[Kernel-packages] [Bug 1863086] Re: unkillable process (kernel NULL pointer dereference)
The fix has been released in the form of 5.4.0-40-generic on focal, and 5.3.0-62-generic on Eoan. ** Changed in: linux (Ubuntu Eoan) Status: Fix Committed => Fix Released ** Changed in: linux (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863086 Title: unkillable process (kernel NULL pointer dereference) Status in linux package in Ubuntu: Fix Released Status in linux source package in Eoan: Fix Released Status in linux source package in Focal: Fix Released Bug description: If process that listens socket on any port crashes (segmentation fault) it becomes unkillable. Kill command does not kill this process. Port that listen crashed process never be freed. journalctl shows error: Feb 13 13:28:09 vbun04 kernel: socktest[1359]: segfault at 21 ip 55ec3a6bf11e sp 7ffd88899fb0 error 6 in socktest[55ec3a6bf000+1000] Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: BUG: kernel NULL pointer dereference, address: 0020 Feb 13 13:28:09 vbun04 kernel: #PF: supervisor read access in kernel mode Feb 13 13:28:09 vbun04 kernel: #PF: error_code(0x) - not-present page Feb 13 13:28:09 vbun04 kernel: PGD 0 P4D 0 Feb 13 13:28:09 vbun04 kernel: Oops: [#1] SMP NOPTI Feb 13 13:28:09 vbun04 kernel: CPU: 1 PID: 1359 Comm: socktest Tainted: G OE 5.3.0-29-generic #31-Ubuntu Feb 13 13:28:09 vbun04 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13 13:28:09 vbun04 kernel: RSP: :b464c2c5fca8 EFLAGS: 00010246 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: 9d4b76995100 RCX: 1afc Feb 13 13:28:09 vbun04 kernel: RDX: RSI: b464c2c5fc68 RDI: Feb 13 13:28:09 vbun04 kernel: RBP: b464c2c5fdd8 R08: 0400 R09: b464c2c5fbe0 Feb 13 13:28:09 vbun04 kernel: R10: 9d4b75d01170 R11: R12: 9d4b7b3df540 Feb 13 13:28:09 vbun04 kernel: R13: 0001 R14: R15: b9f15920 Feb 13 13:28:09 vbun04 kernel: FS: 7f6c91911540() GS:9d4b7db0() knlGS: Feb 13 13:28:09 vbun04 kernel: CS: 0010 DS: ES: CR0: 80050033 Feb 13 13:28:09 vbun04 kernel: CR2: 0020 CR3: 723ac003 CR4: 000606e0 Feb 13 13:28:09 vbun04 kernel: Call Trace: Feb 13 13:28:09 vbun04 kernel: ? wake_up_state+0x10/0x20 Feb 13 13:28:09 vbun04 kernel: ? __send_signal+0x1eb/0x3f0 Feb 13 13:28:09 vbun04 kernel: get_signal+0x159/0x880 Feb 13 13:28:09 vbun04 kernel: do_signal+0x34/0x280 Feb 13 13:28:09 vbun04 kernel: ? bad_area+0x47/0x50 Feb 13 13:28:09 vbun04 kernel: exit_to_usermode_loop+0xbf/0x160 Feb 13 13:28:09 vbun04 kernel: prepare_exit_to_usermode+0x77/0xa0 Feb 13 13:28:09 vbun04 kernel: retint_user+0x8/0x8 Feb 13 13:28:09 vbun04 kernel: RIP: 0033:0x55ec3a6bf11e Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: RSP: 002b:7ffd88899fb0 EFLAGS: 00010217 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: RCX: 7f6c918424eb Feb 13 13:28:09 vbun04 kernel: RDX: 0010 RSI: 000a RDI: 0003 Feb 13 13:28:09 vbun04 kernel: RBP: 0003 R08: R09: 7f6c919331f0 Feb 13 13:28:09 vbun04 kernel: R10: R11: 0217 R12: 55ec3a6bf150 Feb 13 13:28:09 vbun04 kernel: R13: 7ffd8889a0b0 R14: R15: Feb 13 13:28:09 vbun04 kernel: Modules linked in: vboxsf(OE) nls_utf8 isofs vboxvideo(OE) intel_rapl_msr intel_rapl_common crct10dif_pclmul vmwgfx crc32_pclmul ghash_clmulni_intel aesni_intel ttm drm_kms_helper a Feb 13 13:28:09 vbun04 kernel: CR2: 0020 Feb 13 13:28:09 vbun04 kernel: ---[ end trace 278d665c8727286a ]--- Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13
[Kernel-packages] [Bug 1863086] Re: unkillable process (kernel NULL pointer dereference)
The commit has landed in 5.3.0-56-generic on eoan and 5.4.0-38-generic on focal, currently in -proposed. Verification for each kernel: I set the sysctl kernel.core_pattern to "|" with: $ sudo sysctl kernel.core_pattern="|" I then compiled the following reproducer: int main() { *(int*)33 = 33; return 0; } When running the program, we get a segfault, and the coredump handler kicks in, and we see the following in dmesg: [ 34.025572] format_corename failed [ 34.025572] Aborting core This is a change in the original behaviour, but technically more correct than it used to be, since it simply bails out earlier in the coredump process than before when we confirm we have an invalid core_pattern name string. The systems no longer get a null pointer dereference in the kernel, and no longer panic. The system keeps working as usual now. I have confirmed the above on both 5.3.0-56-generic on eoan and 5.4.0-38-generic on focal, so I am happy to mark this as verified. ** Changed in: linux (Ubuntu Eoan) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Focal) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863086 Title: unkillable process (kernel NULL pointer dereference) Status in linux package in Ubuntu: Fix Released Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Committed Bug description: If process that listens socket on any port crashes (segmentation fault) it becomes unkillable. Kill command does not kill this process. Port that listen crashed process never be freed. journalctl shows error: Feb 13 13:28:09 vbun04 kernel: socktest[1359]: segfault at 21 ip 55ec3a6bf11e sp 7ffd88899fb0 error 6 in socktest[55ec3a6bf000+1000] Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: BUG: kernel NULL pointer dereference, address: 0020 Feb 13 13:28:09 vbun04 kernel: #PF: supervisor read access in kernel mode Feb 13 13:28:09 vbun04 kernel: #PF: error_code(0x) - not-present page Feb 13 13:28:09 vbun04 kernel: PGD 0 P4D 0 Feb 13 13:28:09 vbun04 kernel: Oops: [#1] SMP NOPTI Feb 13 13:28:09 vbun04 kernel: CPU: 1 PID: 1359 Comm: socktest Tainted: G OE 5.3.0-29-generic #31-Ubuntu Feb 13 13:28:09 vbun04 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13 13:28:09 vbun04 kernel: RSP: :b464c2c5fca8 EFLAGS: 00010246 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: 9d4b76995100 RCX: 1afc Feb 13 13:28:09 vbun04 kernel: RDX: RSI: b464c2c5fc68 RDI: Feb 13 13:28:09 vbun04 kernel: RBP: b464c2c5fdd8 R08: 0400 R09: b464c2c5fbe0 Feb 13 13:28:09 vbun04 kernel: R10: 9d4b75d01170 R11: R12: 9d4b7b3df540 Feb 13 13:28:09 vbun04 kernel: R13: 0001 R14: R15: b9f15920 Feb 13 13:28:09 vbun04 kernel: FS: 7f6c91911540() GS:9d4b7db0() knlGS: Feb 13 13:28:09 vbun04 kernel: CS: 0010 DS: ES: CR0: 80050033 Feb 13 13:28:09 vbun04 kernel: CR2: 0020 CR3: 723ac003 CR4: 000606e0 Feb 13 13:28:09 vbun04 kernel: Call Trace: Feb 13 13:28:09 vbun04 kernel: ? wake_up_state+0x10/0x20 Feb 13 13:28:09 vbun04 kernel: ? __send_signal+0x1eb/0x3f0 Feb 13 13:28:09 vbun04 kernel: get_signal+0x159/0x880 Feb 13 13:28:09 vbun04 kernel: do_signal+0x34/0x280 Feb 13 13:28:09 vbun04 kernel: ? bad_area+0x47/0x50 Feb 13 13:28:09 vbun04 kernel: exit_to_usermode_loop+0xbf/0x160 Feb 13 13:28:09 vbun04 kernel: prepare_exit_to_usermode+0x77/0xa0 Feb 13 13:28:09 vbun04 kernel: retint_user+0x8/0x8 Feb 13 13:28:09 vbun04 kernel: RIP: 0033:0x55ec3a6bf11e Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: RSP: 002b:7ffd88899fb0 EFLAGS: 00010217 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: RCX: 7f6c918424eb Feb 13 13:28:09 vbun04 kernel: RDX: 0010 RSI:
[Kernel-packages] [Bug 1863086] Re: unkillable process (kernel NULL pointer dereference)
Sudip's commit landed in mainline last week, in time for 5.7-rc3: commit db973a7289dad24e6c017dcedc6aee886579dc3a Author: Sudip Mukherjee Date: Mon Apr 20 18:14:20 2020 -0700 Subject: coredump: fix null pointer dereference on coredump As of this morning, it has been queued up in Greg-KH's upstream stable tree, for release in 5.4.36 and 5.6.8. The kernel team will likely pull the patch in the next time they pull in upstream -stable patches for Eoan and Focal. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863086 Title: unkillable process (kernel NULL pointer dereference) Status in linux package in Ubuntu: In Progress Status in linux source package in Eoan: In Progress Status in linux source package in Focal: In Progress Bug description: If process that listens socket on any port crashes (segmentation fault) it becomes unkillable. Kill command does not kill this process. Port that listen crashed process never be freed. journalctl shows error: Feb 13 13:28:09 vbun04 kernel: socktest[1359]: segfault at 21 ip 55ec3a6bf11e sp 7ffd88899fb0 error 6 in socktest[55ec3a6bf000+1000] Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: BUG: kernel NULL pointer dereference, address: 0020 Feb 13 13:28:09 vbun04 kernel: #PF: supervisor read access in kernel mode Feb 13 13:28:09 vbun04 kernel: #PF: error_code(0x) - not-present page Feb 13 13:28:09 vbun04 kernel: PGD 0 P4D 0 Feb 13 13:28:09 vbun04 kernel: Oops: [#1] SMP NOPTI Feb 13 13:28:09 vbun04 kernel: CPU: 1 PID: 1359 Comm: socktest Tainted: G OE 5.3.0-29-generic #31-Ubuntu Feb 13 13:28:09 vbun04 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13 13:28:09 vbun04 kernel: RSP: :b464c2c5fca8 EFLAGS: 00010246 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: 9d4b76995100 RCX: 1afc Feb 13 13:28:09 vbun04 kernel: RDX: RSI: b464c2c5fc68 RDI: Feb 13 13:28:09 vbun04 kernel: RBP: b464c2c5fdd8 R08: 0400 R09: b464c2c5fbe0 Feb 13 13:28:09 vbun04 kernel: R10: 9d4b75d01170 R11: R12: 9d4b7b3df540 Feb 13 13:28:09 vbun04 kernel: R13: 0001 R14: R15: b9f15920 Feb 13 13:28:09 vbun04 kernel: FS: 7f6c91911540() GS:9d4b7db0() knlGS: Feb 13 13:28:09 vbun04 kernel: CS: 0010 DS: ES: CR0: 80050033 Feb 13 13:28:09 vbun04 kernel: CR2: 0020 CR3: 723ac003 CR4: 000606e0 Feb 13 13:28:09 vbun04 kernel: Call Trace: Feb 13 13:28:09 vbun04 kernel: ? wake_up_state+0x10/0x20 Feb 13 13:28:09 vbun04 kernel: ? __send_signal+0x1eb/0x3f0 Feb 13 13:28:09 vbun04 kernel: get_signal+0x159/0x880 Feb 13 13:28:09 vbun04 kernel: do_signal+0x34/0x280 Feb 13 13:28:09 vbun04 kernel: ? bad_area+0x47/0x50 Feb 13 13:28:09 vbun04 kernel: exit_to_usermode_loop+0xbf/0x160 Feb 13 13:28:09 vbun04 kernel: prepare_exit_to_usermode+0x77/0xa0 Feb 13 13:28:09 vbun04 kernel: retint_user+0x8/0x8 Feb 13 13:28:09 vbun04 kernel: RIP: 0033:0x55ec3a6bf11e Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: RSP: 002b:7ffd88899fb0 EFLAGS: 00010217 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: RCX: 7f6c918424eb Feb 13 13:28:09 vbun04 kernel: RDX: 0010 RSI: 000a RDI: 0003 Feb 13 13:28:09 vbun04 kernel: RBP: 0003 R08: R09: 7f6c919331f0 Feb 13 13:28:09 vbun04 kernel: R10: R11: 0217 R12: 55ec3a6bf150 Feb 13 13:28:09 vbun04 kernel: R13: 7ffd8889a0b0 R14: R15: Feb 13 13:28:09 vbun04 kernel: Modules linked in: vboxsf(OE) nls_utf8 isofs vboxvideo(OE) intel_rapl_msr intel_rapl_common crct10dif_pclmul vmwgfx crc32_pclmul ghash_clmulni_intel aesni_intel ttm drm_kms_helper a Feb 13 13:28:09 vbun04 kernel: CR2: 0020 Feb 13 13:28:09 vbun04 kernel: ---[ end trace 278d665c8727286a ]--- Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09
[Kernel-packages] [Bug 1863086] Re: unkillable process (kernel NULL pointer dereference)
Sudip Mukherjee made a more elegant fix than I did, and he posted it to the fsdevel mailing list: https://lore.kernel.org/linux- fsdevel/20200416194612.21418-1-sudipm.mukher...@gmail.com/ I got an email saying that this has now been pulled into the -mm tree. I will update when this patch reaches mainline. After that, I will backport it to the Ubuntu kernels. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863086 Title: unkillable process (kernel NULL pointer dereference) Status in linux package in Ubuntu: In Progress Status in linux source package in Eoan: In Progress Status in linux source package in Focal: In Progress Bug description: If process that listens socket on any port crashes (segmentation fault) it becomes unkillable. Kill command does not kill this process. Port that listen crashed process never be freed. journalctl shows error: Feb 13 13:28:09 vbun04 kernel: socktest[1359]: segfault at 21 ip 55ec3a6bf11e sp 7ffd88899fb0 error 6 in socktest[55ec3a6bf000+1000] Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: BUG: kernel NULL pointer dereference, address: 0020 Feb 13 13:28:09 vbun04 kernel: #PF: supervisor read access in kernel mode Feb 13 13:28:09 vbun04 kernel: #PF: error_code(0x) - not-present page Feb 13 13:28:09 vbun04 kernel: PGD 0 P4D 0 Feb 13 13:28:09 vbun04 kernel: Oops: [#1] SMP NOPTI Feb 13 13:28:09 vbun04 kernel: CPU: 1 PID: 1359 Comm: socktest Tainted: G OE 5.3.0-29-generic #31-Ubuntu Feb 13 13:28:09 vbun04 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13 13:28:09 vbun04 kernel: RSP: :b464c2c5fca8 EFLAGS: 00010246 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: 9d4b76995100 RCX: 1afc Feb 13 13:28:09 vbun04 kernel: RDX: RSI: b464c2c5fc68 RDI: Feb 13 13:28:09 vbun04 kernel: RBP: b464c2c5fdd8 R08: 0400 R09: b464c2c5fbe0 Feb 13 13:28:09 vbun04 kernel: R10: 9d4b75d01170 R11: R12: 9d4b7b3df540 Feb 13 13:28:09 vbun04 kernel: R13: 0001 R14: R15: b9f15920 Feb 13 13:28:09 vbun04 kernel: FS: 7f6c91911540() GS:9d4b7db0() knlGS: Feb 13 13:28:09 vbun04 kernel: CS: 0010 DS: ES: CR0: 80050033 Feb 13 13:28:09 vbun04 kernel: CR2: 0020 CR3: 723ac003 CR4: 000606e0 Feb 13 13:28:09 vbun04 kernel: Call Trace: Feb 13 13:28:09 vbun04 kernel: ? wake_up_state+0x10/0x20 Feb 13 13:28:09 vbun04 kernel: ? __send_signal+0x1eb/0x3f0 Feb 13 13:28:09 vbun04 kernel: get_signal+0x159/0x880 Feb 13 13:28:09 vbun04 kernel: do_signal+0x34/0x280 Feb 13 13:28:09 vbun04 kernel: ? bad_area+0x47/0x50 Feb 13 13:28:09 vbun04 kernel: exit_to_usermode_loop+0xbf/0x160 Feb 13 13:28:09 vbun04 kernel: prepare_exit_to_usermode+0x77/0xa0 Feb 13 13:28:09 vbun04 kernel: retint_user+0x8/0x8 Feb 13 13:28:09 vbun04 kernel: RIP: 0033:0x55ec3a6bf11e Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: RSP: 002b:7ffd88899fb0 EFLAGS: 00010217 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: RCX: 7f6c918424eb Feb 13 13:28:09 vbun04 kernel: RDX: 0010 RSI: 000a RDI: 0003 Feb 13 13:28:09 vbun04 kernel: RBP: 0003 R08: R09: 7f6c919331f0 Feb 13 13:28:09 vbun04 kernel: R10: R11: 0217 R12: 55ec3a6bf150 Feb 13 13:28:09 vbun04 kernel: R13: 7ffd8889a0b0 R14: R15: Feb 13 13:28:09 vbun04 kernel: Modules linked in: vboxsf(OE) nls_utf8 isofs vboxvideo(OE) intel_rapl_msr intel_rapl_common crct10dif_pclmul vmwgfx crc32_pclmul ghash_clmulni_intel aesni_intel ttm drm_kms_helper a Feb 13 13:28:09 vbun04 kernel: CR2: 0020 Feb 13 13:28:09 vbun04 kernel: ---[ end trace 278d665c8727286a ]--- Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b
[Kernel-packages] [Bug 1863086] Re: unkillable process (kernel NULL pointer dereference)
I managed to figure out what was going on, and made a patch to fix the problem. I sent it upstream for feedback: Cover Letter: https://lore.kernel.org/linux-fsdevel/20200220051015.14971-1-matthew.ruff...@canonical.com/ Patch: https://lore.kernel.org/linux-fsdevel/20200220051015.14971-2-matthew.ruff...@canonical.com/ I will update when upstream responds. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863086 Title: unkillable process (kernel NULL pointer dereference) Status in linux package in Ubuntu: In Progress Status in linux source package in Eoan: In Progress Status in linux source package in Focal: In Progress Bug description: If process that listens socket on any port crashes (segmentation fault) it becomes unkillable. Kill command does not kill this process. Port that listen crashed process never be freed. journalctl shows error: Feb 13 13:28:09 vbun04 kernel: socktest[1359]: segfault at 21 ip 55ec3a6bf11e sp 7ffd88899fb0 error 6 in socktest[55ec3a6bf000+1000] Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: BUG: kernel NULL pointer dereference, address: 0020 Feb 13 13:28:09 vbun04 kernel: #PF: supervisor read access in kernel mode Feb 13 13:28:09 vbun04 kernel: #PF: error_code(0x) - not-present page Feb 13 13:28:09 vbun04 kernel: PGD 0 P4D 0 Feb 13 13:28:09 vbun04 kernel: Oops: [#1] SMP NOPTI Feb 13 13:28:09 vbun04 kernel: CPU: 1 PID: 1359 Comm: socktest Tainted: G OE 5.3.0-29-generic #31-Ubuntu Feb 13 13:28:09 vbun04 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13 13:28:09 vbun04 kernel: RSP: :b464c2c5fca8 EFLAGS: 00010246 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: 9d4b76995100 RCX: 1afc Feb 13 13:28:09 vbun04 kernel: RDX: RSI: b464c2c5fc68 RDI: Feb 13 13:28:09 vbun04 kernel: RBP: b464c2c5fdd8 R08: 0400 R09: b464c2c5fbe0 Feb 13 13:28:09 vbun04 kernel: R10: 9d4b75d01170 R11: R12: 9d4b7b3df540 Feb 13 13:28:09 vbun04 kernel: R13: 0001 R14: R15: b9f15920 Feb 13 13:28:09 vbun04 kernel: FS: 7f6c91911540() GS:9d4b7db0() knlGS: Feb 13 13:28:09 vbun04 kernel: CS: 0010 DS: ES: CR0: 80050033 Feb 13 13:28:09 vbun04 kernel: CR2: 0020 CR3: 723ac003 CR4: 000606e0 Feb 13 13:28:09 vbun04 kernel: Call Trace: Feb 13 13:28:09 vbun04 kernel: ? wake_up_state+0x10/0x20 Feb 13 13:28:09 vbun04 kernel: ? __send_signal+0x1eb/0x3f0 Feb 13 13:28:09 vbun04 kernel: get_signal+0x159/0x880 Feb 13 13:28:09 vbun04 kernel: do_signal+0x34/0x280 Feb 13 13:28:09 vbun04 kernel: ? bad_area+0x47/0x50 Feb 13 13:28:09 vbun04 kernel: exit_to_usermode_loop+0xbf/0x160 Feb 13 13:28:09 vbun04 kernel: prepare_exit_to_usermode+0x77/0xa0 Feb 13 13:28:09 vbun04 kernel: retint_user+0x8/0x8 Feb 13 13:28:09 vbun04 kernel: RIP: 0033:0x55ec3a6bf11e Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: RSP: 002b:7ffd88899fb0 EFLAGS: 00010217 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: RCX: 7f6c918424eb Feb 13 13:28:09 vbun04 kernel: RDX: 0010 RSI: 000a RDI: 0003 Feb 13 13:28:09 vbun04 kernel: RBP: 0003 R08: R09: 7f6c919331f0 Feb 13 13:28:09 vbun04 kernel: R10: R11: 0217 R12: 55ec3a6bf150 Feb 13 13:28:09 vbun04 kernel: R13: 7ffd8889a0b0 R14: R15: Feb 13 13:28:09 vbun04 kernel: Modules linked in: vboxsf(OE) nls_utf8 isofs vboxvideo(OE) intel_rapl_msr intel_rapl_common crct10dif_pclmul vmwgfx crc32_pclmul ghash_clmulni_intel aesni_intel ttm drm_kms_helper a Feb 13 13:28:09 vbun04 kernel: CR2: 0020 Feb 13 13:28:09 vbun04 kernel: ---[ end trace 278d665c8727286a ]--- Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48
[Kernel-packages] [Bug 1863086] Re: unkillable process (kernel NULL pointer dereference)
The regression was introduced by the following commit: commit 315c69261dd3fa12dbc830d4fa00d1fad98d3b03 Author: Paul Wise Date: Fri Aug 2 21:49:05 2019 -0700 Subject: coredump: split pipe command whitespace before expanding template You can read it here: https://github.com/torvalds/linux/commit/315c69261dd3fa12dbc830d4fa00d1fad98d3b03 This landed in 5.3-rc3, and is still in latest mainline. Reading through the commit message, the linux-fsdevel message and the debian bug found in the commit message, it just seems that the new changes omit the NULL case, and construct the helper_argv[] array slightly differently than it did before. I confirmed this commit is the root cause by reverting this commit on a v5.3 build and seeing the old correct behaviour return. I'll try write a patch to fix this, or I will contact the upstream maintainer for a fix in the coming days. ** Changed in: linux (Ubuntu Eoan) Status: Confirmed => In Progress ** Changed in: linux (Ubuntu Focal) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863086 Title: unkillable process (kernel NULL pointer dereference) Status in linux package in Ubuntu: In Progress Status in linux source package in Eoan: In Progress Status in linux source package in Focal: In Progress Bug description: If process that listens socket on any port crashes (segmentation fault) it becomes unkillable. Kill command does not kill this process. Port that listen crashed process never be freed. journalctl shows error: Feb 13 13:28:09 vbun04 kernel: socktest[1359]: segfault at 21 ip 55ec3a6bf11e sp 7ffd88899fb0 error 6 in socktest[55ec3a6bf000+1000] Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: BUG: kernel NULL pointer dereference, address: 0020 Feb 13 13:28:09 vbun04 kernel: #PF: supervisor read access in kernel mode Feb 13 13:28:09 vbun04 kernel: #PF: error_code(0x) - not-present page Feb 13 13:28:09 vbun04 kernel: PGD 0 P4D 0 Feb 13 13:28:09 vbun04 kernel: Oops: [#1] SMP NOPTI Feb 13 13:28:09 vbun04 kernel: CPU: 1 PID: 1359 Comm: socktest Tainted: G OE 5.3.0-29-generic #31-Ubuntu Feb 13 13:28:09 vbun04 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13 13:28:09 vbun04 kernel: RSP: :b464c2c5fca8 EFLAGS: 00010246 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: 9d4b76995100 RCX: 1afc Feb 13 13:28:09 vbun04 kernel: RDX: RSI: b464c2c5fc68 RDI: Feb 13 13:28:09 vbun04 kernel: RBP: b464c2c5fdd8 R08: 0400 R09: b464c2c5fbe0 Feb 13 13:28:09 vbun04 kernel: R10: 9d4b75d01170 R11: R12: 9d4b7b3df540 Feb 13 13:28:09 vbun04 kernel: R13: 0001 R14: R15: b9f15920 Feb 13 13:28:09 vbun04 kernel: FS: 7f6c91911540() GS:9d4b7db0() knlGS: Feb 13 13:28:09 vbun04 kernel: CS: 0010 DS: ES: CR0: 80050033 Feb 13 13:28:09 vbun04 kernel: CR2: 0020 CR3: 723ac003 CR4: 000606e0 Feb 13 13:28:09 vbun04 kernel: Call Trace: Feb 13 13:28:09 vbun04 kernel: ? wake_up_state+0x10/0x20 Feb 13 13:28:09 vbun04 kernel: ? __send_signal+0x1eb/0x3f0 Feb 13 13:28:09 vbun04 kernel: get_signal+0x159/0x880 Feb 13 13:28:09 vbun04 kernel: do_signal+0x34/0x280 Feb 13 13:28:09 vbun04 kernel: ? bad_area+0x47/0x50 Feb 13 13:28:09 vbun04 kernel: exit_to_usermode_loop+0xbf/0x160 Feb 13 13:28:09 vbun04 kernel: prepare_exit_to_usermode+0x77/0xa0 Feb 13 13:28:09 vbun04 kernel: retint_user+0x8/0x8 Feb 13 13:28:09 vbun04 kernel: RIP: 0033:0x55ec3a6bf11e Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: RSP: 002b:7ffd88899fb0 EFLAGS: 00010217 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: RCX: 7f6c918424eb Feb 13 13:28:09 vbun04 kernel: RDX: 0010 RSI: 000a RDI: 0003 Feb 13 13:28:09 vbun04 kernel: RBP: 0003 R08: R09: 7f6c919331f0 Feb 13 13:28:09 vbun04 kernel: R10: R11:
[Kernel-packages] [Bug 1863086] Re: unkillable process (kernel NULL pointer dereference)
Yes, you are absolutely correct. I can reproduce this now, when kernel.core_pattern is set to "|". I can also confirm that the first kernel that this is broken in is 5.3, as it works fine in 5.2 and below. I will look into this and hopefully get this fixed for you. Thanks for reporting! Engineering Notes: RIP: 0010:do_coredump+0x536/0xb30 $ eu-addr2line do_coredump+0x536 -e vmlinux-5.3.0-29-generic /build/linux-OZAq_R/linux-5.3.0/include/linux/fs.h:2841:7 This is the function file_start_write(): 2839 static inline void file_start_write(struct file *file) 2840 { 2841 if (!S_ISREG(file_inode(file)->i_mode)) 2842 return; 2843 __sb_start_write(file_inode(file)->i_sb, SB_FREEZE_WRITE, true); 2844 } This is called from do_coredump(): 565 void do_coredump(const kernel_siginfo_t *siginfo) 566 { ... 788 if (!dump_interrupted()) { 789 file_start_write(cprm.file); 790 core_dumped = binfmt->core_dump(); 791 file_end_write(cprm.file); 792 } ... 810 } On kernels 5.2 and before, kernel.core_pattern=| normally outputs: [ 39.328638] Core dump to | pipe failed This is output is from the pipe section of do_coredump(): 565 void do_coredump(const kernel_siginfo_t *siginfo) 566 { ... 623 ispipe = format_corename(, , , ); 624 625 if (ispipe) { ... 681 sub_info = call_usermodehelper_setup(helper_argv[0], 682 helper_argv, NULL, GFP_KERNEL, 683 umh_pipe_setup, NULL, ); 684 if (sub_info) 685 retval = call_usermodehelper_exec(sub_info, 686 UMH_WAIT_EXEC); 687 688 kfree(helper_argv); 689 if (retval) { 690 printk(KERN_INFO "Core dump to |%s pipe failed\n", 691cn.corename); 692 goto close_fail; 693 } ... 810 } With kernel.core_pattern=|, format_corename() still interprets this as the pipe path with: 191 static int format_corename(struct core_name *cn, struct coredump_params *cprm, 192size_t **argv, int *argc) 193 { ... 196 int ispipe = (*pat_ptr == '|'); ... 335 return ispipe; 336 } Which checks the first byte of the core_pattern string to see if it is a "|". This means we really want the call to call_usermodehelper_exec() in do_coredump() to fail, so we take the if(retval) step and output "Core dump to |%s pipe failed\n". Note that cn.corename is NULL when kernel.core_pattern=|. For some reason with 5.3 and later, this call to call_usermodehelper_exec() is not failing, and execution continues on and breaks at file_start_write(cprm.file); at the end of do_coredump(). call_usermodehelper_exec() calls umh_pipe_setup() and creates the pipe used. Something has likely changed in the pipe subsystem. I will update when I figure out what. ** Also affects: linux (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Focal) Importance: Undecided Status: Confirmed ** Changed in: linux (Ubuntu Eoan) Status: New => Confirmed ** Changed in: linux (Ubuntu Eoan) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Eoan) Assignee: (unassigned) => Matthew Ruffell (mruffell) ** Changed in: linux (Ubuntu Focal) Assignee: (unassigned) => Matthew Ruffell (mruffell) ** Description changed: If process that listens socket on any port crashes (segmentation fault) it becomes unkillable. Kill command does not kill this process. Port that listen crashed process never be freed. journalctl shows error: Feb 13 13:28:09 vbun04 kernel: socktest[1359]: segfault at 21 ip 55ec3a6bf11e sp 7ffd88899fb0 error 6 in socktest[55ec3a6bf000+1000] Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: BUG: kernel NULL pointer dereference, address: 0020 Feb 13 13:28:09 vbun04 kernel: #PF: supervisor read access in kernel mode Feb 13 13:28:09 vbun04 kernel: #PF: error_code(0x) - not-present page Feb 13 13:28:09 vbun04 kernel: PGD 0 P4D 0 Feb 13 13:28:09 vbun04 kernel: Oops: [#1] SMP NOPTI Feb 13 13:28:09 vbun04 kernel: CPU: 1 PID: 1359 Comm: socktest Tainted: G OE 5.3.0-29-generic #31-Ubuntu Feb 13 13:28:09 vbun04 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13 13:28:09 vbun04 kernel: RSP: :b464c2c5fca8 EFLAGS: 00010246 Feb 13 13:28:09 vbun04 kernel: RAX:
[Kernel-packages] [Bug 1863086] Re: unkillable process (kernel NULL pointer dereference)
After previous comment I checked my system settings and find what affect to this bug. I usually disable system core dump in all linux distributions using kernel.core_pattern=| in sysctl.conf When kernel.core_pattern has default all ok. So kernel.core_pattern=| cause this bug. It occurs since kernel 5.3 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863086 Title: unkillable process (kernel NULL pointer dereference) Status in linux package in Ubuntu: Confirmed Bug description: If process that listens socket on any port crashes (segmentation fault) it becomes unkillable. Kill command does not kill this process. Port that listen crashed process never be freed. journalctl shows error: Feb 13 13:28:09 vbun04 kernel: socktest[1359]: segfault at 21 ip 55ec3a6bf11e sp 7ffd88899fb0 error 6 in socktest[55ec3a6bf000+1000] Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: BUG: kernel NULL pointer dereference, address: 0020 Feb 13 13:28:09 vbun04 kernel: #PF: supervisor read access in kernel mode Feb 13 13:28:09 vbun04 kernel: #PF: error_code(0x) - not-present page Feb 13 13:28:09 vbun04 kernel: PGD 0 P4D 0 Feb 13 13:28:09 vbun04 kernel: Oops: [#1] SMP NOPTI Feb 13 13:28:09 vbun04 kernel: CPU: 1 PID: 1359 Comm: socktest Tainted: G OE 5.3.0-29-generic #31-Ubuntu Feb 13 13:28:09 vbun04 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13 13:28:09 vbun04 kernel: RSP: :b464c2c5fca8 EFLAGS: 00010246 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: 9d4b76995100 RCX: 1afc Feb 13 13:28:09 vbun04 kernel: RDX: RSI: b464c2c5fc68 RDI: Feb 13 13:28:09 vbun04 kernel: RBP: b464c2c5fdd8 R08: 0400 R09: b464c2c5fbe0 Feb 13 13:28:09 vbun04 kernel: R10: 9d4b75d01170 R11: R12: 9d4b7b3df540 Feb 13 13:28:09 vbun04 kernel: R13: 0001 R14: R15: b9f15920 Feb 13 13:28:09 vbun04 kernel: FS: 7f6c91911540() GS:9d4b7db0() knlGS: Feb 13 13:28:09 vbun04 kernel: CS: 0010 DS: ES: CR0: 80050033 Feb 13 13:28:09 vbun04 kernel: CR2: 0020 CR3: 723ac003 CR4: 000606e0 Feb 13 13:28:09 vbun04 kernel: Call Trace: Feb 13 13:28:09 vbun04 kernel: ? wake_up_state+0x10/0x20 Feb 13 13:28:09 vbun04 kernel: ? __send_signal+0x1eb/0x3f0 Feb 13 13:28:09 vbun04 kernel: get_signal+0x159/0x880 Feb 13 13:28:09 vbun04 kernel: do_signal+0x34/0x280 Feb 13 13:28:09 vbun04 kernel: ? bad_area+0x47/0x50 Feb 13 13:28:09 vbun04 kernel: exit_to_usermode_loop+0xbf/0x160 Feb 13 13:28:09 vbun04 kernel: prepare_exit_to_usermode+0x77/0xa0 Feb 13 13:28:09 vbun04 kernel: retint_user+0x8/0x8 Feb 13 13:28:09 vbun04 kernel: RIP: 0033:0x55ec3a6bf11e Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: RSP: 002b:7ffd88899fb0 EFLAGS: 00010217 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: RCX: 7f6c918424eb Feb 13 13:28:09 vbun04 kernel: RDX: 0010 RSI: 000a RDI: 0003 Feb 13 13:28:09 vbun04 kernel: RBP: 0003 R08: R09: 7f6c919331f0 Feb 13 13:28:09 vbun04 kernel: R10: R11: 0217 R12: 55ec3a6bf150 Feb 13 13:28:09 vbun04 kernel: R13: 7ffd8889a0b0 R14: R15: Feb 13 13:28:09 vbun04 kernel: Modules linked in: vboxsf(OE) nls_utf8 isofs vboxvideo(OE) intel_rapl_msr intel_rapl_common crct10dif_pclmul vmwgfx crc32_pclmul ghash_clmulni_intel aesni_intel ttm drm_kms_helper a Feb 13 13:28:09 vbun04 kernel: CR2: 0020 Feb 13 13:28:09 vbun04 kernel: ---[ end trace 278d665c8727286a ]--- Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13 13:28:09 vbun04 kernel: RSP: :b464c2c5fca8 EFLAGS: 00010246
[Kernel-packages] [Bug 1863086] Re: unkillable process (kernel NULL pointer dereference)
I cannot reproduce this. I compiled the reproducer program and tested on a Eoan VM running in KVM, with the same 5.3.0-29-generic kernel: ubuntu@ubuntu:~$ ./socktest Segmentation fault (core dumped) ubuntu@ubuntu:~$ tail /var/log/kern.log Feb 14 04:00:41 ubuntu kernel: [ 134.951620] socktest[1598]: segfault at 21 ip 55892e4cb2a3 sp 7ffed8905de0 error 6 in socktest[55892e4cb000+1000] Feb 14 04:00:41 ubuntu kernel: [ 134.951634] Code: 48 8d 4d e0 8b 45 dc ba 10 00 00 00 48 89 ce 89 c7 e8 71 fe ff ff 8b 45 dc be 0a 00 00 00 89 c7 e8 52 fe ff ff b8 21 00 00 00 00 21 00 00 00 b8 00 00 00 00 48 8b 4d f8 64 48 33 0c 25 28 00 ubuntu@ubuntu:~$ ps ax | grep socktest 1602 pts/0S+ 0:00 grep --color=auto socktest ubuntu@ubuntu:~$ uname -rv 5.3.0-29-generic #31-Ubuntu SMP Fri Jan 17 17:27:26 UTC 2020 The segfault happens as expected, but there is no null pointer dereference and no stack trace in dmesg. The process is terminated and I can still bind to port 6000 with netcat. I see that you have Virtual Box kernel modules loaded. Can you try reproduce this on a fresh Eoan VM with no Virtual Box drivers installed? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863086 Title: unkillable process (kernel NULL pointer dereference) Status in linux package in Ubuntu: Confirmed Bug description: If process that listens socket on any port crashes (segmentation fault) it becomes unkillable. Kill command does not kill this process. Port that listen crashed process never be freed. journalctl shows error: Feb 13 13:28:09 vbun04 kernel: socktest[1359]: segfault at 21 ip 55ec3a6bf11e sp 7ffd88899fb0 error 6 in socktest[55ec3a6bf000+1000] Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: BUG: kernel NULL pointer dereference, address: 0020 Feb 13 13:28:09 vbun04 kernel: #PF: supervisor read access in kernel mode Feb 13 13:28:09 vbun04 kernel: #PF: error_code(0x) - not-present page Feb 13 13:28:09 vbun04 kernel: PGD 0 P4D 0 Feb 13 13:28:09 vbun04 kernel: Oops: [#1] SMP NOPTI Feb 13 13:28:09 vbun04 kernel: CPU: 1 PID: 1359 Comm: socktest Tainted: G OE 5.3.0-29-generic #31-Ubuntu Feb 13 13:28:09 vbun04 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13 13:28:09 vbun04 kernel: RSP: :b464c2c5fca8 EFLAGS: 00010246 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: 9d4b76995100 RCX: 1afc Feb 13 13:28:09 vbun04 kernel: RDX: RSI: b464c2c5fc68 RDI: Feb 13 13:28:09 vbun04 kernel: RBP: b464c2c5fdd8 R08: 0400 R09: b464c2c5fbe0 Feb 13 13:28:09 vbun04 kernel: R10: 9d4b75d01170 R11: R12: 9d4b7b3df540 Feb 13 13:28:09 vbun04 kernel: R13: 0001 R14: R15: b9f15920 Feb 13 13:28:09 vbun04 kernel: FS: 7f6c91911540() GS:9d4b7db0() knlGS: Feb 13 13:28:09 vbun04 kernel: CS: 0010 DS: ES: CR0: 80050033 Feb 13 13:28:09 vbun04 kernel: CR2: 0020 CR3: 723ac003 CR4: 000606e0 Feb 13 13:28:09 vbun04 kernel: Call Trace: Feb 13 13:28:09 vbun04 kernel: ? wake_up_state+0x10/0x20 Feb 13 13:28:09 vbun04 kernel: ? __send_signal+0x1eb/0x3f0 Feb 13 13:28:09 vbun04 kernel: get_signal+0x159/0x880 Feb 13 13:28:09 vbun04 kernel: do_signal+0x34/0x280 Feb 13 13:28:09 vbun04 kernel: ? bad_area+0x47/0x50 Feb 13 13:28:09 vbun04 kernel: exit_to_usermode_loop+0xbf/0x160 Feb 13 13:28:09 vbun04 kernel: prepare_exit_to_usermode+0x77/0xa0 Feb 13 13:28:09 vbun04 kernel: retint_user+0x8/0x8 Feb 13 13:28:09 vbun04 kernel: RIP: 0033:0x55ec3a6bf11e Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: RSP: 002b:7ffd88899fb0 EFLAGS: 00010217 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: RCX: 7f6c918424eb Feb 13 13:28:09 vbun04 kernel: RDX: 0010 RSI: 000a RDI: 0003 Feb 13 13:28:09 vbun04 kernel: RBP: 0003 R08: R09: 7f6c919331f0 Feb 13 13:28:09 vbun04 kernel: R10: R11:
[Kernel-packages] [Bug 1863086] Re: unkillable process (kernel NULL pointer dereference)
** Package changed: ubuntu => linux (Ubuntu) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863086 Title: unkillable process (kernel NULL pointer dereference) Status in linux package in Ubuntu: New Bug description: If process that listens socket on any port crashes (segmentation fault) it becomes unkillable. Kill command does not kill this process. Port that listen crashed process never be freed. journalctl shows error: Feb 13 13:28:09 vbun04 kernel: socktest[1359]: segfault at 21 ip 55ec3a6bf11e sp 7ffd88899fb0 error 6 in socktest[55ec3a6bf000+1000] Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: BUG: kernel NULL pointer dereference, address: 0020 Feb 13 13:28:09 vbun04 kernel: #PF: supervisor read access in kernel mode Feb 13 13:28:09 vbun04 kernel: #PF: error_code(0x) - not-present page Feb 13 13:28:09 vbun04 kernel: PGD 0 P4D 0 Feb 13 13:28:09 vbun04 kernel: Oops: [#1] SMP NOPTI Feb 13 13:28:09 vbun04 kernel: CPU: 1 PID: 1359 Comm: socktest Tainted: G OE 5.3.0-29-generic #31-Ubuntu Feb 13 13:28:09 vbun04 kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13 13:28:09 vbun04 kernel: RSP: :b464c2c5fca8 EFLAGS: 00010246 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: 9d4b76995100 RCX: 1afc Feb 13 13:28:09 vbun04 kernel: RDX: RSI: b464c2c5fc68 RDI: Feb 13 13:28:09 vbun04 kernel: RBP: b464c2c5fdd8 R08: 0400 R09: b464c2c5fbe0 Feb 13 13:28:09 vbun04 kernel: R10: 9d4b75d01170 R11: R12: 9d4b7b3df540 Feb 13 13:28:09 vbun04 kernel: R13: 0001 R14: R15: b9f15920 Feb 13 13:28:09 vbun04 kernel: FS: 7f6c91911540() GS:9d4b7db0() knlGS: Feb 13 13:28:09 vbun04 kernel: CS: 0010 DS: ES: CR0: 80050033 Feb 13 13:28:09 vbun04 kernel: CR2: 0020 CR3: 723ac003 CR4: 000606e0 Feb 13 13:28:09 vbun04 kernel: Call Trace: Feb 13 13:28:09 vbun04 kernel: ? wake_up_state+0x10/0x20 Feb 13 13:28:09 vbun04 kernel: ? __send_signal+0x1eb/0x3f0 Feb 13 13:28:09 vbun04 kernel: get_signal+0x159/0x880 Feb 13 13:28:09 vbun04 kernel: do_signal+0x34/0x280 Feb 13 13:28:09 vbun04 kernel: ? bad_area+0x47/0x50 Feb 13 13:28:09 vbun04 kernel: exit_to_usermode_loop+0xbf/0x160 Feb 13 13:28:09 vbun04 kernel: prepare_exit_to_usermode+0x77/0xa0 Feb 13 13:28:09 vbun04 kernel: retint_user+0x8/0x8 Feb 13 13:28:09 vbun04 kernel: RIP: 0033:0x55ec3a6bf11e Feb 13 13:28:09 vbun04 kernel: Code: 04 24 02 00 17 70 89 c5 48 b8 30 30 30 30 30 30 30 30 89 ef 48 89 44 24 08 e8 8e ff ff ff be 0a 00 00 00 89 ef e8 72 ff ff ff 04 25 21 00 00 00 21 00 00 00 48 8b 44 24 18 Feb 13 13:28:09 vbun04 kernel: RSP: 002b:7ffd88899fb0 EFLAGS: 00010217 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: RCX: 7f6c918424eb Feb 13 13:28:09 vbun04 kernel: RDX: 0010 RSI: 000a RDI: 0003 Feb 13 13:28:09 vbun04 kernel: RBP: 0003 R08: R09: 7f6c919331f0 Feb 13 13:28:09 vbun04 kernel: R10: R11: 0217 R12: 55ec3a6bf150 Feb 13 13:28:09 vbun04 kernel: R13: 7ffd8889a0b0 R14: R15: Feb 13 13:28:09 vbun04 kernel: Modules linked in: vboxsf(OE) nls_utf8 isofs vboxvideo(OE) intel_rapl_msr intel_rapl_common crct10dif_pclmul vmwgfx crc32_pclmul ghash_clmulni_intel aesni_intel ttm drm_kms_helper a Feb 13 13:28:09 vbun04 kernel: CR2: 0020 Feb 13 13:28:09 vbun04 kernel: ---[ end trace 278d665c8727286a ]--- Feb 13 13:28:09 vbun04 kernel: RIP: 0010:do_coredump+0x536/0xb30 Feb 13 13:28:09 vbun04 kernel: Code: 00 48 8b bd 18 ff ff ff 48 85 ff 74 05 e8 c2 47 fa ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 65 05 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f Feb 13 13:28:09 vbun04 kernel: RSP: :b464c2c5fca8 EFLAGS: 00010246 Feb 13 13:28:09 vbun04 kernel: RAX: RBX: 9d4b76995100 RCX: 1afc Feb 13 13:28:09 vbun04 kernel: RDX: RSI: b464c2c5fc68 RDI: Feb 13 13:28:09 vbun04 kernel: RBP: b464c2c5fdd8 R08: