Ubuntu
linux package

Comment 14 for bug 1824981

Revision history for this message

Christoph Probst (christophprobst) wrote on 2019-04-29:

#14

Oh no. Had a strcat buffer overflow with 4.15.0-48-generic. Issue is NOT solved.

Apr 29 19:29:00 kernel: [78713.491646] detected buffer overflow in strcat
Apr 29 19:29:00 kernel: [78713.491685] ------------[ cut here ]------------
Apr 29 19:29:00 kernel: [78713.491686] kernel BUG at /build/linux-fkZVDM/linux-4.15.0/lib/string.c:1052!
Apr 29 19:29:00 kernel: [78713.491709] invalid opcode: 0000 [#1] SMP PTI
Apr 29 19:29:00 kernel: [78713.491721] Modules linked in: ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs mpt3sas raid_class scsi_transport_sas mptctl mptbase cmac arc4 md4 nls_utf8 cifs ccm fscache dell_rbu bonding nls_iso8859_1 intel_rapl skx_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm joydev input_leds dell_smbios irqbypass dcdbas intel_cstate intel_rapl_perf ipmi_ssif wmi_bmof dell_wmi_descriptor shpchp mei_me lpc_ich ipmi_si ipmi_devintf ipmi_msghandler mei mac_hid acpi_power_meter sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 multipath linear hid_generic crct10dif_pclmul mgag200 crc32_pclmul i2c_algo_bit
Apr 29 19:29:00 kernel: [78713.491911] ghash_clmulni_intel usbhid ttm pcbc drm_kms_helper aesni_intel syscopyarea hid sysfillrect aes_x86_64 bnx2x crypto_simd sysimgblt glue_helper ptp fb_sys_fops cryptd pps_core uas drm mdio ahci megaraid_sas usb_storage libcrc32c libahci wmi
Apr 29 19:29:00 kernel: [78713.491975] CPU: 24 PID: 2242 Comm: perl Not tainted 4.15.0-48-generic #51-Ubuntu
Apr 29 19:29:00 kernel: [78713.491993] Hardware name: Dell Inc. PowerEdge R740/0923K0, BIOS 1.6.11 11/20/2018
Apr 29 19:29:00 kernel: [78713.492014] RIP: 0010:fortify_panic+0x13/0x22
Apr 29 19:29:00 kernel: [78713.492027] RSP: 0018:ffffbb8b35b07940 EFLAGS: 00010286
Apr 29 19:29:00 kernel: [78713.492041] RAX: 0000000000000022 RBX: 0000000000000004 RCX: 0000000000000000
Apr 29 19:29:00 kernel: [78713.492058] RDX: 0000000000000000 RSI: ffff91acc0b16498 RDI: ffff91acc0b16498
Apr 29 19:29:00 kernel: [78713.492074] RBP: ffffbb8b35b07940 R08: 0000000000000000 R09: 0000000000000681
Apr 29 19:29:00 kernel: [78713.492090] R10: ffffbb8b35b079f0 R11: 00000000ffffffff R12: ffff91a0d3461e50
Apr 29 19:29:00 kernel: [78713.492106] R13: 0000000000000001 R14: 0000000000000003 R15: ffff91c0acd1ac00
Apr 29 19:29:00 kernel: [78713.492123] FS: 000014ed8f19ffc0(0000) GS:ffff91acc0b00000(0000) knlGS:0000000000000000
Apr 29 19:29:00 kernel: [78713.492141] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 29 19:29:00 kernel: [78713.492155] CR2: 000014ed8e3ff110 CR3: 0000000423a5c001 CR4: 00000000007606e0
Apr 29 19:29:00 kernel: [78713.492171] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Apr 29 19:29:00 kernel: [78713.492187] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Apr 29 19:29:00 kernel: [78713.492203] PKRU: 55555554
Apr 29 19:29:00 kernel: [78713.492210] Call Trace:
Apr 29 19:29:00 kernel: [78713.492241] smb21_set_oplock_level+0x147/0x1a0 [cifs]
Apr 29 19:29:00 kernel: [78713.492265] smb3_set_oplock_level+0x22/0x90 [cifs]
Apr 29 19:29:00 kernel: [78713.492285] smb2_set_fid+0x76/0xb0 [cifs]
Apr 29 19:29:00 kernel: [78713.492303] cifs_new_fileinfo+0x259/0x390 [cifs]
Apr 29 19:29:00 kernel: [78713.492321] ? smb2_get_lease_key+0x40/0x40 [cifs]
Apr 29 19:29:00 kernel: [78713.492338] ? cifs_new_fileinfo+0x259/0x390 [cifs]
Apr 29 19:29:00 kernel: [78713.492355] cifs_open+0x3db/0x8d0 [cifs]
Apr 29 19:29:00 kernel: [78713.492370] do_dentry_open+0x1c2/0x310
Apr 29 19:29:00 kernel: [78713.492384] ? cifs_uncached_writev_complete+0x3f0/0x3f0 [cifs]
Apr 29 19:29:00 kernel: [78713.492399] ? do_dentry_open+0x1c2/0x310
Apr 29 19:29:00 kernel: [78713.492411] ? __inode_permission+0x5b/0x160
Apr 29 19:29:00 kernel: [78713.492427] ? cifs_uncached_writev_complete+0x3f0/0x3f0 [cifs]
Apr 29 19:29:00 kernel: [78713.492441] vfs_open+0x4f/0x80
Apr 29 19:29:00 kernel: [78713.492451] path_openat+0x66e/0x1770
Apr 29 19:29:00 kernel: [78713.492464] ? mem_cgroup_commit_charge+0x82/0x530
Apr 29 19:29:00 kernel: [78713.492477] do_filp_open+0x9b/0x110
Apr 29 19:29:00 kernel: [78713.492489] ? _cond_resched+0x19/0x40
Apr 29 19:29:00 kernel: [78713.493055] ? __kmalloc+0x19b/0x220
Apr 29 19:29:00 kernel: [78713.493574] ? security_prepare_creds+0x9c/0xc0
Apr 29 19:29:00 kernel: [78713.494088] do_open_execat+0x7e/0x1e0
Apr 29 19:29:00 kernel: [78713.494595] ? prepare_creds+0xd5/0x110
Apr 29 19:29:00 kernel: [78713.495095] ? do_open_execat+0x7e/0x1e0
Apr 29 19:29:00 kernel: [78713.495590] do_execveat_common.isra.34+0x1c7/0x810
Apr 29 19:29:00 kernel: [78713.496074] SyS_execve+0x31/0x40
Apr 29 19:29:00 kernel: [78713.496542] do_syscall_64+0x73/0x130
Apr 29 19:29:00 kernel: [78713.496997] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
Apr 29 19:29:00 kernel: [78713.497443] RIP: 0033:0x14ed8e4c2e37
Apr 29 19:29:00 kernel: [78713.497869] RSP: 002b:00007fff2f69b008 EFLAGS: 00000202 ORIG_RAX: 000000000000003b
Apr 29 19:29:00 kernel: [78713.498295] RAX: ffffffffffffffda RBX: 000055f4354b9be0 RCX: 000014ed8e4c2e37
Apr 29 19:29:00 kernel: [78713.498711] RDX: 000055f429d70cf0 RSI: 000055f4354b9be0 RDI: 000055f434e0b1b0
Apr 29 19:29:00 kernel: [78713.499111] RBP: 00007fff2f69b0a0 R08: 00007fff2f69b0c0 R09: 000014ed8e9e92b0
Apr 29 19:29:00 kernel: [78713.499500] R10: 0000000000000008 R11: 0000000000000202 R12: 000055f429d70cf0
Apr 29 19:29:00 kernel: [78713.499876] R13: 000055f42971bc00 R14: 000055f4353076f0 R15: 000055f434e0b1b0
Apr 29 19:29:00 kernel: [78713.500248] Code: e0 4c 89 e2 e8 41 6a 00 00 42 c6 04 20 00 48 89 d8 5b 41 5c 5d c3 0f 0b 55 48 89 fe 48 c7 c7 c8 90 7a 8d 48 89 e5 e8 0f 5c 76 ff <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 55 31 c9 48 89 fa
Apr 29 19:29:00 kernel: [78713.501047] RIP: fortify_panic+0x13/0x22 RSP: ffffbb8b35b07940
Apr 29 19:29:00 kernel: [78713.501459] ---[ end trace 111788531b53b6f2 ]---

Oh no. Had a strcat buffer overflow with 4.15.0-48-generic. Issue is NOT solved.

Apr 29 19:29:00 kernel: [78713.491646] detected buffer overflow in strcat
Apr 29 19:29:00 kernel: [78713.491685] ------------[ cut here ]------------
Apr 29 19:29:00 kernel: [78713.491686] kernel BUG at /build/linux-fkZVDM/linux-4.15.0/lib/string.c:1052!
Apr 29 19:29:00 kernel: [78713.491709] invalid opcode: 0000 [#1] SMP PTI
Apr 29 19:29:00 kernel: [78713.491721] Modules linked in: ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs mpt3sas raid_class scsi_transport_sas mptctl mptbase cmac arc4 md4 nls_utf8 cifs ccm fscache dell_rbu bonding nls_iso8859_1 intel_rapl skx_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm joydev input_leds dell_smbios irqbypass dcdbas intel_cstate intel_rapl_perf ipmi_ssif wmi_bmof dell_wmi_descriptor shpchp mei_me lpc_ich ipmi_si ipmi_devintf ipmi_msghandler mei mac_hid acpi_power_meter sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 multipath linear hid_generic crct10dif_pclmul mgag200 crc32_pclmul i2c_algo_bit
Apr 29 19:29:00 kernel: [78713.491911]  ghash_clmulni_intel usbhid ttm pcbc drm_kms_helper aesni_intel syscopyarea hid sysfillrect aes_x86_64 bnx2x crypto_simd sysimgblt glue_helper ptp fb_sys_fops cryptd pps_core uas drm mdio ahci megaraid_sas usb_storage libcrc32c libahci wmi
Apr 29 19:29:00 kernel: [78713.491975] CPU: 24 PID: 2242 Comm: perl Not tainted 4.15.0-48-generic #51-Ubuntu
Apr 29 19:29:00 kernel: [78713.491993] Hardware name: Dell Inc. PowerEdge R740/0923K0, BIOS 1.6.11 11/20/2018
Apr 29 19:29:00 kernel: [78713.492014] RIP: 0010:fortify_panic+0x13/0x22
Apr 29 19:29:00 kernel: [78713.492027] RSP: 0018:ffffbb8b35b07940 EFLAGS: 00010286
Apr 29 19:29:00 kernel: [78713.492041] RAX: 0000000000000022 RBX: 0000000000000004 RCX: 0000000000000000
Apr 29 19:29:00 kernel: [78713.492058] RDX: 0000000000000000 RSI: ffff91acc0b16498 RDI: ffff91acc0b16498
Apr 29 19:29:00 kernel: [78713.492074] RBP: ffffbb8b35b07940 R08: 0000000000000000 R09: 0000000000000681
Apr 29 19:29:00 kernel: [78713.492090] R10: ffffbb8b35b079f0 R11: 00000000ffffffff R12: ffff91a0d3461e50
Apr 29 19:29:00 kernel: [78713.492106] R13: 0000000000000001 R14: 0000000000000003 R15: ffff91c0acd1ac00
Apr 29 19:29:00 kernel: [78713.492123] FS:  000014ed8f19ffc0(0000) GS:ffff91acc0b00000(0000) knlGS:0000000000000000
Apr 29 19:29:00 kernel: [78713.492141] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 29 19:29:00 kernel: [78713.492155] CR2: 000014ed8e3ff110 CR3: 0000000423a5c001 CR4: 00000000007606e0
Apr 29 19:29:00 kernel: [78713.492171] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Apr 29 19:29:00 kernel: [78713.492187] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Apr 29 19:29:00 kernel: [78713.492203] PKRU: 55555554
Apr 29 19:29:00 kernel: [78713.492210] Call Trace:
Apr 29 19:29:00 kernel: [78713.492241]  smb21_set_oplock_level+0x147/0x1a0 [cifs]
Apr 29 19:29:00 kernel: [78713.492265]  smb3_set_oplock_level+0x22/0x90 [cifs]
Apr 29 19:29:00 kernel: [78713.492285]  smb2_set_fid+0x76/0xb0 [cifs]
Apr 29 19:29:00 kernel: [78713.492303]  cifs_new_fileinfo+0x259/0x390 [cifs]
Apr 29 19:29:00 kernel: [78713.492321]  ? smb2_get_lease_key+0x40/0x40 [cifs]
Apr 29 19:29:00 kernel: [78713.492338]  ? cifs_new_fileinfo+0x259/0x390 [cifs]
Apr 29 19:29:00 kernel: [78713.492355]  cifs_open+0x3db/0x8d0 [cifs]
Apr 29 19:29:00 kernel: [78713.492370]  do_dentry_open+0x1c2/0x310
Apr 29 19:29:00 kernel: [78713.492384]  ? cifs_uncached_writev_complete+0x3f0/0x3f0 [cifs]
Apr 29 19:29:00 kernel: [78713.492399]  ? do_dentry_open+0x1c2/0x310
Apr 29 19:29:00 kernel: [78713.492411]  ? __inode_permission+0x5b/0x160
Apr 29 19:29:00 kernel: [78713.492427]  ? cifs_uncached_writev_complete+0x3f0/0x3f0 [cifs]
Apr 29 19:29:00 kernel: [78713.492441]  vfs_open+0x4f/0x80
Apr 29 19:29:00 kernel: [78713.492451]  path_openat+0x66e/0x1770
Apr 29 19:29:00 kernel: [78713.492464]  ? mem_cgroup_commit_charge+0x82/0x530
Apr 29 19:29:00 kernel: [78713.492477]  do_filp_open+0x9b/0x110
Apr 29 19:29:00 kernel: [78713.492489]  ? _cond_resched+0x19/0x40
Apr 29 19:29:00 kernel: [78713.493055]  ? __kmalloc+0x19b/0x220
Apr 29 19:29:00 kernel: [78713.493574]  ? security_prepare_creds+0x9c/0xc0
Apr 29 19:29:00 kernel: [78713.494088]  do_open_execat+0x7e/0x1e0
Apr 29 19:29:00 kernel: [78713.494595]  ? prepare_creds+0xd5/0x110
Apr 29 19:29:00 kernel: [78713.495095]  ? do_open_execat+0x7e/0x1e0
Apr 29 19:29:00 kernel: [78713.495590]  do_execveat_common.isra.34+0x1c7/0x810
Apr 29 19:29:00 kernel: [78713.496074]  SyS_execve+0x31/0x40
Apr 29 19:29:00 kernel: [78713.496542]  do_syscall_64+0x73/0x130
Apr 29 19:29:00 kernel: [78713.496997]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
Apr 29 19:29:00 kernel: [78713.497443] RIP: 0033:0x14ed8e4c2e37
Apr 29 19:29:00 kernel: [78713.497869] RSP: 002b:00007fff2f69b008 EFLAGS: 00000202 ORIG_RAX: 000000000000003b
Apr 29 19:29:00 kernel: [78713.498295] RAX: ffffffffffffffda RBX: 000055f4354b9be0 RCX: 000014ed8e4c2e37
Apr 29 19:29:00 kernel: [78713.498711] RDX: 000055f429d70cf0 RSI: 000055f4354b9be0 RDI: 000055f434e0b1b0
Apr 29 19:29:00 kernel: [78713.499111] RBP: 00007fff2f69b0a0 R08: 00007fff2f69b0c0 R09: 000014ed8e9e92b0
Apr 29 19:29:00 kernel: [78713.499500] R10: 0000000000000008 R11: 0000000000000202 R12: 000055f429d70cf0
Apr 29 19:29:00 kernel: [78713.499876] R13: 000055f42971bc00 R14: 000055f4353076f0 R15: 000055f434e0b1b0
Apr 29 19:29:00 kernel: [78713.500248] Code: e0 4c 89 e2 e8 41 6a 00 00 42 c6 04 20 00 48 89 d8 5b 41 5c 5d c3 0f 0b 55 48 89 fe 48 c7 c7 c8 90 7a 8d 48 89 e5 e8 0f 5c 76 ff <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 55 31 c9 48 89 fa
Apr 29 19:29:00 kernel: [78713.501047] RIP: fortify_panic+0x13/0x22 RSP: ffffbb8b35b07940
Apr 29 19:29:00 kernel: [78713.501459] ---[ end trace 111788531b53b6f2 ]---

Ubuntulinux package

Comment 14 for bug 1824981

Ubuntu
linux package