Created attachment 1758130 [details] 'bt full' from gsd-smartcard crash The same for evolution, firefox, a bunch of other programs. This essentially renders the graphical session unusable, because most things don't want to start. Example strace from evolution: PID: 119600 (evolution) UID: 1000 (zbyszek) GID: 1000 (zbyszek) Signal: 11 (SEGV) Timestamp: Fri 2021-02-19 11:47:57 CET (18min ago) Command Line: evolution Executable: /usr/bin/evolution Control Group: /user.slice/user-1000.slice/user/app.slice/app-gnome-Alacritty-118290.scope Unit: user User Unit: app-gnome-Alacritty-118290.scope Slice: user-1000.slice Owner UID: 1000 (zbyszek) Boot ID: d5e54a15e71d41a1a68f6b0067db953e Machine ID: 08a5690a2eed47cf92ac0a5d2e3cf6b0 Hostname: krowka Storage: /var/lib/systemd/coredump/core.evolution.1000.d5e54a15e71d41a1a68f6b0067db953e.119600.1613731677000000.zst (present) Disk Size: 2.7M Message: Process 119600 (evolution) of user 1000 dumped core. Stack trace of thread 119600: #0 0x00007f27a42fba6a __pkcs15_create_prkey_object (opensc-pkcs11.so + 0x18a6a) #1 0x00007f27a42fc00d pkcs15_create_pkcs11_objects (opensc-pkcs11.so + 0x1900d) #2 0x00007f27a4306751 pkcs15_create_tokens.lto_priv.0 (opensc-pkcs11.so + 0x23751) #3 0x00007f27a42f8217 card_detect (opensc-pkcs11.so + 0x15217) #4 0x00007f27a42f9de8 card_detect_all (opensc-pkcs11.so + 0x16de8) #5 0x00007f27a42fa5f3 C_Initialize (opensc-pkcs11.so + 0x175f3) #6 0x00007f27a870d8aa initialize_module_inlock_reentrant (libp11-kit.so.0 + 0x2b8aa) #7 0x00007f27a870dc89 managed_C_Initialize (libp11-kit.so.0 + 0x2bc89) #8 0x00007f27a8714019 p11_kit_modules_initialize (libp11-kit.so.0 + 0x32019) #9 0x00007f27a8714467 proxy_C_Initialize (libp11-kit.so.0 + 0x32467) #10 0x00007f27aebaa993 secmod_ModuleInit (libnss3.so + 0x48993) #11 0x00007f27aebab0f4 secmod_LoadPKCS11Module (libnss3.so + 0x490f4) #12 0x00007f27aebb8885 SECMOD_LoadModule (libnss3.so + 0x56885) #13 0x00007f27aebb89d0 SECMOD_LoadModule (libnss3.so + 0x569d0) #14 0x00007f27aeb80ee1 nss_Init (libnss3.so + 0x1eee1) #15 0x00007f27aeb8152c NSS_InitWithMerge (libnss3.so + 0x1f52c) #16 0x00007f27b365cbbd camel_init (libcamel-1.2.so.62 + 0x4abbd) #17 0x00007f27a4b0b9aa e_cert_db_class_intern_init (libessmime.so + 0x69aa) #18 0x00007f27b29e64c8 g_type_class_ref (libgobject-2.0.so.0 + 0x3a4c8) #19 0x00007f27b29d0078 g_object_new_with_properties (libgobject-2.0.so.0 + 0x24078) #20 0x00007f27b29d0a41 g_object_new (libgobject-2.0.so.0 + 0x24a41) #21 0x00007f27a4b0d921 e_cert_db_peek (libessmime.so + 0x8921) #22 0x00007f27a4b25f83 smime_component_init (libevolution-smime.so + 0xff83) #23 0x00007f27a47249d5 book_shell_backend_constructed (module-addressbook.so + 0xf9d5) #24 0x00007f27b29cf1e8 g_object_new_internal (libgobject-2.0.so.0 + 0x231e8) #25 0x00007f27b29d04e8 g_object_new_valist (libgobject-2.0.so.0 + 0x244e8) #26 0x00007f27b29d0a1d g_object_new (libgobject-2.0.so.0 + 0x24a1d) #27 0x00007f27b2c0953c extensible_load_extension (libedataserver-1.2.so.26 + 0x3253c) #28 0x00007f27b2c5f4cf e_type_traverse (libedataserver-1.2.so.26 + 0x884cf) #29 0x00007f27b2c5f4b6 e_type_traverse (libedataserver-1.2.so.26 + 0x884b6) #30 0x00007f27b2c145b2 e_extensible_load_extensions (libedataserver-1.2.so.26 + 0x3d5b2) #31 0x00007f27b2c14681 e_extensible_list_extensions (libedataserver-1.2.so.26 + 0x3d681) #32 0x00007f27b37c5793 e_shell_load_modules (libevolution-shell.so + 0x1a793) #33 0x0000562352b3ca9b main (evolution + 0x5a9b) #34 0x00007f27b2551b75 __libc_start_main (libc.so.6 + 0x27b75) #35 0x0000562352b3cf7e _start (evolution + 0x5f7e) Stack trace of thread 119601: #0 0x00007f27b36069ca __futex_abstimed_wait_common64 (libpthread.so.0 + 0x159ca) #1 0x00007f27b3600280 pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0 + 0xf280) #2 0x00007f27ad675bc0 _ZNSt18condition_variable4waitERSt11unique_lockISt5mutexE (libstdc++.so.6 + 0xd3bc0) #3 0x00007f27ad010e32 _ZN7bmalloc9Scavenger13threadRunLoopEv (libjavascriptcoregtk-4.0.so.18 + 0x14c2e32) #4 0x00007f27ad0110ef _ZN7bmalloc9Scavenger16threadEntryPointEPS0_ (libjavascriptcoregtk-4.0.so.18 + 0x14c30ef) #5 0x00007f27ad67bce4 execute_native_thread_routine (libstdc++.so.6 + 0xd9ce4) #6 0x00007f27b35fa269 start_thread (libpthread.so.0 + 0x9269) #7 0x00007f27b262a663 __clone (libc.so.6 + 0x100663) Stack trace of thread 119602: #0 0x00007f27b261f9bf __poll (libc.so.6 + 0xf59bf) #1 0x00007f27b35642f6 g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xa82f6) #2 0x00007f27b350e9b3 g_main_context_iteration (libglib-2.0.so.0 + 0x529b3) #3 0x00007f27b350ea01 glib_worker_main (libglib-2.0.so.0 + 0x52a01) #4 0x00007f27b353f6b2 g_thread_proxy (libglib-2.0.so.0 + 0x836b2) #5 0x00007f27b35fa269 start_thread (libpthread.so.0 + 0x9269) #6 0x00007f27b262a663 __clone (libc.so.6 + 0x100663) Stack trace of thread 119603: #0 0x00007f27b262511d syscall (libc.so.6 + 0xfb11d) #1 0x00007f27b355ed5c g_cond_wait_until (libglib-2.0.so.0 + 0xa2d5c) #2 0x00007f27b34e12a1 g_async_queue_pop_intern_unlocked (libglib-2.0.so.0 + 0x252a1) #3 0x00007f27b35423da g_thread_pool_thread_proxy.lto_priv.0 (libglib-2.0.so.0 + 0x863da) #4 0x00007f27b353f6b2 g_thread_proxy (libglib-2.0.so.0 + 0x836b2) #5 0x00007f27b35fa269 start_thread (libpthread.so.0 + 0x9269) #6 0x00007f27b262a663 __clone (libc.so.6 + 0x100663) Stack trace of thread 119604: #0 0x00007f27b261f9bf __poll (libc.so.6 + 0xf59bf) #1 0x00007f27b35642f6 g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xa82f6) #2 0x00007f27b35107a3 g_main_loop_run (libglib-2.0.so.0 + 0x547a3) #3 0x00007f27b2b17bba gdbus_shared_thread_func (libgio-2.0.so.0 + 0x10fbba) #4 0x00007f27b353f6b2 g_thread_proxy (libglib-2.0.so.0 + 0x836b2) #5 0x00007f27b35fa269 start_thread (libpthread.so.0 + 0x9269) #6 0x00007f27b262a663 __clone (libc.so.6 + 0x100663) Stack trace of thread 119605: #0 0x00007f27b261f9bf __poll (libc.so.6 + 0xf59bf) #1 0x00007f27b35642f6 g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xa82f6) #2 0x00007f27b350e9b3 g_main_context_iteration (libglib-2.0.so.0 + 0x529b3) #3 0x00007f27a740c08d dconf_gdbus_worker_thread (libdconfsettings.so + 0x708d) #4 0x00007f27b353f6b2 g_thread_proxy (libglib-2.0.so.0 + 0x836b2) #5 0x00007f27b35fa269 start_thread (libpthread.so.0 + 0x9269) #6 0x00007f27b262a663 __clone (libc.so.6 + 0x100663) Stack trace of thread 119607: #0 0x00007f27b261f9bf __poll (libc.so.6 + 0xf59bf) #1 0x00007f27b35642f6 g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xa82f6) #2 0x00007f27b35107a3 g_main_loop_run (libglib-2.0.so.0 + 0x547a3) #3 0x00007f27b2c4624f source_registry_object_manager_thread (libedataserver-1.2.so.26 + 0x6f24f) #4 0x00007f27b353f6b2 g_thread_proxy (libglib-2.0.so.0 + 0x836b2) #5 0x00007f27b35fa269 start_thread (libpthread.so.0 + 0x9269) #6 0x00007f27b262a663 __clone (libc.so.6 + 0x100663) Core was generated by `evolution'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f27a42fba6a in __pkcs15_create_prkey_object (fw_data=0x562354361020, prkey=0x562354370bc0, prkey_object=0x0) at /usr/src/debug/opensc-0.21.0-2.fc34.x86_64/src/pkcs11/framework-pkcs15.c:785 785 object->prv_info = (struct sc_pkcs15_prkey_info *) prkey->data; (gdb) bt #0 0x00007f27a42fba6a in __pkcs15_create_prkey_object (fw_data=0x562354361020, prkey=0x562354370bc0, prkey_object=0x0) at /usr/src/debug/opensc-0.21.0-2.fc34.x86_64/src/pkcs11/framework-pkcs15.c:785 #1 0x00007f27a42fc00d in pkcs15_create_pkcs11_objects (fw_data=0x562354361020, p15_type=0, p15_type@entry=257, name=0x7f27a430d5e1 "RSA private key", create=0x7f27a42fba00 <__pkcs15_create_prkey_object>) at /usr/src/debug/opensc-0.21.0-2.fc34.x86_64/src/pkcs11/framework-pkcs15.c:847 #2 0x00007f27a4306751 in _pkcs15_create_typed_objects (fw_data=0x562354361020) at /usr/src/debug/opensc-0.21.0-2.fc34.x86_64/src/pkcs11/framework-pkcs15.c:1202 #3 pkcs15_create_tokens (p11card=0x56235435fe30, app_info=0x0) at /usr/src/debug/opensc-0.21.0-2.fc34.x86_64/src/pkcs11/framework-pkcs15.c:1498 #4 0x00007f27a42f8217 in card_detect (reader=0x56235435ec60) at /usr/src/debug/opensc-0.21.0-2.fc34.x86_64/src/pkcs11/slot.c:327 #5 0x00007f27a42f9de8 in card_detect_all () at /usr/src/debug/opensc-0.21.0-2.fc34.x86_64/src/pkcs11/slot.c:420 #6 0x00007f27a42fa5f3 in C_Initialize (pInitArgs=<optimized out>) at /usr/src/debug/opensc-0.21.0-2.fc34.x86_64/src/pkcs11/pkcs11-global.c:323 #7 0x00007f27a870d8aa in initialize_module_inlock_reentrant (mod=0x56235434e390, init_args=0x56235434e5b0, init_args@entry=0x0) at ../p11-kit/modules.c:738 #8 0x00007f27a870dc89 in managed_C_Initialize (self=0x56235434f1b0, init_args=0x0) at ../p11-kit/modules.c:1584 #9 0x00007f27a8714019 in p11_kit_modules_initialize (failure_callback=<optimized out>, modules=<optimized out>) at ../p11-kit/modules.c:2157 #10 p11_kit_modules_initialize (modules=0x56235434f6a0, failure_callback=failure_callback@entry=0x0) at ../p11-kit/modules.c:2145 #11 0x00007f27a8714467 in proxy_create (n_mappings=0, mappings=0x0, loaded=0x56235434f190, res=<synthetic pointer>) at ../p11-kit/proxy.c:348 #12 proxy_C_Initialize (self=0x56235435ce50, init_args=<optimized out>) at ../p11-kit/proxy.c:416 #13 0x00007f27aebaa993 in secmod_ModuleInit (mod=mod@entry=0x56235433df60, reload=reload@entry=0x7ffc478a5390, alreadyLoaded=alreadyLoaded@entry=0x7ffc478a529c) at pk11load.c:244 #14 0x00007f27aebab0f4 in secmod_LoadPKCS11Module (mod=mod@entry=0x56235433df60, oldModule=oldModule@entry=0x7ffc478a5390) at pk11load.c:534 #15 0x00007f27aebb8885 in SECMOD_LoadModule (modulespec=0x5623542bbad0 "name=\"p11-kit-proxy\" library=\"p11-kit-proxy.so\"", parent=0x562354234780, recurse=1) at pk11pars.c:1944 #16 0x00007f27aebb89d0 in SECMOD_LoadModule (modulespec=modulespec@entry=0x7f27aec592a0 "name=\"Policy File\" parameters=\"configdir='sql:/etc/crypto-policies/back-ends' secmod='nss.config' flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOn"..., parent=parent@entry=0x562353fb13e0, recurse=recurse@entry=1) at pk11pars.c:1980 #17 0x00007f27aeb80ee1 in nss_Init (configdir=configdir@entry=0x562354297bc0 "sql:/etc/pki/nssdb", certPrefix=certPrefix@entry=0x7f27b37139b4 "", keyPrefix=keyPrefix@entry=0x7f27b37139b4 "", secmodName=secmodName@entry=0x7f27b37045fb "secmod.db", updateDir=updateDir@entry=0x56235422d720 "/home/zbyszek/.local/share/evolution", updCertPrefix=updCertPrefix@entry=0x7f27b37139b4 "", updKeyPrefix=<optimized out>, updateID=<optimized out>, updateName=<optimized out>, initContextPtr=<optimized out>, initParams=<optimized out>, readOnly=<optimized out>, noCertDB=<optimized out>, noModDB=<optimized out>, forceOpen=<optimized out>, noRootInit=<optimized out>, optimizeSpace=<optimized out>, noSingleThreadedModules=<optimized out>, allowAlreadyInitializedModules=<optimized out>, dontFinalizeModules=<optimized out>) at nssinit.c:712 #18 0x00007f27aeb8152c in NSS_InitWithMerge (configdir=configdir@entry=0x562354297bc0 "sql:/etc/pki/nssdb", certPrefix=certPrefix@entry=0x7f27b37139b4 "", keyPrefix=keyPrefix@entry=0x7f27b37139b4 "", secmodName=secmodName@entry=0x7f27b37045fb "secmod.db", updateDir=updateDir@entry=0x56235422d720 "/home/zbyszek/.local/share/evolution", updCertPrefix=updCertPrefix@entry=0x7f27b37139b4 "", updKeyPrefix=0x7f27b37139b4 --Type <RET> for more, q to quit, c to continue without paging-- "", updateID=0x56235422d720 "/home/zbyszek/.local/share/evolution", updateName=0x7f27b3704605 "Evolution S/MIME", flags=0) at nssinit.c:930 #19 0x00007f27b365cbbd in camel_init (nss_init=1, configdir=0x562354080800 "/home/zbyszek/.local/share/evolution") at /usr/src/debug/evolution-data-server-3.39.2-3.fc34.x86_64/src/camel/camel.c:162 #20 camel_init (configdir=0x562354080800 "/home/zbyszek/.local/share/evolution", nss_init=nss_init@entry=1) at /usr/src/debug/evolution-data-server-3.39.2-3.fc34.x86_64/src/camel/camel.c:79 #21 0x00007f27a4b0b9aa in initialize_nss () at /usr/src/debug/evolution-3.39.2-1.fc34.x86_64/src/smime/lib/e-cert-db.c:483 #22 e_cert_db_class_init (class=0x562354261700) at /usr/src/debug/evolution-3.39.2-1.fc34.x86_64/src/smime/lib/e-cert-db.c:599 #23 e_cert_db_class_intern_init (klass=0x562354261700) at /usr/src/debug/evolution-3.39.2-1.fc34.x86_64/src/smime/lib/e-cert-db.c:89 #24 0x00007f27b29e64c8 in type_class_init_Wm (pclass=<optimized out>, node=<optimized out>) at ../gobject/gtype.c:2289 #25 g_type_class_ref (type=<optimized out>) at ../gobject/gtype.c:3004 #26 0x00007f27b29d0078 in g_object_new_with_properties (object_type=0x56235422e380 [None], n_properties=0, names=names@entry=0x0, values=values@entry=0x0) at ../gobject/gobject.c:2078 #27 0x00007f27b29d0a41 in g_object_new (object_type=<optimized out>, first_property_name=first_property_name@entry=0x0) at ../gobject/gobject.c:1779 #28 0x00007f27a4b0d921 in e_cert_db_peek () at /usr/src/debug/evolution-3.39.2-1.fc34.x86_64/src/smime/lib/e-cert-db.c:647 #29 0x00007f27a4b25f83 in smime_component_init () at /usr/src/debug/evolution-3.39.2-1.fc34.x86_64/src/smime/gui/component.c:127 #30 smime_component_init () at /usr/src/debug/evolution-3.39.2-1.fc34.x86_64/src/smime/gui/component.c:120 #31 0x00007f27a47249d5 in book_shell_backend_constructed (object=0x562354227240) at /usr/src/debug/evolution-3.39.2-1.fc34.x86_64/src/modules/addressbook/e-book-shell-backend.c:462 #32 0x00007f27b29cf1e8 in g_object_new_with_custom_constructor (n_params=1, params=0x7ffc478a5a40, class=0x5623541367c0) at ../gobject/gobject.c:1911 #33 g_object_new_internal (class=class@entry=0x5623541367c0, params=params@entry=0x7ffc478a5a40, n_params=n_params@entry=1) at ../gobject/gobject.c:1937 #34 0x00007f27b29d04e8 in g_object_new_valistPython Exception <class 'TypeError'> can only concatenate str (not "NoneType") to str: (object_type=, first_property_name=<optimized out>, var_args=var_args@entry=0x7ffc478a5d10) at ../gobject/gobject.c:2282 #35 0x00007f27b29d0a1d in g_object_new (object_type=<optimized out>, first_property_name=<optimized out>) at ../gobject/gobject.c:1782 #36 0x00007f27b2c0953c in extensible_load_extension(GType, EExtensible*)Python Exception <class 'TypeError'> can only concatenate str (not "NoneType") to str: (extension_type=, extensible=0x5623541ca260) at /usr/src/debug/evolution-data-server-3.39.2-3.fc34.x86_64/src/libedataserver/e-extensible.c:93 #37 0x00007f27b2c5f4cf in e_type_traverse(GType, ETypeFunc, gpointer) (parent_type=<optimized out>, func=0x7f27b2c094f0 <extensible_load_extension(GType, EExtensible*)>, user_data=0x5623541ca260) at /usr/src/debug/evolution-data-server-3.39.2-3.fc34.x86_64/src/libedataserver/e-data-server-util.c:2979 #38 0x00007f27b2c5f4b6 in e_type_traverse(GType, ETypeFunc, gpointer) (parent_type=<optimized out>, func=0x7f27b2c094f0 <extensible_load_extension(GType, EExtensible*)>, user_data=0x5623541ca260) at /usr/src/debug/evolution-data-server-3.39.2-3.fc34.x86_64/src/libedataserver/e-data-server-util.c:2973 #39 0x00007f27b2c145b2 in e_extensible_load_extensions(EExtensible*) (extensible=0x5623541ca260) at /usr/src/debug/evolution-data-server-3.39.2-3.fc34.x86_64/src/libedataserver/e-extensible.c:138 #40 0x00007f27b2c14681 in e_extensible_list_extensions(EExtensible*, GType)Python Exception <class 'TypeError'> can only concatenate str (not "NoneType") to str: (extensible=0x5623541ca260, extension_type=) at /usr/src/debug/evolution-data-server-3.39.2-3.fc34.x86_64/src/libedataserver/e-extensible.c:180 #41 0x00007f27b37c5793 in e_shell_load_modules (shell=0x5623541ca260) at /usr/src/debug/evolution-3.39.2-1.fc34.x86_64/src/shell/e-shell.c:2209 #42 0x0000562352b3ca9b in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/evolution-3.39.2-1.fc34.x86_64/src/shell/main.c:661 gsd-smartcard: Stack trace of thread 127214: #0 0x00007f4250e92a6a __pkcs15_create_prkey_object (opensc-pkcs11.so + 0x18a6a) #1 0x00007f4250e9300d pkcs15_create_pkcs11_objects (opensc-pkcs11.so + 0x1900d) #2 0x00007f4250e9d751 pkcs15_create_tokens.lto_priv.0 (opensc-pkcs11.so + 0x23751) #3 0x00007f4250e8f217 card_detect (opensc-pkcs11.so + 0x15217) #4 0x00007f4250e90de8 card_detect_all (opensc-pkcs11.so + 0x16de8) #5 0x00007f4250e915f3 C_Initialize (opensc-pkcs11.so + 0x175f3) #6 0x00007f4250a3c8aa initialize_module_inlock_reentrant (p11-kit-proxy.so + 0x2b8aa) #7 0x00007f4250a3cc89 managed_C_Initialize (p11-kit-proxy.so + 0x2bc89) #8 0x00007f4250a43019 p11_kit_modules_initialize (p11-kit-proxy.so + 0x32019) #9 0x00007f4250a43467 proxy_C_Initialize (p11-kit-proxy.so + 0x32467) #10 0x00007f425371f993 secmod_ModuleInit (libnss3.so + 0x48993) #11 0x00007f42537200f4 secmod_LoadPKCS11Module (libnss3.so + 0x490f4) #12 0x00007f425372d885 SECMOD_LoadModule (libnss3.so + 0x56885) #13 0x00007f425372d9d0 SECMOD_LoadModule (libnss3.so + 0x569d0) #14 0x00007f42536f5ee1 nss_Init (libnss3.so + 0x1eee1) #15 0x00007f42536f6470 NSS_InitContext (libnss3.so + 0x1f470) #16 0x000055c71f4d70d6 load_nss (gsd-smartcard + 0xc0d6) #17 0x000055c71f4d79bc gsd_smartcard_manager_idle_cb (gsd-smartcard + 0xc9bc) #18 0x00007f42538624fb g_idle_dispatch (libglib-2.0.so.0 + 0x514fb) #19 0x00007f42538660bf g_main_context_dispatch (libglib-2.0.so.0 + 0x550bf) #20 0x00007f42538b9358 g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xa8358) #21 0x00007f42538657a3 g_main_loop_run (libglib-2.0.so.0 + 0x547a3) #22 0x000055c71f4d323a main (gsd-smartcard + 0x823a) #23 0x00007f42534cfb75 __libc_start_main (libc.so.6 + 0x27b75) #24 0x000055c71f4d335e _start (gsd-smartcard + 0x835e) I'll attach 'bt full'. This only happens if the usb key is inserted. Actually (as I discovered when writing the first version of this bug report), it also causes firefox to crash when inserted after the program is already running ;( Version-Release number of selected component (if applicable): opensc-0.21.0-2.fc34.x86_64 p11-kit-0.23.22-3.fc34.x86_64 p11-kit-0.23.22-3.fc34.i686 gnome-settings-daemon-40~beta-2.fc34.x86_64 How reproducible: 100%. Steps to Reproduce: 1. insert key, launch program or 2. launch program, insert key
Hmm ... the code in __pkcs15_create_prkey_object is mostly uchanged since 2003. The whole package is the same as in Fedora 33. The same for p11-kit and I think also NSS. Nothing else should have significant effect on what is going on there. It could theoretically be related to https://github.com/OpenSC/OpenSC/issues/2199 but I do not see the same traces. Can you reproduce the crash with pkcs11-tool only? For example pkcs11-tool -L or only with p11-kit proxy such as pkcs11-tool -L --module /usr/lib64/p11-kit-proxy.so Or is the NSS involvement needed? Does the following crash too? certutil -L -d sql:/etc/pki/nssdb/ -h all
(In reply to Jakub Jelen from comment #1) > Hmm ... the code in __pkcs15_create_prkey_object is mostly uchanged since > 2003. The whole package is the same as in Fedora 33. The same for p11-kit > and I think also NSS. Nothing else should have significant effect on what is > going on there. FWIW, I use this particular device almost every day, and this started happening immediately after the upgrade to F34. I now tested this with other keys I had lying around, and it also occurs. (Not with "1050:0120 Yubico.com Yubikey Touch U2F Security Key", but with two other "real" yubikeys.) > Can you reproduce the crash with pkcs11-tool only? For example > > pkcs11-tool -L Yes. > pkcs11-tool -L --module /usr/lib64/p11-kit-proxy.so Also yes. $ valgrind pkcs11-tool -L --module /usr/lib64/p11-kit-proxy.so ==257577== Memcheck, a memory error detector ==257577== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==257577== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info ==257577== Command: pkcs11-tool -L --module /usr/lib64/p11-kit-proxy.so ==257577== ==257577== Invalid write of size 8 ==257577== at 0x4863A6A: __pkcs15_create_prkey_object (framework-pkcs15.c:785) ==257577== by 0x486400C: pkcs15_create_pkcs11_objects (framework-pkcs15.c:847) ==257577== by 0x486E750: UnknownInlinedFun (framework-pkcs15.c:1202) ==257577== by 0x486E750: pkcs15_create_tokens.lto_priv.0 (framework-pkcs15.c:1498) ==257577== by 0x4860216: card_detect (slot.c:327) ==257577== by 0x4861DE7: card_detect_all (slot.c:420) ==257577== by 0x48625F2: C_Initialize (pkcs11-global.c:323) ==257577== by 0x53A78A9: initialize_module_inlock_reentrant (modules.c:738) ==257577== by 0x53A7C88: managed_C_Initialize (modules.c:1584) ==257577== by 0x53AE018: UnknownInlinedFun (modules.c:2157) ==257577== by 0x53AE018: p11_kit_modules_initialize (modules.c:2145) ==257577== by 0x53AE466: UnknownInlinedFun (proxy.c:348) ==257577== by 0x53AE466: proxy_C_Initialize (proxy.c:416) ==257577== by 0x10FC47: main (pkcs11-tool.c:982) ==257577== Address 0x48 is not stack'd, malloc'd or (recently) free'd ==257577== ==257577== ==257577== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==257577== Access not within mapped region at address 0x48 ==257577== at 0x4863A6A: __pkcs15_create_prkey_object (framework-pkcs15.c:785) ==257577== by 0x486400C: pkcs15_create_pkcs11_objects (framework-pkcs15.c:847) ==257577== by 0x486E750: UnknownInlinedFun (framework-pkcs15.c:1202) ==257577== by 0x486E750: pkcs15_create_tokens.lto_priv.0 (framework-pkcs15.c:1498) ==257577== by 0x4860216: card_detect (slot.c:327) ==257577== by 0x4861DE7: card_detect_all (slot.c:420) ==257577== by 0x48625F2: C_Initialize (pkcs11-global.c:323) ==257577== by 0x53A78A9: initialize_module_inlock_reentrant (modules.c:738) ==257577== by 0x53A7C88: managed_C_Initialize (modules.c:1584) ==257577== by 0x53AE018: UnknownInlinedFun (modules.c:2157) ==257577== by 0x53AE018: p11_kit_modules_initialize (modules.c:2145) ==257577== by 0x53AE466: UnknownInlinedFun (proxy.c:348) ==257577== by 0x53AE466: proxy_C_Initialize (proxy.c:416) ==257577== by 0x10FC47: main (pkcs11-tool.c:982) ==257577== If you believe this happened as a result of a stack ==257577== overflow in your program's main thread (unlikely but ==257577== possible), you can try to increase the size of the ==257577== main thread stack using the --main-stacksize= flag. ==257577== The main thread stack size used in this run was 8388608. ==257577== ==257577== HEAP SUMMARY: ==257577== in use at exit: 188,790 bytes in 2,930 blocks ==257577== total heap usage: 3,311 allocs, 381 frees, 319,867 bytes allocated ==257577== ==257577== LEAK SUMMARY: ==257577== definitely lost: 0 bytes in 0 blocks ==257577== indirectly lost: 0 bytes in 0 blocks ==257577== possibly lost: 0 bytes in 0 blocks ==257577== still reachable: 188,790 bytes in 2,930 blocks ==257577== suppressed: 0 bytes in 0 blocks ==257577== Rerun with --leak-check=full to see details of leaked memory ==257577== ==257577== For lists of detected and suppressed errors, rerun with: -s ==257577== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) [2] 257577 segmentation fault (core dumped) valgrind pkcs11-tool -L --module /usr/lib64/p11-kit-proxy.so > Or is the NSS involvement needed? Does the following crash too? > > certutil -L -d sql:/etc/pki/nssdb/ -h all Same.
Thanks for checking it is reproducible with bare opensc. I will check with Fedora 34 if I can get some more information from this. The valgrind report is also useful, but it is not more clear to me what is going on there.
The silence does not mean that there is nothing going on :) I can reproduce also with different card types while the crash looks the same. The valgrind nor gdb helps much to figure out what is wrong there. I can reproduce the same with locally rebuilt package. I can NOT reproduce it with the OpenSC built from upstream repository (master nor 0.21.0) with clang and address sanitizer nor with the original fedora package rebuilt with clang so I assume this is some issue with compiler flags, gcc, glibc or down there. I will investigate further as this needs to be resolved before GA.
Manually downloading and installing opensc-0.21.0-1.fc33 from koji [1] also prevents the crash. This is the same code as current and was built with gcc-10 before update to gcc-11 so I assume it is an issue of gcc or some related package. Unfortunately, we do not have more isolated reproducer than this huge package. Reassigning to GCC for now. Reproducible with either yubikey or with the following test from Fedora CI (with virtual smart card): https://src.fedoraproject.org/rpms/opensc/blob/rawhide/f/tests/pkcs11-tool Let me know if there is some more info that can help to resolve the issues. [1] https://koji.fedoraproject.org/koji/buildinfo?buildID=1645345
Code looks dodgy: struct pkcs15_prkey_object *object = NULL; […] rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object, prkey, &pkcs15_prkey_ops, sizeof(struct pkcs15_prkey_object)); A write to a struct pkcs15_any_object * object cannot change a struct pkcs15_prkey_object * object under strict aliasing rules. Please check if the issue goes away when building with -fno-strict-aliasing.
Yeah. And if -fno-strict-aliasing helps, perhaps even just -fno-ipa-modref could help, GCC 11 has added interprocedural optimization which can make incorrect but previously working code stop working. Previously one would often run into problems only when inlining happened, but with the IPA modref optimization it can trigger only if the function definition and callers are visible to the compiler at the same time (and with LTO that is the case quite often). Anyway, if that helps, it would be better to fix the code rather than find workarounds.
*** Bug 1931127 has been marked as a duplicate of this bug. ***
So looking at this code as an example: static int __pkcs15_create_prkey_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_object *prkey, struct pkcs15_any_object **prkey_object) { struct pkcs15_prkey_object *object = NULL; int rv; rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object, prkey, &pkcs15_prkey_ops, sizeof(struct pkcs15_prkey_object)); if (rv >= 0) object->prv_info = (struct sc_pkcs15_prkey_info *) prkey->data; if (prkey_object != NULL) *prkey_object = (struct pkcs15_any_object *) object; return rv; } It should probably be written like this: static int __pkcs15_create_prkey_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_object *prkey, struct pkcs15_any_object **prkey_object) { struct pkcs15_any_object *any_object = NULL; struct pkcs15_prkey_object *object; int rv; rv = __pkcs15_create_object(fw_data, &any_object, prkey, &pkcs15_prkey_ops, sizeof(struct pkcs15_prkey_object)); object = (struct pkcs15_any_object *) any_object; if (rv >= 0) object->prv_info = (struct sc_pkcs15_prkey_info *) prkey->data; if (prkey_object != NULL) *prkey_object = any_object; return rv; } So change the pointer type to what is being written by the called function, and cast the pointer value afterwards to the expected type. This avoids the immediate aliasing violation.
Thank you for the pointers. I am afraid there are many places like that in opensc that would need some love. As already said, this code is mostly untouched since 2003. If it is invalid construct, would it make sense to have some check/warning/error to simplify detection of these? If I am right, I did not see any in the builds using previous versions nor with the current version of gcc so the crashes come out of the blue. I tried with -fno-strict-aliasing but without any improvement (not sure if I managed to override the rpms defaults though). Trying to pass -fno-ipa-modref to LDFLAGS did not look like helping either. Hoping I passed it correctly to the build: libtool: install: (cd /tmp/tmp.fW2f0RJCAp/opensc/opensc-0.21.0/src/pkcs11; /bin/sh "/tmp/tmp.fW2f0RJCAp/opensc/opensc-0.21.0/libtool" --tag CC --mode=relink gcc -DMODULE_APP_NAME=\"onepin-opensc-pkcs11\" -pthread -DPKCS11_THREAD_LOCKING -Wall -Wextra -Wno-unused-parameter -Werror -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -export-symbols ./pkcs11.exports -module -shared -avoid-version -no-undefined -fno-ipa-modref -o onepin-opensc-pkcs11.la -rpath /usr/lib64 onepin_opensc_pkcs11_la-pkcs11-global.lo onepin_opensc_pkcs11_la-pkcs11-session.lo onepin_opensc_pkcs11_la-pkcs11-object.lo onepin_opensc_pkcs11_la-misc.lo onepin_opensc_pkcs11_la-slot.lo onepin_opensc_pkcs11_la-mechanism.lo onepin_opensc_pkcs11_la-openssl.lo onepin_opensc_pkcs11_la-framework-pkcs15.lo onepin_opensc_pkcs11_la-framework-pkcs15init.lo onepin_opensc_pkcs11_la-debug.lo onepin_opensc_pkcs11_la-pkcs11-display.lo ../../src/libopensc/libopensc.la ../../src/common/libscdl.la ../../src/common/libcompat.la -lcrypto -ldl -inst-prefix-dir /root/rpmbuild/BUILDROOT/opensc-0.21.0-2.fc35.x86_64) Indeed, application of the variation of the patch provided by florian allows the code execution to continue letting it crash a bit further on similar construct: diff -up opensc-0.21.0/src/pkcs11/framework-pkcs15.c.gcc11 opensc-0.21.0/src/pkcs11/framework-pkcs15.c --- opensc-0.21.0/src/pkcs11/framework-pkcs15.c.gcc11 2021-02-23 18:35:19.563000000 +0000 +++ opensc-0.21.0/src/pkcs11/framework-pkcs15.c 2021-02-23 18:36:49.075000000 +0000 @@ -776,16 +776,18 @@ static int __pkcs15_create_prkey_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_object *prkey, struct pkcs15_any_object **prkey_object) { + struct pkcs15_any_object *any_object = NULL; struct pkcs15_prkey_object *object = NULL; int rv; - rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object, + rv = __pkcs15_create_object(fw_data, &any_object, prkey, &pkcs15_prkey_ops, sizeof(struct pkcs15_prkey_object)); + object = (struct pkcs15_prkey_object *) any_object; if (rv >= 0) object->prv_info = (struct sc_pkcs15_prkey_info *) prkey->data; if (prkey_object != NULL) - *prkey_object = (struct pkcs15_any_object *) object; + *prkey_object = any_object; return rv; } Let me hunt the issues down, but my concern is that there might be dozens of packages in fedora that will segfault on something like this completely silently and unexpectedly.
Both flags are compiler flags, not linker flags. But I guess with LTO, it doesn't hurt to repeat the flags in both places. (libtool may strip them, though.) This should inject the flags into configure: diff --git a/opensc.spec b/opensc.spec index 786b307..285aa1b 100644 --- a/opensc.spec +++ b/opensc.spec @@ -73,6 +73,9 @@ autoreconf -fvi sed -i -e 's/opensc.conf/opensc-%{_arch}.conf/g' src/libopensc/Makefile.in %endif sed -i -e 's|"/lib /usr/lib\b|"/%{_lib} %{_libdir}|' configure # lib64 rpaths +%set_build_flags +CFLAGS="$CFLAGS -fno-strict-aliasing" +LDFLAGS="$LDFLAGS -fno-strict-aliasing" %configure --disable-static \ --disable-autostart-items \ --disable-notify \ See: https://src.fedoraproject.org/rpms/redhat-rpm-config//blob/rawhide/f/buildflags.md
I tried exactly that (oh .. forgot the %set_build_flags) but configure choked on this in CFLAGS for some reason. So far testing with the following changes looks like working, at least for basic use case so I will update opensc with these changes if I will not find some other issues in the further testing. https://github.com/OpenSC/OpenSC/pull/2241
Both -f{,no-}strict-aliasing and -f{,no-}ipa-modref options are Optimization options, so for LTO don't need to be repeated on the link line (can be, but will have no effect there). If there is any C++ code, it would need to add it to CXXFLAGS too. As for warning option, GCC has -Wstrict-aliasing{,=1,=2,=3} options, those don't warn on where the actual bug is (reading or writing an object through different effective type from its dynamic type), but warn on pointer casts that could be problematic. E.g. the above code even without the patch could be just fine if __pkcs15_create_object cast it back to the struct pkcs15_prkey_object ** type and stored through that pointer. But if it (expectedly) stores through the type of the argument (i.e. just *pobject), then it will be invalid.
The build and basic tests seems to work fine [1] so I am building update for rawhide and f34. Is there something else we would like to do in this bugzilla on gcc side or should I move it back to opensc and close? [1] https://src.fedoraproject.org/rpms/opensc/pull-request/11
FEDORA-2021-c8d58d8c39 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-c8d58d8c39
Proposed as a Freeze Exception for 34-beta by Fedora user zbyszek using the blocker tracking app because: Breaks basic functionality of the system (firefox, evolution, …) with certain hardware (fairly common yubikey types).
Just checked and it is -Wstrict-aliasing=2 level that is needed, -Wstrict-aliasing=3 (included in -Wall) doesn't warn about the cast.
FEDORA-2021-c8d58d8c39 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-c8d58d8c39` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-c8d58d8c39 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
It seems that opensc-0.21.0-3.fc35.x86_64 fixed the issues for me on Fedora Rawhide. Thx.
+3 in https://pagure.io/fedora-qa/blocker-review/issue/251 , marking accepted.
Jakub, can you have a look to the upstream discussion of this issue? I tried to introduce the -Wstrict-aliasing=2 to our CI in upstream, but it is hugely outdated, running some old gcc 5 and reporting some issues that I do not understand. These issues are not reported by either gcc 10 nor 11 I tried for building current versions of opensc in Fedora. https://github.com/OpenSC/OpenSC/pull/2241#issuecomment-786148183
FEDORA-2021-a2d338ffb5 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-a2d338ffb5
FEDORA-2021-a2d338ffb5 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-a2d338ffb5` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-a2d338ffb5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-a2d338ffb5 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.