[BUG] `rspamd --version` `illegal hardware instruction` in function `rspamd_cryptobox_test_instr` caused by Linux kernel parameter `gather_data_sampling=force` (Enable Gather Data Sampling (GDS) mitigation)

[adrelanos]

Prerequisites

• [ ] Put an X between the brackets on this line if you have done all of the following:
• Read about bug reporting in general: https://rspamd.com/doc/faq.html#how-to-report-bugs-found-in-rspamd

Done.

• Enabled relevant debugging logs: https://rspamd.com/doc/faq.html#how-to-debug-some-module-in-rspamd

Not module related, not applicable, not done.

• Checked the FAQs about Core files in case of fatal crash: https://rspamd.com/doc/faq.html#how-to-figure-out-why-rspamd-process-crashed

Done.

• Tried ASAN package and obtained the ASAN report (if possible): https://rspamd.com/doc/faq.html#asan-builds

Done. (Described below in this report.)

• Checked that your issue isn't already filed: https://github.com/issues?utf8=%E2%9C%93&q=is%3Aissue+user%3Arspamd

• https://github.com/rspamd/rspamd/issues/399 looks similar, that's why I am already providing all debug output you might ask for but that issue is old and says was resolved.

• Checked that there is not already an experimental package or master branch

Not experimental / master branch.

Steps to Reproduce

rspamd --version

(But --version is just to show that there is a grave issue here. rspamd is totally broken, unsuable for me on that system.)

Expected behavior

Show version, no error.

Actual behavior

zsh: illegal hardware instruction  rspamd --version

Versions

3.9.1-1 from rspamd repository.

Setting up rspamd (3.9.1-1~82f43560f~bookworm) ... Setting up rspamd-dbg (3.9.1-1~82f43560f~bookworm) ...

lsb_release -a

No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 12 (bookworm)
Release:        12
Codename:       bookworm

Actually, Kicksecure which comes with security-misc, which enables a lot of kernel security related kernel parameters and sysctl.

Additional Information

rspamd --version  

zsh: illegal hardware instruction  rspamd --version

ls -la /coreland

total 19M
drwxrwxrwt  2 root root 4.0K Sep 12 10:47 .
drwxr-xr-x 20 root root 4.0K Sep 12 10:45 ..
-rw-------  1 root root  47M Sep 12 10:47 rspamd.core.428204

gdb `which rspamd` -c /coreland/rspamd.core.428204

GNU gdb (Debian 13.1-3) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/rspamd...
Reading symbols from /usr/lib/debug/.build-id/9c/731c10279db516d8e69a70bd3f3979dcca64dc.debug...

warning: Can't open file /dev/zero (deleted) during file-backed mapping note processing
[New LWP 445607]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `rspamd --version'.
Program terminated with signal SIGILL, Illegal instruction.
#0  rspamd_cryptobox_test_instr (instr=instr@entry=1) at ./src/libcryptobox/cryptobox.c:169
169     ./src/libcryptobox/cryptobox.c: No such file or directory.
(gdb) bt full
#0  rspamd_cryptobox_test_instr (instr=instr@entry=1) at ./src/libcryptobox/cryptobox.c:169
        old_handler = 0x718722f97870 <backward::SignalHandling::sig_handler(int, siginfo_t*, void*)>
        rd = <optimized out>
#1  0x0000718722cf0983 in rspamd_cryptobox_init () at ./src/libcryptobox/cryptobox.c:254
        nid = 22
        osxsave_mask = <optimized out>
        bit = <optimized out>
        buf = <optimized out>
        cpu = <optimized out>
        fma_movbe_osxsave_mask = <optimized out>
        avx2_bmi12_mask = <optimized out>
        cpu = <optimized out>
        nid = <optimized out>
        osxsave_mask = <optimized out>
        fma_movbe_osxsave_mask = <optimized out>
        avx2_bmi12_mask = <optimized out>
        bit = <optimized out>
        ctx = <optimized out>
        buf = <optimized out>
        __func__ = <optimized out>
        _g_boolean_var_ = <optimized out>
#2  rspamd_cryptobox_init () at ./src/libcryptobox/cryptobox.c:187
        cpu = <optimized out>
        nid = <optimized out>
        osxsave_mask = 134217728
        fma_movbe_osxsave_mask = 138416128
        avx2_bmi12_mask = 296
        bit = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--c
        buf = <optimized out>
        ctx = 0x71871e4298a0
        __func__ = "rspamd_cryptobox_init"
        _g_boolean_var_ = <optimized out>
#3  0x0000718722d361c8 in rspamd_init_libs () at ./src/libserver/cfg_utils.cxx:2638
        rlim = {rlim_cur = 100556660522024, rlim_max = 140726958039664}
        ottery_cfg = <optimized out>
        ctx = 0x71871e45b180
        utf8_flags = <optimized out>
        __PRETTY_FUNCTION__ = <optimized out>
#4  0x00005b74ac059f7b in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at ./src/rspamd.c:1451
        i = <optimized out>
        res = 0
        signals = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {124825221286101, 
              124825218977424, 124825223997456, 124825110577792, 5613767107662577664, 8388608, 124825197790928, 124825221298288, 
              18446744067250323455, 0, 8, 140726958040096, 2, 9, 124825142260816, 124825222643616}}, sa_flags = 0, 
          sa_restorer = 0x6572}
        sigpipe_act = {__sigaction_handler = {sa_handler = 0xa, sa_sigaction = 0xa}, sa_mask = {__val = {26, 124825142190272, 0, 1, 
              124825197795096, 124825197794280, 124825197794288, 124825197795104, 124825216522761, 2, 9223372036854775818, 0, 0, 0, 
              0, 0}}, sa_flags = 0, sa_restorer = 0x7ffd8c5824b0}
        pworker = <optimized out>
        type = <optimized out>
        control_addr = 0x0
        event_loop = <optimized out>
        rspamd_main = 0x71871e49c180
        skip_pid = 0
        control_signals = {__val = {2561, 0, 4292796126, 0, 4292598747, 0, 4280887593, 0, 4280690214, 0, 4280558628, 0, 4280361249, 
            0, 0, 124825142260768}}
        __func__ = "main"
        stat_update_time = <optimized out>
(gdb) disassemble
Dump of assembler code for function rspamd_cryptobox_test_instr:
   0x0000718722ceb0e0 <+0>:     sub    $0x18,%rsp
   0x0000718722ceb0e4 <+4>:     lea    -0x2b(%rip),%rsi        # 0x718722ceb0c0 <rspamd_cryptobox_ill_handler>
   0x0000718722ceb0eb <+11>:    movl   $0x1,0x528fb3(%rip)        # 0x7187232140a8 <ok>
   0x0000718722ceb0f5 <+21>:    mov    %edi,0x4(%rsp)
   0x0000718722ceb0f9 <+25>:    mov    $0x4,%edi
   0x0000718722ceb0fe <+30>:    call   0x718722cb6460 <signal@plt>
   0x0000718722ceb103 <+35>:    lea    0x528ed6(%rip),%rdi        # 0x718723213fe0 <j>
   0x0000718722ceb10a <+42>:    mov    %rax,0x8(%rsp)
   0x0000718722ceb10f <+47>:    call   0x718722cb6470 <_setjmp@plt>
   0x0000718722ceb114 <+52>:    test   %eax,%eax
   0x0000718722ceb116 <+54>:    jne    0x718722ceb180 <rspamd_cryptobox_test_instr+160>
   0x0000718722ceb118 <+56>:    mov    0x4(%rsp),%eax
   0x0000718722ceb11c <+60>:    cmp    $0x20,%eax
   0x0000718722ceb11f <+63>:    jg     0x718722ceb138 <rspamd_cryptobox_test_instr+88>
   0x0000718722ceb121 <+65>:    ja     0x718722ceb18f <rspamd_cryptobox_test_instr+175>
   0x0000718722ceb123 <+67>:    lea    0x3a9e16(%rip),%rdx        # 0x718723094f40
   0x0000718722ceb12a <+74>:    movslq (%rdx,%rax,4),%rax
   0x0000718722ceb12e <+78>:    add    %rdx,%rax
   0x0000718722ceb131 <+81>:    jmp    *%rax
   0x0000718722ceb133 <+83>:    nopl   0x0(%rax,%rax,1)
   0x0000718722ceb138 <+88>:    mov    0x4(%rsp),%eax
   0x0000718722ceb13c <+92>:    cmp    $0x40,%eax
   0x0000718722ceb13f <+95>:    je     0x718722ceb198 <rspamd_cryptobox_test_instr+184>
   0x0000718722ceb141 <+97>:    cmp    $0x80,%eax
   0x0000718722ceb146 <+102>:   jne    0x718722ceb18f <rspamd_cryptobox_test_instr+175>
   0x0000718722ceb148 <+104>:   rdrand %eax
   0x0000718722ceb14b <+107>:   setb   0x528f56(%rip)        # 0x7187232140a8 <ok>
--Type <RET> for more, q to quit, c to continue without paging--c
   0x0000718722ceb152 <+114>:   nopw   0x0(%rax,%rax,1)
   0x0000718722ceb158 <+120>:   mov    0x8(%rsp),%rsi
   0x0000718722ceb15d <+125>:   mov    $0x4,%edi
   0x0000718722ceb162 <+130>:   call   0x718722cb6460 <signal@plt>
   0x0000718722ceb167 <+135>:   xor    %eax,%eax
   0x0000718722ceb169 <+137>:   cmpl   $0x1,0x528f38(%rip)        # 0x7187232140a8 <ok>
   0x0000718722ceb170 <+144>:   sete   %al
   0x0000718722ceb173 <+147>:   add    $0x18,%rsp
   0x0000718722ceb177 <+151>:   ret
   0x0000718722ceb178 <+152>:   nopl   0x0(%rax,%rax,1)
   0x0000718722ceb180 <+160>:   mov    0x8(%rsp),%rsi
   0x0000718722ceb185 <+165>:   mov    $0x4,%edi
   0x0000718722ceb18a <+170>:   call   0x718722cb6460 <signal@plt>
   0x0000718722ceb18f <+175>:   xor    %eax,%eax
   0x0000718722ceb191 <+177>:   jmp    0x718722ceb173 <rspamd_cryptobox_test_instr+147>
   0x0000718722ceb193 <+179>:   nopl   0x0(%rax,%rax,1)
   0x0000718722ceb198 <+184>:   push   %rax
   0x0000718722ceb199 <+185>:   xor    %rax,%rax
   0x0000718722ceb19c <+188>:   crc32  %rax,%rax
   0x0000718722ceb1a2 <+194>:   pop    %rax
   0x0000718722ceb1a3 <+195>:   jmp    0x718722ceb158 <rspamd_cryptobox_test_instr+120>
   0x0000718722ceb1a5 <+197>:   nopl   (%rax)
   0x0000718722ceb1a8 <+200>:   pshufb %xmm0,%xmm0
   0x0000718722ceb1ad <+205>:   jmp    0x718722ceb158 <rspamd_cryptobox_test_instr+120>
   0x0000718722ceb1af <+207>:   nop
   0x0000718722ceb1b0 <+208>:   movshdup %xmm0,%xmm0
   0x0000718722ceb1b4 <+212>:   jmp    0x718722ceb158 <rspamd_cryptobox_test_instr+120>
   0x0000718722ceb1b6 <+214>:   cs nopw 0x0(%rax,%rax,1)
   0x0000718722ceb1c0 <+224>:   pcmpeqq %xmm0,%xmm0
   0x0000718722ceb1c5 <+229>:   jmp    0x718722ceb158 <rspamd_cryptobox_test_instr+120>
   0x0000718722ceb1c7 <+231>:   nopw   0x0(%rax,%rax,1)
=> 0x0000718722ceb1d0 <+240>:   vpaddq %ymm0,%ymm0,%ymm0
   0x0000718722ceb1d4 <+244>:   jmp    0x718722ceb158 <rspamd_cryptobox_test_instr+120>
   0x0000718722ceb1d6 <+246>:   cs nopw 0x0(%rax,%rax,1)
   0x0000718722ceb1e0 <+256>:   psubb  %xmm0,%xmm0
   0x0000718722ceb1e4 <+260>:   jmp    0x718722ceb158 <rspamd_cryptobox_test_instr+120>
   0x0000718722ceb1e9 <+265>:   nopl   0x0(%rax)
   0x0000718722ceb1f0 <+272>:   vpaddq %xmm0,%xmm0,%xmm0
   0x0000718722ceb1f4 <+276>:   jmp    0x718722ceb158 <rspamd_cryptobox_test_instr+120>
End of assembler dump.
(gdb) 

---

cpuinfo of broken system:

cat /proc/cpuinfo

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 94
model name      : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
stepping        : 3
microcode       : 0xf0
cpu MHz         : 3699.997
cache size      : 8192 KB
physical id     : 0
siblings        : 4
core id         : 0
cpu cores       : 4
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 22
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit srbds mmio_stale_data retbleed gds
bogomips        : 6799.81
clflush size    : 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 94
model name      : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
stepping        : 3
microcode       : 0xf0
cpu MHz         : 3700.004
cache size      : 8192 KB
physical id     : 0
siblings        : 4
core id         : 1
cpu cores       : 4
apicid          : 2
initial apicid  : 2
fpu             : yes
fpu_exception   : yes
cpuid level     : 22
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit srbds mmio_stale_data retbleed gds
bogomips        : 6799.81
clflush size    : 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

processor       : 2
vendor_id       : GenuineIntel
cpu family      : 6
model           : 94
model name      : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
stepping        : 3
microcode       : 0xf0
cpu MHz         : 3699.997
cache size      : 8192 KB
physical id     : 0
siblings        : 4
core id         : 2
cpu cores       : 4
apicid          : 4
initial apicid  : 4
fpu             : yes
fpu_exception   : yes
cpuid level     : 22
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit srbds mmio_stale_data retbleed gds
bogomips        : 6799.81
clflush size    : 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

processor       : 3
vendor_id       : GenuineIntel
cpu family      : 6
model           : 94
model name      : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
stepping        : 3
microcode       : 0xf0
cpu MHz         : 3700.003
cache size      : 8192 KB
physical id     : 0
siblings        : 4
core id         : 3
cpu cores       : 4
apicid          : 6
initial apicid  : 6
fpu             : yes
fpu_exception   : yes
cpuid level     : 22
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit srbds mmio_stale_data retbleed gds
bogomips        : 6799.81
clflush size    : 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

---

Here is another cpuinfo of a functional system with an idential system configuration.

cat /proc/cpuinfo

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 158
model name      : Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
stepping        : 9
microcode       : 0xf8
cpu MHz         : 900.011
cache size      : 8192 KB
physical id     : 0
siblings        : 4
core id         : 0
cpu cores       : 4
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 22
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml ept_mode_based_exec
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit srbds mmio_stale_data retbleed gds
bogomips        : 7200.00
clflush size    : 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 158
model name      : Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
stepping        : 9
microcode       : 0xf8
cpu MHz         : 900.184
cache size      : 8192 KB
physical id     : 0
siblings        : 4
core id         : 1
cpu cores       : 4
apicid          : 2
initial apicid  : 2
fpu             : yes
fpu_exception   : yes
cpuid level     : 22
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml ept_mode_based_exec
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit srbds mmio_stale_data retbleed gds
bogomips        : 7200.00
clflush size    : 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

processor       : 2
vendor_id       : GenuineIntel
cpu family      : 6
model           : 158
model name      : Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
stepping        : 9
microcode       : 0xf8
cpu MHz         : 900.009
cache size      : 8192 KB
physical id     : 0
siblings        : 4
core id         : 2
cpu cores       : 4
apicid          : 4
initial apicid  : 4
fpu             : yes
fpu_exception   : yes
cpuid level     : 22
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml ept_mode_based_exec
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit srbds mmio_stale_data retbleed gds
bogomips        : 7200.00
clflush size    : 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

processor       : 3
vendor_id       : GenuineIntel
cpu family      : 6
model           : 158
model name      : Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
stepping        : 9
microcode       : 0xf8
cpu MHz         : 900.006
cache size      : 8192 KB
physical id     : 0
siblings        : 4
core id         : 3
cpu cores       : 4
apicid          : 6
initial apicid  : 6
fpu             : yes
fpu_exception   : yes
cpuid level     : 22
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml ept_mode_based_exec
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit srbds mmio_stale_data retbleed gds
bogomips        : 7200.00
clflush size    : 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

---

Here is the diff broken ok (broken /proc/cpuinfo CPU versus functional /proc/cpuinfo CPU):

diff broken ok

4,8c4,8
< model           : 94
< model name      : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
< stepping        : 3
< microcode       : 0xf0
< cpu MHz         : 3700.001
---
> model           : 158
> model name      : Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
> stepping        : 9
> microcode       : 0xf8
> cpu MHz         : 900.011
20,21c20,21
< flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
< vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml
---
> flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
> vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml ept_mode_based_exec
23c23
< bogomips        : 6799.81
---
> bogomips        : 7200.00
32,36c32,36
< model           : 94
< model name      : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
< stepping        : 3
< microcode       : 0xf0
< cpu MHz         : 3700.003
---
> model           : 158
> model name      : Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
> stepping        : 9
> microcode       : 0xf8
> cpu MHz         : 900.184
48,49c48,49
< flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
< vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml
---
> flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
> vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml ept_mode_based_exec
51c51
< bogomips        : 6799.81
---
> bogomips        : 7200.00
60,64c60,64
< model           : 94
< model name      : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
< stepping        : 3
< microcode       : 0xf0
< cpu MHz         : 3699.998
---
> model           : 158
> model name      : Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
> stepping        : 9
> microcode       : 0xf8
> cpu MHz         : 900.009
76,77c76,77
< flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
< vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml
---
> flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
> vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml ept_mode_based_exec
79c79
< bogomips        : 6799.81
---
> bogomips        : 7200.00
88,92c88,92
< model           : 94
< model name      : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
< stepping        : 3
< microcode       : 0xf0
< cpu MHz         : 3700.001
---
> model           : 158
> model name      : Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
> stepping        : 9
> microcode       : 0xf8
> cpu MHz         : 900.006
104,105c104,105
< flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
< vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml
---
> flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
> vmx flags       : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple shadow_vmcs pml ept_mode_based_exec
107c107
< bogomips        : 6799.81
---
> bogomips        : 7200.00

---

Why did I attach the CPU info of both, a broken machine and a functional machine? Because I am suspecting this could be CPU related. The broken CPU for example lacks a few CPU flags such as avx.

In summary:

• model name : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz - issue
• model name : Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz - no issue

---

ASAN build

How about ASAN builds?

It does not create a core file. I have no idea why. Only rspamd / rspamd-dbg version creates core files. Why rspamd-asan does not create core files I don't know. Should be the same, right? Once I figured out how to create core files it should always be functional?

rspamd --version

zsh: illegal hardware instruction  rspamd --version

ls -la /coreland

total 8.0K
drwxrwxrwt  2 root root 4.0K Sep 12 11:04 .
drwxr-xr-x 20 root root 4.0K Sep 12 10:45 ..

[vstakhov]

Rspamd is expected to get SIGILL when testing instructions set. Why it is not handled properly is likely your system's issue, not an Rspamd one. Please check your OS documentation.

[adrelanos]

This was caused by security-misc configuration file /etc/default/grub.d/40_cpu_mitigations.cfg (https://github.com/Kicksecure/security-misc/pull/218), namely by kernel parameter:

gather_data_sampling=force

## Enable Gather Data Sampling (GDS) mitigation.
## Note for systems that have not received a suitable microcode update this will
## entirely disable use of the AVX instructions set.
##
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/gather_data_sampling.html
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX gather_data_sampling=force"

Quote from the kernel manual:

GDS can also be mitigated on systems that don’t have updated microcode by disabling AVX. This can be done by setting gather_data_sampling=”force” or “clearcpuid=avx” on the kernel command-line.

If used, these options will disable AVX use by turning off XSAVE YMM support. However, the processor will still enumerate AVX support. Userspace that does not follow proper AVX enumeration to check both AVX and XSAVE YMM support will break.

Does rspamd follow proper AVX enumeration to check both AVX and XSAVE YMM support?

GNU wc - (from coreutils) also had this issue.

Debian bookworm:

wc -l

zsh: illegal hardware instruction (core dumped) wc -l

Debian bookworm with a Debian trixie chroot:

functional

rspamd is still broken in the Debian trixie chroot.

Perhaps GNU wc fixed it with this commit?

• https://github.com/coreutils/coreutils/commit/8d41285fe494613a732f8060606d68ea3a8181d0

Perhaps there is an old AVX API and a new AVX API? wc (trixie version) using the newer API. rspamd using the older AVX API, therefore broken?

rspamd is now the only broken binary for me with no upstream fix available and with no confirmed upstream bug.

[vstakhov]

Gnu binutils use __builtin_cpu_supports and that's why it works - merely with the most recent gcc/clang. I don't see that as a good alternative to what Rspamd does (at least a necessary one)... However, I'd be happy to review any patches on that.

[vstakhov]

Or maybe it's now quite an old compiler's feature from what I see, so we can/should presumably rely on it.

[vstakhov]

Could you please check if https://github.com/rspamd/rspamd/pull/5140 helps with your issue?

[adrelanos]

I need to figure out how to compile rspamd from source code, while using that pull request, which could take a while. If it was available from the Debian repository, I could test it much faster.

[fatalbanana]

I need to figure out how to compile rspamd from source code, while using that pull request, which could take a while. If it was available from the Debian repository, I could test it much faster.

On Debianalikes the easiest way is to build the package, you can find hints about how to do that here. Missing step from those instructions is installation of libhyperscan-dev, which is currently intentionally missing from debian/control.

[adrelanos]

Could you please check if #5140 helps with your issue?

Yes, fixed.