Bus Error on Mac OSX Yosemite with Clang #1025
Comments
|
I run JtR on Yosemite all the time, with CUDA and OpenCL. No problem except the header bugs described below.. First, the gpg2john.c warnings are benign (actually sort of false positives) and hard to mute.
Yosemite come with header errors (that was a first for me), maybe that is the problem you describe? The headers only work with Objective C. I fixed it with the patch below: This may or may not be the cause of your segfaults too. After applying the above you should be able to build with gcc too. Please apply and report back. |
|
Latest commit includes that patch and instructions in doc/INSTALL |
|
Thanks for the quick reply. The patch worked for me. However I still couldn't build with gcc initially: As I would get the following error: I was able to work around this error by removing the following wherever it appeared in the Makefile: After that, I was finally able to build the entire thing with GNU gcc 4.9, but alas, I'm still getting the same error. |
|
That -march=native problem should be fixed if you follow doc/INSTALL - it's the native 'as' lacking support for assembling AVX instructions so you need to copy |
|
I do not believe this item to be closed. I have followed the doc/INSTALL directions completely, and tried again. With the doc/INSTALL directions, there is no need for removing the native flag as you stated. The Yosemite patch you provided is also not needed and actually broke things (I had to go remove it) otherwise I was getting build errors. The underlying problem still remains, however. I'm still getting the bus error. This is the problem that is preventing use of the latest John edition. Should I open a new bug just about that error? |
|
What is the output of |
|
Did you |
Please decide. Which is it? If it broke things, what did it break? |
|
Sorry, I was not being very clear, and I think I may have sent us down a wild goose chase. Before you told me about the OSX directions, I was running configure and manually passing it CC= which came from macports. That version was giving me the errors which your Yosemite patch "fixed". After reading your directions for OSX on the install page, I grabbed gcc 4.9 from brew as the directions indicated, and set up osx_as_wrapper.sh. Now when I attempted to compile and make, I was getting a new error about not being able to find 'dispatch_block_t'. On a hunch, I went and removed the Yosemite patch, and did a new make and make clean. This built just fine. So the patch was unneeded and breaks things. I apologize for not following the build directions sooner. After building john, and running it again using the same format as before, I'm seeing numerous rounds of the Bus Error / non-existant physical address error. This is concerning to me, though I haven't re-experienced a complete crash of john or the system, so it may not be actually breaking anything, but I can't tell. |
|
I use brew and get a "Illegal instruction: 4" |
|
^ What exactly triggers that |
|
@Bodo-von-Greif for problems with Homebrew bottles, please report to them, not us. Although I will try to help them out if I can. This is probably not related to this issue. |
|
@shellster this is what I get with gcc and without that system header patch Applying it and retrying: |
|
Here's md5sums of original files And here's for patched files EDIT here's when using the latest patch as updated above |
That usually means, for example, that you built for AVX and then try to run it on a system lacking AVX. |
|
This is OT but anyway: @Bodo-von-Greif @DomT4 I just tested the Homebrew bottle and it looks like they built it for AVX. This means it will only run on an AVX-capable CPU or else it will fail with "illegal instruction" just like I thought. A proper build for binary dists would have automatic fallbacks to john-sse2. Or at least it should be configured for SSE2 only (all x86-64 has SSE2) but that would be suboptimal for people having better than that. |
The bottles are aimed at the widest user base possible usually. Feel free to raise an issue at Homebrew/Homebrew with that information though; Mike who handles the bottles may be able to do something about it :). |
|
Thanks Magnum, Appreciate that. |
|
@shellster I will close this as user error. If you still think the patch is causing problems rather than fixing them, please reopen and elaborate. |
|
FWIW 3c28891 updates that patch (I also updated the copy above) in order to avoid recent problems when not using gcc but native clang. So with the new patch you can use "real" gcc or not, and there really shouldn't be any side effects. @shellster maybe this was what you were trying to describe all the time? Re-reading the above you were pretty vague about what issue you actually had. You said you got errors with the (old) patch applied which indicates you actually weren't ending up using your newly installed gcc-4.9 but still using clang for one reason or the other (that would usually be a PATH issue - or maybe you did not re-run configure and make clean, or YMMV). Oh and BTW that as-wrapper shell script was dropped in a91cd2c in favor of a more elegant solution but in the end there's no difference. |
|
Just pulled the latest build. I was able to build it with no issues. It still crashes with the error at the bottom of my first post whenever I try to crack netntlm hashes. It did not crash when trying to crack kerberos tickets. I don't know what the issue is, but john 1.8.0-jumbo is unusable on my Yosemite box for netntlm hashes. The only non-standard thing that I am still doing when compiling, is adding --enable-mpi to the configure call. Everytime I build, I do a make clean. I never have not called make clean before a build. |
|
OK, thanks. And this is still with a clang build, right? You mention netntlm but your pasted problem was with ntlmv2-opencl - does this mean you have this problem with CPU format(s) too or is it only with the OpenCL version(s)? If it's OpenCL only, you could try using --device=cpu for testing whether the problem is bound to the GPU device or not. And please post the output of |
Using Homebrew's OpenMPI this will force use of clang - gcc won't be used even if available. This explains much of the initial confusion. |
|
Running john with --device=cpu by itself did not produce the error. However, when I tried running it with MPI I got the error again. As you mentioned, I am using the HomeBrew OpenMPI for the build. This error is inconsistent however, I ran multiple runs without the error, and then it popped up again. This is making it exceedingly difficult to test. |
|
As I said previously I built with default options except --enable-mpi. However, I still have the "as" hack from the OSX build instructions. Should I remove that? I also have the modified system headers: I didn't make back-ups (stupidly) before modifying them before. If you have the originals and can send them to me via email, I'll put them back and recompile. |
|
I'll try and run some tests actually utilizing MPI. If you run the latest Git version you can remove the 'as' wrapper script from /usr/local/bin but you don't need to rebuild, the new version does the exact same thing but without needing the script so the resulting binaries will be the same anyway. If you give me your email I can hand you the pristine system headers but you should be able to just run the patch backwards (provided you use the same version of the patch that was used before) by adding Do you actually need MPI, eg. for running sessions across several hosts over the network? If you just want multiple local processes you should use --fork instead but maybe you knew that. |
|
I still can't reproduce any problem. We need to rule out stuff in order to nail this:
You could try "brew doctor", "brew update" and "brew upgrade" just in case this is a Homebrew problem that was fixed recently. |
|
I was not aware of the Fork option. I will use that and see if the problem goes away. I'll report back once I can confirm. |
|
I had a chance to crack some more netntlm hashes using john with the fork option. I got the same errors. I was not using the opencl option. My command looked like this john --fork=8 -w:/path/to/wordlist --rules /path/to/hashes.txt. It ran fine for quite awhile then crashed. This, I believe, should indicated that opencl is not the issue, and neither is openmpi. I have not been able to rule out size of word lists. It only has ever happened using large wordlists, but I don't know if this is time related, or size related. It might not be either, since it is so inconsistent. I'll keep reporting back as I find more information. Hopefully, someone else, will contribute to this thread if they experience the same thing. In the meantime, I've gone back to the last john jumbo build based on the v1.7.x. It has never crashed with the error in this thread. |
|
If we could get a backtrace from the debugger it would give us lots of clues. Are you familiar with gdb? Basically you'd just prepend your command line with Once inside the debugger (under OSX it will initially spew out lots of "warnings" that you can ignore), type You'd need to use a build of john made with just |
|
Update. I ran it again after recompiling the latest john and not running make install. $ gdb --args ./john --fork=8 -w:./wordlist.txt --rules /tmp/hashes.txt
GNU gdb (GDB) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin14.0.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./john...done.
(gdb) r
Starting program: ./john --fork=8 -w:./wordlist.txt --rules /tmp/hashes.txt
Warning: detected hash type "netntlmv2", but the string is also recognized as "ntlmv2-opencl"
Use the "--format=ntlmv2-opencl" option to force loading these as that type instead
Loaded 45 password hashes with 45 different salts (netntlmv2, NTLMv2 C/R [MD4 HMAC-MD5 32/64])
Node numbers 1-8 of 8 (fork)
Press 'q' or Ctrl-C to abort, almost any other key for status
[pc:12919] *** Process received signal ***
[pc:12919] Signal: Bus error: 10 (10)
[pc:12919] Signal code: Non-existant physical address (2)
[pc:12919] Failing at address: 0x11d706000
[pc:12919] [ 0] 0 libsystem_platform.dylib 0x00007fff8e38ff1a _sigtramp + 26
[pc:12919] *** End of error message ***
1 0g 0:00:00:10 0.00% (ETA: 2015-03-07 13:56) 0g/s 14227p/s 640255c/s 640255C/s !el0!e$
6 0g 0:00:00:10 8.83% (ETA: 18:40:32) 0g/s 12505p/s 562748c/s 562748C/s Eri1
7 0g 0:00:00:10 10.59% (ETA: 18:40:13) 0g/s 12471p/s 561233c/s 561233C/s carolicaroli
4 0g 0:00:00:10 5.32% (ETA: 18:41:46) 0g/s 12499p/s 562462c/s 562462C/s nounos
5 0g 0:00:00:10 7.08% (ETA: 18:41:00) 0g/s 12492p/s 562159c/s 562159C/s caroline1
3 0g 0:00:00:11 3.57% (ETA: 18:43:46) 0g/s 12702p/s 571634c/s 571634C/s Luty7
8 0g 0:00:00:10 12.34% (ETA: 18:40:00) 0g/s 12592p/s 566653c/s 566653C/s iesram |
|
All right, it took much longer when I wasn't running a forked process, but this time I got a proper break, and did a backtrace: [New Thread 0x140b of process 13037]
Program received signal SIGBUS, Bus error.
0x00000001001b07f0 in mgetl (res=<optimized out>) at wordlist.c:179
179 while (map_pos < map_scan_end &&
(gdb) bt
#0 0x00000001001b07f0 in mgetl (res=<optimized out>) at wordlist.c:179
#1 do_wordlist_crack (db=0x100cea1d8, name=<optimized out>, rules=<optimized out>) at wordlist.c:1186
#2 0x0000000000000000 in ?? () |
|
Very interesting. Perhaps you could also supply some lines from a log file of a session with this problem? The interesting lines are like ...essentially all lines the have a dash between timestamp and message, except lines like |
|
Here's the entire john.log until I got the previous crash: I don't know if it is relevant, but the wordlist I am using is a modified dazzlepod uniq word list. Mine is currently 241584732 words (lines) long, so it is fairly large. |
|
Many thanks for persisting in trying to nail this! I truly hope you did now. This is an edge case bug, very unlikely to happen. I'm really glad we found it. I think (and hope) that 433982e fixes the problem for good. Please report back. I am pretty sure this depends on the exact size of wordlist and exact lengths of words so if you run the same command using the same wordlist you should be able to reproduce the problem without the patch, and verify it's gone with it. |
|
Thank you for your support and working on a possible patch. Initial testing seems to indicate that the issue may be fixed for john with no forking or openmpi and john with forking or john with openmpi. However, I instantly get the original bus error message when I try --format=ntlmv2-opencl and --fork=8. I think we may have found a bug, but I'm not sure it's the same bug... Since the issue can take a long time to manifest, and I can't debug it when running via fork or openmpi, I will try running a single thread all night and see if I can get either issue to pop up. |
|
It seems pretty unlikely to me that you would experience two separate bugs that noone else has reported. Maybe the bug was somehow not 100% fixed. I will try to stage a wordlist that does trigger the bug (without the patch), and work from there. |
|
BTW, what is the very last word of that wordlist? Or, more importantly, what length is that word? |
|
Here's the last "word" and length: $ tail -n 1 /tmp/uniq.txt |
|
Perhaps that very last word of your list also lacks a linefeed? That is supposed to be supported, but I seem to be able to trigger the bug (without the patch) only when last word lacks a linefeed. |
|
Your tail output indicates it does have a LF though. The length is 20 without a LF. |
|
I piped it through xxd just to be sure, and there is a \n on the end. |
|
On another note:
I think what happens is process 2 (with pid 12919) crashes (note the lack of status line for it). In that situation I think you should be able to halt the debugger with ctrl-c and then EDIT https://sourceware.org/gdb/onlinedocs/gdb/Forks.html indicates the child processes run detached from the debugger so when the above crash happens, it's too late. |
I think as soon as it starts processing rule #2, you will not see any crash related to that bug. Either you get it when it processes the last word for the first time (at rule #1), or it won't trigger at all. Also, the number of hashes or hash type, or using rules or not, does not matter for the bug that was fixed. I test it with a single NT hash and no rules. I use a ~2 GB wordlist and just vary the length of the very last word. At lengths over 8 and lacking a LF, I can trigger the crash (without the patch). For some reason I have yet to trigger it when the last word has a linefeed. |
Oh by the way: If the above always crashes at the same point, in node 2, you should try replacing |
|
After several partial single runs, I couldn't get a crash. I never did get the wordlist crash again. I can get multiple, almost immediate crashes as soon as a fork and use the ntlmv2-opencl format. I'll try the node option and see if that gets me somewhere. I tried attaching to the crashing process via a second instance of gdb. Here's what I got, though it doesn't look that helpful to me (I probably don't know what I'm doing): |
|
I don't know if the node argument is broken, or if I'm not doing it right: |
|
You need to drop the |
The problem is the crash happens down in a system library where we lack debugging symbols. But normally you'd get some info from a backtrace. Ideally you should try to find a way for me/us to reproduce the crash with some test hash(es) and some exact wordlist/rules/whatever and exact command line. But it might not be very easy to find out. Especially since (provided this still has anything to do with memory mapping) it depends on how much memory you've got and how taxed that memory is with other things. So you might not even have a reproducible case yourself. |
|
BTW the OpenCL formats are a lot harder to get good debug info from (because a lot more shared libs lacking debug info are involved). It would be better if you can catch a crash in netntlmv2 CPU format. |
|
Oh, and another aspect is that it might not make a lot of sense to run -fork=8 with GPU. Especially not when trying to nail a bug. If you can only get crashes in OpenCL now I'm tempted to write it down to Apple driver problems. The drivers are pretty good now, 2.5 years ago they were terrible. Really really terrible. Almost no OpenCL format could run at all. Having said that, I just ran some ntlmv2-opencl on my Macbook w/ GT650M, even using fork=8 and a crazy big wordlist with rules. Doesn't crash here (yet). |
Hi,
I have been trying to get the latest copy to compile and run under OSX with Yosemite. I finally got it to compile using clang. I tried GNU gcc but keep running into syntax errors in the opencl libraries:
I get the following warnings, when running make, but otherwise everything seems to work:
However, when I actually try running john I get the following error:
The error is inconsistent, but happens about 90% of the time. Usually it is a fatal error, but sometimes the cracker continues to run. Yesterday, it spit out the error, and then the entire Mac seg-faulted and rebooted.
The text was updated successfully, but these errors were encountered: