Bug#1051643: linux-image-6.1.0-11-686-pae: kernel BUG at mm/usercopy.c:101!
Am 11.12.23 um 12:45 schrieb Klaus Rein:
I can confirm that the bug still exists in 6.1.0-15-686-pae:
# uname -a
Linux cobra 6.1.0-15-686-pae #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1
(2023-12-09) i686 GNU/Linux
I have to admit that the problemm seems to be fixed.
Here is what I did:
1. booting linux-image-5.10.0-22-686-pae from bullseye
2. applying *all* pending bookworm updates ("apt-get update" did not
work for some time...):
* libperl5.36:i386 (5.36.0-7, 5.36.0-7+deb12u1)
* libcups2:i386 (2.4.2-3+deb12u4, 2.4.2-3+deb12u5)
* udev:i386 (252.17-1~deb12u1, 252.19-1~deb12u1)
* systemd-timesyncd:i386 (252.17-1~deb12u1, 252.19-1~deb12u1)
* perl:i386 (5.36.0-7, 5.36.0-7+deb12u1)
* tzdata:i386 (2023c-5, 2023c-5+deb12u1)
* libpam-systemd:i386 (252.17-1~deb12u1, 252.19-1~deb12u1)
* libsystemd0:i386 (252.17-1~deb12u1, 252.19-1~deb12u1)
* libnss-systemd:i386 (252.17-1~deb12u1, 252.19-1~deb12u1)
* systemd:i386 (252.17-1~deb12u1, 252.19-1~deb12u1)
* libudev1:i386 (252.17-1~deb12u1, 252.19-1~deb12u1)
* base-files:i386 (12.4+deb12u2, 12.4+deb12u4)
* distro-info-data:i386 (0.58, 0.58+deb12u1)
* amanda-common:i386 (1:3.5.1-11, 1:3.5.1-11+deb12u1)
* perl-base:i386 (5.36.0-7, 5.36.0-7+deb12u1)
* libsystemd-shared:i386 (252.17-1~deb12u1, 252.19-1~deb12u1)
* amanda-client:i386 (1:3.5.1-11, 1:3.5.1-11+deb12u1)
* systemd-sysv:i386 (252.17-1~deb12u1, 252.19-1~deb12u1)
* libgnutls30:i386 (3.7.9-2, 3.7.9-2+deb12u1)
* perl-modules-5.36:i386 (5.36.0-7, 5.36.0-7+deb12u1)
3. booting linux-image-6.1.0-15-686-pae
Now "apt-get update" is working again!
Sorry for the noise!
Klaus.
--
levigo systems gmbh --- ein Unternehmen der levigo gruppe
Bebelsbergstraße 31 Telefon: 07031 / 4161-10
D-71088 HolzgerlingenTelefax: 07031 / 4161-11
GF: Oliver Bausch, Vincenzo Biasi http://systems.levigo.de/
Informationen zu Art.13,14 DSGVO: https://datenschutz.levigo.de/
Registergericht: Stuttgart HRB 245180 USt-ID: DE813226078
Bug#1051643: linux-image-6.1.0-11-686-pae: kernel BUG at mm/usercopy.c:101!
I can confirm that the bug still exists in 6.1.0-15-686-pae: # uname -a Linux cobra 6.1.0-15-686-pae #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1 (2023-12-09) i686 GNU/Linux # apt-get update Get:1 http://security.debian.org/debian-security bookworm-security InRelease [48.0 kB] Get:2 http://deb.debian.org/debian bookworm InRelease [151 kB] 0% [2 InRelease 0 B/151 kB 0%] [1 InRelease 0 B/48.0 kB 0%] [ 614.150786] usercopy: Kernel memory exposure attempt detected from kmap (offset 0, size 16384)! [ 614.150908] [ cut here ] [ 614.150909] kernel BUG at mm/usercopy.c:101! [ 614.150947] invalid opcode: [#1] PREEMPT SMP PTI [ 614.150983] CPU: 0 PID: 3018 Comm: http Not tainted 6.1.0-15-686-pae #1 Debian 6.1.66-1 [ 614.151011] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 [ 614.151066] EIP: usercopy_abort+0x65/0x67 [ 614.151104] Code: 44 cb bb 10 ce b2 d1 89 4d f0 b9 2b 48 b1 d1 0f 45 cb ff 75 0c ff 75 08 57 52 56 50 ff 75 f0 51 68 b0 cd b2 d1 e8 61 88 ff ff <0f> 0b 56 31 d2 b8 5a ce b2 d1 ff 75 ec 8b 4d f0 e8 86 ff ff ff 56 [ 614.151177] EAX: 0053 EBX: d1b2ce10 ECX: f6fcfa00 EDX: f6fc9e90 [ 614.151215] ESI: d1b438fc EDI: d1b438fc EBP: c2b75c90 ESP: c2b75c5c [ 614.151255] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010286 [ 614.151310] CR0: 80050033 CR2: b7761ec0 CR3: 02bce000 CR4: 001506f0 [ 614.151363] Call Trace: [ 614.151390] ? __die_body.cold+0x14/0x1a [ 614.151424] ? __die+0x21/0x26 [ 614.151453] ? die+0x28/0x50 [ 614.151470] ? do_trap+0xbb/0xe0 [ 614.151485] ? do_error_trap+0x4c/0x60 [ 614.151501] ? usercopy_abort+0x65/0x67 [ 614.151532] ? exc_overflow+0x40/0x40 [ 614.151564] ? exc_invalid_op+0x44/0x60 [ 614.151604] ? usercopy_abort+0x65/0x67 [ 614.151656] ? handle_exception+0x133/0x133 [ 614.151705] ? exc_overflow+0x40/0x40 [ 614.151780] ? usercopy_abort+0x65/0x67 [ 614.151816] ? exc_overflow+0x40/0x40 [ 614.151897] ? usercopy_abort+0x65/0x67 [ 614.151977] __check_object_size.cold+0xae/0xae [ 614.152034] simple_copy_to_iter+0x1c/0x40 [ 614.152113] __skb_datagram_iter+0x163/0x320 [ 614.152186] skb_copy_datagram_iter+0x2d/0x80 [ 614.152635] ? skb_free_datagram+0x20/0x20 [ 614.153028] tcp_recvmsg_locked+0x582/0x8a0 [ 614.153461] tcp_recvmsg+0x6f/0x1e0 [ 614.153845] ? tcp_recv_timestamp+0x240/0x240 [ 614.154203] inet_recvmsg+0x54/0x130 [ 614.154555] ? security_socket_recvmsg+0x41/0x60 [ 614.154911] sock_recvmsg+0x73/0x90 [ 614.155261] ? ipip_gso_segment+0x30/0x30 [ 614.155597] sock_read_iter+0x84/0xe0 [ 614.155924] vfs_read+0x288/0x2c0 [ 614.156259] ksys_read+0xab/0xe0 [ 614.156570] __ia32_sys_read+0x15/0x20 [ 614.156870] __do_fast_syscall_32+0x68/0xb0 [ 614.157155] ? __ia32_sys_pselect6_time32+0x4c/0x80 [ 614.157435] ? exit_to_user_mode_prepare+0x32/0x170 [ 614.157712] ? syscall_exit_to_user_mode+0x29/0x40 [ 614.157986] ? __do_fast_syscall_32+0x72/0xb0 [ 614.158270] ? exit_to_user_mode_prepare+0x9d/0x170 [ 614.158541] ? irqentry_exit_to_user_mode+0x16/0x20 [ 614.158833] do_fast_syscall_32+0x29/0x60 [ 614.159102] do_SYSENTER_32+0x15/0x20 [ 614.159392] entry_SYSENTER_32+0x98/0xf1 [ 614.159664] EIP: 0xb7f6d559 [ 614.159931] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 [ 614.160864] EAX: ffda EBX: 0003 ECX: 015bcd09 EDX: fee7 [ 614.161200] ESI: b721cff4 EDI: EBP: 015b2f20 ESP: bf9bd970 [ 614.161526] DS: 007b ES: 007b FS: GS: 0033 SS: 007b EFLAGS: 0246 [ 614.161856] Modules linked in: xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_compat nf_tables nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock binfmt_misc xfs libcrc32c intel_rapl_msr ppdev intel_rapl_common rapl vmw_balloon pcspkr vmwgfx drm_ttm_helper ttm vmw_vmci drm_kms_helper parport_pc parport button ac joydev evdev serio_raw sg drm loop fuse efi_pstore configfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic dm_mod dax sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_common sr_mod cdrom ata_generic crc32c_intel psmouse mptspi ata_piix mptscsih mptbase libata scsi_transport_spi e1000 scsi_mod i2c_piix4 scsi_common floppy [ 614.165246] ---[ end trace ]--- [ 614.165664] EIP: usercopy_abort+0x65/0x67 [ 614.166085] Code: 44 cb bb 10 ce b2 d1 89 4d f0 b9 2b 48 b1 d1 0f 45 cb ff 75 0c ff 75 08 57 52 56 50 ff 75 f0 51 68 b0 cd b2 d1 e8 61 88 ff ff <0f> 0b 56 31 d2 b8 5a ce b2 d1 ff 75 ec 8b 4d f0 e8 86 ff ff ff 56 [ 614.167439] EAX: 0053 EBX: d1b2ce10 ECX: f6fcfa00 EDX: f6fc9e90 [ 614.167975] ESI: d1b438fc EDI: d1b438fc EBP: c2b75c90 ESP: c2b75c5c [ 614.168465] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010286
