RIP: 0010:list_lru_del+0xc0/0x180 Dec 04 03:32:33 32core kernel: Code: 00 00 00 00 00 00 00 80 48 39 c2 74 64 e8 58 62 db ff 49 8b 55 00 49 39 d5 0f 84 9c 00 00 00 49 8b 4d 00 49 8b 55 08 4c 89 e7 <48> 89 51 08 48 89 0a 4d 89 6d 00 4d 89 6d 08 49 83 6f 10 01 e8 f7 Dec 04 03:32:33 32core kernel: RSP: 0018:ffffd3ed589ef600 EFLAGS: 00010086 Dec 04 03:32:33 32core kernel: RAX: 0000000000000000 RBX: ffffffff997f07e0 RCX: 0000000000000000 Dec 04 03:32:33 32core kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8b43c3fa30e8 Dec 04 03:32:33 32core kernel: RBP: ffffd3ed589ef640 R08: 0000000000000000 R09: 0000000000000000 Dec 04 03:32:33 32core kernel: R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b43c3fa30e8 Dec 04 03:32:33 32core kernel: R13: ffff8b61a34319e8 R14: ffff8b43dfcfabc0 R15: ffff8b43c3fa30d0 Dec 04 03:32:33 32core kernel: FS: 000074d3ea109740(0000) GS:ffff8b6325286000(0000) knlGS:0000000000000000 Dec 04 03:32:33 32core kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Dec 04 03:32:33 32core kernel: CR2: 000074d3ea2f57b0 CR3: 00000001112c5000 CR4: 0000000000350ef0 Dec 04 03:32:33 32core kernel: note: ksmtuned[1547] exited with preempt_count 2 Dec 04 03:32:33 32core systemd[1]: ksmtuned.service: Main process exited, code=killed, status=11/SEGV Dec 04 03:32:33 32core systemd[1]: ksmtuned.service: Failed with result 'signal'. Dec 04 03:33:00 32core kernel: watchdog: BUG: soft lockup - CPU#17 stuck for 23s! [pve-firewall:2018] -- 此致礼罗勇刚 Yours sincerely, Yonggang Luo

4 days, 20 hours

2
2
0 0

[PATCH v2 0/2] netrom: fix deadlock and refcount leak in nr_rt_device_down

by Junjie Cao

Hi, syzbot reported a circular locking dependency in the NET/ROM routing code involving nr_neigh_list_lock, nr_node_list_lock and nr_node->node_lock when nr_rt_device_down() interacts with the ioctl path. This series fixes that deadlock and also addresses a long-standing reference count leak found while auditing the same code. Patch 1/2 refactors nr_rt_device_down() to avoid nested locking between nr_neigh_list_lock and nr_node_list_lock by doing two separate passes over nodes and neighbours, and adjusts nr_rt_free() to follow the same lock ordering. Patch 2/2 fixes a per-route reference count leak by dropping nr_neigh->count and calling nr_neigh_put() when removing routes from nr_rt_device_down(), mirroring the behaviour of nr_dec_obs()/nr_del_node(). [1] https://syzkaller.appspot.com/bug?extid=14afda08dc3484d5db82 Thanks, Junjie

4 days, 21 hours

1
2
0 0

[PATCH v2] net/handshake: restore destructor on submit failure

by caoping

handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the request is hashed. handshake_sk_destruct() then returns early and the original destructor never runs, leaking the socket. Restore sk_destruct on the error path. Fixes: 3b3009ea8abb ("net/handshake: Create a NETLINK service for handling handshake requests") Signed-off-by: caoping <caoping(a)cmss.chinamobile.com> --- net/handshake/request.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/handshake/request.c b/net/handshake/request.c index 274d2c89b6b2..89435ed755cd 100644 --- a/net/handshake/request.c +++ b/net/handshake/request.c @@ -276,6 +276,8 @@ int handshake_req_submit(struct socket *sock, struct handshake_req *req, out_unlock: spin_unlock(&hn->hn_lock); out_err: + /* Restore original destructor so socket teardown still runs on failure */ + req->hr_sk->sk_destruct = req->hr_odestruct; trace_handshake_submit_err(net, req, req->hr_sk, ret); handshake_req_destroy(req); return ret; base-commit: 4a26e7032d7d57c998598c08a034872d6f0d3945 -- 2.47.3

4 days, 21 hours

2
1
0 0

[PATCH v2 2/2] kasan: Unpoison vms[area] addresses with a common tag

by Maciej Wieczor-Retman

From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> A KASAN tag mismatch, possibly causing a kernel panic, can be observed on systems with a tag-based KASAN enabled and with multiple NUMA nodes. It was reported on arm64 and reproduced on x86. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Use the modified __kasan_unpoison_vmalloc() to pass the tag of the first vm_struct's address when vm_structs are unpoisoned in pcpu_get_vm_areas(). Assigning a common tag resolves the pcpu chunk address mismatch. Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Cc: <stable(a)vger.kernel.org> # 6.1+ Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> --- Changelog v2: - Revise the whole patch to match the fixed refactorization from the first patch. Changelog v1: - Rewrite the patch message to point at the user impact of the issue. - Move helper to common.c so it can be compiled in all KASAN modes. mm/kasan/common.c | 3 ++- mm/kasan/hw_tags.c | 12 ++++++++---- mm/kasan/shadow.c | 15 +++++++++++---- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 7884ea7d13f9..e5a867a5670b 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -591,11 +591,12 @@ void kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, unsigned long size; void *addr; int area; + u8 tag = get_tag(vms[0]->addr); for (area = 0 ; area < nr_vms ; area++) { size = vms[area]->size; addr = vms[area]->addr; - vms[area]->addr = __kasan_unpoison_vmap_areas(addr, size, flags); + vms[area]->addr = __kasan_unpoison_vmap_areas(addr, size, flags, tag); } } #endif diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index 4b7936a2bd6f..2a02b898b9d8 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -317,7 +317,7 @@ static void init_vmalloc_pages(const void *start, unsigned long size) } static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags) + kasan_vmalloc_flags_t flags, int unpoison_tag) { u8 tag; unsigned long redzone_start, redzone_size; @@ -361,7 +361,11 @@ static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, return (void *)start; } - tag = kasan_random_tag(); + if (unpoison_tag < 0) + tag = kasan_random_tag(); + else + tag = unpoison_tag; + start = set_tag(start, tag); /* Unpoison and initialize memory up to size. */ @@ -390,7 +394,7 @@ static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, void *__kasan_random_unpoison_vmalloc(const void *start, unsigned long size, kasan_vmalloc_flags_t flags) { - return __kasan_unpoison_vmalloc(start, size, flags); + return __kasan_unpoison_vmalloc(start, size, flags, -1); } void __kasan_poison_vmalloc(const void *start, unsigned long size) @@ -405,7 +409,7 @@ void __kasan_poison_vmalloc(const void *start, unsigned long size) void *__kasan_unpoison_vmap_areas(void *addr, unsigned long size, kasan_vmalloc_flags_t flags, u8 tag) { - return __kasan_unpoison_vmalloc(addr, size, flags); + return __kasan_unpoison_vmalloc(addr, size, flags, tag); } #endif diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index 0a8d8bf6e9cf..7a66ffc1d5b3 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -625,8 +625,10 @@ void kasan_release_vmalloc(unsigned long start, unsigned long end, } static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags) + kasan_vmalloc_flags_t flags, int unpoison_tag) { + u8 tag; + /* * Software KASAN modes unpoison both VM_ALLOC and non-VM_ALLOC * mappings, so the KASAN_VMALLOC_VM_ALLOC flag is ignored. @@ -648,7 +650,12 @@ static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, !(flags & KASAN_VMALLOC_PROT_NORMAL)) return (void *)start; - start = set_tag(start, kasan_random_tag()); + if (unpoison_tag < 0) + tag = kasan_random_tag(); + else + tag = unpoison_tag; + + start = set_tag(start, tag); kasan_unpoison(start, size, false); return (void *)start; } @@ -656,13 +663,13 @@ static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, void *__kasan_random_unpoison_vmalloc(const void *start, unsigned long size, kasan_vmalloc_flags_t flags) { - return __kasan_unpoison_vmalloc(start, size, flags); + return __kasan_unpoison_vmalloc(start, size, flags, -1); } void *__kasan_unpoison_vmap_areas(void *addr, unsigned long size, kasan_vmalloc_flags_t flags, u8 tag) { - return __kasan_unpoison_vmalloc(addr, size, flags); + return __kasan_unpoison_vmalloc(addr, size, flags, tag); } /* -- 2.52.0

4 days, 22 hours

3
4
0 0

[PATCH 6.1] fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF

by Chen Yu

From: Baokun Li <libaokun1(a)huawei.com> commit 72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f upstream. The fscache_cookie_lru_timer is initialized when the fscache module is inserted, but is not deleted when the fscache module is removed. If timer_reduce() is called before removing the fscache module, the fscache_cookie_lru_timer will be added to the timer list of the current cpu. Afterwards, a use-after-free will be triggered in the softIRQ after removing the fscache module, as follows: ================================================================== BUG: unable to handle page fault for address: fffffbfff803c9e9 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855 Tainted: [W]=WARN RIP: 0010:__run_timer_base.part.0+0x254/0x8a0 Call Trace: <IRQ> tmigr_handle_remote_up+0x627/0x810 __walk_groups.isra.0+0x47/0x140 tmigr_handle_remote+0x1fa/0x2f0 handle_softirqs+0x180/0x590 irq_exit_rcu+0x84/0xb0 sysvec_apic_timer_interrupt+0x6e/0x90 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 default_idle_call+0x38/0x60 do_idle+0x2b5/0x300 cpu_startup_entry+0x54/0x60 start_secondary+0x20d/0x280 common_startup_64+0x13e/0x148 </TASK> Modules linked in: [last unloaded: netfs] ================================================================== Therefore delete fscache_cookie_lru_timer when removing the fscahe module. Fixes: 12bb21a29c19 ("fscache: Implement cookie user counting and resource pinning") Cc: stable(a)kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Link: https://lore.kernel.org/r/20240826112056.2458299-1-libaokun@huaweicloud.com Acked-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Christian Brauner <brauner(a)kernel.org> [ Changed the file path due to missing commit:47757ea83a54 ("netfs, fscache: Move fs/fscache/* into fs/netfs/") ] Signed-off-by: Chen Yu <xnguchen(a)sina.cn> --- fs/fscache/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/fscache/main.c b/fs/fscache/main.c index dad85fd84f6f..7a60cd96e87e 100644 --- a/fs/fscache/main.c +++ b/fs/fscache/main.c @@ -114,6 +114,7 @@ static void __exit fscache_exit(void) kmem_cache_destroy(fscache_cookie_jar); fscache_proc_cleanup(); + timer_shutdown_sync(&fscache_cookie_lru_timer); destroy_workqueue(fscache_wq); pr_notice("Unloaded\n"); } -- 2.17.1

4 days, 23 hours

1
0
0 0

[PATCH net v3 1/1] atm: mpoa: Fix UAF on qos_head list in procfs

by Minseong Kim

The global QoS list 'qos_head' in net/atm/mpc.c is accessed from the /proc/net/atm/mpc procfs interface without proper synchronization. The read-side seq_file show path (mpc_show() -> atm_mpoa_disp_qos()) walks qos_head without any lock, while the write-side path (proc_mpc_write() -> parse_qos() -> atm_mpoa_delete_qos()) can unlink and kfree() entries immediately. Concurrent read/write therefore leads to a use-after-free. Fix this by serializing all qos_head list operations with a mutex. A mutex is used because seq_printf() may sleep. To avoid returning an unprotected pointer (and the resulting lifetime race), replace atm_mpoa_search_qos() with atm_mpoa_get_qos(), which copies the QoS under lock. Also add atm_mpoa_delete_qos_by_ip() so search+unlink+free is atomic under the same lock, preventing concurrent double-free/UAF scenarios. KASAN report: [ 15.911538] BUG: KASAN: slab-use-after-free in atm_mpoa_disp_qos+0x202/0x380 [ 15.911988] Read of size 8 at addr ffff888007517380 by task mpoa_uaf_poc/89 [ 15.912123] [ 15.912717] CPU: 0 UID: 0 PID: 89 Comm: mpoa_uaf_poc Not tainted 6.17.8 #1 PREEMPT(voluntary) [ 15.912950] Hardware name: QEMU Ubuntu 25.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.913110] Call Trace: [ 15.913167] <TASK> [ 15.913247] dump_stack_lvl+0x4e/0x70 [ 15.913343] ? atm_mpoa_disp_qos+0x202/0x380 [ 15.913364] print_report+0x174/0x4f6 [ 15.913386] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 15.913412] ? atm_mpoa_disp_qos+0x202/0x380 [ 15.913430] kasan_report+0xce/0x100 [ 15.913453] ? atm_mpoa_disp_qos+0x202/0x380 [ 15.913475] atm_mpoa_disp_qos+0x202/0x380 [ 15.913496] mpc_show+0x575/0x700 [ 15.913515] ? kasan_save_track+0x14/0x30 [ 15.913532] ? __pfx_mpc_show+0x10/0x10 [ 15.913550] ? __pfx_mutex_lock+0x10/0x10 [ 15.913565] ? seq_read_iter+0x697/0x1110 [ 15.913584] seq_read_iter+0x2bc/0x1110 [ 15.913607] seq_read+0x267/0x3d0 [ 15.913623] ? __pfx_seq_read+0x10/0x10 [ 15.913650] proc_reg_read+0x1ab/0x270 [ 15.913669] vfs_read+0x175/0xa10 [ 15.913687] ? do_sys_openat2+0x103/0x170 [ 15.913701] ? kmem_cache_free+0xc4/0x360 [ 15.913718] ? getname_flags.part.0+0xf3/0x470 [ 15.913734] ? __pfx_vfs_read+0x10/0x10 [ 15.913751] ? mutex_lock+0x81/0xe0 [ 15.913766] ? __pfx_mutex_lock+0x10/0x10 [ 15.913782] ? __rseq_handle_notify_resume+0x4c4/0xac0 [ 15.913802] ? fdget_pos+0x24d/0x4b0 [ 15.913829] ksys_read+0xf7/0x1c0 [ 15.913850] ? __pfx_ksys_read+0x10/0x10 [ 15.913877] do_syscall_64+0xa4/0x290 [ 15.913917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 15.913981] RIP: 0033:0x45c982 [ 15.914171] Code: 08 0f 85 71 ea ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 55 48 89 e5 [ 15.914239] RSP: 002b:00007f4b2b2cb0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 15.914315] RAX: ffffffffffffffda RBX: 00007f4b2b2cc6c0 RCX: 000000000045c982 [ 15.914352] RDX: 0000000000000fff RSI: 00007f4b2b2cb220 RDI: 0000000000000014 [ 15.914382] RBP: 00007f4b2b2cb100 R08: 0000000000000000 R09: 0000000000000000 [ 15.914413] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 15.914445] R13: ffffffffffffffd0 R14: 0000000000000000 R15: 00007ffd386450c0 [ 15.914483] </TASK> [ 15.914533] [ 15.916812] Allocated by task 78: [ 15.916975] kasan_save_stack+0x30/0x50 [ 15.917047] kasan_save_track+0x14/0x30 [ 15.917105] __kasan_kmalloc+0x8f/0xa0 [ 15.917162] atm_mpoa_add_qos+0x1bb/0x3c0 [ 15.917220] parse_qos.cold+0x73/0x7d [ 15.917276] proc_mpc_write+0xf4/0x150 [ 15.917331] proc_reg_write+0x1ab/0x270 [ 15.917379] vfs_write+0x1ce/0xd30 [ 15.917431] ksys_write+0xf7/0x1c0 [ 15.917476] do_syscall_64+0xa4/0x290 [ 15.917523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 15.917586] [ 15.917628] Freed by task 78: [ 15.917665] kasan_save_stack+0x30/0x50 [ 15.917714] kasan_save_track+0x14/0x30 [ 15.917762] kasan_save_free_info+0x3b/0x70 [ 15.917811] __kasan_slab_free+0x3e/0x50 [ 15.918058] kfree+0x121/0x340 [ 15.918135] atm_mpoa_delete_qos+0xad/0xd0 [ 15.918196] parse_qos+0x1e5/0x1f0 [ 15.918339] proc_mpc_write+0xf4/0x150 [ 15.918438] proc_reg_write+0x1ab/0x270 [ 15.918494] vfs_write+0x1ce/0xd30 [ 15.918538] ksys_write+0xf7/0x1c0 [ 15.918589] do_syscall_64+0xa4/0x290 [ 15.918634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 15.918694] [ 15.918751] The buggy address belongs to the object at ffff888007517380 [ 15.918751] which belongs to the cache kmalloc-96 of size 96 [ 15.918911] The buggy address is located 0 bytes inside of [ 15.918911] freed 96-byte region [ffff888007517380, ffff8880075173e0) [ 15.919027] [ 15.919101] The buggy address belongs to the physical page: [ 15.919416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888007517300 pfn:0x7517 [ 15.919679] anon flags: 0x100000000000000(node=0|zone=1) [ 15.920064] page_type: f5(slab) [ 15.920361] raw: 0100000000000000 ffff888006c41280 0000000000000000 dead000000000001 [ 15.920460] raw: ffff888007517300 0000000080200007 00000000f5000000 0000000000000000 [ 15.920577] page dumped because: kasan: bad access detected [ 15.920634] [ 15.920663] Memory state around the buggy address: [ 15.920860] ffff888007517280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.920944] ffff888007517300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921017] >ffff888007517380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921088] ^ [ 15.921163] ffff888007517400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921222] ffff888007517480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc Reported-by: Minseong Kim <ii4gsp(a)gmail.com> Closes: https://lore.kernel.org/netdev/CAKrymDR1X3XTX_1ZW3XXXnuYH+kzsnv7Av5uivzR1st… Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Minseong Kim <ii4gsp(a)gmail.com> --- net/atm/mpc.c | 184 ++++++++++++++++++++++++++++++++---------- net/atm/mpc.h | 3 +- net/atm/mpoa_caches.c | 17 ++-- net/atm/mpoa_proc.c | 2 +- 4 files changed, 149 insertions(+), 57 deletions(-) diff --git a/net/atm/mpc.c b/net/atm/mpc.c index f6b447bba329..650081dd82d1 100644 --- a/net/atm/mpc.c +++ b/net/atm/mpc.c @@ -9,6 +9,7 @@ #include <linux/bitops.h> #include <linux/capability.h> #include <linux/seq_file.h> +#include <linux/mutex.h> /* We are an ethernet device */ #include <linux/if_ether.h> @@ -122,6 +123,7 @@ static struct notifier_block mpoa_notifier = { struct mpoa_client *mpcs = NULL; /* FIXME */ static struct atm_mpoa_qos *qos_head = NULL; +static DEFINE_MUTEX(qos_mutex); /* Protect qos_head list */ static DEFINE_TIMER(mpc_timer, mpc_cache_check); @@ -172,67 +174,63 @@ static struct mpoa_client *find_mpc_by_lec(struct net_device *dev) */ /* - * Overwrites the old entry or makes a new one. + * Search for a QoS entry. Caller must hold qos_mutex. + * Returns pointer to entry if found, NULL otherwise. */ -struct atm_mpoa_qos *atm_mpoa_add_qos(__be32 dst_ip, struct atm_qos *qos) +static struct atm_mpoa_qos *__atm_mpoa_search_qos(__be32 dst_ip) { - struct atm_mpoa_qos *entry; - - entry = atm_mpoa_search_qos(dst_ip); - if (entry != NULL) { - entry->qos = *qos; - return entry; - } + struct atm_mpoa_qos *qos = qos_head; - entry = kmalloc(sizeof(struct atm_mpoa_qos), GFP_KERNEL); - if (entry == NULL) { - pr_info("mpoa: out of memory\n"); - return entry; + while (qos) { + if (qos->ipaddr == dst_ip) + return qos; + qos = qos->next; } - - entry->ipaddr = dst_ip; - entry->qos = *qos; - - entry->next = qos_head; - qos_head = entry; - - return entry; + return NULL; } -struct atm_mpoa_qos *atm_mpoa_search_qos(__be32 dst_ip) +/* + * Get a QoS entry by copying its value. + * Caller gets a COPY of qos under lock. + * Returns true if found and copied, false if not found. + * This avoids lifetime issues with the returned pointer. + */ +bool atm_mpoa_get_qos(__be32 dst_ip, struct atm_qos *out) { - struct atm_mpoa_qos *qos; + struct atm_mpoa_qos *q; - qos = qos_head; - while (qos) { - if (qos->ipaddr == dst_ip) - break; - qos = qos->next; - } + if (!out) + return false; - return qos; + mutex_lock(&qos_mutex); + q = __atm_mpoa_search_qos(dst_ip); + if (q) + *out = q->qos; + mutex_unlock(&qos_mutex); + + return q; } /* - * Returns 0 for failure + * Delete a QoS entry from the list. Caller must hold qos_mutex. + * Returns 1 if found and deleted, 0 if not found. */ -int atm_mpoa_delete_qos(struct atm_mpoa_qos *entry) +static int __atm_mpoa_delete_qos_locked(struct atm_mpoa_qos *entry) { struct atm_mpoa_qos *curr; - if (entry == NULL) + if (!entry) return 0; + if (entry == qos_head) { - qos_head = qos_head->next; - kfree(entry); + qos_head = entry->next; return 1; } curr = qos_head; - while (curr != NULL) { + while (curr) { if (curr->next == entry) { curr->next = entry->next; - kfree(entry); return 1; } curr = curr->next; @@ -241,15 +239,107 @@ int atm_mpoa_delete_qos(struct atm_mpoa_qos *entry) return 0; } +/* + * Delete a QoS entry by IP address. + * This is atomic: search+unlink+free happens entirely under lock, + * avoiding the double-free issue with atm_mpoa_delete_qos(atm_mpoa_search_qos(ipaddr)). + */ +int atm_mpoa_delete_qos_by_ip(__be32 dst_ip) +{ + struct atm_mpoa_qos *entry; + int ret = 0; + + mutex_lock(&qos_mutex); + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { + ret = __atm_mpoa_delete_qos_locked(entry); + if (ret) + kfree(entry); + } + mutex_unlock(&qos_mutex); + + return ret; +} + +/* + * Overwrites the old entry or makes a new one. + */ +struct atm_mpoa_qos *atm_mpoa_add_qos(__be32 dst_ip, struct atm_qos *qos) +{ + struct atm_mpoa_qos *entry; + struct atm_mpoa_qos *new; + + /* Fast path: update existing entry */ + mutex_lock(&qos_mutex); + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { + entry->qos = *qos; + mutex_unlock(&qos_mutex); + return entry; + } + mutex_unlock(&qos_mutex); + + /* Allocate outside lock */ + new = kmalloc(sizeof(*new), GFP_KERNEL); + if (!new) + return NULL; + + new->ipaddr = dst_ip; + new->qos = *qos; + + /* Re-check under lock to avoid duplicates */ + mutex_lock(&qos_mutex); + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { + entry->qos = *qos; + mutex_unlock(&qos_mutex); + kfree(new); + return entry; + } + + new->next = qos_head; + qos_head = new; + mutex_unlock(&qos_mutex); + + return new; +} + +/* + * Delete a QoS entry by pointer. + * WARNING: This function is unsafe if called with an entry pointer + * obtained outside of qos_mutex protection. The entry may have been + * freed by another thread between the time the pointer was obtained + * and when this function is called. + * Use atm_mpoa_delete_qos_by_ip() instead for safe deletion by IP address. + * Returns 0 for failure, 1 for success + */ +int atm_mpoa_delete_qos(struct atm_mpoa_qos *entry) +{ + int ret; + + if (!entry) + return 0; + + mutex_lock(&qos_mutex); + ret = __atm_mpoa_delete_qos_locked(entry); + if (ret) + kfree(entry); + mutex_unlock(&qos_mutex); + + return ret; +} + /* this is buggered - we need locking for qos_head */ void atm_mpoa_disp_qos(struct seq_file *m) { struct atm_mpoa_qos *qos; - qos = qos_head; seq_printf(m, "QoS entries for shortcuts:\n"); - seq_printf(m, "IP address\n TX:max_pcr pcr min_pcr max_cdv max_sdu\n RX:max_pcr pcr min_pcr max_cdv max_sdu\n"); + seq_printf(m, "IP address\n TX:max_pcr pcr min_pcr max_cdv max_sdu\n" + " RX:max_pcr pcr min_pcr max_cdv max_sdu\n"); + mutex_lock(&qos_mutex); + qos = qos_head; while (qos != NULL) { seq_printf(m, "%pI4\n %-7d %-7d %-7d %-7d %-7d\n %-7d %-7d %-7d %-7d %-7d\n", &qos->ipaddr, @@ -265,6 +355,7 @@ void atm_mpoa_disp_qos(struct seq_file *m) qos->qos.rxtp.max_sdu); qos = qos->next; } + mutex_unlock(&qos_mutex); } static struct net_device *find_lec_by_itfnum(int itf) @@ -1118,13 +1209,16 @@ static void check_qos_and_open_shortcut(struct k_message *msg, in_cache_entry *entry) { __be32 dst_ip = msg->content.in_info.in_dst_ip; - struct atm_mpoa_qos *qos = atm_mpoa_search_qos(dst_ip); + struct atm_qos tmp_qos; + bool has_qos; eg_cache_entry *eg_entry = client->eg_ops->get_by_src_ip(dst_ip, client); + has_qos = atm_mpoa_get_qos(dst_ip, &tmp_qos); + if (eg_entry && eg_entry->shortcut) { if (eg_entry->shortcut->qos.txtp.traffic_class & msg->qos.txtp.traffic_class & - (qos ? qos->qos.txtp.traffic_class : ATM_UBR | ATM_CBR)) { + (has_qos ? tmp_qos.txtp.traffic_class : ATM_UBR | ATM_CBR)) { if (eg_entry->shortcut->qos.txtp.traffic_class == ATM_UBR) entry->shortcut = eg_entry->shortcut; else if (eg_entry->shortcut->qos.txtp.max_pcr > 0) @@ -1142,9 +1236,9 @@ static void check_qos_and_open_shortcut(struct k_message *msg, /* No luck in the egress cache we must open an ingress SVC */ msg->type = OPEN_INGRESS_SVC; - if (qos && - (qos->qos.txtp.traffic_class == msg->qos.txtp.traffic_class)) { - msg->qos = qos->qos; + if (has_qos && + tmp_qos.txtp.traffic_class == msg->qos.txtp.traffic_class) { + msg->qos = tmp_qos; pr_info("(%s) trying to get a CBR shortcut\n", client->dev->name); } else @@ -1521,8 +1615,10 @@ static void __exit atm_mpoa_cleanup(void) mpc = tmp; } + mutex_lock(&qos_mutex); qos = qos_head; qos_head = NULL; + mutex_unlock(&qos_mutex); while (qos != NULL) { nextqos = qos->next; dprintk("freeing qos entry %p\n", qos); diff --git a/net/atm/mpc.h b/net/atm/mpc.h index 454abd07651a..0536946989ad 100644 --- a/net/atm/mpc.h +++ b/net/atm/mpc.h @@ -47,8 +47,9 @@ struct atm_mpoa_qos { /* MPOA QoS operations */ struct atm_mpoa_qos *atm_mpoa_add_qos(__be32 dst_ip, struct atm_qos *qos); -struct atm_mpoa_qos *atm_mpoa_search_qos(__be32 dst_ip); +bool atm_mpoa_get_qos(__be32 dst_ip, struct atm_qos *out); int atm_mpoa_delete_qos(struct atm_mpoa_qos *qos); +int atm_mpoa_delete_qos_by_ip(__be32 dst_ip); /* Display QoS entries. This is for the procfs */ struct seq_file; diff --git a/net/atm/mpoa_caches.c b/net/atm/mpoa_caches.c index f7a2f0e41105..30c5b10ee562 100644 --- a/net/atm/mpoa_caches.c +++ b/net/atm/mpoa_caches.c @@ -132,7 +132,6 @@ static in_cache_entry *in_cache_add_entry(__be32 dst_ip, static int cache_hit(in_cache_entry *entry, struct mpoa_client *mpc) { - struct atm_mpoa_qos *qos; struct k_message msg; entry->count++; @@ -144,9 +143,8 @@ static int cache_hit(in_cache_entry *entry, struct mpoa_client *mpc) msg.type = SND_MPOA_RES_RQST; msg.content.in_info = entry->ctrl_info; memcpy(msg.MPS_ctrl, mpc->mps_ctrl_addr, ATM_ESA_LEN); - qos = atm_mpoa_search_qos(entry->ctrl_info.in_dst_ip); - if (qos != NULL) - msg.qos = qos->qos; + if (!atm_mpoa_get_qos(entry->ctrl_info.in_dst_ip, &msg.qos)) + memset(&msg.qos, 0, sizeof(msg.qos)); msg_to_mpoad(&msg, mpc); entry->reply_wait = ktime_get_seconds(); entry->entry_state = INGRESS_RESOLVING; @@ -167,9 +165,8 @@ static int cache_hit(in_cache_entry *entry, struct mpoa_client *mpc) msg.type = SND_MPOA_RES_RQST; memcpy(msg.MPS_ctrl, mpc->mps_ctrl_addr, ATM_ESA_LEN); msg.content.in_info = entry->ctrl_info; - qos = atm_mpoa_search_qos(entry->ctrl_info.in_dst_ip); - if (qos != NULL) - msg.qos = qos->qos; + if (!atm_mpoa_get_qos(entry->ctrl_info.in_dst_ip, &msg.qos)) + memset(&msg.qos, 0, sizeof(msg.qos)); msg_to_mpoad(&msg, mpc); entry->reply_wait = ktime_get_seconds(); } @@ -249,7 +246,6 @@ static void clear_count_and_expired(struct mpoa_client *client) static void check_resolving_entries(struct mpoa_client *client) { - struct atm_mpoa_qos *qos; in_cache_entry *entry; time64_t now; struct k_message msg; @@ -283,9 +279,8 @@ static void check_resolving_entries(struct mpoa_client *client) msg.type = SND_MPOA_RES_RTRY; memcpy(msg.MPS_ctrl, client->mps_ctrl_addr, ATM_ESA_LEN); msg.content.in_info = entry->ctrl_info; - qos = atm_mpoa_search_qos(entry->ctrl_info.in_dst_ip); - if (qos != NULL) - msg.qos = qos->qos; + if (!atm_mpoa_get_qos(entry->ctrl_info.in_dst_ip, &msg.qos)) + memset(&msg.qos, 0, sizeof(msg.qos)); msg_to_mpoad(&msg, client); entry->reply_wait = ktime_get_seconds(); } diff --git a/net/atm/mpoa_proc.c b/net/atm/mpoa_proc.c index aaf64b953915..600075c6022e 100644 --- a/net/atm/mpoa_proc.c +++ b/net/atm/mpoa_proc.c @@ -254,7 +254,7 @@ static int parse_qos(const char *buff) if (sscanf(buff, "del %hhu.%hhu.%hhu.%hhu", ip, ip+1, ip+2, ip+3) == 4) { ipaddr = *(__be32 *)ip; - return atm_mpoa_delete_qos(atm_mpoa_search_qos(ipaddr)); + return atm_mpoa_delete_qos_by_ip(ipaddr); } if (sscanf(buff, "add %hhu.%hhu.%hhu.%hhu tx=%d,%d rx=tx", -- 2.39.5 (Apple Git-154)

5 days

1
0
0 0

[PATCH v6.12 0/4] sched: The newidle balance regression

by Ajay Kaher

This series is to backport following patches for v6.12: link: https://lore.kernel.org/lkml/20251107160645.929564468@infradead.org/ Peter Zijlstra (3): sched/fair: Revert max_newidle_lb_cost bump sched/fair: Small cleanup to sched_balance_newidle() sched/fair: Small cleanup to update_newidle_cost() sched/fair: Proportional newidle balance include/linux/sched/topology.h | 3 ++ kernel/sched/core.c | 3 ++ kernel/sched/fair.c | 74 +++++++++++++++++++++++----------- kernel/sched/features.h | 5 +++ kernel/sched/sched.h | 7 ++++ kernel/sched/topology.c | 6 +++ 6 files changed, 75 insertions(+), 23 deletions(-) -- 2.40.4

5 days, 1 hour

2
7
0 0

[PATCH net v2 1/1] atm: mpoa: Fix UAF on qos_head list in procfs

by Minseong Kim

The global QoS list 'qos_head' in net/atm/mpc.c is accessed from the /proc/net/atm/mpc procfs interface without proper synchronization. The read-side seq_file show path (mpc_show() -> atm_mpoa_disp_qos()) walks qos_head without any lock, while the write-side path (proc_mpc_write() -> parse_qos() -> atm_mpoa_delete_qos()) can unlink and kfree() entries immediately. Concurrent read/write therefore leads to a use-after-free. This risk is already called out in-tree: /* this is buggered - we need locking for qos_head */ Fix this by adding a mutex to protect all qos_head list operations. A mutex is used (instead of a spinlock) because atm_mpoa_disp_qos() invokes seq_printf(), which may sleep. KASAN report: ================================================================== [ 15.911538] BUG: KASAN: slab-use-after-free in atm_mpoa_disp_qos+0x202/0x380 [ 15.911988] Read of size 8 at addr ffff888007517380 by task mpoa_uaf_poc/89 [ 15.912123] [ 15.912717] CPU: 0 UID: 0 PID: 89 Comm: mpoa_uaf_poc Not tainted 6.17.8 #1 PREEMPT(voluntary) [ 15.912950] Hardware name: QEMU Ubuntu 25.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.913110] Call Trace: [ 15.913167] <TASK> [ 15.913247] dump_stack_lvl+0x4e/0x70 [ 15.913343] ? atm_mpoa_disp_qos+0x202/0x380 [ 15.913364] print_report+0x174/0x4f6 [ 15.913386] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 15.913412] ? atm_mpoa_disp_qos+0x202/0x380 [ 15.913430] kasan_report+0xce/0x100 [ 15.913453] ? atm_mpoa_disp_qos+0x202/0x380 [ 15.913475] atm_mpoa_disp_qos+0x202/0x380 [ 15.913496] mpc_show+0x575/0x700 [ 15.913515] ? kasan_save_track+0x14/0x30 [ 15.913532] ? __pfx_mpc_show+0x10/0x10 [ 15.913550] ? __pfx_mutex_lock+0x10/0x10 [ 15.913565] ? seq_read_iter+0x697/0x1110 [ 15.913584] seq_read_iter+0x2bc/0x1110 [ 15.913607] seq_read+0x267/0x3d0 [ 15.913623] ? __pfx_seq_read+0x10/0x10 [ 15.913650] proc_reg_read+0x1ab/0x270 [ 15.913669] vfs_read+0x175/0xa10 [ 15.913687] ? do_sys_openat2+0x103/0x170 [ 15.913701] ? kmem_cache_free+0xc4/0x360 [ 15.913718] ? getname_flags.part.0+0xf3/0x470 [ 15.913734] ? __pfx_vfs_read+0x10/0x10 [ 15.913751] ? mutex_lock+0x81/0xe0 [ 15.913766] ? __pfx_mutex_lock+0x10/0x10 [ 15.913782] ? __rseq_handle_notify_resume+0x4c4/0xac0 [ 15.913802] ? fdget_pos+0x24d/0x4b0 [ 15.913829] ksys_read+0xf7/0x1c0 [ 15.913850] ? __pfx_ksys_read+0x10/0x10 [ 15.913877] do_syscall_64+0xa4/0x290 [ 15.913917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 15.913981] RIP: 0033:0x45c982 [ 15.914171] Code: 08 0f 85 71 ea ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 55 48 89 e5 [ 15.914239] RSP: 002b:00007f4b2b2cb0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 15.914315] RAX: ffffffffffffffda RBX: 00007f4b2b2cc6c0 RCX: 000000000045c982 [ 15.914352] RDX: 0000000000000fff RSI: 00007f4b2b2cb220 RDI: 0000000000000014 [ 15.914382] RBP: 00007f4b2b2cb100 R08: 0000000000000000 R09: 0000000000000000 [ 15.914413] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 15.914445] R13: ffffffffffffffd0 R14: 0000000000000000 R15: 00007ffd386450c0 [ 15.914483] </TASK> [ 15.914533] [ 15.916812] Allocated by task 78: [ 15.916975] kasan_save_stack+0x30/0x50 [ 15.917047] kasan_save_track+0x14/0x30 [ 15.917105] __kasan_kmalloc+0x8f/0xa0 [ 15.917162] atm_mpoa_add_qos+0x1bb/0x3c0 [ 15.917220] parse_qos.cold+0x73/0x7d [ 15.917276] proc_mpc_write+0xf4/0x150 [ 15.917331] proc_reg_write+0x1ab/0x270 [ 15.917379] vfs_write+0x1ce/0xd30 [ 15.917431] ksys_write+0xf7/0x1c0 [ 15.917476] do_syscall_64+0xa4/0x290 [ 15.917523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 15.917586] [ 15.917628] Freed by task 78: [ 15.917665] kasan_save_stack+0x30/0x50 [ 15.917714] kasan_save_track+0x14/0x30 [ 15.917762] kasan_save_free_info+0x3b/0x70 [ 15.917811] __kasan_slab_free+0x3e/0x50 [ 15.918058] kfree+0x121/0x340 [ 15.918135] atm_mpoa_delete_qos+0xad/0xd0 [ 15.918196] parse_qos+0x1e5/0x1f0 [ 15.918339] proc_mpc_write+0xf4/0x150 [ 15.918438] proc_reg_write+0x1ab/0x270 [ 15.918494] vfs_write+0x1ce/0xd30 [ 15.918538] ksys_write+0xf7/0x1c0 [ 15.918589] do_syscall_64+0xa4/0x290 [ 15.918634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 15.918694] [ 15.918751] The buggy address belongs to the object at ffff888007517380 [ 15.918751] which belongs to the cache kmalloc-96 of size 96 [ 15.918911] The buggy address is located 0 bytes inside of [ 15.918911] freed 96-byte region [ffff888007517380, ffff8880075173e0) [ 15.919027] [ 15.919101] The buggy address belongs to the physical page: [ 15.919416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888007517300 pfn:0x7517 [ 15.919679] anon flags: 0x100000000000000(node=0|zone=1) [ 15.920064] page_type: f5(slab) [ 15.920361] raw: 0100000000000000 ffff888006c41280 0000000000000000 dead000000000001 [ 15.920460] raw: ffff888007517300 0000000080200007 00000000f5000000 0000000000000000 [ 15.920577] page dumped because: kasan: bad access detected [ 15.920634] [ 15.920663] Memory state around the buggy address: [ 15.920860] ffff888007517280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.920944] ffff888007517300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921017] >ffff888007517380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921088] ^ [ 15.921163] ffff888007517400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921222] ffff888007517480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921313] ================================================================== Reported-by: Minseong Kim <ii4gsp(a)gmail.com> Closes: https://lore.kernel.org/netdev/CAKrymDR1X3XTX_1ZW3XXXnuYH+kzsnv7Av5uivzR1st… Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Minseong Kim <ii4gsp(a)gmail.com> --- net/atm/mpc.c | 117 ++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 85 insertions(+), 32 deletions(-) diff --git a/net/atm/mpc.c b/net/atm/mpc.c index f6b447bba329..c268b5f4a266 100644 --- a/net/atm/mpc.c +++ b/net/atm/mpc.c @@ -9,6 +9,7 @@ #include <linux/bitops.h> #include <linux/capability.h> #include <linux/seq_file.h> +#include <linux/mutex.h> /* We are an ethernet device */ #include <linux/if_ether.h> @@ -122,6 +123,7 @@ static struct notifier_block mpoa_notifier = { struct mpoa_client *mpcs = NULL; /* FIXME */ static struct atm_mpoa_qos *qos_head = NULL; +static DEFINE_MUTEX(qos_mutex); /* Protect qos_head list */ static DEFINE_TIMER(mpc_timer, mpc_cache_check); @@ -171,74 +173,120 @@ static struct mpoa_client *find_mpc_by_lec(struct net_device *dev) * Functions for managing QoS list */ +/* + * Search for a QoS entry. Caller must hold qos_mutex. + * Returns pointer to entry if found, NULL otherwise. + */ +static struct atm_mpoa_qos *__atm_mpoa_search_qos(__be32 dst_ip) +{ + struct atm_mpoa_qos *qos = qos_head; + + while (qos) { + if (qos->ipaddr == dst_ip) + return qos; + qos = qos->next; + } + return NULL; +} + +/* + * Search for a QoS entry. + * WARNING: The returned pointer is not protected. The caller must ensure + * that the entry is not freed while using it, or hold qos_mutex during use. + */ +struct atm_mpoa_qos *atm_mpoa_search_qos(__be32 dst_ip) +{ + struct atm_mpoa_qos *qos; + + mutex_lock(&qos_mutex); + qos = __atm_mpoa_search_qos(dst_ip); + mutex_unlock(&qos_mutex); + + return qos; +} + /* * Overwrites the old entry or makes a new one. */ struct atm_mpoa_qos *atm_mpoa_add_qos(__be32 dst_ip, struct atm_qos *qos) { struct atm_mpoa_qos *entry; + struct atm_mpoa_qos *new; - entry = atm_mpoa_search_qos(dst_ip); - if (entry != NULL) { + /* Fast path: update existing entry */ + mutex_lock(&qos_mutex); + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { entry->qos = *qos; + mutex_unlock(&qos_mutex); return entry; } + mutex_unlock(&qos_mutex); - entry = kmalloc(sizeof(struct atm_mpoa_qos), GFP_KERNEL); - if (entry == NULL) { + /* Allocate outside lock */ + new = kmalloc(sizeof(*new), GFP_KERNEL); + if (!new) { pr_info("mpoa: out of memory\n"); - return entry; + return NULL; } - entry->ipaddr = dst_ip; - entry->qos = *qos; + new->ipaddr = dst_ip; + new->qos = *qos; - entry->next = qos_head; - qos_head = entry; - - return entry; -} - -struct atm_mpoa_qos *atm_mpoa_search_qos(__be32 dst_ip) -{ - struct atm_mpoa_qos *qos; - - qos = qos_head; - while (qos) { - if (qos->ipaddr == dst_ip) - break; - qos = qos->next; + /* Re-check under lock to avoid duplicates */ + mutex_lock(&qos_mutex); + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { + entry->qos = *qos; + mutex_unlock(&qos_mutex); + kfree(new); + return entry; } - return qos; + new->next = qos_head; + qos_head = new; + mutex_unlock(&qos_mutex); + + return new; } /* - * Returns 0 for failure + * Returns 0 for failure, 1 for success */ int atm_mpoa_delete_qos(struct atm_mpoa_qos *entry) { struct atm_mpoa_qos *curr; + int ret = 0; if (entry == NULL) return 0; + + mutex_lock(&qos_mutex); + if (entry == qos_head) { qos_head = qos_head->next; - kfree(entry); - return 1; + ret = 1; + goto out_free; } curr = qos_head; - while (curr != NULL) { + while (curr) { if (curr->next == entry) { curr->next = entry->next; - kfree(entry); - return 1; + ret = 1; + goto out_free; } curr = curr->next; } - return 0; +out: + mutex_unlock(&qos_mutex); + return ret; + +out_free: + mutex_unlock(&qos_mutex); + kfree(entry); + return ret; } /* this is buggered - we need locking for qos_head */ @@ -246,10 +294,12 @@ void atm_mpoa_disp_qos(struct seq_file *m) { struct atm_mpoa_qos *qos; - qos = qos_head; seq_printf(m, "QoS entries for shortcuts:\n"); - seq_printf(m, "IP address\n TX:max_pcr pcr min_pcr max_cdv max_sdu\n RX:max_pcr pcr min_pcr max_cdv max_sdu\n"); + seq_printf(m, "IP address\n TX:max_pcr pcr min_pcr max_cdv max_sdu\n" + " RX:max_pcr pcr min_pcr max_cdv max_sdu\n"); + mutex_lock(&qos_mutex); + qos = qos_head; while (qos != NULL) { seq_printf(m, "%pI4\n %-7d %-7d %-7d %-7d %-7d\n %-7d %-7d %-7d %-7d %-7d\n", &qos->ipaddr, @@ -265,6 +315,7 @@ void atm_mpoa_disp_qos(struct seq_file *m) qos->qos.rxtp.max_sdu); qos = qos->next; } + mutex_unlock(&qos_mutex); } static struct net_device *find_lec_by_itfnum(int itf) @@ -1521,8 +1572,10 @@ static void __exit atm_mpoa_cleanup(void) mpc = tmp; } + mutex_lock(&qos_mutex); qos = qos_head; qos_head = NULL; + mutex_unlock(&qos_mutex); while (qos != NULL) { nextqos = qos->next; dprintk("freeing qos entry %p\n", qos); -- 2.39.5 (Apple Git-154)

5 days, 1 hour

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) variable 'val' is uninitialized when passed as a const pointer arg...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- variable 'val' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] in drivers/staging/rtl8712/rtl8712_cmd.o (drivers/staging/rtl8712/rtl8712_cmd.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:5b83acc62508c670164c5fceb3079a2d7d74e154 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: d5dc97879a97b328a89ec092271faa3db9f2bff3 - tags: v6.12.59 Log excerpt: ===================================================== drivers/staging/rtl8712/rtl8712_cmd.c:148:28: error: variable 'val' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 148 | memcpy(pcmd->rsp, (u8 *)&val, pcmd->rspsz); | ^~~ 1 error generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig on (arm64): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-arm64-allmodconfig-6924331af5b87… - dashboard: https://d.kernelci.org/build/maestro:6924331af5b8743b1f5e538f ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-arm-allmodconfig-69243317f5b8743… - dashboard: https://d.kernelci.org/build/maestro:69243317f5b8743b1f5e538c ## i386_defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (i386): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-i386-allmodconfig-69243353f5b874… - dashboard: https://d.kernelci.org/build/maestro:69243353f5b8743b1f5e53bf ## x86_64_defconfig+allmodconfig on (x86_64): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-x86-allmodconfig-69243323f5b8743… - dashboard: https://d.kernelci.org/build/maestro:69243323f5b8743b1f5e5395 #kernelci issue maestro:5b83acc62508c670164c5fceb3079a2d7d74e154 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

5 days, 4 hours

4
7
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror