Description of problem: Message from syslogd@XXX at Jan 22 16:33:26 ... kernel:usercopy: kernel memory exposure attempt detected from ffff8882d4b38bac Version-Release number of selected component (if applicable): Fedora 25 kernel:Linux XXX 4.9.4-201.fc25.x86_64 How reproducible: appears suddenly Steps to Reproduce: 1. boot 2. login 3. Actual results: Message from syslogd@XXX at Jan 22 16:33:26 ... kernel:usercopy: kernel memory exposure attempt detected from ffff8882d4b38bac Expected results: - Additional info:
Can you give the kernel logs from when this happened?
please close the request. Thanks.
I have suffered the same issue and can provide data for analysis. Mar 31 20:41:07 charon audit: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 31 20:41:07 charon audit: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 31 20:41:31 charon audit: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=4585 comm="vmx-svga" exe="/usr/lib/vmware/bin/vmware-vmx" sig=6 Mar 31 20:41:31 charon abrt-hook-ccpp: Process 4585 (vmware-vmx) of user 1000 killed by SIGABRT - dumping core Mar 31 20:41:31 charon abrt-hook-ccpp: /var/spool/abrt is 1683064181 bytes (more than 1279MiB), deleting 'ccpp-2017-03-31-20:36:59-3998' Mar 31 20:41:46 charon plasmashell: QQuickItem::stackAfter: Cannot stack after 0x560d4a42afa0, which must be a sibling Mar 31 20:42:05 charon audit: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=4685 comm="vmx-svga" exe="/usr/lib/vmware/bin/vmware-vmx" sig=6 Mar 31 20:42:05 charon abrt-hook-ccpp: Process 4685 (vmware-vmx) of user 1000 killed by SIGABRT - dumping core Mar 31 20:42:05 charon abrt-hook-ccpp: /var/spool/abrt is 1717299431 bytes (more than 1279MiB), deleting 'ccpp-2017-03-31-20:41:31-4585' Mar 31 20:42:06 charon kernel: usercopy: kernel memory exposure attempt detected from ffff951f7abc6000 (Acpi-Parse) (4096 bytes) Mar 31 20:42:06 charon kernel: ------------[ cut here ]------------ Mar 31 20:42:06 charon kernel: kernel BUG at mm/usercopy.c:75! Mar 31 20:42:06 charon kernel: invalid opcode: 0000 [#2] SMP Mar 31 20:42:06 charon kernel: Modules linked in: ccm rfcomm ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_broute bridge stp llc ebtable_nat ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6ta ble_raw ip6table_mangle ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_raw iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter ip6_tables vmnet(OE) ppd ev parport_pc parport fuse vmw_vsock_vmci_transport vsock vmw_vmci vmmon(OE) cmac bnep arc4 iTCO_wdt iTCO_vendor_support mei_wdt intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp iwlmvm snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi kvm_intel mac80211 kvm snd_hda_intel snd_hda_codec uvcvideo snd_hda_core irqbypass snd_hwdep intel_cstate Mar 31 20:42:06 charon kernel: iwlwifi intel_uncore snd_seq btusb intel_rapl_perf snd_seq_device btrtl videobuf2_vmalloc btbcm videobuf2_memops videobuf2_v4l2 btintel videobuf2_core bluetooth snd_pcm cfg80211 videodev joydev i2c_i801 int el_pch_thermal media thinkpad_acpi rtsx_pci_ms memstick lpc_ich snd_timer shpchp mei_me snd mei soundcore wmi rfkill tpm_tis tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc dm_crypt uas usb_storage i915 rtsx_pci_sdmmc mmc_co re crct10dif_pclmul crc32_pclmul crc32c_intel i2c_algo_bit drm_kms_helper ghash_clmulni_intel e1000e drm serio_raw rtsx_pci ptp pps_core fjes video Mar 31 20:42:06 charon kernel: CPU: 0 PID: 4650 Comm: vmx-svga Tainted: G D OE 4.10.6-200.fc25.x86_64 #1 Mar 31 20:42:06 charon kernel: CPU: 0 PID: 4650 Comm: vmx-svga Tainted: G D OE 4.10.6-200.fc25.x86_64 #1 Mar 31 20:42:06 charon kernel: Hardware name: LENOVO 20BWS3510K/20BWS3510K, BIOS JBET56WW (1.21 ) 01/27/2016 Mar 31 20:42:06 charon kernel: task: ffff95204f02cb00 task.stack: ffffb1d00a964000 Mar 31 20:42:06 charon kernel: RIP: 0010:__check_object_size+0x77/0x1d7 Mar 31 20:42:06 charon kernel: RSP: 0018:ffffb1d00a967940 EFLAGS: 00010286 Mar 31 20:42:06 charon kernel: RAX: 0000000000000061 RBX: ffff951f7abc6000 RCX: 0000000000000000 Mar 31 20:42:06 charon kernel: RDX: 0000000000000000 RSI: ffff95206dc0e0e8 RDI: ffff95206dc0e0e8 Mar 31 20:42:06 charon kernel: RBP: ffffb1d00a967960 R08: 0000000000098c30 R09: 00000000000003cb Mar 31 20:42:06 charon kernel: R10: 0000000000000038 R11: ffffffffb6224d0d R12: 0000000000001000 Mar 31 20:42:06 charon kernel: R13: 0000000000000001 R14: ffff951f7abc7000 R15: 00007efc095734a0 Mar 31 20:42:06 charon kernel: FS: 00007efc09577700(0000) GS:ffff95206dc00000(0000) knlGS:0000000000000000 Mar 31 20:42:06 charon kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Mar 31 20:42:06 charon kernel: CR2: 00007fb4cef3d000 CR3: 000000023b31d000 CR4: 00000000003406f0 Mar 31 20:42:06 charon kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Mar 31 20:42:06 charon kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Mar 31 20:42:06 charon kernel: Call Trace: Mar 31 20:42:06 charon kernel: HostIF_CopyToUser+0x26/0x50 [vmmon] Mar 31 20:42:06 charon kernel: HostIF_ReadPage+0x6d/0xc0 [vmmon] Mar 31 20:42:06 charon kernel: LinuxDriver_Ioctl+0x7bc/0xb10 [vmmon] Mar 31 20:42:06 charon kernel: ? __find_get_block+0xb4/0x260 Mar 31 20:42:06 charon kernel: ? find_get_pages+0x1bb/0x290 Mar 31 20:42:06 charon kernel: ? __ext4_handle_dirty_metadata+0x48/0x200 Mar 31 20:42:06 charon kernel: ? ext4_mark_iloc_dirty+0x53e/0x7c0 Mar 31 20:42:06 charon kernel: ? __ext4_journal_get_write_access+0x3b/0x80 Mar 31 20:42:06 charon kernel: ? __wake_up+0x44/0x50 Mar 31 20:42:06 charon kernel: ? jbd2_journal_stop+0x1a1/0x3f0 Mar 31 20:42:06 charon kernel: ? ext4_dirty_inode+0x5c/0x70 Mar 31 20:42:06 charon kernel: ? __ext4_journal_stop+0x3d/0xa0 Mar 31 20:42:06 charon kernel: ? ext4_da_write_end+0x136/0x2b0 Mar 31 20:42:06 charon kernel: ? iov_iter_copy_from_user_atomic+0xb2/0x340 Mar 31 20:42:06 charon kernel: ? generic_perform_write+0x13c/0x1c0 Mar 31 20:42:06 charon kernel: ? __generic_file_write_iter+0x185/0x1d0 Mar 31 20:42:06 charon kernel: ? ext4_file_write_iter+0x96/0x370 Mar 31 20:42:06 charon kernel: ? set_next_entity+0xc3/0x1a0 Mar 31 20:42:06 charon kernel: do_vfs_ioctl+0xa3/0x5f0 Mar 31 20:42:06 charon kernel: SyS_ioctl+0x79/0x90 Mar 31 20:42:06 charon kernel: entry_SYSCALL_64_fastpath+0x1a/0xa9 Mar 31 20:42:06 charon kernel: RIP: 0033:0x7efe40a9f787 Mar 31 20:42:06 charon kernel: RSP: 002b:00007efc09573498 EFLAGS: 00003206 ORIG_RAX: 0000000000000010 Mar 31 20:42:06 charon kernel: RAX: ffffffffffffffda RBX: 00000000000c63e0 RCX: 00007efe40a9f787 Mar 31 20:42:06 charon kernel: RDX: 00007efc095734a0 RSI: 00000000000007e6 RDI: 000000000000000f Mar 31 20:42:06 charon kernel: RBP: 00007efc095733b0 R08: fffffffffffffff0 R09: 00007efc040163e0 Mar 31 20:42:06 charon kernel: R10: 00007efc09573aa1 R11: 0000000000003206 R12: 000000000023444e Mar 31 20:42:06 charon kernel: R13: 0000000000004000 R14: 00007efc04001120 R15: 0000000000000000 Mar 31 20:42:06 charon kernel: Code: 48 0f 44 d1 48 c7 c6 b4 c3 c6 b5 48 c7 c1 e5 fe c5 b5 48 0f 44 f1 4d 89 e1 49 89 c0 48 89 d9 48 c7 c7 90 87 c6 b5 e8 f8 60 f6 ff <0f> 0b e8 b2 78 fb ff 85 c0 75 73 48 89 df e8 a6 fb e0 ff 84 c0 Mar 31 20:42:06 charon kernel: RIP: __check_object_size+0x77/0x1d7 RSP: ffffb1d00a967940 Mar 31 20:42:06 charon kernel: ---[ end trace 650b4605bf2d6e5f ]--- Mar 31 20:42:08 charon abrt-dump-journal-oops: abrt-dump-journal-oops: Found oopses: 1 Mar 31 20:42:08 charon abrt-dump-journal-oops: abrt-dump-journal-oops: Creating problem directories Mar 31 20:42:08 charon abrt-server: Can't find a meaningful backtrace for hashing in '.' Mar 31 20:42:08 charon abrt-server: Option 'DropNotReportableOopses' is not configured Mar 31 20:42:08 charon abrt-server: Preserving oops '.' because DropNotReportableOopses is 'no' Just let me know what you need and I will add when possible.
This is coming from the out of tree vmware modules which Fedora doesn't support. This issue must be reported to vmware.
OK thank you.