lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Sun, 15 Oct 2017 22:26:40 +0200
From:   Stephan Müller <smueller@...onox.de>
To:     linux-kernel@...r.kernel.org
Subject: Crash during fork/clone

Hi,

in unregular intervals, I see the following crash. This crash happens if I 
start a test run that executes a large number of scripts sequentially. It 
happens with vanilla kernels from kernel.org and Fedora kernels. If my memory 
serves me well, I saw the first types of these crashes with 4.11.

This crash happens on native hardware as well as within a KVM guest.

Unfortunately, this crash cannot be easily triggered, it simply happens once 
in a while.

[ 8447.925544] BUG: unable to handle kernel NULL pointer dereference at 
000000000000003a
[ 8447.925590] IP: dup_fd+0x134/0x280
[ 8447.925605] PGD 0 
[ 8447.925606] P4D 0 

[ 8447.925634] Oops: 0002 [#1] SMP
[ 8447.925648] Modules linked in: ansi_cprng vfat fat vhost_net vhost tap fuse 
sha512_ssse3 sha512_generic ccm gcm salsa20_generic salsa20_x86_64 
camellia_generic camellia_aesni_avx2 camellia_aesni_avx_x86_64 ablk_helper 
camellia_x86_64 crypto_user des3_ede_x86_64 des_generic loop rfcomm 
xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun ip6t_rpfilter 
ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat 
ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 
nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat 
nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c 
iptable_mangle iptable_raw iptable_security ebtable_filter ebtables 
ip6table_filter ip6_tables cmac bnep sunrpc nls_utf8 hfsplus iTCO_wdt 
iTCO_vendor_support joydev
[ 8447.925929]  intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp 
kvm_intel brcmfmac applesmc input_polldev kvm irqbypass brcmutil intel_cstate 
cfg80211 intel_uncore intel_rapl_perf btusb btrtl btbcm btintel bluetooth 
i2c_i801 intel_pch_thermal thunderbolt lpc_ich nvmem_core mmc_core 
snd_hda_codec_cirrus snd_hda_codec_hdmi snd_hda_codec_generic ecdh_generic 
rfkill snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq bcm5974 
snd_seq_device snd_pcm mei_me mei snd_timer snd spi_pxa2xx_pci shpchp 
soundcore sbs acpi_als sbshc kfifo_buf industrialio spi_pxa2xx_platform 
apple_bl binfmt_misc dm_crypt uas usb_storage hid_apple i915 crct10dif_pclmul 
crc32_pclmul crc32c_intel i2c_algo_bit drm_kms_helper ghash_clmulni_intel drm 
video
[ 8447.926189] CPU: 1 PID: 3179 Comm: test.sh Not tainted 
4.13.4-200.fc26.x86_64 #1
[ 8447.926218] Hardware name: Apple Inc. MacBookPro12,1/Mac-E43C1C25D4880AD6, 
BIOS MBP121.88Z.0171.B00.1708080033 08/08/2017
[ 8447.926258] task: ffff96da5fa40000 task.stack: ffffa2c109bd4000
[ 8447.926283] RIP: 0010:dup_fd+0x134/0x280
[ 8447.926299] RSP: 0018:ffffa2c109bd7d78 EFLAGS: 00010202
[ 8447.926319] RAX: 00000000000000fd RBX: 0000000000000100 RCX: 
ffff96dbeb3c97e8
[ 8447.926346] RDX: 0000000000000002 RSI: ffff96dbeb3c97e8 RDI: 
0000000000000100
[ 8447.926374] RBP: ffffa2c109bd7db0 R08: 0000000000000000 R09: 
ffff96dad3243800
[ 8447.926401] R10: ffff96dbeb3c9000 R11: ffff96da8b796160 R12: 
ffff96dc27d102c0
[ 8447.926427] R13: ffffa2c109bd7e48 R14: ffff96dc531c6440 R15: 
ffff96dc432423c0
[ 8447.926455] FS:  00007f3239d45f80(0000) GS:ffff96dc6ec80000(0000) knlGS:
0000000000000000
[ 8447.926485] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8447.926507] CR2: 000000000000003a CR3: 00000001926ea000 CR4: 
00000000003426e0
[ 8447.926534] Call Trace:
[ 8447.926552]  copy_process.part.30+0x898/0x1b30
[ 8447.926573]  ? selinux_file_alloc_security+0x37/0x60
[ 8447.926594]  ? alloc_file+0x65/0xc0
[ 8447.926610]  _do_fork+0xcf/0x390
[ 8447.926626]  ? __set_current_blocked+0x42/0x60
[ 8447.926645]  SyS_clone+0x19/0x20
[ 8447.926660]  do_syscall_64+0x67/0x140
[ 8447.926678]  entry_SYSCALL64_slow_path+0x25/0x25
[ 8447.926697] RIP: 0033:0x7f323921d53c
[ 8447.926712] RSP: 002b:00007ffe3c3c7960 EFLAGS: 00000246 ORIG_RAX: 
0000000000000038
[ 8447.926741] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 
00007f323921d53c
[ 8447.926768] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 
0000000001200011
[ 8447.926804] RBP: 00007ffe3c3c79b0 R08: 00007f3239d45f80 R09: 
0000000000000000
[ 8447.926831] R10: 00007f3239d46250 R11: 0000000000000246 R12: 
0000000000000000
[ 8447.926858] R13: 00007ffe3c3c7a60 R14: 0000000000000000 R15: 
0000000000000000
[ 8447.926886] Code: 4c 89 ce 4c 89 f7 89 da 4c 89 4d d0 e8 46 fa ff ff 4c 8b 
4d d0 4d 8b 56 08 8d 7b ff 31 c0 48 83 c7 01 4d 8b 49 08 4c 89 d1 eb 18 <f0> 
48 ff 42 38 48 83 c0 01 48 8d 71 08 48 89 11 48 39 c7 74 31 
[ 8447.926980] RIP: dup_fd+0x134/0x280 RSP: ffffa2c109bd7d78
[ 8447.927000] CR2: 000000000000003a
[ 8447.947234] ---[ end trace 0f02a0511461efba ]---

Ciao
Stephan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ