Ubuntu
wget package

  1. Focal (20.04)
  2. Bug #1921518
  3. Comment #32

Comment 32 for bug 1921518

Revision history for this message
Dmitrii Shcherbakov (dmitriis) wrote :

Vladimir,

stracing reveals that si_code is set to BUS_ADRALN so there is a problem with address alignment.

strace curl https://example.com

--- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRALN, si_addr=0x3efd151115865b} ---
+++ killed by SIGBUS (core dumped) +++
Bus error (core dumped)

The fault is raised by the CPU in response to a misaligned address and the respective handler in the kernel is being invoked to assert a signal to the process:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=52d7523d84d534c241ebac5ac89f5c0a6cb51e41

https://paste.ubuntu.com/p/yHJrJW2gSF/ (package & distro details)

----

By the looks of it the alignment fault is caused by just trying to call the public key method init function in the PKA engine.

Below we have:

1) pmeth->init is at 0xc82028bf65604647

When it is attempted to be called, si_addr has the same value:

2) _sigfault = {si_addr = 0x2028bf65604647}

(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/curl https://example.com
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1".
[New Thread 0xfffff6372f90 (LWP 2486506)]
[Thread 0xfffff6372f90 (LWP 2486506) exited]

Thread 1 "curl" hit Breakpoint 1, int_ctx_new (pkey=pkey@entry=0x0, e=e@entry=0x0, id=1034) at ../crypto/evp/pmeth_lib.c:113
113 if (id == -1) {
(gdb) n
119 if (e == NULL && pkey != NULL)
(gdb)
122 if (e) {
(gdb)
128 e = ENGINE_get_pkey_meth_engine(id);
(gdb)
135 if (e)
(gdb)
136 pmeth = ENGINE_get_pkey_meth(e, id);
(gdb)
141 if (pmeth == NULL) {
(gdb)
149 ret = OPENSSL_zalloc(sizeof(*ret));
(gdb)
150 if (ret == NULL) {
(gdb)
157 ret->engine = e;
(gdb)
159 ret->operation = EVP_PKEY_OP_UNDEFINED;
(gdb)
161 if (pkey != NULL)
(gdb)
164 if (pmeth->init) {
(gdb)
165 if (pmeth->init(ret) <= 0) {
(gdb) print *pmeth
$10 = {pkey_id = -1784943492, flags = -364887078, init = 0xc82028bf65604647, copy = 0x9c17b192eb068c0b, cleanup = 0xedbe7dcdf413f1c0, paramgen_init = 0xc28e015828ce4282, paramgen = 0x6fce6fa0a7ee471f,
  keygen_init = 0xdf9a9579438d24eb, keygen = 0xc63719742b8964b9, sign_init = 0x78f4d90cba7ad854, sign = 0xb0d4f1b3df1a9e13, verify_init = 0x7b5f10ffa4c58586, verify = 0x96e16d3250d67446,
  verify_recover_init = 0xe11ef96099ea206c, verify_recover = 0x8ed096c03e046773, signctx_init = 0xc6ea05c3bdb5153c, signctx = 0xdd1cb7963c7185, verifyctx_init = 0xd19718983089e1f8,
  verifyctx = 0x6143e92bef937feb, encrypt_init = 0x94450e0e52af0bcd, encrypt = 0x2a4633c02797f8b, decrypt_init = 0xa69b08bdbfea813, decrypt = 0x84b9264be5facf60, derive_init = 0x99bcf2700df9fc7e,
  derive = 0x9961eec79bc58dfb, ctrl = 0x1779f7901d10471b, ctrl_str = 0x763a1ebbf28338f0, digestsign = 0xacc57ce435798e94, digestverify = 0xae611fd83700f11f, check = 0x6b8d5f0b7cf4a89b,
  public_check = 0xef347940990e67fb, param_check = 0xe, digest_custom = 0xfffff797ec60 <aes_v8_encrypt>}

(gdb) print pmeth->init
$11 = (int (*)(EVP_PKEY_CTX *)) 0xc82028bf65604647

(gdb) n

Thread 1 "curl" received signal SIGBUS, Bus error.
0x002028bf65604647 in ?? ()

(gdb) p $_siginfo
$12 = {si_signo = 7, si_errno = 0, si_code = 1, _sifields = {_pad = {1700808263, 2107583, 0 <repeats 26 times>}, _kill = {si_pid = 1700808263, si_uid = 2107583}, _timer = {si_tid = 1700808263,
      si_overrun = 2107583, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _rt = {si_pid = 1700808263, si_uid = 2107583, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _sigchld = {si_pid = 1700808263,
      si_uid = 2107583, si_status = 0, si_utime = 0, si_stime = 0}, _sigfault = {si_addr = 0x2028bf65604647}, _sigpoll = {si_band = 9052001759413831, si_fd = 0}}}