[Kernel-packages] [Bug 1628686] Re: kernel BUG at linux-4.8.0/mm/usercopy.c:75!

Wed, 19 Oct 2016 11:09:35 -0700 

Upgraded to proposed kernel.

Linux helen 4.8.0-25-generic #27-Ubuntu SMP Thu Oct 13 03:34:50 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux

Issue still occurs:

[   75.257763] usercopy: kernel memory overwrite attempt detected to 
ffff9dfb48493d38 (<process stack>) (16 bytes)
[   75.257791] ------------[ cut here ]------------
[   75.257793] kernel BUG at /build/linux-rb6V7L/linux-4.8.0/mm/usercopy.c:75!
[   75.257795] invalid opcode: 0000 [#3] SMP
[   75.257797] Modules linked in: xfrm_user xfrm4_tunnel tunnel4 ipcomp 
xfrm_ipcomp esp4 ah4 af_key xfrm_algo snd_hrtimer binfmt_misc nls_iso8859_1 
ir_lirc_codec lirc_dev rc_rc6_mce mceusb snd_hda_codec_via 
snd_hda_codec_generic kvm_amd kvm nvidia_uvm(POE) irqbypass input_leds 
serio_raw blackmagic(POE) k8temp snd_usb_audio snd_hda_codec_hdmi 
snd_usbmidi_lib gspca_sonixj gspca_main v4l2_common videodev media rc_imon_pad 
imon rc_core snd_hda_intel snd_ctxfi snd_hda_codec snd_hda_core snd_seq_midi 
snd_seq_midi_event shpchp snd_hwdep snd_rawmidi snd_seq snd_pcm snd_seq_device 
snd_timer snd soundcore asus_atk0110 i2c_nforce2 wmi mac_hid nfsd auth_rpcgss 
nfs_acl lockd grace sunrpc parport_pc ppdev lp parport ip_tables x_tables 
autofs4 dm_mirror dm_region_hash dm_log btrfs raid10 raid1 raid0 dm_raid raid456
[   75.257835]  async_raid6_recov async_memcpy async_pq async_xor async_tx xor 
raid6_pq libcrc32c pata_acpi nvidia(POE) psmouse drm video firewire_ohci 
firewire_core floppy ahci fjes forcedeth libahci crc_itu_t pata_amd
[   75.257848] CPU: 1 PID: 2837 Comm: BlackmagicFirmw Tainted: P      D    OE   
4.8.0-25-generic #27-Ubuntu
[   75.257850] Hardware name: System manufacturer System Product Name/M4N78 
PRO, BIOS 1303    04/13/2011
[   75.257852] task: ffff9dfb487e0d00 task.stack: ffff9dfb48490000
[   75.257854] RIP: 0010:[<ffffffff9d82e647>]  [<ffffffff9d82e647>] 
__check_object_size+0x77/0x1dc
[   75.257860] RSP: 0018:ffff9dfb48493ca0  EFLAGS: 00010286
[   75.257862] RAX: 0000000000000063 RBX: ffff9dfb48493d38 RCX: 0000000000000000
[   75.257863] RDX: 0000000000000000 RSI: ffff9dfbf7c4dc68 RDI: ffff9dfbf7c4dc68
[   75.257865] RBP: ffff9dfb48493cc0 R08: 000000000003eee3 R09: 0000000000000005
[   75.257867] R10: ffff9dfb5fc43238 R11: 000000000000040a R12: 0000000000000010
[   75.257868] R13: 0000000000000000 R14: ffff9dfb48493d48 R15: 00007ffdccd9da50
[   75.257870] FS:  00007fbd30601780(0000) GS:ffff9dfbf7c40000(0000) 
knlGS:0000000000000000
[   75.257872] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.257874] CR2: 00007fbd2f3e4150 CR3: 00000000a024a000 CR4: 00000000000006e0
[   75.257875] Stack:
[   75.257877]  ffff9dfb48493d38 0000000000000010 00007ffdccd9da50 
ffff9dfbed7436c8
[   75.257880]  ffff9dfb48493ce8 ffffffffc11c11eb ffff9dfb48493d38 
0000000000010000
[   75.257883]  0000000000000000 00007ffdccd9da50 ffffffffc11a377a 
ffff9dfb57e7d000
[   75.257885] Call Trace:
[   75.257946]  [<ffffffffc11c11eb>] __dl_copy_from_user+0x1b/0x40 [blackmagic]
[   75.257974]  [<ffffffffc11a377a>] 
_ZN18IoctlMessageKernel6unpackEv+0x4a/0x160 [blackmagic]
[   75.257997]  [<ffffffffc116e62b>] ? blackmagic_ioctl_private+0x35db/0x4080 
[blackmagic]
[   75.258001]  [<ffffffff9d7a18a2>] ? filemap_map_pages+0x202/0x410
[   75.258004]  [<ffffffff9d8444a5>] ? do_filp_open+0xa5/0x100
[   75.258008]  [<ffffffff9d75776c>] ? trace_buffer_lock_reserve+0x1c/0x50
[   75.258011]  [<ffffffff9d757812>] ? trace_event_buffer_lock_reserve+0x72/0xf0
[   75.258036]  [<ffffffffc11bfff9>] ? blackmagic_ioctl+0x49/0x60 [blackmagic]
[   75.258039]  [<ffffffff9d847843>] ? do_vfs_ioctl+0xa3/0x610
[   75.258042]  [<ffffffff9d8432b4>] ? putname+0x54/0x60
[   75.258045]  [<ffffffff9d83158c>] ? do_sys_open+0x1bc/0x280
[   75.258047]  [<ffffffff9d847e29>] ? SyS_ioctl+0x79/0x90
[   75.258051]  [<ffffffff9de9f076>] ? entry_SYSCALL_64_fastpath+0x1e/0xa8
[   75.258052] Code: 48 0f 44 d1 48 c7 c6 78 4d 2a 9e 48 c7 c1 5c a5 29 9e 48 
0f 44 f1 4d 89 e1 49 89 c0 48 89 d9 48 c7 c7 f8 19 2a 9e e8 bd 03 f7 ff <0f> 0b 
e8 12 d6 fb ff 85 c0 75 78 48 89 df e8 96 2c e4 ff 84 c0 
[   75.258079] RIP  [<ffffffff9d82e647>] __check_object_size+0x77/0x1dc
[   75.258082]  RSP <ffff9dfb48493ca0>
[   75.258085] ---[ end trace 476b12ac04efcae0 ]---

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1628686

Title:
  kernel BUG at linux-4.8.0/mm/usercopy.c:75!

Status in linux package in Ubuntu:
  Triaged

Bug description:
  This kernel warning occurs on Ubuntu 16.10 guests with Linux 4.8 on
  VMware Fusion. The VM will boot but does not make it a graphical
  display.

  usercopy: kernel memory overwrite attempt detected to ffff9bdaf3e00000 
(<spans multiple pages>) (4392 bytes)
  ------------[ cut here ]------------
  kernel BUG at /build/linux-FGN3Aj/linux-4.8.0/mm/usercopy.c:75!
  invalid opcode: 0000 [#1] SMP
  Modules linked in: intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul 
ghash_clmulni_intel ipmi_msghandler aesni_intel vmw_balloon aes_x86_64 lrw 
glue_helper ablk_helper cryptd intel_rapl_perf joydev input_leds serio_raw 
binfmt_misc snd_ens1371 snd_ac97_codec gameport ac97_bus snd_pcm uvcvideo 
videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core snd_seq_midi 
videodev snd_seq_midi_event media snd_rawmidi snd_seq snd_seq_device btusb 
btrtl btbcm snd_timer btintel snd bluetooth soundcore i2c_piix4 vmw_vmci shpchp 
nfit floppy(+) mac_hid parport_pc ppdev lp parport ip_tables x_tables autofs4 
hid_generic usbhid hid vmwgfx ttm psmouse drm_kms_helper syscopyarea 
sysfillrect ahci libahci e1000 mptspi mptscsih mptbase scsi_transport_spi 
sysimgblt fb_sys_fops drm pata_acpi fjes
  CPU: 0 PID: 1293 Comm: glxinfo Not tainted 4.8.0-17-generic #19-Ubuntu
  Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference 
Platform, BIOS 6.00 07/02/2015
  task: ffff9bdb74465580 task.stack: ffff9bdb73f00000
  RIP: 0010:[<ffffffff9cc2e421>]  [<ffffffff9cc2e421>] 
__check_object_size+0x111/0x49b
  RSP: 0018:ffff9bdb73f03c58  EFLAGS: 00010282
  RAX: 000000000000006c RBX: ffff9bdaf3e00000 RCX: 0000000000000000
  RDX: 0000000000000000 RSI: ffff9bdb7a60dc68 RDI: ffff9bdb7a60dc68
  RBP: ffff9bdb73f03ca0 R08: 79706f6372657375 R09: 656b203a79706f63
  R10: 00003fffc0000000 R11: 00000000000006c1 R12: 0000000000001128
  R13: 0000000000000000 R14: ffff9bdaf3e01128 R15: ffff9bdaf3e01127
  FS:  00007f22f6d20740(0000) GS:ffff9bdb7a600000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 000055b6cf2c71c8 CR3: 00000000b3f91000 CR4: 00000000001406f0
  Stack:
   ffff9bdb73f16ce8 ffff9bdb73f03ca0 ffffffffc03df765 00003fffc0000000
   ffff9bdaf41c0000 000055b6cf0ca1b0 ffff9bdb73edbc00 ffff9bdaf3e00000
   0000000000001128 ffff9bdb73f03d90 ffffffffc03c6f0f ffff9bdb73f03d08
  Call Trace:
   [<ffffffffc03df765>] ? vmw_cmdbuf_alloc+0x175/0x240 [vmwgfx]
   [<ffffffffc03c6f0f>] vmw_execbuf_process+0x8bf/0x1250 [vmwgfx]
   [<ffffffff9cc2e43d>] ? __check_object_size+0x12d/0x49b
   [<ffffffffc0246dd6>] ? drm_ioctl+0x236/0x4f0 [drm]
   [<ffffffff9cbab015>] ? __alloc_pages_nodemask+0x135/0x300
   [<ffffffffc03b0cb4>] ? ttm_read_lock+0x34/0xc0 [ttm]
   [<ffffffffc03c79c6>] vmw_execbuf_ioctl+0xe6/0x180 [vmwgfx]
   [<ffffffffc03cb919>] vmw_generic_ioctl+0x249/0x280 [vmwgfx]
   [<ffffffffc03cb985>] vmw_unlocked_ioctl+0x15/0x20 [vmwgfx]
   [<ffffffff9cc47843>] do_vfs_ioctl+0xa3/0x610
   [<ffffffff9ca6b3b3>] ? __do_page_fault+0x203/0x4d0
   [<ffffffff9cc47e29>] SyS_ioctl+0x79/0x90
   [<ffffffff9d299c76>] entry_SYSCALL_64_fastpath+0x1e/0xa8
  Code: 1f 03 00 00 49 c7 c0 86 36 6a 9d 48 c7 c2 30 0b 68 9d 48 c7 c6 4c 8e 69 
9d 4d 89 e1 48 89 d9 48 c7 c7 10 03 6a 9d e8 03 05 f7 ff <0f> 0b 4c 8b 75 b8 48 
8b 5d d0 45 89 fd 4c 8b 65 c8 4c 89 e6 48 
  RIP  [<ffffffff9cc2e421>] __check_object_size+0x111/0x49b
   RSP <ffff9bdb73f03c58>
  ---[ end trace 48bce713521eb13e ]---

  
  Disabling CONFIG_HARDENED_USERCOPY_PAGESPAN works around this issue. 

  
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e1f74ea02cf4562404c48c6882214821552c13f

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1628686/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to