Bug 1881695 - [abrt] fixup_exception: General protection fault in user access. Non-canonical address?
Summary: [abrt] fixup_exception: General protection fault in user access. Non-canonica...
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 32
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:86ce858dc0e51dad97fe3492bd6...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-22 22:01 UTC by Török Edwin
Modified: 2021-05-25 16:46 UTC (History)
19 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2021-05-25 16:46:26 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
File: dmesg (255.75 KB, text/plain)
2020-09-22 22:01 UTC, Török Edwin 		no flags Details
View All

Description Török Edwin 2020-09-22 22:01:24 UTC 
Additional info:
reporter:       libreport-2.13.1
General protection fault in user access. Non-canonical address?
WARNING: CPU: 15 PID: 423041 at arch/x86/mm/extable.c:77 ex_handler_uaccess+0x4d/0x60
Modules linked in: xt_multiport xt_nat xt_addrtype xt_mark vhost_net vhost tap vhost_iotlb ip6t_REJECT xt_CHECKSUM xt_conntrack ipt_REJECT nf_nat_tftp nf_conntrack_tftp xt_MASQUERADE xt_comment veth bridge stp llc tun squashfs loop cfg80211 binfmt_misc overlay snd_seq_dummy snd_hrtimer uinput nft_objref nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security ip_set nf_tables nfnetlink ip6table_filter ip6_tables iptable_filter sunrpc vfat fat snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg edac_mce_amd snd_usb_audio snd_hda_codec uvcvideo videobuf2_vmalloc snd_usbmidi_lib snd_hda_core kvm_amd videobuf2_memops snd_rawmidi
 videobuf2_v4l2 snd_hwdep videobuf2_common snd_seq kvm snd_seq_device videodev snd_pcm eeepc_wmi ses asus_wmi enclosure sparse_keymap snd_timer mc rfkill scsi_transport_sas sp5100_tco irqbypass wmi_bmof video pcspkr snd joydev i2c_piix4 k10temp soundcore acpi_cpufreq zram ip_tables amdgpu amd_iommu_v2 gpu_sched i2c_algo_bit uas ttm usb_storage drm_kms_helper drm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ccp nvme r8169 nvme_core wmi pinctrl_amd fuse
CPU: 15 PID: 423041 Comm: bun Not tainted 5.7.11-200.fc32.x86_64 #1
Hardware name: System manufacturer System Product Name/TUF GAMING X570-PLUS, BIOS 2407 07/01/2020
RIP: 0010:ex_handler_uaccess+0x4d/0x60
Code: 83 c4 08 b8 01 00 00 00 5b c3 80 3d 00 c8 99 01 00 75 dc 48 c7 c7 80 f0 35 a3 48 89 34 24 c6 05 ec c7 99 01 01 e8 6a 85 06 00 <0f> 0b 48 8b 34 24 eb bd 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44
RSP: 0018:ffffa46f45dffbc0 EFLAGS: 00010282
RAX: 000000000000003f RBX: ffffffffa34d19e8 RCX: 0000000000000000
RDX: 0000000000000007 RSI: ffffffffa418a3df RDI: 0000000000000246
RBP: ffffa46f45dffc98 R08: 000715ee411995f5 R09: 000000000000003f
R10: 0000000000067481 R11: 0000000000000001 R12: 0000000000000000
R13: 000000000000000d R14: 0000000000000000 R15: 0000000000000000
FS:  00007f2bb4e3ec00(0000) GS:ffff92122edc0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000021 CR3: 00000008b7e02000 CR4: 0000000000340ee0
Call Trace:
 fixup_exception+0x45/0x58
 do_general_protection+0xda/0x2c0
 general_protection+0x32/0x40
RIP: 0010:__strncpy_from_unsafe+0x5f/0xb0
Code: 00 00 01 45 31 c9 48 89 f2 eb 0f 84 c9 74 2e 48 89 d0 48 29 f0 4c 39 c0 7d 4f 48 89 d1 48 83 c2 01 0f 01 cb 0f ae e8 44 89 c8 <8a> 09 0f 01 ca 48 98 48 83 c7 01 88 4f ff 48 85 c0 74 ce c6 47 ff
RSP: 0018:ffffa46f45dffd40 EFLAGS: 00050202
RAX: 0000000000000000 RBX: ffffa46f45dffe08 RCX: 63746f672d6c6661
RDX: 63746f672d6c6662 RSI: 63746f672d6c6661 RDI: ffffc46f371c9ce0
RBP: ffffc46f371c9ce0 R08: 0000000000000400 R09: 0000000000000000
R10: 00007ffffffff000 R11: 0000000000000f07 R12: 0000000000000400
R13: 63746f672d6c6661 R14: 0000000000acc9b0 R15: ffffa46f45dffdb0
 bpf_probe_read_compat_str+0x2e/0x60
 bpf_prog_7809408b9b4b841f_sys_enter_execv+0x1d9/0xdd8
 trace_call_bpf+0x7a/0xf0
 perf_call_bpf_enter.isra.0+0x39/0x40
 ? perf_trace_buf_alloc+0x1a/0x90
 perf_syscall_enter+0x16b/0x1d0
 syscall_trace_enter+0x27a/0x290
 ? do_user_addr_fault+0x219/0x490
 do_syscall_64+0xe4/0xf0
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f2bb4f0e3eb
Code: 48 3d 00 f0 ff ff 76 e7 f7 d8 64 41 89 00 eb df 0f 1f 80 00 00 00 00 f7 d8 64 41 89 00 eb dc f3 0f 1e fa b8 3b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7d 4a 0f 00 f7 d8 64 89 01 48
RSP: 002b:00007ffee46d7ee8 EFLAGS: 00000257 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 0000000000acc9f0 RCX: 00007f2bb4f0e3eb
RDX: 00007ffee46d8568 RSI: 0000000000acc9b0 RDI: 00007ffee46d7ef0
RBP: 00007ffee46d7ff0 R08: 0000000000000fff R09: 00007ffee46d9835
R10: 0000000000476669 R11: 0000000000000257 R12: 0000000000acc9b0
R13: 00007ffee46d8568 R14: 000000000000000b R15: 00007ffee46d9815
Comment 1 Török Edwin 2020-09-22 22:01:29 UTC 
Created attachment 1715801 [details]
File: dmesg
Comment 2 Török Edwin 2020-09-22 22:21:52 UTC 
The 'bun' command is from here (it runs afl-fuzz): https://github.com/yomimono/ocaml-bun
The BPF in question is likely /usr/share/bpftrace/tools/execsnoop.bt
I don't have a repro, but perhaps `bun` itself has quit by the time the BPF tried to read the execve argument? (bun launches multiple afl-fuzz instances, but kills all its threads as soon as 1 afl-fuzz thread finds a crash, which sometimes happens within seconds, depending what you fuzz)
Comment 3 Fedora Program Management 2021-04-29 16:38:32 UTC 
This message is a reminder that Fedora 32 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 32 on 2021-05-25.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '32'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 32 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 4 Ben Cotton 2021-05-25 16:46:26 UTC 
Fedora 32 changed to end-of-life (EOL) status on 2021-05-25. Fedora 32 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Note You need to log in before you can comment on or make changes to this bug.