[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#929366: marked as done (linux-image-4.19.0-5-octeon: usercopy: Kernel memory overwrite attempt detected (in systemd-timedated))

Your message dated Tue, 18 Jun 2019 10:52:03 +0000
with message-id <E1hdBid-00085g-Qc@fasolo.debian.org>
and subject line Bug#929366: fixed in linux 4.19.37-4
has caused the Debian Bug report #929366,
regarding linux-image-4.19.0-5-octeon: usercopy: Kernel memory overwrite attempt detected (in systemd-timedated)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
929366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929366
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: linux
Version: 4.19.37-3
Severity: important
X-Debbugs-Cc: debian-admin@lists.debian.org, debian-mips@lists.debian.org, systemd@packages.debian.org
User: debian-admin@lists.debian.org
Usertags: needed-by-DSA-Team

Hi,

from mips-sil-01.debian.org's syslog:

May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 dbus-daemon[542]: [system] Activating via systemd: service name='org.freedesktop.timedate1' unit='dbus-org.freedesktop.timedate1.service' requested by ':1.12565' (uid=115 pid=561 comm="timedatectl show ")
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 systemd[1]: Starting Time & Date Service...
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: usercopy: Kernel memory overwrite attempt detected to SLUB object 'buffer_head' (offset 8, size 88)!
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Kernel bug detected[#1]:
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: CPU: 0 PID: 563 Comm: (imedated) Not tainted 4.19.0-5-octeon #1 Debian 4.19.37-3
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $ 0   : 0000000000000000 ffffffff82a78f48 0000000000000064 417135fb8ce5871c
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $ 4   : 417135fb8ce5871c 800000002406b678 8000000024074080 ffffffff835b0000
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $ 8   : 0000000000000100 800000020e9a4018 286f666673657420 ffffffff835b0000
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $12   : 0000000000000000 0000000005f5e100 ffffffff835b0000 ffffffff83590b58
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $16   : c000000002400038 0000000000000058 0000000000000000 c000000002400090
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $20   : ffffffff82a2f630 c000000002400000 0000000055d29698 c000000002400038
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $24   : ffffffffffffffff ffffffff82dcc9a0                                  
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $28   : 80000001f9094000 80000001f9097d30 0000000000000000 ffffffff82b71874
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Hi    : 00000000003e7cf8
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Lo    : 72b020c49bf017bb
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: epc   : ffffffff82b71874 usercopy_abort+0x94/0xa0
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: ra    : ffffffff82b71874 usercopy_abort+0x94/0xa0
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Status: 10109ce3   KX SX UX KERNEL EXL IE 
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Cause : 00800024 (ExcCode 09)
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: PrId  : 000d9602 (Cavium Octeon III)
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Modules linked in: mmc_block binfmt_misc ip6t_REJECT nf_reject_ipv6 nf_conntrack_ftp xt_CT nfnetlink_log nft_counter xt_hashlimit ipt_REJECT nf_reject_ipv4 xt_NFLOG xt_multiport xt_tcpudp xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c nft_compat nf_tables nfnetlink sg octeon_mmc mmc_core 8250_of leds_gpio i2c_dev octeon_rng rng_core ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic fscrypto ecb dm_mod ahci_platform libahci_platform libahci ahci_octeon
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Process (imedated) (pid: 563, threadinfo=0000000053386908, task=000000008966de24, tls=00000000771b84a0)
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Stack : 0000000000000058 00000000006080c0 0000000000000000 ffffffff82b50d60
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel:         0000000077d57098 ffffffff82b716c4 80000000240bfb00 80000001f9097df8
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel:         0000000000000058 0000000000000001 8000000187ea86d0 ffffffff82f1f7e4
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel:         0000000000000000 ffffffff832b0000 8000000187ea86c0 0000000077d5a7c8
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel:         0000000000000000 0000000077d30000 0000000077d57098 0000000000000000
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel:         000000007f99ca14 ffffffff82a30784 000000000ef08000 417135fb8ce5871c
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel:         000b000055d29698 000b000055de72f0 0000000055d29698 417135fb8ce5871c
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel:         0000000055dea4c0 0000000055de72f0 0000000077d5a7c8 0000000077d5a73c
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel:         0000000077d30000 0000000077d57098 0000000000000000 ffffffff82943b0c
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel:         0000000000000000 0000000000000001 0000000000000fa0 0000000000000001
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel:         ...
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Call Trace:
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: [<ffffffff82b71874>] usercopy_abort+0x94/0xa0
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: [<ffffffff82b50d60>] __check_heap_object+0x170/0x188
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: [<ffffffff82b716c4>] __check_object_size+0x11c/0x238
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: [<ffffffff82f1f7e4>] bpf_prog_create_from_user+0x94/0x1d8
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: [<ffffffff82a30784>] do_seccomp+0x2a4/0x7a0
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: [<ffffffff82943b0c>] syscall_common+0x18/0x3c
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Code: 00404025  0ca715c4  6484a3c0 <000c000d> 00000000  00000000  67bdfff0  ffbf0008  ffb00000 
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: 
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: ---[ end trace aad06c7e2b036639 ]---
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 systemd[1]: systemd-timedated.service: Main process exited, code=killed, status=11/SEGV
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 systemd[1]: systemd-timedated.service: Failed with result 'signal'.
May 22 11:57:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 systemd[1]: Failed to start Time & Date Service.
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 dbus-daemon[542]: [system] Activating via systemd: service name='org.freedesktop.timedate1' unit='dbus-org.freedesktop.timedate1.service' requested by ':1.12566' (uid=115 pid=1749 comm="timedatectl show ")
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: usercopy: Kernel memory overwrite attempt detected to SLUB object 'buffer_head' (offset 8, size 296)!
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Kernel bug detected[#2]:
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: CPU: 3 PID: 1 Comm: systemd Tainted: G      D           4.19.0-5-octeon #1 Debian 4.19.37-3
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $ 0   : 0000000000000000 ffffffff82a78f48 0000000000000065 417135fb8ce5871c
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $ 4   : 417135fb8ce5871c 80000000240b3678 80000000240bc080 ffffffff835b0000
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $ 8   : 0000000000000129 800000020e9a4018 286f666673657420 ffffffff835b0000
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $12   : 0000000000000000 0000000005f5e100 ffffffff835b0000 ffffffff83590b58
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $16   : c000000002402038 0000000000000128 0000000000000000 c000000002402160
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $20   : 0000000000000128 0000000055df5a50 c000000002402038 0000000055661000
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $24   : ffffffffffffffff ffffffff82dcc9a0                                  
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: $28   : 800000020fdb8000 800000020fdbbc30 0000000000000000 ffffffff82b71874
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Hi    : 0000000000ef31cb
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Lo    : 645a1cac094d320b
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: epc   : ffffffff82b71874 usercopy_abort+0x94/0xa0
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: ra    : ffffffff82b71874 usercopy_abort+0x94/0xa0
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Status: 10109ce3   KX SX UX KERNEL EXL IE 
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: Cause : 00800024 (ExcCode 09)
May 22 11:59:53 mips-sil-01/mips-sil-01/::ffff:86.59.118.146 kernel: PrId  : 000d9602 (Cavium Octeon III)

After that the machine seems to have rebooted.

Cheers,
Julien

--- End Message ---
--- Begin Message --- 
Source: linux
Source-Version: 4.19.37-4

We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 929366@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ben Hutchings <ben@decadent.org.uk> (supplier of updated linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 17 Jun 2019 20:00:22 +0100
Source: linux
Architecture: source
Version: 4.19.37-4
Distribution: unstable
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Closes: 929187 929366 929583
Changes:
 linux (4.19.37-4) unstable; urgency=high
 .
   [ Ben Hutchings ]
   * libbpf: Fix various build bugs:
     - Drop unnecessary changes from "libbpf: add SONAME to shared object"
     - libbpf: Use only 2 components in soversion, matching package name
       (Closes: #929187)
     - libbpf: Build out-of-tree
   * README.source: Document the various makefiles and use of out-of-tree builds
   * [x86] lockdown,sysrq: Enable ALLOW_LOCKDOWN_LIFT_BY_SYSRQ (Closes: #929583)
   * mwifiex: Fix possible buffer overflows at parsing bss descriptor
     (CVE-2019-3846)
   * mwifiex: Abort at too short BSS descriptor element
   * mwifiex: Don't abort on small, spec-compliant vendor IEs
   * mm/mincore.c: make mincore() more conservative (CVE-2019-5489)
   * mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
     (CVE-2019-10126)
   * tcp: limit payload size of sacked skbs (CVE-2019-11477)
   * tcp: tcp_fragment() should apply sane memory limits (CVE-2019-11478)
   * tcp: add tcp_min_snd_mss sysctl (CVE-2019-11479)
   * tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
 .
   [ Romain Perier ]
   * [rt] Update to 4.19.37-rt20:
     - powerpc/pseries/iommu: Use a locallock instead local_irq_save()
     - powerpc: reshuffle TIF bits
     - tty/sysrq: Convert show_lock to raw_spinlock_t
     - drm/i915: Don't disable interrupts independently of the lock
     - sched/completion: Fix a lockup in wait_for_completion()
 .
   [ Salvatore Bonaccorso ]
   * brcmfmac: assure SSID length from firmware is limited (CVE-2019-9500)
   * brcmfmac: add subtype check for event handling in data path
     (CVE-2019-9503)
   * ext4: zero out the unused memory region in the extent tree block
     (CVE-2019-11833)
   * Bluetooth: hidp: fix buffer overflow (CVE-2019-11884)
 .
   [ Aurelien Jarno ]
   * [mips] Correctly bounds check virt_addr_valid (Closes: #929366)
 .
   [ John Paul Adrian Glaubitz ]
   * [sparc64] udeb: Disable suffix for kernel-image
 .
   [ Alper Nebi Yasak ]
   * udeb: input-modules: Include all keyboard driver modules
   * [arm64] udeb: kernel-image: Include cros_ec_spi and SPI drivers
   * [arm64] udeb: kernel-image: Include phy-rockchip-pcie
   * [arm64] udeb: usb-modules: Include phy-rockchip-typec, extcon-usbc-cros-ec
   * [arm64] udeb: mmc-modules: Include phy-rockchip-emmc
   * [arm64] udeb: fb-modules: Include rockchipdrm, panel-simple, pwm_bl and
     pwm-cros-ec
Checksums-Sha1:
 dcf867c9dc110ea87230e9b58630970cfc9ee411 189124 linux_4.19.37-4.dsc
 ded214f43499ae130f9ff7a2972fd7f494ca2568 1241912 linux_4.19.37-4.debian.tar.xz
 9404c2b3d16287bb79b1efec7e87e2a5d073fd55 47317 linux_4.19.37-4_source.buildinfo
Checksums-Sha256:
 dc1b500e98085b5a29c9d3e82daba1d9114e15a159033ae5f50f38a652cd9dc2 189124 linux_4.19.37-4.dsc
 0c68371af4e95eb51af66020fc339fdbdef0c88dfbb6e087224e0515972efeec 1241912 linux_4.19.37-4.debian.tar.xz
 e52e5a1d71abcf1259e8dc408c49b813a03c307104ca7aafeadbe63fdfea4e09 47317 linux_4.19.37-4_source.buildinfo
Files:
 5b632121885d3906853df87d927bbe6f 189124 kernel optional linux_4.19.37-4.dsc
 c076916392da0a3c3aa6f64b8c233323 1241912 kernel optional linux_4.19.37-4.debian.tar.xz
 a4ee5796862e252bb0ed583edb892af9 47317 kernel optional linux_4.19.37-4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl0Iv4AACgkQ57/I7JWG
EQnypA/9FGqDiPSxXbf1ipqOQ7WqsVCwo2m8Dim9XH29FbAnNmqXfyGJZAIpDuIF
opK0NlLXHT/3Tyw2gNlvoofIlk7kBbObLSMm42sBqnPFRpu4QN7U0vh/gfwkFEN6
yb0pjD6F0CbXlauV8eYsGrhg9HbYXYIDzEIcxdPfEgpE4eXx8LDWDU2Q292dHlDC
YYnxQurEypoUxHAMAhgcjcP6ay9M5fMrodC9XbcHzuF3j/iyO8aIu0rjctiyWH6O
LtbUfBhI2cA13+Fy7UVWnh8ahyYVbm8QEb3qXM0URU8oW9VEcRWWXsyM99N0duM2
LCXOpjsPO4kOo2hC7U2/MG/opAh0Lt/An9rnspGoHjV3pi1BljmfUkqT1JVQ7OoG
fSs9+zzjaushpm0yUxhzujc2ViUS/6OixP3pQojuTBgpgkELMgIUOnWj9Zjpt3gF
t8Ne7YGPrpJHKJUJG9TJbfJ77AQm8xR3AlshvTOH5SQGl3Kf8EemsMWpcHcETJbs
cRFELY/B1ug67Upvx+boOJLWPeoZV0pL6JqPj6s/K/YLDFuS2opKJx2HHy8R0rRy
lhEiHLZYw4MACyIce5ejYNQm7iBYRd9nnRMPu8wpg6DpmWoKtUUdv3co2B7REps7
46fgUY/q6wiP6/5zrVtYpA753f2LOmgttdGwUHC+OUlVAVyGcKQ=
=1jQi
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: