Bug 1650989 - [abrt] __check_heap_object: kernel BUG at mm/usercopy.c:102!
Summary: [abrt] __check_heap_object: kernel BUG at mm/usercopy.c:102!
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 29
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:b84ddc495d67ebf6cc78ad6d2e7...
: 1707013 1714692 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-18 14:23 UTC by Phil Baker
Modified: 2019-05-28 17:00 UTC (History)
24 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-04-01 19:50:51 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: dmesg (72.74 KB, text/plain)
2018-11-18 14:23 UTC, Phil Baker
no flags Details

Description Phil Baker 2018-11-18 14:23:42 UTC
Description of problem:
Was notified after logging into the GNOME desktop session that there was a kernel error. Hardware is a Lenovo ThinkPad T560.

Additional info:
reporter:       libreport-2.9.6
kernel BUG at mm/usercopy.c:102!
invalid opcode: 0000 [#1] SMP PTI
CPU: 0 PID: 662 Comm: rngd Not tainted 4.19.2-300.fc29.x86_64 #1
Hardware name: LENOVO 20FHCTO1WW/20FHCTO1WW, BIOS N1KET41W (1.28 ) 09/12/2018
RIP: 0010:usercopy_abort+0x74/0x76
Code: 0f 45 c6 51 48 89 f9 48 c7 c2 23 1c 0e 8a 41 52 48 c7 c6 7a e8 0c 8a 48 c7 c7 e8 1c 0e 8a 48 0f 45 f2 48 89 c2 e8 49 ce e6 ff <0f> 0b 49 89 e8 31 c9 44 89 e2 31 f6 48 c7 c7 57 1c 0e 8a e8 74 ff
RSP: 0018:ffffb5ee01fafdb0 EFLAGS: 00010246
RAX: 0000000000000065 RBX: ffff9dc2ea19db00 RCX: 0000000000000006
RDX: 0000000000000000 RSI: 0000000000000086 RDI: ffff9dc2f1216860
RBP: 000000000000017b R08: 0000000000000004 R09: 0000000000000003
R10: 0000000000000000 R11: ffffffff8a9b616d R12: 0000000000000001
R13: ffff9dc2ea19dc7b R14: 000000000000017b R15: 000000000000017b
FS:  00007f7c23320840(0000) GS:ffff9dc2f1200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f38702a9720 CR3: 0000000419b24004 CR4: 00000000003606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __check_heap_object+0xda/0x110
 __check_object_size+0xfa/0x181
 rng_dev_read+0x73/0x270
 __vfs_read+0x36/0x190
 vfs_read+0x8a/0x140
 ksys_read+0x4f/0xb0
 do_syscall_64+0x5b/0x160
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f7c23bccea5
Code: fe ff ff 50 48 8d 3d 02 e5 09 00 e8 75 11 02 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 78 0d 00 8b 00 85 c0 75 0f 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 53 c3 66 90 41 54 49 89 d4 55 48 89 f5 53 89
RSP: 002b:00007ffef59eb778 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00000000000009c4 RCX: 00007f7c23bccea5
RDX: 00000000000009c4 RSI: 00007ffef59eb7c0 RDI: 0000000000000003
RBP: 00007ffef59eb7c0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00005573da26e420
R13: 0000000000000000 R14: 00007ffef59eb7c0 R15: 00005573da26e420
Modules linked in: ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables bnep sunrpc vfat fat squashfs zstd_decompress xxhash loop arc4 iwlmvm intel_rapl x86_pkg_temp_thermal snd_soc_skl intel_powerclamp mac80211 snd_soc_skl_ipc coretemp snd_soc_sst_ipc snd_soc_sst_dsp kvm_intel snd_hda_codec_hdmi snd_hda_ext_core snd_soc_acpi_intel_match kvm snd_soc_acpi snd_soc_core mei_wdt snd_hda_codec_realtek iwlwifi snd_hda_codec_generic snd_compress iTCO_wdt ac97_bus snd_pcm_dmaengine iTCO_vendor_support snd_hda_intel wmi_bmof irqbypass crct10dif_pclmul crc32_pclmul snd_hda_codec ghash_clmulni_intel intel_cstate intel_uncore intel_rapl_perf cfg80211 uvcvideo snd_hda_core snd_hwdep videobuf2_vmalloc snd_seq videobuf2_memops videobuf2_v4l2 snd_seq_device videobuf2_common btusb snd_pcm
 btrtl btbcm videodev btintel bluetooth joydev media rtsx_pci_ms memstick snd_timer i2c_i801 mei_me mei intel_pch_thermal ecdh_generic thinkpad_acpi snd soundcore rfkill wmi pcc_cpufreq xfs libcrc32c i915 rtsx_pci_sdmmc mmc_core i2c_algo_bit drm_kms_helper e1000e drm crc32c_intel serio_raw rtsx_pci video

Comment 1 Phil Baker 2018-11-18 14:23:55 UTC
Created attachment 1506958 [details]
File: dmesg

Comment 2 Craig Robson 2019-03-31 22:28:18 UTC
Description of problem:
Failed shortly after or during reboot.

Version-Release number of selected component:
kernel-core-5.0.4-200.fc29

Additional info:
reporter:       libreport-2.10.0
cmdline:        BOOT_IMAGE=/vmlinuz-5.0.4-200.fc29.x86_64 root=/dev/mapper/fedora_localhost--live-root ro resume=/dev/mapper/fedora_localhost--live-swap rd.lvm.lv=fedora_localhost-live/root rd.luks.uuid=luks-54bdc7f3-2cca-4edb-97ce-b28c7d5c286f rd.lvm.lv=fedora_localhost-live/swap rhgb quiet LANG=en_US.UTF-8
crash_function: __check_heap_object
kernel:         5.0.4-200.fc29.x86_64
runlevel:       unknown
type:           Kerneloops

Truncated backtrace:
kernel BUG at mm/usercopy.c:102!
invalid opcode: 0000 [#1] SMP PTI
CPU: 0 PID: 1017 Comm: rngd Not tainted 5.0.4-200.fc29.x86_64 #1
Hardware name: LENOVO 20F6CTO1WW/20F6CTO1WW, BIOS R02ET69W (1.42 ) 12/27/2018
RIP: 0010:usercopy_abort+0x74/0x76
Code: 0f 45 c6 51 48 89 f9 48 c7 c2 bb 3d 0f 8b 41 52 48 c7 c6 49 00 0e 8b 48 c7 c7 80 3e 0f 8b 48 0f 45 f2 48 89 c2 e8 d1 81 e6 ff <0f> 0b 49 89 e8 31 c9 44 89 e2 31 f6 48 c7 c7 ef 3d 0f 8b e8 74 ff
RSP: 0018:ffffbae9c2503da8 EFLAGS: 00010246
RAX: 0000000000000065 RBX: ffffa08dcd280100 RCX: 0000000000000006
RDX: 0000000000000000 RSI: 0000000000000096 RDI: ffffa08dd12168c0
RBP: 000000000000017b R08: 000000000000036e R09: 0000000000000074
R10: 0000000000000000 R11: ffffbae9c2503c58 R12: 0000000000000001
R13: ffffa08dcd28027b R14: 000000000000017b R15: 000000000000017b
FS:  00007f4860db5840(0000) GS:ffffa08dd1200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055dd7a389ef8 CR3: 00000004024fc003 CR4: 00000000003606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __check_heap_object+0xda/0x110
 __check_object_size+0x15d/0x189
 rng_dev_read+0x73/0x270
 __vfs_read+0x36/0x1a0
 vfs_read+0x91/0x140
 ksys_read+0x4f/0xb0
 do_syscall_64+0x5b/0x160
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f486166df55
Code: fe ff ff 50 48 8d 3d 9a e5 09 00 e8 d5 11 02 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 c5 77 0d 00 8b 00 85 c0 75 0f 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 53 c3 66 90 41 54 49 89 d4 55 48 89 f5 53 89
RSP: 002b:00007ffefc282d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00000000000009c4 RCX: 00007f486166df55
RDX: 00000000000009c4 RSI: 00007ffefc282d60 RDI: 0000000000000003
RBP: 00007ffefc282d60 R08: 000056546ac46a00 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000056546954b420
R13: 0000000000000000 R14: 00007ffefc282d60 R15: 000056546954b420
Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ip6table_nat nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat_ipv4 nf_nat iptable_mangle iptable_raw iptable_security nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables cmac bnep sunrpc vfat fat arc4 snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core iTCO_wdt iTCO_vendor_support snd_soc_skl_ipc mei_wdt snd_hda_codec_hdmi snd_soc_sst_ipc intel_rapl snd_soc_sst_dsp x86_pkg_temp_thermal snd_soc_acpi_intel_match intel_powerclamp uvcvideo iwlmvm snd_soc_acpi snd_soc_core coretemp snd_hda_codec_realtek videobuf2_vmalloc btusb snd_hda_codec_generic videobuf2_memops btrtl btbcm snd_compress kvm_intel ac97_bus btintel videobuf2_v4l2 snd_pcm_dmaengine mac80211 snd_hda_intel videobuf2_common intel_cstate videodev snd_hda_codec intel_uncore intel_rapl_perf bluetooth snd_hda_core iwlwifi snd_hwdep snd_seq cfg80211
 joydev snd_seq_device media snd_pcm wmi_bmof ecdh_generic rtsx_pci_ms memstick thinkpad_acpi i2c_i801 snd_timer ledtrig_audio snd intel_xhci_usb_role_switch roles soundcore rfkill mei_me mei pcc_cpufreq intel_pch_thermal binfmt_misc dm_crypt i915 rtsx_pci_sdmmc mmc_core kvmgt mdev vfio crct10dif_pclmul kvm crc32_pclmul crc32c_intel irqbypass i2c_algo_bit drm_kms_helper ghash_clmulni_intel e1000e drm rtsx_pci serio_raw wmi video

Comment 3 Laura Abbott 2019-04-01 19:50:51 UTC
Fix posted. Given these were automated reports, I'll just close for now.

Comment 4 Patricia J Hawkins 2019-04-18 02:59:04 UTC
Description of problem:
I updated my Lenovo T560 laptop, and rebooted twice. Saw pulseaudio statusbar crash reports on the first reboot, saw a kernel-core crash and recovery on the second reboot. 

Version-Release number of selected component:
kernel-core-5.0.7-200.fc29

Additional info:
reporter:       libreport-2.10.0
cmdline:        BOOT_IMAGE=/vmlinuz-5.0.7-200.fc29.x86_64 root=/dev/mapper/fedora-root ro resume=/dev/mapper/fedora-swap rd.lvm.lv=fedora/root rd.luks.uuid=luks-47041a63-6a26-475d-89b2-b007a9d5e117 rd.lvm.lv=fedora/swap rhgb quiet LANG=en_US.UTF-8
crash_function: __check_heap_object
kernel:         5.0.7-200.fc29.x86_64
runlevel:       unknown
type:           Kerneloops

Truncated backtrace:
kernel BUG at mm/usercopy.c:102!
invalid opcode: 0000 [#1] SMP PTI
CPU: 3 PID: 5613 Comm: rngd Not tainted 5.0.7-200.fc29.x86_64 #1
Hardware name: LENOVO 20FHCTO1WW/20FHCTO1WW, BIOS N1KET43W (1.30 ) 03/14/2019
RIP: 0010:usercopy_abort+0x74/0x76
Code: 0f 45 c6 51 48 89 f9 48 c7 c2 5b 56 0f 99 41 52 48 c7 c6 e9 18 0e 99 48 c7 c7 20 57 0f 99 48 0f 45 f2 48 89 c2 e8 21 7e e6 ff <0f> 0b 49 89 e8 31 c9 44 89 e2 31 f6 48 c7 c7 8f 56 0f 99 e8 74 ff
RSP: 0018:ffffb0fc41557da8 EFLAGS: 00010246
RAX: 0000000000000066 RBX: ffff89349337995f RCX: 0000000000000006
RDX: 0000000000000000 RSI: 0000000000000096 RDI: ffff8934993968c0
RBP: 00000000000000dc R08: 000000000000037b R09: 0000000000000075
R10: 0000000000000000 R11: ffffb0fc41557c58 R12: 0000000000000001
R13: ffff893493379a3b R14: 00000000000000dc R15: 00000000000000dc
FS:  00007fd389c3e840(0000) GS:ffff893499380000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6c538e8aa8 CR3: 000000020502e006 CR4: 00000000003606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __check_heap_object+0xda/0x110
 __check_object_size+0x15d/0x189
 rng_dev_read+0x73/0x270
 __vfs_read+0x36/0x1a0
 vfs_read+0x91/0x140
 ksys_read+0x4f/0xb0
 do_syscall_64+0x5b/0x160
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fd38a4f5f25
Code: fe ff ff 50 48 8d 3d ba e5 09 00 e8 35 12 02 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 f5 77 0d 00 8b 00 85 c0 75 0f 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 53 c3 66 90 41 54 49 89 d4 55 48 89 f5 53 89
RSP: 002b:00007ffd62720e78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00000000000009c4 RCX: 00007fd38a4f5f25
RDX: 00000000000009c4 RSI: 00007ffd62720ec0 RDI: 0000000000000003
RBP: 00007ffd62720ec0 R08: 00005612ddf1fa00 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00005612ddb9f420
R13: 0000000000000000 R14: 00007ffd62720ec0 R15: 00005612ddb9f420
Modules linked in: nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ip6table_nat nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat_ipv4 nf_nat iptable_mangle iptable_raw iptable_security nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c cmac ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables rmi_smbus rmi_core bnep sunrpc vfat fat arc4 snd_soc_skl intel_rapl snd_soc_hdac_hda snd_hda_ext_core x86_pkg_temp_thermal mei_wdt snd_soc_skl_ipc iTCO_wdt intel_powerclamp iTCO_vendor_support coretemp snd_soc_sst_ipc snd_soc_sst_dsp iwlmvm snd_soc_acpi_intel_match snd_soc_acpi snd_hda_codec_hdmi snd_soc_core mac80211 uvcvideo btusb snd_hda_codec_realtek btrtl btbcm intel_cstate intel_uncore snd_hda_codec_generic btintel videobuf2_vmalloc snd_compress bluetooth intel_rapl_perf ac97_bus videobuf2_memops videobuf2_v4l2 snd_pcm_dmaengine snd_hda_intel videobuf2_common iwlwifi
 snd_hda_codec videodev snd_hda_core cfg80211 snd_hwdep snd_seq joydev snd_seq_device snd_pcm wmi_bmof media rtsx_pci_ms snd_timer i2c_i801 memstick ecdh_generic mei_me thinkpad_acpi mei intel_xhci_usb_role_switch roles intel_pch_thermal ledtrig_audio snd soundcore rfkill pcc_cpufreq dm_crypt i915 kvmgt mdev vfio kvm irqbypass i2c_algo_bit drm_kms_helper rtsx_pci_sdmmc mmc_core crct10dif_pclmul drm crc32_pclmul crc32c_intel e1000e serio_raw ghash_clmulni_intel rtsx_pci wmi video

Comment 5 Jeff Gehlbach 2019-05-06 15:38:22 UTC
*** Bug 1707013 has been marked as a duplicate of this bug. ***

Comment 6 Laura Abbott 2019-05-28 17:00:45 UTC
*** Bug 1714692 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.