Bug #298208 “keyutils is broken (keyctl segfaults trivially)” : Bugs : linux package : Ubuntu

Revision history for this message

Steve Langasek (vorlon) wrote on 2008-11-19:

#1

Download full text (4.0 KiB)

This looks like a kernel bug. dmesg output corresponding to the keyctl call:

[172406.924622] BUG: unable to handle kernel NULL pointer dereference at 0000000
000000004
[172406.924632] IP: [<ffffffff8035f44b>] call_sbin_request_key+0x2db/0x2f0
[172406.924646] PGD 33157067 PUD a946067 PMD 0
[172406.924654] Oops: 0000 [1] SMP
[172406.924659] CPU 1
[172406.924663] Modules linked in: nls_iso8859_1 nls_cp437 vfat fat usb_storage libusual tun nfs lockd nfs_acl sunrpc iwl3945 af_packet i915 drm binfmt_misc rfcomm sco bridge stp bnep l2cap bluetooth ppdev acpi_cpufreq cpufreq_userspace cpufreq_conservative cpufreq_stats cpufreq_ondemand freq_table cpufreq_powersave sbs sbshc container pci_slot wmi iptable_filter ip_tables x_tables ipv6 parport_pc lp parport loop joydev pcmcia thinkpad_acpi arc4 ecb nvram snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm evdev serio_raw pcspkr psmouse rfkill yenta_socket rsrc_nonstatic mac80211 pcmcia_core snd_seq_dummy iTCO_wdt iTCO_vendor_support led_class snd_seq_oss battery cfg80211 video ac nsc_ircc snd_seq_midi output irda snd_rawmidi crc_ccitt snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore snd_page_alloc button shpchp pci_hotplug intel_agp ext3 jbd mbcache sha256_generic aes_x86_64 aes_generic cbc sr_mod cdrom sd_mod crc_t10dif sg ata_piix pata_acpi ata_generic ahci libata scsi_mod ehci_hcd uhci_hcd usbcore e1000e dock dm_crypt crypto_blkcipher dm_mirror dm_log dm_snapshot dm_mod thermal processor fan fbcon tileblit font bitblit softcursor fuse [last unloaded: iwl3945]
[172406.924834] Pid: 9408, comm: keyctl Not tainted 2.6.27-8-generic #1
[172406.924839] RIP: 0010:[<ffffffff8035f44b>] [<ffffffff8035f44b>] call_sbin_request_key+0x2db/0x2f0
[172406.924848] RSP: 0018:ffff880010d9fd18 EFLAGS: 00010246
[172406.924852] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[172406.924857] RDX: ffff880010d9fd95 RSI: 00000000fffffffc RDI: 0000000000000001
[172406.924861] RBP: ffff880010d9fe58 R08: 00000000ffffffff R09: 0000000000000001
[172406.924865] R10: ffff880010d9fc38 R11: ffff880090d9fd93 R12: ffff880010d9fd88
[172406.924869] R13: ffff88003d04d900 R14: ffff88001a873350 R15: ffff880021499670
[172406.924875] FS: 00007f3d471d26e0(0000) GS:ffff88003f002880(0000) knlGS:0000000000000000
[172406.924880] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[172406.924884] CR2: 0000000000000004 CR3: 0000000010081000 CR4: 00000000000006a0
[172406.924889] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[172406.924893] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[172406.924898] Process keyctl (pid: 9408, threadinfo ffff880010d9e000, task ffff880021499670)
[172406.924902] Stack: ffff880010d9fd68 ffffffff805fbf91 ffff880010d9fd94 ffff88001f5f33c0
[172406.924912] 0000000000000031 ffff88001f5f3900 ffff880010d9fd68 ffffffff80501116
[172406.924920] ffff88001f5f3904 ffffffff805010c9 ffff880010d9fda8 ffffffff8035b011
[172406.924928] Call Trace:
[172406.924936] [<ffffffff80501116>] ? mutex_lock+0x16/0x30
[172406.924941] [<ffffffff805010c9>] ? mutex_unlock+0x9/0x20
[172406.924948] [<ffffffff8035b011>] ? __key_instantiate_and_lin...

This looks like a kernel bug.  dmesg output corresponding to the keyctl call:

[172406.924622] BUG: unable to handle kernel NULL pointer dereference at 0000000
000000004
[172406.924632] IP: [<ffffffff8035f44b>] call_sbin_request_key+0x2db/0x2f0
[172406.924646] PGD 33157067 PUD a946067 PMD 0 
[172406.924654] Oops: 0000 [1] SMP 
[172406.924659] CPU 1 
[172406.924663] Modules linked in: nls_iso8859_1 nls_cp437 vfat fat usb_storage libusual tun nfs lockd nfs_acl sunrpc iwl3945 af_packet i915 drm binfmt_misc rfcomm sco bridge stp bnep l2cap bluetooth ppdev acpi_cpufreq cpufreq_userspace cpufreq_conservative cpufreq_stats cpufreq_ondemand freq_table cpufreq_powersave sbs sbshc container pci_slot wmi iptable_filter ip_tables x_tables ipv6 parport_pc lp parport loop joydev pcmcia thinkpad_acpi arc4 ecb nvram snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm evdev serio_raw pcspkr psmouse rfkill yenta_socket rsrc_nonstatic mac80211 pcmcia_core snd_seq_dummy iTCO_wdt iTCO_vendor_support led_class snd_seq_oss battery cfg80211 video ac nsc_ircc snd_seq_midi output irda snd_rawmidi crc_ccitt snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore snd_page_alloc button shpchp pci_hotplug intel_agp ext3 jbd mbcache sha256_generic aes_x86_64 aes_generic cbc sr_mod cdrom sd_mod crc_t10dif sg ata_piix pata_acpi ata_generic ahci libata scsi_mod ehci_hcd uhci_hcd usbcore e1000e dock dm_crypt crypto_blkcipher dm_mirror dm_log dm_snapshot dm_mod thermal processor fan fbcon tileblit font bitblit softcursor fuse [last unloaded: iwl3945]
[172406.924834] Pid: 9408, comm: keyctl Not tainted 2.6.27-8-generic #1
[172406.924839] RIP: 0010:[<ffffffff8035f44b>]  [<ffffffff8035f44b>] call_sbin_request_key+0x2db/0x2f0
[172406.924848] RSP: 0018:ffff880010d9fd18  EFLAGS: 00010246
[172406.924852] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[172406.924857] RDX: ffff880010d9fd95 RSI: 00000000fffffffc RDI: 0000000000000001
[172406.924861] RBP: ffff880010d9fe58 R08: 00000000ffffffff R09: 0000000000000001
[172406.924865] R10: ffff880010d9fc38 R11: ffff880090d9fd93 R12: ffff880010d9fd88
[172406.924869] R13: ffff88003d04d900 R14: ffff88001a873350 R15: ffff880021499670
[172406.924875] FS:  00007f3d471d26e0(0000) GS:ffff88003f002880(0000) knlGS:0000000000000000
[172406.924880] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[172406.924884] CR2: 0000000000000004 CR3: 0000000010081000 CR4: 00000000000006a0
[172406.924889] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[172406.924893] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[172406.924898] Process keyctl (pid: 9408, threadinfo ffff880010d9e000, task ffff880021499670)
[172406.924902] Stack:  ffff880010d9fd68 ffffffff805fbf91 ffff880010d9fd94 ffff88001f5f33c0
[172406.924912]  0000000000000031 ffff88001f5f3900 ffff880010d9fd68 ffffffff80501116
[172406.924920]  ffff88001f5f3904 ffffffff805010c9 ffff880010d9fda8 ffffffff8035b011
[172406.924928] Call Trace:
[172406.924936]  [<ffffffff80501116>] ? mutex_lock+0x16/0x30
[172406.924941]  [<ffffffff805010c9>] ? mutex_unlock+0x9/0x20
[172406.924948]  [<ffffffff8035b011>] ? __key_instantiate_and_link+0xd1/0xf0
[172406.924954]  [<ffffffff8035b0bb>] ? key_instantiate_and_link+0x8b/0x90
[172406.924960]  [<ffffffff8035fa32>] ? request_key_auth_new+0x202/0x240
[172406.924966]  [<ffffffff8035ef25>] construct_key+0xa5/0x110
[172406.924972]  [<ffffffff8035f08c>] request_key_and_link+0xfc/0x130
[172406.924979]  [<ffffffff8035db21>] sys_request_key+0x161/0x1a0
[172406.924987]  [<ffffffff8021285a>] system_call_fastpath+0x16/0x1b
[172406.924991] 
[172406.924993] 
[172406.924995] Code: e9 db fd ff ff 0f 1f 00 48 8b bd d8 fe ff ff 31 db e8 ea e8 ff ff 85 c0 79 de eb d7 0f 1f 40 00 49 8b 87 48 04 00 00 48 8b 40 30 <8b> 50 04 e9 c5 fe ff ff 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 
[172406.925063] RIP  [<ffffffff8035f44b>] call_sbin_request_key+0x2db/0x2f0
[172406.925071]  RSP <ffff880010d9fd18>
[172406.925074] CR2: 0000000000000004
[172406.925095] ---[ end trace 52139f9169d6eb43 ]---

Changed in keyutils:
status:	New → Confirmed

Revision history for this message

Vide (vide80) wrote on 2008-11-27:

#2

Argh, I've hit the smae bug :( While reading https://bugs.launchpad.net/ubuntu/+source/samba/+bug/236830 I thought we were already there with SSO auth against CIFS exports but with Intrepid I'm experiencing the same dmesg output (created I suspect with my first mount.cifs sec=krb5i which egfaulted). Then if I try with sec=krb5 or sec=krb5i it doesn't matter, it asks for a password and then it stucks there forever.
I'm using likewise-open from Intrepid to get the kerberos ticket.

Revision history for this message

Vide (vide80) wrote on 2008-11-27:

#3

Download full text (5.7 KiB)

My dmesg output, if it helps

[701194.599816] Oops: 0000 [#1] SMP
[701194.599820] Modules linked in: udf crc_itu_t isofs loop nls_iso8859_1 vfat fat usb_storage libusual vmnet vmblock vmci vmmon nls_cp437 nls_utf8 cifs i915 drm binfmt_misc rfcomm bridge stp bnep sco l2cap bluetooth ppdev cpufreq_powersave cpufreq_conservative cpufreq_stats cpufreq_userspace cpufreq_ondemand freq_table video output pci_slot sbs sbshc container wmi battery ipv6 af_packet iptable_filter ip_tables x_tables dm_crypt crypto_blkcipher dm_mod ac lp dcdbas serio_raw psmouse pcspkr snd_usb_audio snd_usb_lib evdev snd_hwdep iTCO_wdt iTCO_vendor_support parport_pc parport snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi button snd_seq_midi_event snd_seq snd_timer snd_seq_device snd intel_agp agpgart soundcore snd_page_alloc shpchp pci_hotplug ext3 jbd mbcache sr_mod cdrom sd_mod crc_t10dif sg ata_generic usbhid hid ata_piix pata_acpi libata scsi_mod dock tg3 libphy ehci_hcd uhci_hcd usbcore thermal processor fan fbcon tileblit font bitblit softcursor fuse [last unloaded: vmci]
[701194.599924]
[701194.599927] Pid: 760, comm: mount.cifs Tainted: P (2.6.27-7-server #1)
[701194.599930] EIP: 0060:[<c0219a6f>] EFLAGS: 00210246 CPU: 0
[701194.599934] EIP is at call_sbin_request_key+0x29f/0x2b0
[701194.599936] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: c3f025b0
[701194.599939] ESI: d40b7b80 EDI: d092cf00 EBP: d40b7c0c ESP: d40b7b58
[701194.599942] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[701194.599945] Process mount.cifs (pid: 760, ti=d40b6000 task=c3f025b0 task.ti=d40b6000)
[701194.599947] Stack: d40b7b80 c04401e9 00000000 c0445ae4 f7c73818 c3f025b0 d092c600 d0920030
[701194.599956] c048b780 c05d6a88 d0920030 c038b198 d40b7ba4 c0215ec8 d06cd420 00000000
[701194.599964] d092cc80 00000000 00000000 d40b7bc8 c0215f59 00000000 00000000 d06cd420
[701194.599972] Call Trace:
[701194.599975] ...

My dmesg output, if it helps

[701194.599816] Oops: 0000 [#1] SMP                                                                                                                          
[701194.599820] Modules linked in: udf crc_itu_t isofs loop nls_iso8859_1 vfat fat usb_storage libusual vmnet vmblock vmci vmmon nls_cp437 nls_utf8 cifs i915 drm binfmt_misc rfcomm bridge stp bnep sco l2cap bluetooth ppdev cpufreq_powersave cpufreq_conservative cpufreq_stats cpufreq_userspace cpufreq_ondemand freq_table video output pci_slot sbs sbshc container wmi battery ipv6 af_packet iptable_filter ip_tables x_tables dm_crypt crypto_blkcipher dm_mod ac lp dcdbas serio_raw psmouse pcspkr snd_usb_audio snd_usb_lib evdev snd_hwdep iTCO_wdt iTCO_vendor_support parport_pc parport snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi button snd_seq_midi_event snd_seq snd_timer snd_seq_device snd intel_agp agpgart soundcore snd_page_alloc shpchp pci_hotplug ext3 jbd mbcache sr_mod cdrom sd_mod crc_t10dif sg ata_generic usbhid hid ata_piix pata_acpi libata scsi_mod dock tg3 libphy ehci_hcd uhci_hcd usbcore thermal processor fan fbcon tileblit font bitblit softcursor fuse [last unloaded: vmci]                                                   
[701194.599924]                                                                                                                                              
[701194.599927] Pid: 760, comm: mount.cifs Tainted: P          (2.6.27-7-server #1)                                                                          
[701194.599930] EIP: 0060:[<c0219a6f>] EFLAGS: 00210246 CPU: 0                                                                                               
[701194.599934] EIP is at call_sbin_request_key+0x29f/0x2b0                                                                                                  
[701194.599936] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: c3f025b0                                                                                      
[701194.599939] ESI: d40b7b80 EDI: d092cf00 EBP: d40b7c0c ESP: d40b7b58                                                                                      
[701194.599942]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068                                                                                                
[701194.599945] Process mount.cifs (pid: 760, ti=d40b6000 task=c3f025b0 task.ti=d40b6000)                                                                    
[701194.599947] Stack: d40b7b80 c04401e9 00000000 c0445ae4 f7c73818 c3f025b0 d092c600 d0920030                                                               
[701194.599956]        c048b780 c05d6a88 d0920030 c038b198 d40b7ba4 c0215ec8 d06cd420 00000000                                                               
[701194.599964]        d092cc80 00000000 00000000 d40b7bc8 c0215f59 00000000 00000000 d06cd420                                                               
[701194.599972] Call Trace:                                                                                                                                  
[701194.599975]  [<c038b198>] ? mutex_unlock+0x8/0x20                                                                                                        
[701194.599981]  [<c0215ec8>] ? __key_instantiate_and_link+0xa8/0xc0                                                                                         
[701194.599986]  [<c0215f59>] ? key_instantiate_and_link+0x79/0x80                                                                                           
[701194.599991]  [<c0219f91>] ? request_key_auth_new+0x1e1/0x220                                                                                             
[701194.599996]  [<c02197d0>] ? call_sbin_request_key+0x0/0x2b0
[701194.600001]  [<c02195b1>] ? construct_key+0x81/0xe0
[701194.600007]  [<c02196cc>] ? request_key_and_link+0xbc/0xf0
[701194.600014]  [<c0219bbd>] ? request_key+0x4d/0x80
[701194.600019]  [<f9253ea4>] ? cifs_get_spnego_key+0x174/0x270 [cifs]
[701194.600033]  [<c038c36d>] ? _spin_lock+0xd/0x10
[701194.600038]  [<f924a56c>] ? GetNextMid+0xac/0xc0 [cifs]
[701194.600050]  [<f9252b38>] ? CIFS_SessSetup+0x378/0x720 [cifs]
[701194.600061]  [<c018e9b3>] ? mempool_free_slab+0x13/0x20
[701194.600067]  [<c018ebef>] ? mempool_free+0x7f/0x90
[701194.600072]  [<f924a8b7>] ? cifs_buf_release+0x17/0x20 [cifs]
[701194.600083]  [<f9239315>] ? CIFSSMBNegotiate+0x165/0x800 [cifs]
[701194.600093]  [<f923c363>] ? cifs_setup_session+0x1a3/0x350 [cifs]
[701194.600105]  [<c014ee18>] ? kthread_create+0xa8/0xb0
[701194.600112]  [<f92403ed>] ? cifs_mount+0x97d/0xed0 [cifs]
[701194.600124]  [<c01b5f99>] ? get_slab+0x9/0x70
[701194.600130]  [<c025cd59>] ? strlen+0x9/0x20
[701194.600135]  [<f9231df3>] ? cifs_read_super+0x93/0x1e0 [cifs]
[701194.600145]  [<c01bc200>] ? set_anon_super+0x0/0xd0
[701194.600150]  [<f9231fa9>] ? cifs_get_sb+0x69/0xc0 [cifs]
[701194.600160]  [<c01bcf9e>] ? vfs_kern_mount+0x5e/0x130
[701194.600166]  [<c01bd0ce>] ? do_kern_mount+0x3e/0xe0
[701194.600171]  [<c01d54ef>] ? do_new_mount+0x6f/0x90
[701194.600176]  [<c01d5a42>] ? do_mount+0x1e2/0x200
[701194.600180]  [<c01d317d>] ? exact_copy_from_user+0x4d/0xa0
[701194.600185]  [<c01d3794>] ? copy_mount_options+0x74/0xd0
[701194.600189]  [<c01d5af1>] ? sys_mount+0x91/0xc0
[701194.600194]  [<c0109f03>] ? sysenter_do_call+0x12/0x2f
[701194.600200]  =======================
[701194.600202] Code: ff 8d 76 00 8b 85 64 ff ff ff 31 db e8 cb eb ff ff 85 c0 79 e0 eb d9 90 8d 74 26 00 8b 95 60 ff ff ff 8b 82 04 03 00 00 8b 40 24 <8b> 40 04 e9 07 ff ff ff 89 f6 8d bc 27 00 00 00 00 55 89 e5 e8
[701194.600248] EIP: [<c0219a6f>] call_sbin_request_key+0x29f/0x2b0 SS:ESP 0068:d40b7b58
[701194.600276] ---[ end trace cdad585f4adc8a6b ]---

Revision history for this message

Vide (vide80) wrote on 2008-12-23:

#4

Hi

it seems that with latest 2.6.27-11 (from intrepid-proposed) cifs and kerberos work again! I can mount my remote share with the sec=krb5i option and I don't need to type a password to get it mounted (although a "Password:" prompt is shown anyway, just hitting enter or putting "password=" in the mount options do the trick)

Revision history for this message

penalvch (penalvch) wrote on 2012-06-15:

#5

Daniel Richard G., thank you for reporting this and helping make Ubuntu better. Intrepid reached EOL on April 30, 2010.
Please see this document for currently supported Ubuntu releases:
https://wiki.ubuntu.com/Releases

We were wondering if this is still an issue on a supported release? If so, can you try with the latest development release of Ubuntu? ISO CD images are available from http://cdimage.ubuntu.com/releases/ .

If it remains an issue, could you run the following command in a supported release from a Terminal (Applications->Accessories->Terminal). It will automatically gather and attach updated debug information to this report.

apport-collect -p linux <replace-with-bug-number>

Also, if you could test the latest upstream kernel available that would be great. It will allow additional upstream developers to examine the issue. Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Once you've tested the upstream kernel, please remove the 'needs-upstream-testing' tag. This can be done by clicking on the yellow pencil icon next to the tag located at the bottom of the bug description and deleting the 'needs-upstream-testing' text. Please let us know your results.

Thanks in advance.

tags:	added: intrepid needs-upstream-testing
tags:	added: kernel-oops
Changed in linux (Ubuntu):
status:	Confirmed → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-08-15:

#6

[Expired for linux (Ubuntu) because there has been no activity for 60 days.]

Changed in linux (Ubuntu):
status:	Incomplete → Expired

Ubuntu
linux package

keyutils is broken (keyctl segfaults trivially)

Bug Description

Other bug subscribers

Remote bug watches

Ubuntulinux package

keyutils is broken (keyctl segfaults trivially)

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
linux package