RHEL7.8.z ppc64le crashes with a message "kernel BUG at mm/usercopy.c:72!" without any 3rd party module being loaded

Solution Unverified - Updated -

Issue

  • RHEL7.8.z ppc64le crashes with a message "kernel BUG at mm/usercopy.c:72!" without any 3rd party module being loaded.
[4335812.661201] usercopy: kernel memory overwrite attempt detected to c000001d50187b8c (kmalloc-16384) (8160 bytes)
[4335812.661683] ------------[ cut here ]------------
[4335812.661893] kernel BUG at mm/usercopy.c:72!
[4335812.662073] Oops: Exception in kernel mode, sig: 5 [#1]
[4335812.662268] SMP NR_CPUS=2048 NUMA PowerNV
[4335812.662463] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache bonding i2c_dev sunrpc at24 raid10 ofpart ipmi_powernv ipmi_devintf powernv_flash ipmi_msghandler mtd ibmpowernv opal_prd powernv_rng i2c_opal ip_tables xfs libcrc32c raid1 ast i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm mlx5_core drm tg3 mlxfw drm_panel_orientation_quirks devlink i2c_core ptp nvme pps_core nvme_core dm_mirror dm_region_hash dm_log dm_mod
[4335812.664417] CPU: 221 PID: 159505 Comm: postgres Kdump: loaded Tainted: G        W      ------------   3.10.0-1127.18.2.el7.ppc64le #1
[4335812.664951] task: c000001f33f18ae0 ti: c000012c5f6c8000 task.ti: c000012c5f6c8000
[4335812.665285] NIP: c000000000390748 LR: c000000000390744 CTR: 000000003003f36c
[4335812.665638] REGS: c000012c5f6cb170 TRAP: 0700   Tainted: G        W      ------------    (3.10.0-1127.18.2.el7.ppc64le)
[4335812.666091] MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 28022822  XER: 20000000
[4335812.666596] CFAR: c000000000afca28 SOFTE: 1 
                 GPR00: c000000000390744 c000012c5f6cb3f0 c00000000147ba00 0000000000000063 
                 GPR04: c00000012674a820 c00000012675d8e8 9000000000009033 0000000035d28060 
                 GPR08: 0000000000000007 0000000000000000 0000000125860000 9000000000001003 
                 GPR12: 0000000000002200 c000000007bac500 c000001f33f19d98 0000000000001fe8 
                 GPR16: 0000000000000000 0000000000000000 c000001d50187b84 0000000000000000 
                 GPR20: 0000000000001fe0 c000012c5f6cb6d0 c000012c5f6cbd78 c000017f303f4a00 
                 GPR24: 0000000000002328 0000000000001fe8 0000000000001fe8 0000000000001fe0 
                 GPR28: c000001d50189b6c 0000000000000000 0000000000001fe0 c000001d50187b8c 
[4335812.669796] NIP [c000000000390748] __check_object_size+0xa8/0x2b0
[4335812.670111] LR [c000000000390744] __check_object_size+0xa4/0x2b0
[4335812.670402] Call Trace:
[4335812.670535] [c000012c5f6cb3f0] [c000000000390744] __check_object_size+0xa4/0x2b0 (unreliable)
[4335812.670920] [c000012c5f6cb470] [c00000000007f67c] copy_from_user+0x9c/0xe0
[4335812.671274] [c000012c5f6cb4b0] [c00000000091a630] memcpy_fromiovecend+0xc0/0x130
[4335812.671632] [c000012c5f6cb500] [c0000000009ab82c] ip_generic_getfrag+0xec/0x120
[4335812.671973] [c000012c5f6cb540] [c0000000009ac49c] __ip_append_data.isra.37+0xa0c/0xc30
[4335812.672320] [c000012c5f6cb660] [c0000000009affd0] ip_make_skb+0x180/0x2d0
[4335812.672619] [c000012c5f6cb770] [c0000000009ee750] udp_sendmsg+0x510/0x9a0
[4335812.672884] [c000012c5f6cb920] [c000000000a8ec48] udpv6_sendmsg+0x1b8/0xbf0
[4335812.673143] [c000012c5f6cbaf0] [c000000000a03e34] inet_sendmsg+0x84/0x180
[4335812.673423] [c000012c5f6cbb30] [c0000000008fd01c] sock_sendmsg+0xfc/0x150
[4335812.673677] [c000012c5f6cbca0] [c00000000090354c] SyS_sendto+0x15c/0x240
[4335812.673940] [c000012c5f6cbdd0] [c000000000904bc8] SyS_socketcall+0x2d8/0x430
[4335812.674246] [c000012c5f6cbe30] [c00000000000a288] system_call+0x3c/0x100
[4335812.674527] Instruction dump:
[4335812.674673] 3c82ff8a 3ca2ff91 3884cf18 38a5f4d0 418201f8 7c671b78 3c62ff8b 7fe6fb78 
[4335812.675016] 3863aad0 7fc8f378 4876c289 60000000 <0fe00000> 60420000 3d02ff69 39084600 
[4335812.686964] ---[ end trace 793fca2a997c4fa4 ]---
[4335812.764034] 
[4335812.764134] Sending IPI to other CPUs
[4335812.765695] IPI complete

PID: 159505  TASK: c000001f33f18ae0  CPU: 221  COMMAND: "postgres"
 #0 [c000012c5f6cae20] crash_kexec at c0000000001c2304
 #1 [c000012c5f6cae50] die at c000000000029788
 #2 [c000012c5f6caef0] _exception at c000000000029ab4
 #3 [c000012c5f6cb080] program_check_exception at c000000000aebfd8
 #4 [c000012c5f6cb100] program_check_common at c000000000006308
 Program Check [700] exception frame:
 R0:  c000000000390744    R1:  c000012c5f6cb3f0    R2:  c00000000147ba00   
 R3:  0000000000000063    R4:  c00000012674a820    R5:  c00000012675d8e8   
 R6:  9000000000009033    R7:  0000000035d28060    R8:  0000000000000007   
 R9:  0000000000000000    R10: 0000000125860000    R11: 9000000000001003   
 R12: 0000000000002200    R13: c000000007bac500    R14: c000001f33f19d98   
 R15: 0000000000001fe8    R16: 0000000000000000    R17: 0000000000000000   
 R18: c000001d50187b84    R19: 0000000000000000    R20: 0000000000001fe0   
 R21: c000012c5f6cb6d0    R22: c000012c5f6cbd78    R23: c000017f303f4a00   
 R24: 0000000000002328    R25: 0000000000001fe8    R26: 0000000000001fe8   
 R27: 0000000000001fe0    R28: c000001d50189b6c    R29: 0000000000000000   
 R30: 0000000000001fe0    R31: c000001d50187b8c   
 NIP: c000000000390748    MSR: 9000000000029033    OR3: c000000000afca28
 CTR: 000000003003f36c    LR:  c000000000390744    XER: 0000000020000000
 CCR: 0000000028022822    MQ:  0000000000000001    DAR: d000000028022848
 DSISR: c0000000005a6a64     Syscall Result: 0000000000000000
 [NIP  : __check_object_size+168]
 [LR   : __check_object_size+164]
 #5 [c000012c5f6cb3f0] __check_object_size at c000000000390748  (unreliable)
 #6 [c000012c5f6cb470] copy_from_user at c00000000007f67c
 #7 [c000012c5f6cb4b0] memcpy_fromiovecend at c00000000091a630
 #8 [c000012c5f6cb500] ip_generic_getfrag at c0000000009ab82c
 #9 [c000012c5f6cb540] __ip_append_data at c0000000009ac49c
#10 [c000012c5f6cb660] ip_make_skb at c0000000009affd0
#11 [c000012c5f6cb770] udp_sendmsg at c0000000009ee750
#12 [c000012c5f6cb920] udpv6_sendmsg at c000000000a8ec48
#13 [c000012c5f6cbaf0] inet_sendmsg at c000000000a03e34
#14 [c000012c5f6cbb30] sock_sendmsg at c0000000008fd01c
#15 [c000012c5f6cbca0] sys_sendto at c00000000090354c
#16 [c000012c5f6cbdd0] sys_socketcall at c000000000904bc8
#17 [c000012c5f6cbe30] system_call at c00000000000a288
 System Call [c00] exception frame:
 R0:  0000000000000066    R1:  00003fffc49398a0    R2:  00003fff976d7f00   
 R3:  000000000000000b    R4:  00003fffc49398d0    R5:  0000000000001fe0   
 R6:  0000000000000000    R7:  0000000000000002    R8:  0000000000000000   
 R9:  0000000000000000    R10: 0000000000000000    R11: 0000000000000000   
 R12: 0000000000000000    R13: 00003fff968baaf0    R14: 0000000000000051   
 R15: fffffffffffffffb    R16: 00000000113da5d2    R17: 0000000011126dd0   
 R18: 0000000010feef10    R19: 00000000001e8480    R20: 00000000113f37f0   
 R21: 020c49ba5e353f7d    R22: 20c49ba5e353f7cf    R23: ffffffffffffffff   
 R24: 0000000000000000    R25: 0000010038311ce0    R26: 00000100382f2478   
 R27: 000001003837da50    R28: 0000010038311e70    R29: 0000010038311c88   
 R30: 000001003837da18    R31: 0000010038311c88   
 NIP: 00003fff976b3ee8    MSR: 900000010280f033    OR3: 000000000000000b
 CTR: 0000000000000000    LR:  00003fff976b3eb0    XER: 0000000000000000
 CCR: 0000000044024848    MQ:  0000000000000001    DAR: 00003fff81648014
 DSISR: 0000000040000000     Syscall Result: 0000000000000000

Environment

  • Red Hat Enterprise Linux 7.8.z (kernel-3.10.0-1127.18.2.el7.ppc64le)
  • IBM POWER8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content