[Kernel-packages] [Bug 1977973] Re: docker using overlayfs triggers kernel bug in fput

Wed, 08 Jun 2022 17:11:17 -0700 

Probably a dup of https://bugs.launchpad.net/ubuntu/+source/linux-
aws-5.13/+bug/1977919

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-signed-gcp-5.13 in Ubuntu.
https://bugs.launchpad.net/bugs/1977973

Title:
  docker using overlayfs triggers kernel bug in fput

Status in linux-signed-gcp-5.13 package in Ubuntu:
  New

Bug description:
  Running a Google Cloud e2-medium VM using Ubuntu 20.04.4 LTS, I can
  reliably trigger a kernel bug (invalid opcode) by simply starting a
  Docker container when using the overlayfs (overlay2) storage driver.

  ## Repro

  * spin up a GCP e2-medium machine using Ubuntu 20.04
  * ensure the running kernel is 5.13.0-1030-gcp
  * install Docker Engine á la https://docs.docker.com/engine/install/ubuntu/
  * run `docker run -t python:3.9`
  * type a few lines or whatever into the Python REPL
  * exit the container with ctrl+d (on occasion, this isn't necessary either)
  * kernel bug (SSH hangs, machine reboots)

  The kernel bug dump, as shown via the Google Cloud Console's serial
  dump, is attached.

  ## Workarounds

  * If you change the Docker storage driver to `vfs` and retry, the bug 
reliably is not triggered.
  * If you downgrade to kernel 5.13.0-1027-gcp, the bug is not triggered.

  ## Other

  I read the diff between 1027..1030 and I have the feeling
  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1967924 is
  related to this issue, since it adds an `fput` invocation and is
  related to overlayfs.

  Since this appears to be a DoS vector, out of caution I've marked this
  a security vulnerability.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: linux-image-5.13.0-1030-gcp 5.13.0-1030.36~20.04.1
  ProcVersionSignature: Ubuntu 5.13.0-1030.36~20.04.1-gcp 5.13.19
  Uname: Linux 5.13.0-1030-gcp x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Wed Jun  8 11:17:16 2022
  ProcEnviron:
   LC_CTYPE=UTF-8
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: linux-signed-gcp-5.13
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-signed-gcp-5.13/+bug/1977973/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to