FS#44008 - [linux] Starting userpace app with infinite recursion hangs kernel instead of SEGFAULT

Attached to Project: Arch Linux
Opened by Lucjan B (lucck) - Monday, 02 March 2015, 08:55 GMT
Last edited by Doug Newgard (Scimmia) - Thursday, 13 August 2015, 02:50 GMT
Task Type Bug Report
Category Kernel
Status Closed
Assigned To Tobias Powalowski (tpowa)
Thomas Bächler (brain0)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

Starting a program with infinite recursion (pls find attached source file test.c) on x86_64 kernel freeze the kernel.

Symptoms:

- Ctrl+C and killall -9 test doesn't work and application won't exit to the shell
- After some time other tasks stopped responding
- calling ps aux on another terminal freeze the ps command

In the kernel dmesg sigfault is reported, but failed application is not interrrupted

test[1614]: segfault at 7fffee656ffc ip 000000000040055e sp 00007fffee656ff0 error 6 in test[400000+1000]



Additional info:
* Linux 3.18.6.1
* Standard arch package kernel

Steps to reproduce:

- compile the application gcc test.c -o test
- run application on the terminal ./test
- try to intterrupt the application (CTRL+C) or killall -9 test (without any results)
- try to run ps aux (It will cause ps hangs )
- after some time other tasks stopped responding randomly

It affects only 64 bit kernel 32 bit kernel works properly (SEGFAULT interrupt the failed test program)





   test.c (0.5 KiB)
This task depends upon

Closed by  Doug Newgard (Scimmia)
Thursday, 13 August 2015, 02:50 GMT
Reason for closing:  Fixed
Additional comments about closing:  3.19
Comment by Lucjan B (lucck) - Tuesday, 03 March 2015, 16:25 GMT
Hi Guys

I made some tests. Kernel 3.17 properly handle that case with SEGFAULT. Kernel 4.0rc also handle that case properly.

I think that this bug is related to:

http://seclists.org/oss-sec/2014/q4/777

Could you please provide provide a update package?


Thank you
Lucjan
Comment by Daniel Micay (thestinger) - Tuesday, 03 March 2015, 16:39 GMT
I don't think that bug is related. It has to do with the 16-bit support (segment registers) with an x86_64 kernel.
Comment by Daniel Micay (thestinger) - Tuesday, 03 March 2015, 16:39 GMT
Does it work fine with 3.19 in [testing] too?
Comment by Lucjan B (lucck) - Tuesday, 03 March 2015, 16:40 GMT
Hi Daniel

Just a moment I'll recompile form source and I'll check.
Comment by Daniel Micay (thestinger) - Tuesday, 03 March 2015, 16:58 GMT
I'm confused. Why not test with the official package?
Comment by Lucjan B (lucck) - Tuesday, 03 March 2015, 17:11 GMT
Soory, i completely forgot about testing respository.

I can confirm kernel 3.19 working properly. (It terminates task with SEGFAULT)
Comment by Kevin Cox (kevincox) - Tuesday, 11 August 2015, 23:54 GMT
Are there any updates? I am still getting this on 4.1.4-1. Userspace should not be crashing the kernel. As a developer who runs into infinite loops every now and again this is really annoying.
Comment by Daniel Micay (thestinger) - Wednesday, 12 August 2015, 02:33 GMT
> Are there any updates?

The reporter stated it was fixed in 3.19 and hasn't given any indication that it's still an issue.

> I am still getting this on 4.1.4-1.

Your machine locks when you compile / run the attached test case here?

> As a developer who runs into infinite loops every now and again this is really annoying.

It's not caused by infinite loops. It was caused by some unknown bug triggered by hitting the end of the main thread stack.
Comment by Daniel Micay (thestinger) - Wednesday, 12 August 2015, 02:34 GMT
If the current kernel works for lucck, this issue should be closed with another one opened for other problems.
Comment by Kevin Cox (kevincox) - Wednesday, 12 August 2015, 22:20 GMT
Sorry, I thought that was just some speculation as this issue was still open.

The attached source code does not freeze on this test case but on other infinite recursion (sorry I didn't mean loops) it does. The next time I find a test case I will open a new issue.

Loading...