New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

`test-abort-validator` by `make regress` crashes macOS #39

Closed
sunqingyao opened this Issue Jun 12, 2018 · 9 comments

Comments

Projects
None yet
2 participants
@sunqingyao

sunqingyao commented Jun 12, 2018

I was running make regress on macOS High Sierra 10.13.5 (17F77), when my screen suddenly turned black before the entire operating system crashed, which was really a big surprise to me.

I managed to create a core dump, which you might find helpful. Let me know if further information is required.

test-abort-validator_2018-06-12-154348_sunqingyaos-MacBook-Air.crash.txt

kristapsdz pushed a commit that referenced this issue Jun 12, 2018

@kristapsdz

This comment has been minimized.

Owner

kristapsdz commented Jun 12, 2018

I think I tried submitting this to Apple at some point, but can't remember---this has been a known bug for at least a few years. I've commented out the given test case. Can you re-run make regress with a fresh checkout and report on its crash status? (I don't have a Mac to test on.)

@sunqingyao

This comment has been minimized.

sunqingyao commented Jun 12, 2018

The test test-abort-validator doesn't crash macOS anymore, and that's is great! However, it seems that test-fcgi-abort-validator also results in a kernel panic when executed, which appears to be more severe because this time the core dump resides in /Library/Logs/DiagnosticReports instead of ~/Library/Logs/DiagnosticReports.

Kernel_2018-06-13-004505_sunqingyaos-MacBook-Air.panic.txt

@kristapsdz

This comment has been minimized.

Owner

kristapsdz commented Jun 12, 2018

Oh, I should have caught that too. Last commit fixes it in the same way for that file. Edit: I'm asking around to see if I can get anybody at Apple to look at actually fixing this. It's pretty bad.

@sunqingyao

This comment has been minimized.

sunqingyao commented Jun 12, 2018

Thanks for your time and effort!

The previous kernel panic is gone but another one raises: this time the offending test appears to be test-fcgi-bigfile. Maybe all test-fcgi-* family tests share this issue?

Kernel_2018-06-13-013108_sunqingyaos-MacBook-Air.panic.txt

Edit: make regress passes when I remove the test-fcgi-* family tests. On the other hand, when I add a random test from this family, say test-fcgi-upload, the OS crashes again.

@kristapsdz

This comment has been minimized.

Owner

kristapsdz commented Jun 12, 2018

You're the one taking the time and effort---thank you!---and you've absolutely found something that people should know about. This is really bad for Apple.

I almost don't want to ask, but can you crash the system by running any of these scripts (as compiled with kcgi) under the real web server? Or is it limited to the regression suite?

@sunqingyao

This comment has been minimized.

sunqingyao commented Jun 13, 2018

No problem!

Unfortunately yes, I tried running test-fcgi-bigfile, test-fcgi-file-get, and test-fcgi-header directly on the command line, and all of them caused a crash. Then I installed them to cgi-bin and visited localhost:8080/cgi-bin/test-fcgi-{{ foo }}.cgi, and bang, macOS crashes again. So I think there's something wrong with the testing scripts, and the regression framework is probably OK.

BTW: It seems that this is a security vulnerability of macOS. If that's the case, I think it might be better for us to discuss this issue through a private channel like e-mail, instead of in a public thread?

@kristapsdz

This comment has been minimized.

Owner

kristapsdz commented Jun 13, 2018

I've submitted it to Apple, but given as I have another bug report from 2015 not answered, I don't have high hopes. (I'd have made this thread private, but GitHub doesn't have the features for that.) Meanwhile, I'll comment out all fcgi regression tests so they don't run on Apple and make some specific notes on the kcgi frontpage about avoiding Mac OS X for CGI code, as there are obviously some show-stopping bugs in the kernel.

As for the last question, I don't mean copying the test file into the CGI directory---that will only run the regression test. Try, instead, something like
test.c.txt. If it works, then the kernel bug lies in the regression suite's machinery.

Either way, this isn't a kcgi bug---it's a Mac OS X bug. If I were you, I would think carefully about running anything public-facing on your system.

@sunqingyao

This comment has been minimized.

sunqingyao commented Jun 13, 2018

It looks that your code works fine, both in the command line and on the server. However, I'd like to highlight that this script doesn't use FastCGI, which all test cases causing kernel panic are related to, so I think it's questionable to say the bug is triggered by the regression suite?

I have been trying to get this library to work with FastCGI, but have encountered some problems (see #40). I don't know if I can conquer them eventually but I'll try my best. Meanwhile, as long as you have any testing scripts, I'm willing to execute them on my system to help locating the offending line.

I'm not going to use macOS on a "serious" web server. To me it's more of a development environment, where I can try out interesting libraries like this one.

@sunqingyao

This comment has been minimized.

sunqingyao commented Jun 14, 2018

Closed for the same reason as for #40

@sunqingyao sunqingyao closed this Jun 14, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment