Oh no. Had a strcat buffer overflow with 4.15.0-48-generic. Issue is NOT solved.
Apr 29 19:29:00 kernel: [78713.491646] detected buffer overflow in strcat Apr 29 19:29:00 kernel: [78713.491685] ------------[ cut here ]------------ Apr 29 19:29:00 kernel: [78713.491686] kernel BUG at /build/linux-fkZVDM/linux-4.15.0/lib/string.c:1052! Apr 29 19:29:00 kernel: [78713.491709] invalid opcode: 0000 [#1] SMP PTI Apr 29 19:29:00 kernel: [78713.491721] Modules linked in: ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs mpt3sas raid_class scsi_transport_sas mptctl mptbase cmac arc4 md4 nls_utf8 cifs ccm fscache dell_rbu bonding nls_iso8859_1 intel_rapl skx_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm joydev input_leds dell_smbios irqbypass dcdbas intel_cstate intel_rapl_perf ipmi_ssif wmi_bmof dell_wmi_descriptor shpchp mei_me lpc_ich ipmi_si ipmi_devintf ipmi_msghandler mei mac_hid acpi_power_meter sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 multipath linear hid_generic crct10dif_pclmul mgag200 crc32_pclmul i2c_algo_bit Apr 29 19:29:00 kernel: [78713.491911] ghash_clmulni_intel usbhid ttm pcbc drm_kms_helper aesni_intel syscopyarea hid sysfillrect aes_x86_64 bnx2x crypto_simd sysimgblt glue_helper ptp fb_sys_fops cryptd pps_core uas drm mdio ahci megaraid_sas usb_storage libcrc32c libahci wmi Apr 29 19:29:00 kernel: [78713.491975] CPU: 24 PID: 2242 Comm: perl Not tainted 4.15.0-48-generic #51-Ubuntu Apr 29 19:29:00 kernel: [78713.491993] Hardware name: Dell Inc. PowerEdge R740/0923K0, BIOS 1.6.11 11/20/2018 Apr 29 19:29:00 kernel: [78713.492014] RIP: 0010:fortify_panic+0x13/0x22 Apr 29 19:29:00 kernel: [78713.492027] RSP: 0018:ffffbb8b35b07940 EFLAGS: 00010286 Apr 29 19:29:00 kernel: [78713.492041] RAX: 0000000000000022 RBX: 0000000000000004 RCX: 0000000000000000 Apr 29 19:29:00 kernel: [78713.492058] RDX: 0000000000000000 RSI: ffff91acc0b16498 RDI: ffff91acc0b16498 Apr 29 19:29:00 kernel: [78713.492074] RBP: ffffbb8b35b07940 R08: 0000000000000000 R09: 0000000000000681 Apr 29 19:29:00 kernel: [78713.492090] R10: ffffbb8b35b079f0 R11: 00000000ffffffff R12: ffff91a0d3461e50 Apr 29 19:29:00 kernel: [78713.492106] R13: 0000000000000001 R14: 0000000000000003 R15: ffff91c0acd1ac00 Apr 29 19:29:00 kernel: [78713.492123] FS: 000014ed8f19ffc0(0000) GS:ffff91acc0b00000(0000) knlGS:0000000000000000 Apr 29 19:29:00 kernel: [78713.492141] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Apr 29 19:29:00 kernel: [78713.492155] CR2: 000014ed8e3ff110 CR3: 0000000423a5c001 CR4: 00000000007606e0 Apr 29 19:29:00 kernel: [78713.492171] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Apr 29 19:29:00 kernel: [78713.492187] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Apr 29 19:29:00 kernel: [78713.492203] PKRU: 55555554 Apr 29 19:29:00 kernel: [78713.492210] Call Trace: Apr 29 19:29:00 kernel: [78713.492241] smb21_set_oplock_level+0x147/0x1a0 [cifs] Apr 29 19:29:00 kernel: [78713.492265] smb3_set_oplock_level+0x22/0x90 [cifs] Apr 29 19:29:00 kernel: [78713.492285] smb2_set_fid+0x76/0xb0 [cifs] Apr 29 19:29:00 kernel: [78713.492303] cifs_new_fileinfo+0x259/0x390 [cifs] Apr 29 19:29:00 kernel: [78713.492321] ? smb2_get_lease_key+0x40/0x40 [cifs] Apr 29 19:29:00 kernel: [78713.492338] ? cifs_new_fileinfo+0x259/0x390 [cifs] Apr 29 19:29:00 kernel: [78713.492355] cifs_open+0x3db/0x8d0 [cifs] Apr 29 19:29:00 kernel: [78713.492370] do_dentry_open+0x1c2/0x310 Apr 29 19:29:00 kernel: [78713.492384] ? cifs_uncached_writev_complete+0x3f0/0x3f0 [cifs] Apr 29 19:29:00 kernel: [78713.492399] ? do_dentry_open+0x1c2/0x310 Apr 29 19:29:00 kernel: [78713.492411] ? __inode_permission+0x5b/0x160 Apr 29 19:29:00 kernel: [78713.492427] ? cifs_uncached_writev_complete+0x3f0/0x3f0 [cifs] Apr 29 19:29:00 kernel: [78713.492441] vfs_open+0x4f/0x80 Apr 29 19:29:00 kernel: [78713.492451] path_openat+0x66e/0x1770 Apr 29 19:29:00 kernel: [78713.492464] ? mem_cgroup_commit_charge+0x82/0x530 Apr 29 19:29:00 kernel: [78713.492477] do_filp_open+0x9b/0x110 Apr 29 19:29:00 kernel: [78713.492489] ? _cond_resched+0x19/0x40 Apr 29 19:29:00 kernel: [78713.493055] ? __kmalloc+0x19b/0x220 Apr 29 19:29:00 kernel: [78713.493574] ? security_prepare_creds+0x9c/0xc0 Apr 29 19:29:00 kernel: [78713.494088] do_open_execat+0x7e/0x1e0 Apr 29 19:29:00 kernel: [78713.494595] ? prepare_creds+0xd5/0x110 Apr 29 19:29:00 kernel: [78713.495095] ? do_open_execat+0x7e/0x1e0 Apr 29 19:29:00 kernel: [78713.495590] do_execveat_common.isra.34+0x1c7/0x810 Apr 29 19:29:00 kernel: [78713.496074] SyS_execve+0x31/0x40 Apr 29 19:29:00 kernel: [78713.496542] do_syscall_64+0x73/0x130 Apr 29 19:29:00 kernel: [78713.496997] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Apr 29 19:29:00 kernel: [78713.497443] RIP: 0033:0x14ed8e4c2e37 Apr 29 19:29:00 kernel: [78713.497869] RSP: 002b:00007fff2f69b008 EFLAGS: 00000202 ORIG_RAX: 000000000000003b Apr 29 19:29:00 kernel: [78713.498295] RAX: ffffffffffffffda RBX: 000055f4354b9be0 RCX: 000014ed8e4c2e37 Apr 29 19:29:00 kernel: [78713.498711] RDX: 000055f429d70cf0 RSI: 000055f4354b9be0 RDI: 000055f434e0b1b0 Apr 29 19:29:00 kernel: [78713.499111] RBP: 00007fff2f69b0a0 R08: 00007fff2f69b0c0 R09: 000014ed8e9e92b0 Apr 29 19:29:00 kernel: [78713.499500] R10: 0000000000000008 R11: 0000000000000202 R12: 000055f429d70cf0 Apr 29 19:29:00 kernel: [78713.499876] R13: 000055f42971bc00 R14: 000055f4353076f0 R15: 000055f434e0b1b0 Apr 29 19:29:00 kernel: [78713.500248] Code: e0 4c 89 e2 e8 41 6a 00 00 42 c6 04 20 00 48 89 d8 5b 41 5c 5d c3 0f 0b 55 48 89 fe 48 c7 c7 c8 90 7a 8d 48 89 e5 e8 0f 5c 76 ff <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 55 31 c9 48 89 fa Apr 29 19:29:00 kernel: [78713.501047] RIP: fortify_panic+0x13/0x22 RSP: ffffbb8b35b07940 Apr 29 19:29:00 kernel: [78713.501459] ---[ end trace 111788531b53b6f2 ]--- -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1824981 Title: cifs set_oplock buffer overflow in strcat Status in linux package in Ubuntu: Confirmed Bug description: Ubuntu 18.04.2 LTS Linux SRV013 4.15.0-47-generic #50-Ubuntu SMP Wed Mar 13 10:44:52 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux DELL R740, 2 CPU (40 Cores, 80 Threads), 384 GiB RAM top - 12:39:53 up 3:41, 4 users, load average: 66.19, 64.06, 76.90 Tasks: 1076 total, 1 running, 675 sleeping, 12 stopped, 1 zombie %Cpu(s): 28.2 us, 0.3 sy, 0.0 ni, 71.5 id, 0.0 wa, 0.0 hi, 0.1 si, 0.0 st KiB Mem : 39483801+total, 24077185+free, 57428284 used, 96637872 buff/cache KiB Swap: 999420 total, 999420 free, 0 used. 33477683+avail Mem We've seen the following bug many times since we introduced new machines running Ubuntu 18. Wasn't an issue older machines running Ubuntu 16. Three different machines are affected, so it's rather not a hardware issue. | detected buffer overflow in strcat | ------------[ cut here ]------------ | kernel BUG at /build/linux-6ZmFRN/linux-4.15.0/lib/string.c:1052! | invalid opcode: 0000 [#1] SMP PTI | Modules linked in: [...] | Hardware name: Dell Inc. PowerEdge R740/0923K0, BIOS 1.6.11 11/20/2018 | RIP: 0010:fortify_panic+0x13/0x22 | [...] | Call Trace: | smb21_set_oplock_level+0x147/0x1a0 [cifs] | smb3_set_oplock_level+0x22/0x90 [cifs] | smb2_set_fid+0x76/0xb0 [cifs] | cifs_new_fileinfo+0x259/0x390 [cifs] | ? smb2_get_lease_key+0x40/0x40 [cifs] | ? cifs_new_fileinfo+0x259/0x390 [cifs] | cifs_open+0x3db/0x8d0 [cifs] | [...] (Full dmesg output attached) After hitting this bug there are many cifs related dmesg entries, processes lock up and eventually the systems freezes. The share is mounted using: //server/share /mnt/server/ cifs defaults,auto,iocharset=utf8,noperm,file_mode=0777,dir_mode=0777,credentials=/root/passwords/share,domain=myDomain,uid=myUser,gid=10513,mfsymlinks Currently we're testing the cifs mount options "cache=none" as the bug seems to be oplock related. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824981/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
