kernel BUG at mm/usercopy.c:103! with "usercopy: Kernel memory overwrite attempt detected to wrapped address"
Issue
- Kernel panic with below logs:
[566690.577830] usercopy: Kernel memory overwrite attempt detected to wrapped address (offset 0, size 18446635652195241984)!
[566690.577890] ------------[ cut here ]------------
[566690.577891] kernel BUG at mm/usercopy.c:103! <<<<
[566690.577910] invalid opcode: 0000 [#1] SMP NOPTI
[566690.577925] CPU: 20 PID: 2655319 Comm: vertica Kdump: loaded Tainted: P OE --------- - - 4.18.0-348.12.2.el8_5.x86_64 #1
[566690.577957] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 01/23/2021
[566690.577984] RIP: 0010:usercopy_abort+0x74/0x76
[566690.577998] Code: 0f 45 c6 51 48 89 f9 48 c7 c2 f5 33 0f b1 41 52 48 c7 c6 87 da 0d b1 48 c7 c7 c0 34 0f b1 48 0f 45 f2 48 89 c2 e8 2f fb e2 ff <0f> 0b 49 89 f0 48 89 f9 44 89 e2 31 f6 48 c7 c7 1c 34 0f b1 e8 73
[566690.578045] RSP: 0018:ffffb8ddf5cdfbd0 EFLAGS: 00010246
[566690.578059] RAX: 000000000000006c RBX: ffff9d64262750a0 RCX: 0000000000000000
[566690.578077] RDX: 0000000000000000 RSI: ffff9edabe116858 RDI: ffff9edabe116858
[566690.578095] RBP: ffffffffffffff60 R08: 0000000000000774 R09: 0000000000aaaaaa
[566690.578111] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[566690.578128] R13: ffff9d6426275000 R14: ffffb8ddf5cdfcf8 R15: 0000000000003c4d
[566690.578145] FS: 00007f04b8fd4700(0000) GS:ffff9edabe100000(0000) knlGS:0000000000000000
[566690.578166] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[566690.578180] CR2: 00007f1cec9cd000 CR3: 00000001eee06005 CR4: 00000000007706e0
[566690.578197] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[566690.578215] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[566690.578232] PKRU: 55555554
[566690.578240] Call Trace:
[566690.578252] __check_object_size.cold.3+0x43/0x4f
[566690.578267] tcp_sendmsg_locked+0x5bc/0xd80
[566690.578285] ? entry_SYSCALL_64_after_hwframe+0xb9/0xca
[566690.578299] tcp_sendmsg+0x27/0x40
[566690.578317] sock_sendmsg+0x3e/0x50
[566690.578332] sock_write_iter+0x97/0x100
[566690.578347] do_iter_readv_writev+0x156/0x1b0
[566690.578360] do_iter_write+0x80/0x190
[566690.578373] vfs_writev+0xa3/0x100
[566690.578394] ? symev_fd_event+0x38/0x420 [symev_custom_4_18_0_348_12_2_el8_5_x86_64]
[566690.578416] do_writev+0x5c/0xf0
[566690.578432] hook_symev_writev+0x36/0x80 [symev_custom_4_18_0_348_12_2_el8_5_x86_64]
[566690.578455] do_syscall_64+0x5b/0x1a0
[566690.579167] entry_SYSCALL_64_after_hwframe+0x65/0xca
[566690.579755] RIP: 0033:0x7f5059e3674f
[566690.580319] Code: 00 00 00 41 54 41 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 63 d2 f8 ff 44 89 e2 48 89 ee 89 df 41 89 c0 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 9c d2 f8 ff 48
[566690.581443] RSP: 002b:00007f04b8fcf870 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
[566690.581997] RAX: ffffffffffffffda RBX: 00000000000000a9 RCX: 00007f5059e3674f
[566690.582539] RDX: 0000000000000003 RSI: 00007f1ae80024b0 RDI: 00000000000000a9
[566690.583069] RBP: 00007f1ae80024b0 R08: 0000000000000000 R09: 00007f1ae80024b0
[566690.583587] R10: 00000000000000a9 R11: 0000000000000293 R12: 0000000000000003
[566690.584091] R13: 00007f474419c3a0 R14: 00000000004422d0 R15: 00007f00dc009160
[566690.584590] Modules linked in: nf_tables nfnetlink symap_custom_4_18_0_348_12_2_el8_5_x86_64(POE) symev_custom_4_18_0_348_12_2_el8_5_x86_64(OE) nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfsv3 nfs_acl nfs lockd grace fscache binfmt_misc bonding tls vfat fat ext4 mbcache jbd2 rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm intel_rapl_msr intel_rapl_common isst_if_common nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm bnxt_re irqbypass ib_uverbs ib_core ipmi_ssif crct10dif_pclmul crc32_pclmul ghash_clmulni_intel rapl intel_cstate acpi_ipmi ses ipmi_si mei_me wmi enclosure pcspkr joydev intel_uncore hpwdt lpc_ich mei ipmi_devintf hpilo ioatdma ipmi_msghandler acpi_tad acpi_power_meter xfs libcrc32c qla2xxx mgag200 drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops crc32c_intel nvme_fc drm igb nvme_fabrics smartpqi nvme_core bnxt_en
[566690.584630] scsi_transport_sas scsi_transport_fc dca i2c_algo_bit sd_mod t10_pi sg uas usb_storage dm_mirror dm_region_hash dm_log dm_mod fuse [last unloaded: symevrm_custom_4_18_0_348_12_2_el8_5_x86_64]
Environment
- Red Hat Enterprise Linux (RHEL) 8 is assumed to be affected
- Issue was observed on these minor releases: 8.2, 8.5
- Multiple file systems/infrastructures are affected by the issue: CIFS, NBD, NFS
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.