System crash with kernel BUG at mm/usercopy.c:102!

Solution Verified - Updated -

Issue

  • Can be seen with Veritas vx* modules:
[216026.490924] usercopy: Kernel memory exposure attempt detected from SLUB object 'Acpi-Namespace' (offset 32, size 18)!
[216026.492242] ------------[ cut here ]------------
[216026.492244] kernel BUG at mm/usercopy.c:102!
[216026.493369] invalid opcode: 0000 [#1] SMP PTI
[216026.494462] CPU: 2 PID: 32219 Comm: vxscsiinq Kdump: loaded Tainted: P        W  OE    --------- -  - 4.18.0-147.el8.x86_64 #1
[216026.495624] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/30/2013
[216026.496901] RIP: 0010:usercopy_abort+0x74/0x76
[216026.497999] Code: 0f 45 c6 51 48 89 f9 48 c7 c2 45 80 ea a4 41 52 48 c7 c6 ad 63 e9 a4 48 c7 c7 10 81 ea a4 48 0f 45 f2 48 89 c2 e8 a9 56 e6 ff <0f> 0b 49 89 e8 31 c9 44 89 e2 31 f6 48 c
7 c7 79 80 ea a4 e8 74 ff
[216026.500383] RSP: 0018:ffffbd0fd8723a00 EFLAGS: 00010246
[216026.501500] RAX: 0000000000000069 RBX: ffff97440b898700 RCX: 0000000000000000
[216026.502627] RDX: 0000000000000000 RSI: ffff974575b16a08 RDI: ffff974575b16a08
[216026.503731] RBP: 0000000000000012 R08: 00000000000007bb R09: 0000000000aaaaaa
[216026.504833] R10: 0000000000000000 R11: ffffbd0fc2a49600 R12: 0000000000000001
[216026.505907] R13: ffff97440b898712 R14: 0000000000000012 R15: ffff974449bb4180
[216026.507015] FS:  00007f9be595a740(0000) GS:ffff974575b00000(0000) knlGS:0000000000000000
[216026.508182] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[216026.509333] CR2: 000055634d34d9d8 CR3: 000000016baf8000 CR4: 00000000000406e0
[216026.510522] Call Trace:
[216026.511610]  __check_heap_object+0xda/0x110
[216026.512677]  __check_object_size+0xfa/0x181
[216026.513732]  sg_io+0x397/0x450
[216026.514764]  ? __switch_to_asm+0x41/0x70
[216026.515811]  ? __switch_to_asm+0x35/0x70
[216026.516848]  ? __switch_to_asm+0x41/0x70
[216026.517862]  ? __switch_to_asm+0x35/0x70
[216026.518853]  ? __switch_to_asm+0x41/0x70
[216026.519850]  ? __switch_to_asm+0x35/0x70
[216026.520837]  scsi_cmd_ioctl+0x1b0/0x3d0
[216026.521789]  ? _cond_resched+0x15/0x30
[216026.522736]  ? scsi_block_when_processing_errors+0x22/0xc0
[216026.523716]  sd_ioctl+0x7c/0x100 [sd_mod]
[216026.524659]  blkdev_ioctl+0x32b/0x9f0
[216026.525607]  ? dmp_alloc+0xf2/0x1f0 [vxdmp]
[216026.526579]  block_ioctl+0x39/0x40
[216026.527479]  dmp_user_scsi_ioctl+0xb1/0x140 [vxdmp]
[216026.528395]  dmp_dev_ioctl+0x21/0x30 [vxdmp]
[216026.529290]  do_passthru_ioctl+0x33d/0xb50 [vxdmp]
[216026.530184]  dmp_passthru_ioctl+0x93/0xc0 [vxdmp]
[216026.531102]  gendmpioctl+0x6f1/0xa10 [vxdmp]
[216026.531986]  dmpioctl+0x35/0x60 [vxdmp]
[216026.532865]  dmp_ioctl+0x39/0x70 [vxdmp]
[216026.533752]  blkdev_ioctl+0x32b/0x9f0
[216026.534607]  ? selinux_file_ioctl+0x161/0x200
[216026.535461]  block_ioctl+0x39/0x40
[216026.536308]  do_vfs_ioctl+0xa4/0x630
....
  • Or emcpower modules:
[214217.179288] usercopy: Kernel memory exposure attempt detected from SLUB object 'anon_vma(642:sshd.service)' (offset 80, size 22)!
[214217.179295] ------------[ cut here ]------------
[214217.179296] kernel BUG at mm/usercopy.c:102!
[214217.179299] invalid opcode: 0000 [#1] SMP PTI
[214217.179301] CPU: 14 PID: 2631100 Comm: pool Kdump: loaded Tainted: P        W  OE    --------- -  - 4.18.0-193.el8.x86_64 #1
[214217.179302] Hardware name: Dell Inc. PowerEdge R630/02C2CP, BIOS 2.8.0 005/17/2018
[214217.179306] RIP: 0010:usercopy_abort+0x74/0x76
[214217.179308] Code: 0f 45 c6 51 48 89 f9 48 c7 c2 45 5b 2b 94 41 52 48 c7 c6 b5 30 2a 94 48 c7 c7 10 5c 2b 94 48 0f 45 f2 48 89 c2 e8 7f ae e5 ff <0f> 0b 49 89 f0 48 89 f9 44 89 e2 31 f6 48 c7 c7 6c 5b 2b 94 e8 73
[214217.179309] RSP: 0018:ffffbee70b0fbc48 EFLAGS: 00010246
[214217.179310] RAX: 0000000000000075 RBX: ffff9ae487b3e788 RCX: 0000000000000000
[214217.179311] RDX: 0000000000000000 RSI: ffff9ae57f7d6a08 RDI: ffff9ae57f7d6a08
[214217.179311] RBP: 0000000000000016 R08: 000000000000088c R09: 0000000000000085
[214217.179312] R10: 0000000000000000 R11: ffffbee70b0fbaf8 R12: 0000000000000001
[214217.179313] R13: ffff9ae487b3e79e R14: 0000000000000016 R15: ffff9ae5777e9800
[214217.179314] FS:  00007f5707088700(0000) GS:ffff9ae57f7c0000(0000) knlGS:0000000000000000
[214217.179315] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[214217.179315] CR2: 00007fdfe5e95800 CR3: 000000102d72e002 CR4: 00000000003606e0
[214217.179316] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[214217.179317] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[214217.179317] Call Trace:
[214217.179322]  __check_heap_object+0xda/0x110
[214217.179324]  __check_object_size+0xff/0x16b
[214217.179327]  sg_io+0x395/0x450
[214217.179329]  scsi_cmd_ioctl+0x1b0/0x3d0
[214217.179332]  ? _cond_resched+0x15/0x30
[214217.179335]  ? scsi_block_when_processing_errors+0x22/0xc0
[214217.179339]  sd_ioctl+0x7c/0x100 [sd_mod]
[214217.179343]  blkdev_ioctl+0x32b/0x9f0
[214217.179346]  ? selinux_file_ioctl+0x161/0x200
[214217.179349]  block_ioctl+0x39/0x40
[214217.179351]  do_vfs_ioctl+0xa4/0x630
[214217.179353]  ksys_ioctl+0x60/0x90
[214217.179354]  __x64_sys_ioctl+0x16/0x20
[214217.179357]  do_syscall_64+0x5b/0x1a0
[214217.179358]  entry_SYSCALL_64_after_hwframe+0x65/0xca

Environment

  • Red Hat Enterprise Linux 8
  • Veritas kernel modules loaded
  • EMC powerpath modules loaded

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content