Package: coreutils Version: 9.1-1 Severity: important X-Debbugs-Cc: a...@debian.org Control: affects -1 aptitude-robot
On a Xen DomU running Debian 12, cksum intermittently crashes as follows: # while :; do dd if=/dev/urandom count=1 2> /dev/null | cksum ; done 1758277878 512 2101634611 512 Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction 2704754638 512 Illegal instruction 4028135672 512 2625667858 512 Illegal instruction Illegal instruction Illegal instruction 3923394050 512 3125973555 512 Illegal instruction Illegal instruction Illegal instruction 4259853375 512 Illegal instruction Illegal instruction 81698826 512 Illegal instruction 3571110616 512 Illegal instruction 1587881588 512 Illegal instruction Illegal instruction Illegal instruction 2814380057 512 Illegal instruction Illegal instruction 2944809052 512 Illegal instruction 2902358677 512 Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction 935279575 512 Illegal instruction 456315694 512 Illegal instruction 469377998 512 Illegal instruction Illegal instruction Illegal instruction Illegal instruction 2550807941 512 Illegal instruction 3392916458 512 Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction 2092884162 512 Illegal instruction 3196356363 512 Illegal instruction 1701279083 512 Illegal instruction 1118990197 512 Illegal instruction 1455432166 512 Illegal instruction Illegal instruction 3772213637 512 Illegal instruction 3359021443 512 Illegal instruction 1472208906 512 Illegal instruction Illegal instruction Illegal instruction 530110239 512 1124879907 512 Illegal instruction 2364080335 512 Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction 1306677535 512 Illegal instruction 2367703624 512 Illegal instruction Illegal instruction Illegal instruction Illegal instruction 3730416712 512 Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction 265751591 512 3833668362 512 Illegal instruction Illegal instruction 1086945333 512 Illegal instruction Illegal instruction 3420907443 512 Illegal instruction Illegal instruction Illegal instruction […] I was only able to reproduce this on a single host so far, hence no RC severity. (But feel free to bump to RC. :-) I tried and could NOT reproduce it on: * Debian 11 amd64 on real hardware (Intel(R) Core(TM) i7-6700 CPU; AMD EPYC 7313P 16-Core Processor; many more) * Debian 12 amd64 on real hardware (Intel(R) Core(TM) i7-6700T CPU; AMD EPYC 7742 64-Core Processor; AMD EPYC 7313P 16-Core Processor) * Debian 10 amd64 on real hardware (AMD Opteron(tm) X3418 APU) * Debian 12 amd64 as Xen DomU (Dom0 running on Debian 8; Intel(R) Core(TM) i7 CPU 920) * Debian 9 amd64 as Xen DomU (Dom0 running on Debian 8; Intel(R) Core(TM) i7 CPU 920) * Debian 12 amd64 as Xen DomU (Dom0 running on Debian 9; Intel(R) Xeon(R) CPU E5-2650 v3) * Debian 11 amd64 as Xen DomU (Dom0 running on Debian 11; AMD EPYC 7313P 16-Core Processor) * Debian 11 amd64 (the AMD EPYC 7313P Xen Dom0 mentioned above and on which the affected Debian 12 DomU runs) * Debian 10 amd64 as VM on ProxMox ("AuthenticAMD" + "Common KVM processor") * Debian 11 amd64 as VM on ESX (Intel(R) Xeon(R) Platinum 8360HL CPU) * Debian 12 armhf (Raspberry Pi 2B) * Raspbian 11 armhf (Raspberry Pi 4B) * Debian 12 arm64 (MNT Reform) So to summarise * Debian 12 in Xen DomU exihibits this behaviour. * Debian 11 in Xen DomU on same Dom0 does not exihibit this behaviour. * The Xen Dom0 (Debian 11 though) itself does not exihibit this behaviour. * A Debian 12 installation on bare metal with the same CPU ("AMD EPYC 7313P 16-Core Processor") as the Dom0 does not exhibit this behaviour. So what's specific about this Xen DomU where this happens? * Debian 12 as another DomU with Debian 11 on the same Dom0 did not exhibit this behaviour. * It might need to be a Xen DomU. Debian 12 on an ESX VM did not exhibit this behaviour. Nor does it happen on (Debian 11) Dom0 itself. * Maybe a specific CPU of the host (in this case an "AMD EPYC 7313P 16-Core Processor") as it didn't happen on other Debian 12 Xen DomUs. * Something else I may not have found yet. Hence some more details about the system: * cksum --debug says: "cksum: using pclmul hardware support" * amd64-microcode on the Dom0 is at 3.20191218.1 * It's a DomU originally setup as Debian 11 about half a year ago and dist-upgraded to Debian 12 like a week or two ago. So I dist-upgraded another DomU on the same Dom0 from Debian 11 to 12. Before the dist-upgrade, it clearly didn't show these crashes. Facts from that dist-upgrade: * Just upgrading all packages didn't suffice to reproduce the issue. * After a reboot, it also showed this issue. So it seems relevant which kernel is running, too. The strace of a call where it crashed looks like this: # dd if=/dev/urandom count=1 2> /dev/null | strace cksum execve("/usr/bin/cksum", ["cksum"], 0x7fff5dad0710 /* 19 vars */) = 0 brk(NULL) = 0x55becaf14000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffa805da000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=20902, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 20902, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7ffa805d4000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0Ps\2\0\0\0\0\0"..., 832) = 832 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1922136, ...}, AT_EMPTY_PATH) = 0 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 mmap(NULL, 1970000, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffa803f3000 mmap(0x7ffa80419000, 1396736, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7ffa80419000 mmap(0x7ffa8056e000, 339968, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17b000) = 0x7ffa8056e000 mmap(0x7ffa805c1000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ce000) = 0x7ffa805c1000 mmap(0x7ffa805c7000, 53072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7ffa805c7000 close(3) = 0 mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffa803f0000 arch_prctl(ARCH_SET_FS, 0x7ffa803f0740) = 0 set_tid_address(0x7ffa803f0a10) = 6206 set_robust_list(0x7ffa803f0a20, 24) = 0 rseq(0x7ffa803f1060, 0x20, 0, 0x53053053) = 0 mprotect(0x7ffa805c1000, 16384, PROT_READ) = 0 mprotect(0x55bec9cd0000, 4096, PROT_READ) = 0 mprotect(0x7ffa8060c000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0x7ffa805d4000, 20902) = 0 getrandom("\xa7\xba\x9b\x69\x8f\x90\xf2\xa0", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55becaf14000 brk(0x55becaf35000) = 0x55becaf35000 fadvise64(0, 0, 0, POSIX_FADV_SEQUENTIAL) = -1 ESPIPE (Illegal seek) newfstatat(0, "", {st_mode=S_IFIFO|0600, st_size=0, ...}, AT_EMPTY_PATH) = 0 read(0, "\372\301X\226Y\344tZV\217\322\266\251\211\nf\306\242\2663\352\232\277\10\202z\250\332\303L\244\324"..., 65536) = 512 read(0, "", 61440) = 0 --- SIGILL {si_signo=SIGILL, si_code=ILL_ILLOPN, si_addr=0x55bec9cc6cf5} --- +++ killed by SIGILL +++ Illegal instruction -- System Information: Debian Release: 12.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) Versions of packages coreutils depends on: ii libacl1 2.3.1-3 ii libattr1 1:2.5.1-4 ii libc6 2.36-9 ii libgmp10 2:6.2.1+dfsg1-1.1 ii libselinux1 3.4-1+b6 coreutils recommends no packages. coreutils suggests no packages. -- no debconf information