Bug 1998921

Summary: [RHEL9] libcryptsetup destructor may cause segfault when process reinitialize openssl later
Product: Red Hat Enterprise Linux 9 Reporter: guazhang <guazhang>
Component: cryptsetupAssignee: Ondrej Kozina <okozina>
Status: CLOSED CURRENTRELEASE QA Contact: guazhang <guazhang>
Severity: high Docs Contact:
Priority: urgent    
Version: 9.0CC: agk, jbrassow, lmiksik, mvollmer, okozina, prajnoha, tbzatek, vtrefny
Target Milestone: betaKeywords: Triaged
Target Release: 9.0 BetaFlags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: cryptsetup-2.4.0-2.el9_b Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2005035 (view as bug list) Environment:
Last Closed: 2021-12-07 21:35:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2005035    
Attachments:
Description Flags
sosreport_logs none

Description guazhang@redhat.com 2021-08-30 01:34:45 UTC 
Created attachment 1818944 [details]
sosreport_logs

Description of problem:
udisks2 regression found the error, please help to check if hit a bug.

Version-Release number of selected component (if applicable):
5.14.0-0.rc7.54.el9.x86_64
python3-blivet-1:3.4.0-7.el9

How reproducible:


Steps to Reproduce:
1. python3  -m unittest discover -v -s tests/ -p '*_test.py'
2.
3.

Actual results:


Expected results:


Additional info:

test_creation (formats_test.fs_test.EFIFSTestCase) ... ok
test_instantiation (formats_test.fs_test.EFIFSTestCase) ... ok
test_labeling (formats_test.fs_test.EFIFSTestCase) ... ok
test_mounting (formats_test.fs_test.EFIFSTestCase) ... Segmentation fault (core dumped)
[root@atworks-radbeagle-1 blivet-3.4.0]# $?
-bash: 139: command not found



messages 

...

Aug 29 21:19:31 atworks-radbeagle-1 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@6-221605-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Aug 29 21:19:32 atworks-radbeagle-1 systemd-coredump[221606]: Process 221089 (python3) of user 0 dumped core.#012#012Found module linux-vdso.so.1 with build-id: d4b10498769e1cb818692a2fc3ff3e76636675b6#012Found module libdaxctl.so.1 with build-id: c39304af288d9cdd75523bb7e726fd0857a0d5c1#012Found module libndctl.so.6 with build-id: acac0756d32c3e4625e8001cdebf0c201549b14f#012Found module libbd_nvdimm.so.2 with build-id: 88c47e19bed496cc9017712595e5970400abb6aa#012Found module libbd_mdraid.so.2 with build-id: 42a89570d3c58190eb17a88cf5256f6843953026#012Found module libbd_dm.so.2 with build-id: 93c6b0e8f05011b089f5fb04b9a434e3c0dc50f4#012Found module libbd_mpath.so.2 with build-id: 572aaab307f04c830a6a342dbe0f0f8a68fe590c#012Found module libassuan.so.0 with build-id: fdbc372db8a4df85644517159d8bc8bd75b9b2c7#012Found module libgpgme.so.11 with build-id: 3aeb516a8b9308dbe643c2153c4c77f85e05c10d#012Found module libjson-c.so.5 with build-id: 4ac066ac2dcb4f26ed420dff7824dc69ea7122a6#012Found module libvolume_key.so.1 with build-id: 91909e94117d34f9e9a4a066d3c68de3c005ad54#012Found module libnspr4.so with build-id: f881780a3008f6ada23c8263d1c9696e6fdd8076#012Found module libplc4.so with build-id: 5dd55cc5b33672c81a19b9c5f4c833d9aee692ca#012Found module libplds4.so with build-id: 22a3a586b357c1baa375b1057ba8c3b0de2b9398#012Found module libnssutil3.so with build-id: 2b0aa967f8b2384aff81d41de0129359be1794b3#012Found module libnss3.so with build-id: 6358780559bc732509eed9e741e89f28f260a6dd#012Found module libsmime3.so with build-id: e2dcaed2c0519edfd48f784bd3363d869fe7d56c#012Found module libssl3.so with build-id: b06b662883346805db6d9ecb9e80dd523fa51727#012Found module libcryptsetup.so.12 with build-id: 63ee1daf58c24141142549f68656219080cf897f#012Found module libbd_crypto.so.2 with build-id: 6084e76de0012cfccaea61f1bb84418f2f07d61e#012Found module libbd_loop.so.2 with build-id: 16ff04ac4e3e3b542d41656363d1b965ff09cb44#012Found module libbd_swap.so.2 with build-id: b7f160b5ffed2f4b3fc49dc6a09f457a776ff35e#012Found module libbd_lvm-dbus.so.2 with build-id: 813399d207315c2d05625f7858071a91445f63b4#012Found module _pickle.cpython-39-x86_64-linux-gnu.so with build-id: 636dc7a14fc6564c18c58b90f1fe9533def483a7#012Found module libexpat.so.1 with build-id: a81a0d0c102c5eeb7abe7d24a06d3f746f4e9eb2#012Found module pyexpat.cpython-39-x86_64-linux-gnu.so with build-id: 5c9eb21205a31abcfb7fc7fd29383b0913cfa85d#012Found module libgcrypt.so.20 with build-id: 5680ff050ceb747a3e9e3031faeafd244d9be717#012Found module libcap.so.2 with build-id: 5e8613a1e6e3a0efacc91af39920f31f7cd87d66#012Found module liblz4.so.1 with build-id: 4d32cb5fa39c86b05cc10cc380f3a8a0d6d9d648#012Found module libsystemd.so.0 with build-id: c07d8316cba5369dd05532dc4825b00378cb621a#012Found module libdbus-1.so.3 with build-id: 8f665f4ac434e93af11244eac1f7cbd484b905b9#012Found module _dbus_bindings.so with build-id: 9960476799f7fff17ae72212b92396d434b740a8#012Found module fcntl.cpython-39-x86_64-linux-gnu.so

...
Comment 1 Vojtech Trefny 2021-09-02 08:47:50 UTC 
Changing component to cryptsetup which is the root cause behind the issue. The bug is caused by libblockdev calling dlclose in its crypto plugin (which links against cryptsetup) which calls the libcryptsetup destructor wich de-initializes libopenssl which makes any subsequent call to openssl to fail crashing the tests.


Stack trace from libblockdev test suite which is also affected by this:

Stack trace of thread 80621:
#0  0x00007ff1daa3536c pthread_rwlock_rdlock.5 (libc.so.6 + 0x9336c)
#1  0x00007ff1cc456d4d CRYPTO_THREAD_read_lock (libcrypto.so.3 + 0x1b7d4d)
#2  0x00007ff1cc44a276 ossl_lib_ctx_get_data (libcrypto.so.3 + 0x1ab276)
#3  0x00007ff1cc45ea5c ossl_provider_find (libcrypto.so.3 + 0x1bfa5c)
#4  0x00007ff1cc45f1b2 OSSL_PROVIDER_try_load (libcrypto.so.3 + 0x1c01b2)
#5  0x00007ff1cc1e4784 init_crypto (libcryptsetup.so.12 + 0xa784)
#6  0x00007ff1cc1e5a97 _crypt_load_luks (libcryptsetup.so.12 + 0xba97)
#7  0x00007ff1cc255e0f luks_open (libbd_crypto.so.2 + 0x4e0f)
#8  0x00007ff1cc2571c0 bd_crypto_luks_open (libbd_crypto.so.2 + 0x61c0)

Stack trace from blivet test suite:

Stack trace of thread 61718:
#0  0x00007f14c51d336c pthread_rwlock_rdlock.5 (libc.so.6 + 0x9336c)
#1  0x00007f14b71bbd4d CRYPTO_THREAD_read_lock (libcrypto.so.3 + 0x1b7d4d)
#2  0x00007f14b71af276 ossl_lib_ctx_get_data (libcrypto.so.3 + 0x1ab276)
#3  0x00007f14b7282bf6 inner_evp_generic_fetch.constprop.0 (libcrypto.so.3 + 0x27ebf6)
#4  0x00007f14b7179a64 EVP_MD_fetch (libcrypto.so.3 + 0x175a64)
#5  0x00007f14b71775ca evp_md_init_internal (libcrypto.so.3 + 0x1735ca)
#6  0x00007f14b6a7e00b EVPnew (_hashlib.cpython-39-x86_64-linux-gnu.so + 0x700b)
#7  0x00007f14b6a7dec2 EVP_fast_new (_hashlib.cpython-39-x86_64-linux-gnu.so + 0x6ec2)
#8  0x00007f14b6a7e41b _hashlib_openssl_sha256 (_hashlib.cpython-39-x86_64-linux-gnu.so + 0x741b)
Comment 2 Ondrej Kozina 2021-09-02 09:01:18 UTC 
That's a bug in libcryptsetup destructor (in openssl crypto backend). We call OPENSSL_cleanup() which must not be called from within shared library because later openssl cannot be properly reinitialized. (Think dlopen(libcryptsetup), dlclose(libcryptsetup) and again dlopen(anything_linked_to_openssl)).
Comment 4 Ondrej Kozina 2021-09-07 10:22:20 UTC 
The proposed fix is here: https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/212

We've hit some memory issues with openssl tracked here via openssl upstream tracker: https://github.com/openssl/openssl/issues/16516
Comment 10 guazhang@redhat.com 2021-09-09 10:19:09 UTC 
Test pass with the scratch build.

cryptsetup-libs-2.4.0-2.el9_b.x86_64
cryptsetup-2.4.0-2.el9_b.x86_64
Comment 11 Vojtech Trefny 2021-09-09 10:49:17 UTC 
I can confirm the scratch build fixes the segfault we saw in both blivet and libblockdev test suites, thanks.
Comment 12 Ondrej Kozina 2021-09-14 07:52:06 UTC 
Fixed upstream with https://gitlab.com/cryptsetup/cryptsetup/-/commit/6c9d3863031d5809cee6e157a0e53e7c4ef56940
Comment 17 guazhang@redhat.com 2021-09-22 03:10:33 UTC 
move to verified since the package cryptsetup-2.4.0-2.el9_b fixed the bug.
Comment 18 Tomáš Bžatek 2021-10-04 13:53:02 UTC 
*** Bug 2001549 has been marked as a duplicate of this bug. ***