Crash during fork/clone

From: Stephan Müller
Date: Sun Oct 15 2017 - 16:26:53 EST


Hi,

in unregular intervals, I see the following crash. This crash happens if I
start a test run that executes a large number of scripts sequentially. It
happens with vanilla kernels from kernel.org and Fedora kernels. If my memory
serves me well, I saw the first types of these crashes with 4.11.

This crash happens on native hardware as well as within a KVM guest.

Unfortunately, this crash cannot be easily triggered, it simply happens once
in a while.

[ 8447.925544] BUG: unable to handle kernel NULL pointer dereference at
000000000000003a
[ 8447.925590] IP: dup_fd+0x134/0x280
[ 8447.925605] PGD 0
[ 8447.925606] P4D 0

[ 8447.925634] Oops: 0002 [#1] SMP
[ 8447.925648] Modules linked in: ansi_cprng vfat fat vhost_net vhost tap fuse
sha512_ssse3 sha512_generic ccm gcm salsa20_generic salsa20_x86_64
camellia_generic camellia_aesni_avx2 camellia_aesni_avx_x86_64 ablk_helper
camellia_x86_64 crypto_user des3_ede_x86_64 des_generic loop rfcomm
xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun ip6t_rpfilter
ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat
ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6
nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat
nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c
iptable_mangle iptable_raw iptable_security ebtable_filter ebtables
ip6table_filter ip6_tables cmac bnep sunrpc nls_utf8 hfsplus iTCO_wdt
iTCO_vendor_support joydev
[ 8447.925929] intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp
kvm_intel brcmfmac applesmc input_polldev kvm irqbypass brcmutil intel_cstate
cfg80211 intel_uncore intel_rapl_perf btusb btrtl btbcm btintel bluetooth
i2c_i801 intel_pch_thermal thunderbolt lpc_ich nvmem_core mmc_core
snd_hda_codec_cirrus snd_hda_codec_hdmi snd_hda_codec_generic ecdh_generic
rfkill snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq bcm5974
snd_seq_device snd_pcm mei_me mei snd_timer snd spi_pxa2xx_pci shpchp
soundcore sbs acpi_als sbshc kfifo_buf industrialio spi_pxa2xx_platform
apple_bl binfmt_misc dm_crypt uas usb_storage hid_apple i915 crct10dif_pclmul
crc32_pclmul crc32c_intel i2c_algo_bit drm_kms_helper ghash_clmulni_intel drm
video
[ 8447.926189] CPU: 1 PID: 3179 Comm: test.sh Not tainted
4.13.4-200.fc26.x86_64 #1
[ 8447.926218] Hardware name: Apple Inc. MacBookPro12,1/Mac-E43C1C25D4880AD6,
BIOS MBP121.88Z.0171.B00.1708080033 08/08/2017
[ 8447.926258] task: ffff96da5fa40000 task.stack: ffffa2c109bd4000
[ 8447.926283] RIP: 0010:dup_fd+0x134/0x280
[ 8447.926299] RSP: 0018:ffffa2c109bd7d78 EFLAGS: 00010202
[ 8447.926319] RAX: 00000000000000fd RBX: 0000000000000100 RCX:
ffff96dbeb3c97e8
[ 8447.926346] RDX: 0000000000000002 RSI: ffff96dbeb3c97e8 RDI:
0000000000000100
[ 8447.926374] RBP: ffffa2c109bd7db0 R08: 0000000000000000 R09:
ffff96dad3243800
[ 8447.926401] R10: ffff96dbeb3c9000 R11: ffff96da8b796160 R12:
ffff96dc27d102c0
[ 8447.926427] R13: ffffa2c109bd7e48 R14: ffff96dc531c6440 R15:
ffff96dc432423c0
[ 8447.926455] FS: 00007f3239d45f80(0000) GS:ffff96dc6ec80000(0000) knlGS:
0000000000000000
[ 8447.926485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8447.926507] CR2: 000000000000003a CR3: 00000001926ea000 CR4:
00000000003426e0
[ 8447.926534] Call Trace:
[ 8447.926552] copy_process.part.30+0x898/0x1b30
[ 8447.926573] ? selinux_file_alloc_security+0x37/0x60
[ 8447.926594] ? alloc_file+0x65/0xc0
[ 8447.926610] _do_fork+0xcf/0x390
[ 8447.926626] ? __set_current_blocked+0x42/0x60
[ 8447.926645] SyS_clone+0x19/0x20
[ 8447.926660] do_syscall_64+0x67/0x140
[ 8447.926678] entry_SYSCALL64_slow_path+0x25/0x25
[ 8447.926697] RIP: 0033:0x7f323921d53c
[ 8447.926712] RSP: 002b:00007ffe3c3c7960 EFLAGS: 00000246 ORIG_RAX:
0000000000000038
[ 8447.926741] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007f323921d53c
[ 8447.926768] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
0000000001200011
[ 8447.926804] RBP: 00007ffe3c3c79b0 R08: 00007f3239d45f80 R09:
0000000000000000
[ 8447.926831] R10: 00007f3239d46250 R11: 0000000000000246 R12:
0000000000000000
[ 8447.926858] R13: 00007ffe3c3c7a60 R14: 0000000000000000 R15:
0000000000000000
[ 8447.926886] Code: 4c 89 ce 4c 89 f7 89 da 4c 89 4d d0 e8 46 fa ff ff 4c 8b
4d d0 4d 8b 56 08 8d 7b ff 31 c0 48 83 c7 01 4d 8b 49 08 4c 89 d1 eb 18 <f0>
48 ff 42 38 48 83 c0 01 48 8d 71 08 48 89 11 48 39 c7 74 31
[ 8447.926980] RIP: dup_fd+0x134/0x280 RSP: ffffa2c109bd7d78
[ 8447.927000] CR2: 000000000000003a
[ 8447.947234] ---[ end trace 0f02a0511461efba ]---

Ciao
Stephan