RHEL7.8.z ppc64le crashes with a message "kernel BUG at mm/usercopy.c:72!" without any 3rd party module being loaded

Solution Unverified - Updated -

Issue

  • RHEL7.8.z ppc64le crashes with a message "kernel BUG at mm/usercopy.c:72!" without any 3rd party module being loaded.
[4335812.661201] usercopy: kernel memory overwrite attempt detected to c000001d50187b8c (kmalloc-16384) (8160 bytes)
[4335812.661683] ------------[ cut here ]------------
[4335812.661893] kernel BUG at mm/usercopy.c:72!
[4335812.662073] Oops: Exception in kernel mode, sig: 5 [#1]
[4335812.662268] SMP NR_CPUS=2048 NUMA PowerNV
[4335812.662463] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache bonding i2c_dev sunrpc at24 raid10 ofpart ipmi_powernv ipmi_devintf powernv_flash ipmi_msghandler mtd ibmpowernv opal_prd powernv_rng i2c_opal ip_tables xfs libcrc32c raid1 ast i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm mlx5_core drm tg3 mlxfw drm_panel_orientation_quirks devlink i2c_core ptp nvme pps_core nvme_core dm_mirror dm_region_hash dm_log dm_mod
[4335812.664417] CPU: 221 PID: 159505 Comm: postgres Kdump: loaded Tainted: G        W      ------------   3.10.0-1127.18.2.el7.ppc64le #1
[4335812.664951] task: c000001f33f18ae0 ti: c000012c5f6c8000 task.ti: c000012c5f6c8000
[4335812.665285] NIP: c000000000390748 LR: c000000000390744 CTR: 000000003003f36c
[4335812.665638] REGS: c000012c5f6cb170 TRAP: 0700   Tainted: G        W      ------------    (3.10.0-1127.18.2.el7.ppc64le)
[4335812.666091] MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 28022822  XER: 20000000
[4335812.666596] CFAR: c000000000afca28 SOFTE: 1 
                 GPR00: c000000000390744 c000012c5f6cb3f0 c00000000147ba00 0000000000000063 
                 GPR04: c00000012674a820 c00000012675d8e8 9000000000009033 0000000035d28060 
                 GPR08: 0000000000000007 0000000000000000 0000000125860000 9000000000001003 
                 GPR12: 0000000000002200 c000000007bac500 c000001f33f19d98 0000000000001fe8 
                 GPR16: 0000000000000000 0000000000000000 c000001d50187b84 0000000000000000 
                 GPR20: 0000000000001fe0 c000012c5f6cb6d0 c000012c5f6cbd78 c000017f303f4a00 
                 GPR24: 0000000000002328 0000000000001fe8 0000000000001fe8 0000000000001fe0 
                 GPR28: c000001d50189b6c 0000000000000000 0000000000001fe0 c000001d50187b8c 
[4335812.669796] NIP [c000000000390748] __check_object_size+0xa8/0x2b0
[4335812.670111] LR [c000000000390744] __check_object_size+0xa4/0x2b0
[4335812.670402] Call Trace:
[4335812.670535] [c000012c5f6cb3f0] [c000000000390744] __check_object_size+0xa4/0x2b0 (unreliable)
[4335812.670920] [c000012c5f6cb470] [c00000000007f67c] copy_from_user+0x9c/0xe0
[4335812.671274] [c000012c5f6cb4b0] [c00000000091a630] memcpy_fromiovecend+0xc0/0x130
[4335812.671632] [c000012c5f6cb500] [c0000000009ab82c] ip_generic_getfrag+0xec/0x120
[4335812.671973] [c000012c5f6cb540] [c0000000009ac49c] __ip_append_data.isra.37+0xa0c/0xc30
[4335812.672320] [c000012c5f6cb660] [c0000000009affd0] ip_make_skb+0x180/0x2d0
[4335812.672619] [c000012c5f6cb770] [c0000000009ee750] udp_sendmsg+0x510/0x9a0
[4335812.672884] [c000012c5f6cb920] [c000000000a8ec48] udpv6_sendmsg+0x1b8/0xbf0
[4335812.673143] [c000012c5f6cbaf0] [c000000000a03e34] inet_sendmsg+0x84/0x180
[4335812.673423] [c000012c5f6cbb30] [c0000000008fd01c] sock_sendmsg+0xfc/0x150
[4335812.673677] [c000012c5f6cbca0] [c00000000090354c] SyS_sendto+0x15c/0x240
[4335812.673940] [c000012c5f6cbdd0] [c000000000904bc8] SyS_socketcall+0x2d8/0x430
[4335812.674246] [c000012c5f6cbe30] [c00000000000a288] system_call+0x3c/0x100
[4335812.674527] Instruction dump:
[4335812.674673] 3c82ff8a 3ca2ff91 3884cf18 38a5f4d0 418201f8 7c671b78 3c62ff8b 7fe6fb78 
[4335812.675016] 3863aad0 7fc8f378 4876c289 60000000 <0fe00000> 60420000 3d02ff69 39084600 
[4335812.686964] ---[ end trace 793fca2a997c4fa4 ]---
[4335812.764034] 
[4335812.764134] Sending IPI to other CPUs
[4335812.765695] IPI complete

PID: 159505  TASK: c000001f33f18ae0  CPU: 221  COMMAND: "postgres"
 #0 [c000012c5f6cae20] crash_kexec at c0000000001c2304
 #1 [c000012c5f6cae50] die at c000000000029788
 #2 [c000012c5f6caef0] _exception at c000000000029ab4
 #3 [c000012c5f6cb080] program_check_exception at c000000000aebfd8
 #4 [c000012c5f6cb100] program_check_common at c000000000006308
 Program Check [700] exception frame:
 R0:  c000000000390744    R1:  c000012c5f6cb3f0    R2:  c00000000147ba00   
 R3:  0000000000000063    R4:  c00000012674a820    R5:  c00000012675d8e8   
 R6:  9000000000009033    R7:  0000000035d28060    R8:  0000000000000007   
 R9:  0000000000000000    R10: 0000000125860000    R11: 9000000000001003   
 R12: 0000000000002200    R13: c000000007bac500    R14: c000001f33f19d98   
 R15: 0000000000001fe8    R16: 0000000000000000    R17: 0000000000000000   
 R18: c000001d50187b84    R19: 0000000000000000    R20: 0000000000001fe0   
 R21: c000012c5f6cb6d0    R22: c000012c5f6cbd78    R23: c000017f303f4a00   
 R24: 0000000000002328    R25: 0000000000001fe8    R26: 0000000000001fe8   
 R27: 0000000000001fe0    R28: c000001d50189b6c    R29: 0000000000000000   
 R30: 0000000000001fe0    R31: c000001d50187b8c   
 NIP: c000000000390748    MSR: 9000000000029033    OR3: c000000000afca28
 CTR: 000000003003f36c    LR:  c000000000390744    XER: 0000000020000000
 CCR: 0000000028022822    MQ:  0000000000000001    DAR: d000000028022848
 DSISR: c0000000005a6a64     Syscall Result: 0000000000000000
 [NIP  : __check_object_size+168]
 [LR   : __check_object_size+164]
 #5 [c000012c5f6cb3f0] __check_object_size at c000000000390748  (unreliable)
 #6 [c000012c5f6cb470] copy_from_user at c00000000007f67c
 #7 [c000012c5f6cb4b0] memcpy_fromiovecend at c00000000091a630
 #8 [c000012c5f6cb500] ip_generic_getfrag at c0000000009ab82c
 #9 [c000012c5f6cb540] __ip_append_data at c0000000009ac49c
#10 [c000012c5f6cb660] ip_make_skb at c0000000009affd0
#11 [c000012c5f6cb770] udp_sendmsg at c0000000009ee750
#12 [c000012c5f6cb920] udpv6_sendmsg at c000000000a8ec48
#13 [c000012c5f6cbaf0] inet_sendmsg at c000000000a03e34
#14 [c000012c5f6cbb30] sock_sendmsg at c0000000008fd01c
#15 [c000012c5f6cbca0] sys_sendto at c00000000090354c
#16 [c000012c5f6cbdd0] sys_socketcall at c000000000904bc8
#17 [c000012c5f6cbe30] system_call at c00000000000a288
 System Call [c00] exception frame:
 R0:  0000000000000066    R1:  00003fffc49398a0    R2:  00003fff976d7f00   
 R3:  000000000000000b    R4:  00003fffc49398d0    R5:  0000000000001fe0   
 R6:  0000000000000000    R7:  0000000000000002    R8:  0000000000000000   
 R9:  0000000000000000    R10: 0000000000000000    R11: 0000000000000000   
 R12: 0000000000000000    R13: 00003fff968baaf0    R14: 0000000000000051   
 R15: fffffffffffffffb    R16: 00000000113da5d2    R17: 0000000011126dd0   
 R18: 0000000010feef10    R19: 00000000001e8480    R20: 00000000113f37f0   
 R21: 020c49ba5e353f7d    R22: 20c49ba5e353f7cf    R23: ffffffffffffffff   
 R24: 0000000000000000    R25: 0000010038311ce0    R26: 00000100382f2478   
 R27: 000001003837da50    R28: 0000010038311e70    R29: 0000010038311c88   
 R30: 000001003837da18    R31: 0000010038311c88   
 NIP: 00003fff976b3ee8    MSR: 900000010280f033    OR3: 000000000000000b
 CTR: 0000000000000000    LR:  00003fff976b3eb0    XER: 0000000000000000
 CCR: 0000000044024848    MQ:  0000000000000001    DAR: 00003fff81648014
 DSISR: 0000000040000000     Syscall Result: 0000000000000000

Environment

  • Red Hat Enterprise Linux 7.8.z (kernel-3.10.0-1127.18.2.el7.ppc64le)
  • IBM POWER8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In