Upgraded to proposed kernel. Linux helen 4.8.0-25-generic #27-Ubuntu SMP Thu Oct 13 03:34:50 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Issue still occurs: [ 75.257763] usercopy: kernel memory overwrite attempt detected to ffff9dfb48493d38 (<process stack>) (16 bytes) [ 75.257791] ------------[ cut here ]------------ [ 75.257793] kernel BUG at /build/linux-rb6V7L/linux-4.8.0/mm/usercopy.c:75! [ 75.257795] invalid opcode: 0000 [#3] SMP [ 75.257797] Modules linked in: xfrm_user xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp esp4 ah4 af_key xfrm_algo snd_hrtimer binfmt_misc nls_iso8859_1 ir_lirc_codec lirc_dev rc_rc6_mce mceusb snd_hda_codec_via snd_hda_codec_generic kvm_amd kvm nvidia_uvm(POE) irqbypass input_leds serio_raw blackmagic(POE) k8temp snd_usb_audio snd_hda_codec_hdmi snd_usbmidi_lib gspca_sonixj gspca_main v4l2_common videodev media rc_imon_pad imon rc_core snd_hda_intel snd_ctxfi snd_hda_codec snd_hda_core snd_seq_midi snd_seq_midi_event shpchp snd_hwdep snd_rawmidi snd_seq snd_pcm snd_seq_device snd_timer snd soundcore asus_atk0110 i2c_nforce2 wmi mac_hid nfsd auth_rpcgss nfs_acl lockd grace sunrpc parport_pc ppdev lp parport ip_tables x_tables autofs4 dm_mirror dm_region_hash dm_log btrfs raid10 raid1 raid0 dm_raid raid456 [ 75.257835] async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c pata_acpi nvidia(POE) psmouse drm video firewire_ohci firewire_core floppy ahci fjes forcedeth libahci crc_itu_t pata_amd [ 75.257848] CPU: 1 PID: 2837 Comm: BlackmagicFirmw Tainted: P D OE 4.8.0-25-generic #27-Ubuntu [ 75.257850] Hardware name: System manufacturer System Product Name/M4N78 PRO, BIOS 1303 04/13/2011 [ 75.257852] task: ffff9dfb487e0d00 task.stack: ffff9dfb48490000 [ 75.257854] RIP: 0010:[<ffffffff9d82e647>] [<ffffffff9d82e647>] __check_object_size+0x77/0x1dc [ 75.257860] RSP: 0018:ffff9dfb48493ca0 EFLAGS: 00010286 [ 75.257862] RAX: 0000000000000063 RBX: ffff9dfb48493d38 RCX: 0000000000000000 [ 75.257863] RDX: 0000000000000000 RSI: ffff9dfbf7c4dc68 RDI: ffff9dfbf7c4dc68 [ 75.257865] RBP: ffff9dfb48493cc0 R08: 000000000003eee3 R09: 0000000000000005 [ 75.257867] R10: ffff9dfb5fc43238 R11: 000000000000040a R12: 0000000000000010 [ 75.257868] R13: 0000000000000000 R14: ffff9dfb48493d48 R15: 00007ffdccd9da50 [ 75.257870] FS: 00007fbd30601780(0000) GS:ffff9dfbf7c40000(0000) knlGS:0000000000000000 [ 75.257872] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.257874] CR2: 00007fbd2f3e4150 CR3: 00000000a024a000 CR4: 00000000000006e0 [ 75.257875] Stack: [ 75.257877] ffff9dfb48493d38 0000000000000010 00007ffdccd9da50 ffff9dfbed7436c8 [ 75.257880] ffff9dfb48493ce8 ffffffffc11c11eb ffff9dfb48493d38 0000000000010000 [ 75.257883] 0000000000000000 00007ffdccd9da50 ffffffffc11a377a ffff9dfb57e7d000 [ 75.257885] Call Trace: [ 75.257946] [<ffffffffc11c11eb>] __dl_copy_from_user+0x1b/0x40 [blackmagic] [ 75.257974] [<ffffffffc11a377a>] _ZN18IoctlMessageKernel6unpackEv+0x4a/0x160 [blackmagic] [ 75.257997] [<ffffffffc116e62b>] ? blackmagic_ioctl_private+0x35db/0x4080 [blackmagic] [ 75.258001] [<ffffffff9d7a18a2>] ? filemap_map_pages+0x202/0x410 [ 75.258004] [<ffffffff9d8444a5>] ? do_filp_open+0xa5/0x100 [ 75.258008] [<ffffffff9d75776c>] ? trace_buffer_lock_reserve+0x1c/0x50 [ 75.258011] [<ffffffff9d757812>] ? trace_event_buffer_lock_reserve+0x72/0xf0 [ 75.258036] [<ffffffffc11bfff9>] ? blackmagic_ioctl+0x49/0x60 [blackmagic] [ 75.258039] [<ffffffff9d847843>] ? do_vfs_ioctl+0xa3/0x610 [ 75.258042] [<ffffffff9d8432b4>] ? putname+0x54/0x60 [ 75.258045] [<ffffffff9d83158c>] ? do_sys_open+0x1bc/0x280 [ 75.258047] [<ffffffff9d847e29>] ? SyS_ioctl+0x79/0x90 [ 75.258051] [<ffffffff9de9f076>] ? entry_SYSCALL_64_fastpath+0x1e/0xa8 [ 75.258052] Code: 48 0f 44 d1 48 c7 c6 78 4d 2a 9e 48 c7 c1 5c a5 29 9e 48 0f 44 f1 4d 89 e1 49 89 c0 48 89 d9 48 c7 c7 f8 19 2a 9e e8 bd 03 f7 ff <0f> 0b e8 12 d6 fb ff 85 c0 75 78 48 89 df e8 96 2c e4 ff 84 c0 [ 75.258079] RIP [<ffffffff9d82e647>] __check_object_size+0x77/0x1dc [ 75.258082] RSP <ffff9dfb48493ca0> [ 75.258085] ---[ end trace 476b12ac04efcae0 ]--- -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1628686 Title: kernel BUG at linux-4.8.0/mm/usercopy.c:75! Status in linux package in Ubuntu: Triaged Bug description: This kernel warning occurs on Ubuntu 16.10 guests with Linux 4.8 on VMware Fusion. The VM will boot but does not make it a graphical display. usercopy: kernel memory overwrite attempt detected to ffff9bdaf3e00000 (<spans multiple pages>) (4392 bytes) ------------[ cut here ]------------ kernel BUG at /build/linux-FGN3Aj/linux-4.8.0/mm/usercopy.c:75! invalid opcode: 0000 [#1] SMP Modules linked in: intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ipmi_msghandler aesni_intel vmw_balloon aes_x86_64 lrw glue_helper ablk_helper cryptd intel_rapl_perf joydev input_leds serio_raw binfmt_misc snd_ens1371 snd_ac97_codec gameport ac97_bus snd_pcm uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core snd_seq_midi videodev snd_seq_midi_event media snd_rawmidi snd_seq snd_seq_device btusb btrtl btbcm snd_timer btintel snd bluetooth soundcore i2c_piix4 vmw_vmci shpchp nfit floppy(+) mac_hid parport_pc ppdev lp parport ip_tables x_tables autofs4 hid_generic usbhid hid vmwgfx ttm psmouse drm_kms_helper syscopyarea sysfillrect ahci libahci e1000 mptspi mptscsih mptbase scsi_transport_spi sysimgblt fb_sys_fops drm pata_acpi fjes CPU: 0 PID: 1293 Comm: glxinfo Not tainted 4.8.0-17-generic #19-Ubuntu Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015 task: ffff9bdb74465580 task.stack: ffff9bdb73f00000 RIP: 0010:[<ffffffff9cc2e421>] [<ffffffff9cc2e421>] __check_object_size+0x111/0x49b RSP: 0018:ffff9bdb73f03c58 EFLAGS: 00010282 RAX: 000000000000006c RBX: ffff9bdaf3e00000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff9bdb7a60dc68 RDI: ffff9bdb7a60dc68 RBP: ffff9bdb73f03ca0 R08: 79706f6372657375 R09: 656b203a79706f63 R10: 00003fffc0000000 R11: 00000000000006c1 R12: 0000000000001128 R13: 0000000000000000 R14: ffff9bdaf3e01128 R15: ffff9bdaf3e01127 FS: 00007f22f6d20740(0000) GS:ffff9bdb7a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b6cf2c71c8 CR3: 00000000b3f91000 CR4: 00000000001406f0 Stack: ffff9bdb73f16ce8 ffff9bdb73f03ca0 ffffffffc03df765 00003fffc0000000 ffff9bdaf41c0000 000055b6cf0ca1b0 ffff9bdb73edbc00 ffff9bdaf3e00000 0000000000001128 ffff9bdb73f03d90 ffffffffc03c6f0f ffff9bdb73f03d08 Call Trace: [<ffffffffc03df765>] ? vmw_cmdbuf_alloc+0x175/0x240 [vmwgfx] [<ffffffffc03c6f0f>] vmw_execbuf_process+0x8bf/0x1250 [vmwgfx] [<ffffffff9cc2e43d>] ? __check_object_size+0x12d/0x49b [<ffffffffc0246dd6>] ? drm_ioctl+0x236/0x4f0 [drm] [<ffffffff9cbab015>] ? __alloc_pages_nodemask+0x135/0x300 [<ffffffffc03b0cb4>] ? ttm_read_lock+0x34/0xc0 [ttm] [<ffffffffc03c79c6>] vmw_execbuf_ioctl+0xe6/0x180 [vmwgfx] [<ffffffffc03cb919>] vmw_generic_ioctl+0x249/0x280 [vmwgfx] [<ffffffffc03cb985>] vmw_unlocked_ioctl+0x15/0x20 [vmwgfx] [<ffffffff9cc47843>] do_vfs_ioctl+0xa3/0x610 [<ffffffff9ca6b3b3>] ? __do_page_fault+0x203/0x4d0 [<ffffffff9cc47e29>] SyS_ioctl+0x79/0x90 [<ffffffff9d299c76>] entry_SYSCALL_64_fastpath+0x1e/0xa8 Code: 1f 03 00 00 49 c7 c0 86 36 6a 9d 48 c7 c2 30 0b 68 9d 48 c7 c6 4c 8e 69 9d 4d 89 e1 48 89 d9 48 c7 c7 10 03 6a 9d e8 03 05 f7 ff <0f> 0b 4c 8b 75 b8 48 8b 5d d0 45 89 fd 4c 8b 65 c8 4c 89 e6 48 RIP [<ffffffff9cc2e421>] __check_object_size+0x111/0x49b RSP <ffff9bdb73f03c58> ---[ end trace 48bce713521eb13e ]--- Disabling CONFIG_HARDENED_USERCOPY_PAGESPAN works around this issue. http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e1f74ea02cf4562404c48c6882214821552c13f To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1628686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp