Package: coreutils
Version: 9.1-1
Severity: important
X-Debbugs-Cc: a...@debian.org
Control: affects -1 aptitude-robot
On a Xen DomU running Debian 12, cksum intermittently crashes as
follows:
# while :; do dd if=/dev/urandom count=1 2> /dev/null | cksum ; done
1758277878 512
2101634611 512
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
2704754638 512
Illegal instruction
4028135672 512
2625667858 512
Illegal instruction
Illegal instruction
Illegal instruction
3923394050 512
3125973555 512
Illegal instruction
Illegal instruction
Illegal instruction
4259853375 512
Illegal instruction
Illegal instruction
81698826 512
Illegal instruction
3571110616 512
Illegal instruction
1587881588 512
Illegal instruction
Illegal instruction
Illegal instruction
2814380057 512
Illegal instruction
Illegal instruction
2944809052 512
Illegal instruction
2902358677 512
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
935279575 512
Illegal instruction
456315694 512
Illegal instruction
469377998 512
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
2550807941 512
Illegal instruction
3392916458 512
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
2092884162 512
Illegal instruction
3196356363 512
Illegal instruction
1701279083 512
Illegal instruction
1118990197 512
Illegal instruction
1455432166 512
Illegal instruction
Illegal instruction
3772213637 512
Illegal instruction
3359021443 512
Illegal instruction
1472208906 512
Illegal instruction
Illegal instruction
Illegal instruction
530110239 512
1124879907 512
Illegal instruction
2364080335 512
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
1306677535 512
Illegal instruction
2367703624 512
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
3730416712 512
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
265751591 512
3833668362 512
Illegal instruction
Illegal instruction
1086945333 512
Illegal instruction
Illegal instruction
3420907443 512
Illegal instruction
Illegal instruction
Illegal instruction
[…]
I was only able to reproduce this on a single host so far, hence no RC
severity. (But feel free to bump to RC. :-)
I tried and could NOT reproduce it on:
* Debian 11 amd64 on real hardware (Intel(R) Core(TM) i7-6700 CPU; AMD
EPYC 7313P 16-Core Processor; many more)
* Debian 12 amd64 on real hardware (Intel(R) Core(TM) i7-6700T CPU;
AMD EPYC 7742 64-Core Processor; AMD EPYC 7313P 16-Core Processor)
* Debian 10 amd64 on real hardware (AMD Opteron(tm) X3418 APU)
* Debian 12 amd64 as Xen DomU (Dom0 running on Debian 8; Intel(R)
Core(TM) i7 CPU 920)
* Debian 9 amd64 as Xen DomU (Dom0 running on Debian 8; Intel(R)
Core(TM) i7 CPU 920)
* Debian 12 amd64 as Xen DomU (Dom0 running on Debian 9; Intel(R)
Xeon(R) CPU E5-2650 v3)
* Debian 11 amd64 as Xen DomU (Dom0 running on Debian 11; AMD EPYC
7313P 16-Core Processor)
* Debian 11 amd64 (the AMD EPYC 7313P Xen Dom0 mentioned above and on
which the affected Debian 12 DomU runs)
* Debian 10 amd64 as VM on ProxMox ("AuthenticAMD" + "Common KVM
processor")
* Debian 11 amd64 as VM on ESX (Intel(R) Xeon(R) Platinum 8360HL CPU)
* Debian 12 armhf (Raspberry Pi 2B)
* Raspbian 11 armhf (Raspberry Pi 4B)
* Debian 12 arm64 (MNT Reform)
So to summarise
* Debian 12 in Xen DomU exihibits this behaviour.
* Debian 11 in Xen DomU on same Dom0 does not exihibit this behaviour.
* The Xen Dom0 (Debian 11 though) itself does not exihibit this
behaviour.
* A Debian 12 installation on bare metal with the same CPU ("AMD EPYC
7313P 16-Core Processor") as the Dom0 does not exhibit this
behaviour.
So what's specific about this Xen DomU where this happens?
* Debian 12 as another DomU with Debian 11 on the same Dom0 did not
exhibit this behaviour.
* It might need to be a Xen DomU. Debian 12 on an ESX VM did not
exhibit this behaviour. Nor does it happen on (Debian 11) Dom0 itself.
* Maybe a specific CPU of the host (in this case an "AMD EPYC 7313P
16-Core Processor") as it didn't happen on other Debian 12 Xen DomUs.
* Something else I may not have found yet.
Hence some more details about the system:
* cksum --debug says: "cksum: using pclmul hardware support"
* amd64-microcode on the Dom0 is at 3.20191218.1
* It's a DomU originally setup as Debian 11 about half a year ago and
dist-upgraded to Debian 12 like a week or two ago.
So I dist-upgraded another DomU on the same Dom0 from Debian 11 to
12. Before the dist-upgrade, it clearly didn't show these
crashes. Facts from that dist-upgrade:
* Just upgrading all packages didn't suffice to reproduce the issue.
* After a reboot, it also showed this issue. So it seems relevant
which kernel is running, too.
The strace of a call where it crashed looks like this:
# dd if=/dev/urandom count=1 2> /dev/null | strace cksum
execve("/usr/bin/cksum", ["cksum"], 0x7fff5dad0710 /* 19 vars */) = 0
brk(NULL) = 0x55becaf14000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7ffa805da000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=20902, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 20902, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7ffa805d4000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0Ps\2\0\0\0\0\0"..., 832)
= 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"...,
784, 64) = 784
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1922136, ...}, AT_EMPTY_PATH)
= 0
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"...,
784, 64) = 784
mmap(NULL, 1970000, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffa803f3000
mmap(0x7ffa80419000, 1396736, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7ffa80419000
mmap(0x7ffa8056e000, 339968, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x17b000) = 0x7ffa8056e000
mmap(0x7ffa805c1000, 24576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ce000) = 0x7ffa805c1000
mmap(0x7ffa805c7000, 53072, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7ffa805c7000
close(3) = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7ffa803f0000
arch_prctl(ARCH_SET_FS, 0x7ffa803f0740) = 0
set_tid_address(0x7ffa803f0a10) = 6206
set_robust_list(0x7ffa803f0a20, 24) = 0
rseq(0x7ffa803f1060, 0x20, 0, 0x53053053) = 0
mprotect(0x7ffa805c1000, 16384, PROT_READ) = 0
mprotect(0x55bec9cd0000, 4096, PROT_READ) = 0
mprotect(0x7ffa8060c000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024,
rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7ffa805d4000, 20902) = 0
getrandom("\xa7\xba\x9b\x69\x8f\x90\xf2\xa0", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55becaf14000
brk(0x55becaf35000) = 0x55becaf35000
fadvise64(0, 0, 0, POSIX_FADV_SEQUENTIAL) = -1 ESPIPE (Illegal seek)
newfstatat(0, "", {st_mode=S_IFIFO|0600, st_size=0, ...}, AT_EMPTY_PATH) = 0
read(0,
"\372\301X\226Y\344tZV\217\322\266\251\211\nf\306\242\2663\352\232\277\10\202z\250\332\303L\244\324"...,
65536) = 512
read(0, "", 61440) = 0
--- SIGILL {si_signo=SIGILL, si_code=ILL_ILLOPN, si_addr=0x55bec9cc6cf5} ---
+++ killed by SIGILL +++
Illegal instruction
-- System Information:
Debian Release: 12.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages coreutils depends on:
ii libacl1 2.3.1-3
ii libattr1 1:2.5.1-4
ii libc6 2.36-9
ii libgmp10 2:6.2.1+dfsg1-1.1
ii libselinux1 3.4-1+b6
coreutils recommends no packages.
coreutils suggests no packages.
-- no debconf information
