Bug#1051643: Info received (Bug#1051643: Acknowledgement (linux-image-6.1.0-11-686-pae: kernel BUG at mm/usercopy.c:101!))
- To: Salvatore Bonaccorso <carnil@debian.org>
- Cc: 1051643@bugs.debian.org
- Subject: Bug#1051643: Info received (Bug#1051643: Acknowledgement (linux-image-6.1.0-11-686-pae: kernel BUG at mm/usercopy.c:101!))
- From: Jiann-Ming Su <sujiannming@gmail.com>
- Date: Mon, 6 Nov 2023 23:36:00 -0500
- Message-id: <[🔎] CADjNMDZgk0w+PxwO++zsTdcNSjuhJmmmO0bc3ZfqXnBzK4tkHg@mail.gmail.com>
- Reply-to: Jiann-Ming Su <sujiannming@gmail.com>, 1051643@bugs.debian.org
- In-reply-to: <CADjNMDZcTYgBe6JxzhxJ8-LAj61OwRytvwciRZWy0rxc0QswMA@mail.gmail.com>
- References: <CADjNMDYDg_i6KCjjQpekfEvxNH5jLuEWoufJe-tPAkk9uTdJPQ@mail.gmail.com> <handler.1051643.B1051643.16944073963045141.ackinfo@bugs.debian.org> <169437926761.29146.16638401201814553472.reportbug@mini1.js1.bogus> <CADjNMDY4yKeQVkJm1svQeOAqsRmjM+zCCN-QV+cOxevgv2Mzzw@mail.gmail.com> <ZP7F5614iOe5xVuw@eldamar.lan> <CADjNMDZcTYgBe6JxzhxJ8-LAj61OwRytvwciRZWy0rxc0QswMA@mail.gmail.com> <169437926761.29146.16638401201814553472.reportbug@mini1.js1.bogus>
and 6.1.0-13-686-pae:
[348871.341900] usercopy: Kernel memory exposure attempt detected from
kmap (offset 1270, size 15114)!
[348871.342021] ------------[ cut here ]------------
[348871.342024] kernel BUG at mm/usercopy.c:101!
[348871.342068] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[348871.342118] CPU: 0 PID: 12867 Comm: http Not tainted
6.1.0-13-686-pae #1 Debian 6.1.55-1
[348871.342186] Hardware name: Apple Computer, Inc.
Macmini1,1/Mac-F4208EC8, BIOS MM11.88Z.0055.B0
8.0610121326 10/12/06
[348871.342259] EIP: usercopy_abort+0x65/0x67
[348871.342302] Code: 44 cb bb b8 af b3 c6 89 4d f0 b9 b6 2a b2 c6 0f
45 cb ff 75 0c ff 75 08 57 52 56
50 ff 75 f0 51 68 58 af b3 c6 e8 40 8d ff ff <0f> 0b 56 31 d2 b8 02 b0
b3 c6 ff 75 ec 8b 4d f0 e8 86
ff ff ff 56
[348871.342423] EAX: 00000056 EBX: c6b3afb8 ECX: 00000001 EDX: 80000001
[348871.342472] ESI: c6b51abc EDI: c6b51abc EBP: c4255c18 ESP: c4255be4
[348871.342520] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010286
[348871.342573] CR0: 80050033 CR2: b776ce90 CR3: 34fe8000 CR4: 000006f0
[348871.342621] Call Trace:
[348871.342649] ? __die_body.cold+0x14/0x1a
[348871.342687] ? __die+0x21/0x26
[348871.342717] ? die+0x28/0x50
[348871.342749] ? do_trap+0xbb/0xe0
[348871.342780] ? do_error_trap+0x4c/0x60
[348871.342814] ? usercopy_abort+0x65/0x67
[348871.342851] ? exc_overflow+0x40/0x40
[348871.342892] ? exc_invalid_op+0x44/0x60
[348871.342929] ? usercopy_abort+0x65/0x67
[348871.342966] ? handle_exception+0x133/0x133
[348871.343009] ? exc_overflow+0x40/0x40
[348871.343046] ? usercopy_abort+0x65/0x67
[348871.343082] ? exc_overflow+0x40/0x40
[348871.343117] ? usercopy_abort+0x65/0x67
[348871.343156] __check_object_size.cold+0xae/0xae
[348871.343199] simple_copy_to_iter+0x1c/0x40
[348871.343237] __skb_datagram_iter+0x163/0x320
[348871.343276] skb_copy_datagram_iter+0x2d/0x80
[348871.343316] ? skb_free_datagram+0x20/0x20
[348871.343353] tcp_recvmsg_locked+0x30e/0x890
[348871.343400] tcp_recvmsg+0x6f/0x1e0
[348871.343437] ? tcp_recv_timestamp+0x240/0x240
[348871.343476] inet_recvmsg+0x54/0x130
[348871.343509] ? security_socket_recvmsg+0x41/0x60
[348871.343553] sock_recvmsg+0x73/0x90
[348871.343589] ? ipip_gso_segment+0x30/0x30
[348871.343625] sock_read_iter+0x84/0xe0
[348871.343664] vfs_read+0x288/0x2c0
[348871.343702] ksys_read+0xab/0xe0
[348871.343734] __ia32_sys_read+0x15/0x20
[348871.343768] __do_fast_syscall_32+0x68/0xb0
[348871.343807] ? fpregs_assert_state_consistent+0x25/0x50
[348871.345275] ? exit_to_user_mode_prepare+0x41/0x1a0
[348871.346746] ? syscall_exit_to_user_mode+0x29/0x40
[348871.348214] ? __do_fast_syscall_32+0x72/0xb0
[348871.349630] ? vfs_write+0x105/0x3c0
[348871.350996] ? debug_smp_processor_id+0x12/0x20
[348871.352388] ? fpregs_assert_state_consistent+0x25/0x50
[348871.353744] ? exit_to_user_mode_prepare+0x41/0x1a0
[348871.355064] ? syscall_exit_to_user_mode+0x29/0x40
[348871.356350] ? __ia32_sys_write+0x15/0x20
[348871.357571] ? __do_fast_syscall_32+0x72/0xb0
[348871.358715] ? fpregs_assert_state_consistent+0x25/0x50
[348871.359832] ? exit_to_user_mode_prepare+0x41/0x1a0
[348871.360933] ? irqentry_exit_to_user_mode+0x16/0x20
[348871.362024] do_fast_syscall_32+0x29/0x60
[348871.363100] do_SYSENTER_32+0x15/0x20
[348871.364153] entry_SYSENTER_32+0x98/0xf1
[348871.365213] EIP: 0xb7f25559
[348871.366273] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01
10 07 03 74 b0 01 10 08 03 74 d8
01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90
8d 76 00 58 b8 77 00 00 00 cd
80 90 8d 76
[348871.368699] EAX: ffffffda EBX: 00000003 ECX: 01a19d4f EDX: 0000f9f1
[348871.369982] ESI: b721cff4 EDI: 00000000 EBP: 01a184e0 ESP: bf9f19c0
[348871.371287] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
[348871.372627] Modules linked in: tls tun xt_tcpudp xt_conntrack
snd_hda_codec_idt snd_hda_codec_gene
ric nf_conntrack ledtrig_audio nf_defrag_ipv6 snd_hda_intel
nf_defrag_ipv4 i915 snd_intel_dspcfg nft_c
ompat drm_buddy nf_tables snd_intel_sdw_acpi drm_display_helper
snd_hda_codec iTCO_wdt cec hid_appleir
intel_pmc_bxt rc_core iTCO_vendor_support coretemp ttm snd_hda_core
kvm_intel snd_hwdep drm_kms_helpe
r watchdog apple_mfi_fastcharge snd_pcm ath5k kvm i2c_algo_bit ath
mac80211 snd_timer snd nfnetlink li
barc4 applesmc soundcore cfg80211 irqbypass rfkill at24 tpm_infineon
pcspkr button acpi_cpufreq sg evd
ev binfmt_misc firewire_sbp2 dm_mod drm efi_pstore dax loop fuse
configfs ip_tables x_tables autofs4 x
fs libcrc32c crc32c_generic hid_generic usbhid hid sd_mod t10_pi
crc64_rocksoft crc64 sr_mod crc_t10di
f cdrom crct10dif_generic crct10dif_common ata_generic ahci libahci
ata_piix libata ehci_pci firewire_
ohci uhci_hcd ehci_hcd scsi_mod firewire_core usbcore video lpc_ich
i2c_i801 crc_itu_t
[348871.372848] sky2 i2c_smbus scsi_common usb_common wmi
[348871.387161] ---[ end trace 0000000000000000 ]---
[348871.389101] EIP: usercopy_abort+0x65/0x67
[348871.390909] Code: 44 cb bb b8 af b3 c6 89 4d f0 b9 b6 2a b2 c6 0f
45 cb ff 75 0c ff 75 08 57 52 56
50 ff 75 f0 51 68 58 af b3 c6 e8 40 8d ff ff <0f> 0b 56 31 d2 b8 02 b0
b3 c6 ff 75 ec 8b 4d f0 e8 86
ff ff ff 56
[348871.394720] EAX: 00000056 EBX: c6b3afb8 ECX: 00000001 EDX: 80000001
[348871.396704] ESI: c6b51abc EDI: c6b51abc EBP: c4255c18 ESP: c4255be4
[348871.398750] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010286
[348871.400770] CR0: 80050033 CR2: b776ce90 CR3: 34fe8000 CR4: 000006f0
[348871.906761] usercopy: Kernel memory exposure attempt detected from
kmap (offset 0, size 16384)!
[348871.909526] ------------[ cut here ]------------
[348871.912263] kernel BUG at mm/usercopy.c:101!
[348871.915017] invalid opcode: 0000 [#2] PREEMPT SMP PTI
[348871.917723] CPU: 0 PID: 12868 Comm: http Tainted: G D
6.1.0-13-686-pae #1 Debian
6.1.55-1
[348871.920501] Hardware name: Apple Computer, Inc.
Macmini1,1/Mac-F4208EC8, BIOS MM11.88Z.0055.B0
8.0610121326 10/12/06
[348871.923306] EIP: usercopy_abort+0x65/0x67
[348871.925735] Code: 44 cb bb b8 af b3 c6 89 4d f0 b9 b6 2a b2 c6 0f
45 cb ff 75 0c ff 75 08 57 52 56
50 ff 75 f0 51 68 58 af b3 c6 e8 40 8d ff ff <0f> 0b 56 31 d2 b8 02 b0
b3 c6 ff 75 ec 8b 4d f0 e8 86
ff ff ff 56
[348871.930596] EAX: 00000053 EBX: c6b3afb8 ECX: 00000001 EDX: 80000001
[348871.933081] ESI: c6b51abc EDI: c6b51abc EBP: c32b9c8c ESP: c32b9c58
[348871.935619] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010286
[348871.938691] CR0: 80050033 CR2: b4822000 CR3: 34ea4000 CR4: 000006f0
[348871.941807] Call Trace:
[348871.944892] ? __die_body.cold+0x14/0x1a
[348871.947983] ? __die+0x21/0x26
[348871.951007] ? die+0x28/0x50
[348871.954065] ? do_trap+0xbb/0xe0
[348871.957124] ? do_error_trap+0x4c/0x60
[348871.959756] ? usercopy_abort+0x65/0x67
[348871.962170] ? exc_overflow+0x40/0x40
[348871.964550] ? exc_invalid_op+0x44/0x60
[348871.966891] ? usercopy_abort+0x65/0x67
[348871.969231] ? handle_exception+0x133/0x133
[348871.971571] ? exc_overflow+0x40/0x40
[348871.973909] ? usercopy_abort+0x65/0x67
[348871.976174] ? exc_overflow+0x40/0x40
[348871.978356] ? usercopy_abort+0x65/0x67
[348871.980506] __check_object_size.cold+0xae/0xae
[348871.982644] simple_copy_to_iter+0x1c/0x40
[348871.984762] __skb_datagram_iter+0x163/0x320
[348871.986840] skb_copy_datagram_iter+0x2d/0x80
[348871.988872] ? skb_free_datagram+0x20/0x20
[348871.990861] tcp_recvmsg_locked+0x30e/0x890
[348871.992810] tcp_recvmsg+0x6f/0x1e0
[348871.994703] ? tcp_recv_timestamp+0x240/0x240
[348871.996551] inet_recvmsg+0x54/0x130
[348871.998348] ? security_socket_recvmsg+0x41/0x60
[348872.000109] sock_recvmsg+0x73/0x90
[348872.001823] ? ipip_gso_segment+0x30/0x30
[348872.003530] sock_read_iter+0x84/0xe0
[348872.005232] vfs_read+0x288/0x2c0
[348872.006858] ksys_read+0xab/0xe0
[348872.008402] __ia32_sys_read+0x15/0x20
[348872.009908] __do_fast_syscall_32+0x68/0xb0
[348872.011400] ? __this_cpu_preempt_check+0xf/0x11
[348872.012880] ? fpregs_restore_userregs+0x4d/0xd0
[348872.014344] ? switch_fpu_return+0xd/0x10
[348872.015770] ? exit_to_user_mode_prepare+0x14d/0x1a0
[348872.017178] ? syscall_exit_to_user_mode+0x29/0x40
[348872.018584] ? __do_fast_syscall_32+0x72/0xb0
[348872.019987] ? irqentry_exit_to_user_mode+0x16/0x20
[348872.021366] do_fast_syscall_32+0x29/0x60
[348872.022710] do_SYSENTER_32+0x15/0x20
[348872.024011] entry_SYSENTER_32+0x98/0xf1
[348872.025240] EIP: 0xb7f7a559
[348872.026388] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01
10 07 03 74 b0 01 10 08 03 74 d8
01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90
8d 76 00 58 b8 77 00 00 00 cd
80 90 8d 76
[348872.028871] EAX: ffffffda EBX: 00000003 ECX: 0055db56 EDX: 0000ff9a
[348872.030151] ESI: b721cff4 EDI: 00000000 EBP: 0055caf0 ESP: bfb09e10
[348872.031436] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
[348872.032725] Modules linked in: tls tun xt_tcpudp xt_conntrack
snd_hda_codec_idt snd_hda_codec_gene
ric nf_conntrack ledtrig_audio nf_defrag_ipv6 snd_hda_intel
nf_defrag_ipv4 i915 snd_intel_dspcfg nft_c
ompat drm_buddy nf_tables snd_intel_sdw_acpi drm_display_helper
snd_hda_codec iTCO_wdt cec hid_appleir
intel_pmc_bxt rc_core iTCO_vendor_support coretemp ttm snd_hda_core
kvm_intel snd_hwdep drm_kms_helpe
r watchdog apple_mfi_fastcharge snd_pcm ath5k kvm i2c_algo_bit ath
mac80211 snd_timer snd nfnetlink li
barc4 applesmc soundcore cfg80211 irqbypass rfkill at24 tpm_infineon
pcspkr button acpi_cpufreq sg evd
ev binfmt_misc firewire_sbp2 dm_mod drm efi_pstore dax loop fuse
configfs ip_tables x_tables autofs4 x
fs libcrc32c crc32c_generic hid_generic usbhid hid sd_mod t10_pi
crc64_rocksoft crc64 sr_mod crc_t10di
f cdrom crct10dif_generic crct10dif_common ata_generic ahci libahci
ata_piix libata ehci_pci firewire_
ohci uhci_hcd ehci_hcd scsi_mod firewire_core usbcore video lpc_ich
i2c_i801 crc_itu_t
[348872.032945] sky2 i2c_smbus scsi_common usb_common wmi
[348872.047003] ---[ end trace 0000000000000000 ]---
[348872.048977] EIP: usercopy_abort+0x65/0x67
[348872.050720] Code: 44 cb bb b8 af b3 c6 89 4d f0 b9 b6 2a b2 c6 0f
45 cb ff 75 0c ff 75 08 57 52 56
50 ff 75 f0 51 68 58 af b3 c6 e8 40 8d ff ff <0f> 0b 56 31 d2 b8 02 b0
b3 c6 ff 75 ec 8b 4d f0 e8 86
ff ff ff 56
[348872.054483] EAX: 00000056 EBX: c6b3afb8 ECX: 00000001 EDX: 80000001
[348872.056446] ESI: c6b51abc EDI: c6b51abc EBP: c4255c18 ESP: c4255be4
[348872.058398] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010286
[348872.060380] CR0: 80050033 CR2: b4822000 CR3: 34ea4000 CR4: 000006f0
On Tue, Sep 12, 2023 at 11:08 AM Jiann-Ming Su <sujiannming@gmail.com> wrote:
>
> I spoke too soon... it's happening on 6.1.0-12-686 as well:
>
> # apt-get update
> Get:1 http://security.debian.org/debian-security bookworm-security/updates InRelease [48.0 kB]
> 0% [Waiting for headers] [1 InRelease 0 B/48.0 kB 0%]
> Message from syslogd@mini1 at Sep 12 11:07:33 ...
> kernel:[123507.826321] usercopy: Kernel memory exposure attempt detected from kmap (offset 0, size 16384)!
> Hit:2 http://ftp.us.debian.org/debian bookworm InRelease
> Get:3 http://ftp.us.debian.org/debian bookworm-updates InRelease [52.1 kB]
> 0% [3 InRelease 0 B/52.1 kB 0%] [1 InRelease 0 B/48.0 kB 0%]
> Message from syslogd@mini1 at Sep 12 11:07:33 ...
> kernel:[123508.220983] usercopy: Kernel memory exposure attempt detected from kmap (offset 0, size 16384)!
>
> [123452.464498] ------------[ cut here ]------------
> [123452.464530] kernel BUG at mm/usercopy.c:101!
> [123452.464566] invalid opcode: 0000 [#1] PREEMPT SMP
> [123452.464606] CPU: 1 PID: 7495 Comm: http Not tainted 6.1.0-12-686 #1 Debian 6.1.52-1
> [123452.464653] Hardware name: Apple Computer, Inc. Macmini1,1/Mac-F4208EC8, BIOS MM11.88Z.0055.B08.0610121326 10/12/06
> [123452.464729] EIP: usercopy_abort+0x65/0x67
> [123452.464772] Code: 44 cb bb d8 d9 b1 cc 89 4d f0 b9 12 55 b0 cc 0f 45 cb ff 75 0c ff 75 08 57 52 56 50 ff 75 f0 51 68 78 d9 b1 cc e8 8a 8e ff ff <0f> 0b 56 31 d2 b8 22 da b1 cc ff 75 ec 8b 4d f0 e8 86 ff ff ff 56
> [123452.464886] EAX: 00000052 EBX: ccb1d9d8 ECX: 00000001 EDX: 00000001
> [123452.464930] ESI: ccb3449c EDI: ccb3449c EBP: c349fce0 ESP: c349fcac
> [123452.464974] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010246
> [123452.465024] CR0: 80050033 CR2: 01be6000 CR3: 0e3d2000 CR4: 000006d0
> [123452.465068] Call Trace:
> [123452.465093] ? __die_body.cold+0x14/0x1a
> [123452.465126] ? __die+0x21/0x26
> [123452.465152] ? die+0x28/0x50
> [123452.465179] ? do_trap+0xbb/0xe0
> [123452.465206] ? do_error_trap+0x4c/0x60
> [123452.465235] ? usercopy_abort+0x65/0x67
> [123452.465271] ? exc_overflow+0x40/0x40
> [123452.465303] ? exc_invalid_op+0x44/0x60
> [123452.465338] ? usercopy_abort+0x65/0x67
> [123452.465372] ? handle_exception+0x133/0x133
> [123452.465409] ? up_read+0x7b/0x80
> [123452.465436] ? exc_overflow+0x40/0x40
> [123452.465467] ? usercopy_abort+0x65/0x67
> [123452.465501] ? exc_overflow+0x40/0x40
> [123452.465532] ? usercopy_abort+0x65/0x67
> [123452.465565] __check_object_size.cold+0xae/0xae
> [123452.465605] ? kmap_high+0x6f/0x1f0
> [123452.465639] simple_copy_to_iter+0x1c/0x40
> [123452.465670] __skb_datagram_iter+0x163/0x320
> [123452.465703] skb_copy_datagram_iter+0x2d/0x80
> [123452.465738] ? skb_free_datagram+0x20/0x20
> [123452.465768] tcp_recvmsg_locked+0x30e/0x890
> [123452.465806] tcp_recvmsg+0x6f/0x1e0
> [123452.465839] ? tcp_recv_timestamp+0x240/0x240
> [123452.465876] inet_recvmsg+0x54/0x130
> [123452.465906] ? security_socket_recvmsg+0x41/0x60
> [123452.465942] sock_recvmsg+0x73/0x90
> [123452.465978] ? ipip_gso_segment+0x30/0x30
> [123452.466015] sock_read_iter+0x84/0xe0
> [123452.466050] vfs_read+0x288/0x2c0
> [123452.466083] ksys_read+0xab/0xe0
> [123452.466110] __ia32_sys_read+0x15/0x20
> [123452.466138] __do_fast_syscall_32+0x68/0xb0
> [123452.466171] ? syscall_exit_to_user_mode+0x29/0x40
> [123452.466205] ? __do_fast_syscall_32+0x72/0xb0
> [123452.466237] ? exit_to_user_mode_prepare+0x14d/0x1a0
> [123452.466273] ? sysvec_reboot+0x30/0x30
> [123452.466302] do_fast_syscall_32+0x29/0x60
> [123452.466334] do_SYSENTER_32+0x15/0x20
> [123452.466369] entry_SYSENTER_32+0x98/0xf1
> [123452.466399] EIP: 0xb7f3d559
> [123452.466425] Code: 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
> [123452.466530] EAX: ffffffda EBX: 00000003 ECX: 01be5df0 EDX: 00010000
> [123452.466573] ESI: b778eff4 EDI: 00000000 EBP: 01be4bb0 ESP: bf8d9b50
> [123452.466617] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
> [123452.466670] Modules linked in: tls tun ath5k i915 ath snd_hda_codec_idt mac80211 snd_hda_codec_generic drm_buddy ledtrig_audio drm_display_helper libarc4 snd_hda_intel cec snd_intel_dspcfg kvm_intel snd_intel_sdw_acpi rc_core cfg80211 snd_hda_codec ttm kvm iTCO_wdt intel_pmc_bxt iTCO_vendor_support snd_hda_core watchdog applesmc snd_hwdep drm_kms_helper at24 snd_pcm xt_tcpudp irqbypass i2c_algo_bit snd_timer pcspkr xt_conntrack rng_core snd fb_sys_fops rfkill nf_conntrack syscopyarea soundcore sysfillrect sysimgblt nf_defrag_ipv6 tpm_infineon nf_defrag_ipv4 button acpi_cpufreq nft_compat apple_mfi_fastcharge evdev nf_tables sg nfnetlink binfmt_misc drm loop fuse efi_pstore dm_mod configfs ip_tables x_tables autofs4 xfs libcrc32c crc32c_generic hid_apple hid_appleir hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 sr_mod crc_t10dif cdrom crct10dif_generic crct10dif_common ata_generic ata_piix ahci libahci libata firewire_ohci scsi_mod firewire_core ehci_pci i2c_i801 i2c_smbus
> [123452.466844] scsi_common lpc_ich uhci_hcd ehci_hcd crc_itu_t sky2 usbcore usb_common video wmi
> [123452.467367] ---[ end trace 0000000000000000 ]---
> [123452.467409] EIP: usercopy_abort+0x65/0x67
> [123452.467449] Code: 44 cb bb d8 d9 b1 cc 89 4d f0 b9 12 55 b0 cc 0f 45 cb ff 75 0c ff 75 08 57 52 56 50 ff 75 f0 51 68 78 d9 b1 cc e8 8a 8e ff ff <0f> 0b 56 31 d2 b8 22 da b1 cc ff 75 ec 8b 4d f0 e8 86 ff ff ff 56
> [123452.467578] EAX: 00000052 EBX: ccb1d9d8 ECX: 00000001 EDX: 00000001
> [123452.467621] ESI: ccb3449c EDI: ccb3449c EBP: c349fce0 ESP: c349fcac
> [123452.470914] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010246
> [123452.474151] CR0: 80050033 CR2: 01be6000 CR3: 0e3d2000 CR4: 000006d0
> [123452.491067] usercopy: Kernel memory exposure attempt detected from kmap (offset 0, size 16384)!
> [123452.494366] ------------[ cut here ]------------
> [123452.497541] kernel BUG at mm/usercopy.c:101!
> [123452.500755] invalid opcode: 0000 [#2] PREEMPT SMP
> [123452.503769] CPU: 0 PID: 7496 Comm: http Tainted: G D 6.1.0-12-686 #1 Debian 6.1.52-1
> [123452.506882] Hardware name: Apple Computer, Inc. Macmini1,1/Mac-F4208EC8, BIOS MM11.88Z.0055.B08.0610121326 10/12/06
> [123452.510050] EIP: usercopy_abort+0x65/0x67
> [123452.513156] Code: 44 cb bb d8 d9 b1 cc 89 4d f0 b9 12 55 b0 cc 0f 45 cb ff 75 0c ff 75 08 57 52 56 50 ff 75 f0 51 68 78 d9 b1 cc e8 8a 8e ff ff <0f> 0b 56 31 d2 b8 22 da b1 cc ff 75 ec 8b 4d f0 e8 86 ff ff ff 56
> [123452.516483] EAX: 00000053 EBX: ccb1d9d8 ECX: 00000001 EDX: 00000001
> [123452.519769] ESI: ccb3449c EDI: ccb3449c EBP: f5dabc98 ESP: f5dabc64
> [123452.523115] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010246
> [123452.526353] CR0: 80050033 CR2: 01939768 CR3: 12618000 CR4: 000006d0
> [123452.529363] Call Trace:
> [123452.532450] ? __die_body.cold+0x14/0x1a
> [123452.535541] ? __die+0x21/0x26
> [123452.538526] ? die+0x28/0x50
> [123452.541594] ? do_trap+0xbb/0xe0
> [123452.544641] ? do_error_trap+0x4c/0x60
> [123452.547592] ? usercopy_abort+0x65/0x67
> [123452.550655] ? exc_overflow+0x40/0x40
> [123452.553725] ? exc_invalid_op+0x44/0x60
> [123452.556737] ? usercopy_abort+0x65/0x67
> [123452.559776] ? handle_exception+0x133/0x133
> [123452.562907] ? up_read+0x7b/0x80
> [123452.565945] ? exc_overflow+0x40/0x40
> [123452.569024] ? usercopy_abort+0x65/0x67
> [123452.572062] ? exc_overflow+0x40/0x40
> [123452.575100] ? usercopy_abort+0x65/0x67
> [123452.578205] __check_object_size.cold+0xae/0xae
> [123452.581307] ? kmap_high+0x6f/0x1f0
> [123452.584350] simple_copy_to_iter+0x1c/0x40
> [123452.587542] __skb_datagram_iter+0x163/0x320
> [123452.590684] skb_copy_datagram_iter+0x2d/0x80
> [123452.593774] ? skb_free_datagram+0x20/0x20
> [123452.596873] tcp_recvmsg_locked+0x30e/0x890
> [123452.599950] tcp_recvmsg+0x6f/0x1e0
> [123452.602970] ? tcp_recv_timestamp+0x240/0x240
> [123452.606107] inet_recvmsg+0x54/0x130
> [123452.609225] ? security_socket_recvmsg+0x41/0x60
> [123452.612271] sock_recvmsg+0x73/0x90
> [123452.615302] ? ipip_gso_segment+0x30/0x30
> [123452.618338] sock_read_iter+0x84/0xe0
> [123452.621643] vfs_read+0x288/0x2c0
> [123452.624773] ksys_read+0xab/0xe0
> [123452.627793] __ia32_sys_read+0x15/0x20
> [123452.630837] __do_fast_syscall_32+0x68/0xb0
> [123452.633878] ? syscall_exit_to_user_mode+0x29/0x40
> [123452.636891] ? __ia32_sys_read+0x15/0x20
> [123452.639939] ? __do_fast_syscall_32+0x72/0xb0
> [123452.643011] ? debug_smp_processor_id+0x12/0x20
> [123452.646044] ? fpregs_assert_state_consistent+0x25/0x50
> [123452.649102] ? exit_to_user_mode_prepare+0x41/0x1a0
> [123452.652181] ? irqentry_exit_to_user_mode+0x16/0x20
> [123452.655344] do_fast_syscall_32+0x29/0x60
> [123452.658420] do_SYSENTER_32+0x15/0x20
> [123452.661510] entry_SYSENTER_32+0x98/0xf1
> [123452.664587] EIP: 0xb7fc8559
> [123452.667686] Code: 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
> [123452.670822] EAX: ffffffda EBX: 00000003 ECX: 01abe328 EDX: 0000fe88
> [123452.673910] ESI: b7819ff4 EDI: 00000000 EBP: 01abd3c0 ESP: bfee4b00
> [123452.677014] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
> [123452.680110] Modules linked in: tls tun ath5k i915 ath snd_hda_codec_idt mac80211 snd_hda_codec_generic drm_buddy ledtrig_audio drm_display_helper libarc4 snd_hda_intel cec snd_intel_dspcfg kvm_intel snd_intel_sdw_acpi rc_core cfg80211 snd_hda_codec ttm kvm iTCO_wdt intel_pmc_bxt iTCO_vendor_support snd_hda_core watchdog applesmc snd_hwdep drm_kms_helper at24 snd_pcm xt_tcpudp irqbypass i2c_algo_bit snd_timer pcspkr xt_conntrack rng_core snd fb_sys_fops rfkill nf_conntrack syscopyarea soundcore sysfillrect sysimgblt nf_defrag_ipv6 tpm_infineon nf_defrag_ipv4 button acpi_cpufreq nft_compat apple_mfi_fastcharge evdev nf_tables sg nfnetlink binfmt_misc drm loop fuse efi_pstore dm_mod configfs ip_tables x_tables autofs4 xfs libcrc32c crc32c_generic hid_apple hid_appleir hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 sr_mod crc_t10dif cdrom crct10dif_generic crct10dif_common ata_generic ata_piix ahci libahci libata firewire_ohci scsi_mod firewire_core ehci_pci i2c_i801 i2c_smbus
> [123452.680271] scsi_common lpc_ich uhci_hcd ehci_hcd crc_itu_t sky2 usbcore usb_common video wmi
> [123452.699090] ---[ end trace 0000000000000000 ]---
> [123452.702138] EIP: usercopy_abort+0x65/0x67
> [123452.705202] Code: 44 cb bb d8 d9 b1 cc 89 4d f0 b9 12 55 b0 cc 0f 45 cb ff 75 0c ff 75 08 57 52 56 50 ff 75 f0 51 68 78 d9 b1 cc e8 8a 8e ff ff <0f> 0b 56 31 d2 b8 22 da b1 cc ff 75 ec 8b 4d f0 e8 86 ff ff ff 56
> [123452.708239] EAX: 00000052 EBX: ccb1d9d8 ECX: 00000001 EDX: 00000001
> [123452.711218] ESI: ccb3449c EDI: ccb3449c EBP: c349fce0 ESP: c349fcac
> [123452.714203] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010246
> [123452.717188] CR0: 80050033 CR2: 01939768 CR3: 12618000 CR4: 000006d0
>
> On Mon, Sep 11, 2023 at 3:46 AM Salvatore Bonaccorso <carnil@debian.org> wrote:
>>
>> Control: tags -1 + moreinfo
>>
>> Hi,
>>
>> On Mon, Sep 11, 2023 at 12:51:48AM -0400, Jiann-Ming Su wrote:
>> > This may have been fixed in linux-image-6.1.0-12-686.
>>
>> Is this a confirmation that the problem is solved after the update?
>> In that case we can accordingly close the bug.
>>
>> Regards,
>> Salvatore
>
>
>
> --
> Jiann-Ming Su
--
Jiann-Ming Su
Reply to: