Open Tert-butyllithium opened 3 years ago
when directly insmod mysysdig.ko
insmod mysysdig.ko
[ 2351.840761] ------------[ cut here ]------------ [ 2351.840762] Buffer overflow detected (120 < 18446744073709550236)! [ 2351.840807] WARNING: CPU: 3 PID: 5692 at ./include/linux/thread_info.h:123 epoll_wait_handle+0x188/0x1a0 [my_sysdig] [ 2351.840808] Modules linked in: my_sysdig(OE) vmw_vsock_vmci_transport vsock btusb snd_ens1371 btrtl snd_ac97_codec btbcm kvm gameport vmw_balloon btintel bluetooth irqbypass snd_rawmidi snd_seq_device ac97_bus snd_pcm input_leds joydev serio_raw ecdh_generic snd_timer snd soundcore shpchp vmw_vmci mac_hid sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops psmouse mptspi mptscsih ahci mptbase drm e1000 [ 2351.840829] libahci scsi_transport_spi i2c_piix4 pata_acpi floppy hid_generic usbhid hid [last unloaded: my_sysdig] [ 2351.840832] CPU: 3 PID: 5692 Comm: ab Tainted: G W OE 4.15.0-142-generic #146-Ubuntu [ 2351.840833] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/22/2020 [ 2351.840834] RIP: 0010:epoll_wait_handle+0x188/0x1a0 [my_sysdig] [ 2351.840835] RSP: 0018:ffff98f082273bf0 EFLAGS: 00010282 [ 2351.840836] RAX: 0000000000000000 RBX: ffff98f082273ce8 RCX: 0000000000000006 [ 2351.840836] RDX: 0000000000000007 RSI: 0000000000000092 RDI: ffff890a756d6490 [ 2351.840836] RBP: ffff98f082273ca8 R08: 000000000000084f R09: 0000000000000004 [ 2351.840837] R10: ffff98f082273dc0 R11: 0000000000000001 R12: ffffffffffffff8d [ 2351.840837] R13: fffffffffffffa9c R14: 00000000ffffff8d R15: ffff98f082273cc8 [ 2351.840838] FS: 00007f03373f4780(0000) GS:ffff890a756c0000(0000) knlGS:0000000000000000 [ 2351.840838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2351.840839] CR2: 00007f0333efa000 CR3: 00000001efe7c002 CR4: 00000000003606e0 [ 2351.840839] Call Trace: [ 2351.840842] gen_record_str+0x21/0x50 [my_sysdig] [ 2351.840843] syscall_exit_probe+0x19c/0x274 [my_sysdig] [ 2351.840847] ? kfree_skbmem+0x5f/0x70 [ 2351.840847] ? __kfree_skb+0x1a/0x20 [ 2351.840849] ? tcp_rcv_state_process+0xb96/0xe70 [ 2351.840850] ? tcp_v4_do_rcv+0x123/0x1d0 [ 2351.840851] ? tcp_v4_do_rcv+0x123/0x1d0 [ 2351.840852] ? _cond_resched+0x19/0x40 [ 2351.840853] ? __release_sock+0x9d/0xe0 [ 2351.840854] ? _raw_spin_unlock_bh+0x1e/0x20 [ 2351.840855] ? release_sock+0x8f/0xa0 [ 2351.840856] ? inet_stream_connect+0x47/0x60 [ 2351.840856] ? SYSC_connect+0x9e/0x120 [ 2351.840858] ? syscall_trace_enter+0x2a6/0x2d0 [ 2351.840859] syscall_slow_exit_work+0x9b/0xd0 [ 2351.840860] do_syscall_64+0x12b/0x130 [ 2351.840861] entry_SYSCALL_64_after_hwframe+0x41/0xa6 [ 2351.840861] RIP: 0033:0x7f0335fbe744 [ 2351.840862] RSP: 002b:00007ffd0bbf55e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 2351.840862] RAX: ffffffffffffff8d RBX: 00007f0335390a40 RCX: 00007f0335fbe744 [ 2351.840863] RDX: 0000000000000010 RSI: 00007f03373f3e10 RDI: 00000000000003b4 [ 2351.840863] RBP: 00007f03373f3dd0 R08: 00007f0333541028 R09: 00007f03374061e0 [ 2351.840863] R10: 00007ffd0bbf5600 R11: 0000000000000246 R12: 00007f0335390a40 [ 2351.840864] R13: 00007f03335410a0 R14: 00007f03373f3e10 R15: 0000000000000001 [ 2351.840864] Code: 38 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 4c 89 ea be 78 00 00 00 48 c7 c7 b0 84 56 c1 4c 89 85 50 ff ff ff e8 38 7e f2 d5 <0f> 0b 4c 8b 85 50 ff ff ff e9 07 ff ff ff e8 c5 80 f2 d5 0f 1f [ 2351.840872] ---[ end trace c2cbcd3a584f0c6c ]---
when directly
insmod mysysdig.ko