Bug#933865: adb crashes on startup with SIGBUS

2019-08-06 Thread Bernhard Übelacker 
Dear Maintainer,
I tried to get some more information to this crash and
could reproduce it on a Raspberry 3 running a Debian Buster armhf
image created by following script (with "arch: armhf" and linux-image-armmp):

https://salsa.debian.org/raspi-team/image-specs


The crash seems to happen at least on the initial key creation,
therefore is maybe just visible with an empty ~/.android.


"dmesg" shows following after the crash has happened:

[  339.344841] Alignment trap: not handling instruction ecd6cb04 at 
[]
[  339.345111] Unhandled fault: alignment exception (0x001) at 0xb6c58ba1
[  339.345328] pgd = 72cfb493
[  339.345426] [b6c58ba1] *pgd=33fe8835


The backtrace from "coredumpctl gdb ..." just shows the last two frames:
(gdb) bt
#0  _bsaes_key_convert () at linux-arm/crypto/fipsmodule/bsaes-armv7.S:1037
#1  0xb6c5960e in bsaes_ctr32_encrypt_blocks () at 
linux-arm/crypto/fipsmodule/bsaes-armv7.S:1371
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

When running in an debugger short before the crash the backtrace shows this:
(gdb) bt
#0  bsaes_ctr32_encrypt_blocks () at 
linux-arm/crypto/fipsmodule/bsaes-armv7.S:1351
#1  0xb6c476ba in CTR_DRBG_generate (drbg=0x436570, out=, 
out_len=, additional_data=0xbeffd67c 
"\321,(L\262[\270\344\242\353Zp<\234\372\266\200U:\354\314\237\220r\033\252\002[P\vUban\216\024.J\020\305#g\r\345w\243q-Z\305\201\b~\245U\324\005^\310j\223\221H\370t\356\301\352\323ze\267\063\211\006\332\004\017\320\217w",
 additional_data_len=32) at src/crypto/fipsmodule/rand/ctrdrbg.c:169
#2  0xb6c47832 in RAND_bytes_with_additional_data (out=0x4364e8 "", 
out_len=out_len@entry=128, 
user_additional_data=user_additional_data@entry=0xb6c80dc8 
 "") at src/crypto/fipsmodule/rand/rand.c:330
#3  0xb6c479f6 in RAND_bytes_with_additional_data 
(user_additional_data=0xb6c80dc8  "", out_len=128, 
out=0x4364e8 "") at src/crypto/fipsmodule/bn/random.c:143
#4  bn_rand_with_additional_data (rnd=0x436460, bits=1024, top=0, bottom=1, 
additional_data=0xb6c80dc8  "") at 
src/crypto/fipsmodule/bn/random.c:162
#5  0xb6c47a8e in BN_rand (rnd=rnd@entry=0x436460, bits=bits@entry=1024, 
top=top@entry=0, bottom=bottom@entry=1) at src/crypto/fipsmodule/bn/random.c:199
#6  0xb6c4be42 in generate_prime (out=0x436460, bits=bits@entry=1024, 
e=0x436448, p=p@entry=0x0, ctx=ctx@entry=0x436a18, cb=cb@entry=0x0) at 
src/crypto/fipsmodule/rsa/rsa_impl.c:837
#7  0xb6c4c132 in RSA_generate_key_ex (rsa=0x4361a8, bits=2048, 
e_value=, cb=0x0) at src/crypto/fipsmodule/rsa/rsa_impl.c:964
#8  0xb6f947ac in ?? () from 
/usr/lib/arm-linux-gnueabihf/android/libadb.so.0
#9  0xb6f95d80 in adb_auth_init() () from 
/usr/lib/arm-linux-gnueabihf/android/libadb.so.0
#10 0x00408608 in adb_server_main (is_daemon=is_daemon@entry=1, 
socket_spec="tcp:5037", ack_reply_fd=ack_reply_fd@entry=4) at 
adb/client/main.cpp:130
#11 0x0040bd10 in adb_commandline (argc=, argv=0xbefffdd0) 
at /usr/include/c++/8/bits/basic_string.h:252
#12 0xb6cc2524 in __libc_start_main (main=0x404e11 , 
argc=7, argv=0xbefffdb4, init=, fini=0x41812d <__libc_csu_fini>, 
rtld_fini=0xb6fe16c5 <_dl_fini>, stack_end=0xbefffdb4) at libc-start.c:308
#13 0x00404e80 in _start () at adb/client/main.cpp:186


The causing instruction seems to be following (complete debug session attached):
(gdb) 
1034vldmia  r6, {q14}   @ .LM0
1: x/i $pc
=> 0xb6c6f278 <_bsaes_key_convert+40>:  vldmia  r6, {d28-d29}
(gdb) info reg
...
r6 0xb6c6eba1  3066489761
...
(gdb) stepi

Thread 1 "adb" received signal SIGBUS, Bus error.
_bsaes_key_convert () at linux-arm/crypto/fipsmodule/bsaes-armv7.S:1037
1037vrev32.8q7,  q7
1: x/i $pc
=> 0xb6c6f27c <_bsaes_key_convert+44>:  vrev32.8q7, q7
(gdb) 


Upstream appears to have an patch integrated that touches _bsaes_key_convert: 
[1] [2]

A package android-libboringssl build with that patch applied could successfuly
create the keys and did no crash on "adb devices" (just tested without a device 
connected).

Kind regards,
Bernhard

[1] 
https://android.googlesource.com/platform/external/boringssl/+/ab8b888152733533e60c1ebbe8438594a3a2e3d7%5E%21/linux-arm/crypto/fipsmodule/bsaes-armv7.S
[2] 
https://boringssl.googlesource.com/boringssl/+/672f6fc2486745d0cabc3aaeb4e0a3cd13b37b12%5E%21/crypto/fipsmodule/aes/asm/bsaes-armv7.pl



# Buster/stable armhf Raspberry Pi 3, 2019-08-06

apt update
apt dist-ugprade




apt install systemd-coredump gdb fakeroot adb adb-dbgsym 
android-libboringssl-dbgsym
apt build-dep android-libboringssl


The following NEW packages will be installed:
adb android-libadb android-libbase android-libboringssl android-libcrypto-utils 
android-libcutils android-liblog android-sdk-platform-tools-common libatomic1 
libusb-1.0-0 gdb libbabeltrace1 libc6-dbg libglib2.0-0 libglib2.0-data libicu63 
libp

Bug#933865: adb crashes on startup with SIGBUS

2019-08-04 Thread Till Dörges 
Package: adb
Version: 1:8.1.0+r23-5
Severity: grave
Justification: renders package unusable

Dear Maintainer,

the problem appears to be a regression between 9 (Stretch) and 10 (Buster) as 
adb worked fine under Stretch and doesn't work anymore under Buster.

When I try to start 'adb' using 'adb devices -l' I get

--- snip ---
user@box:~> adb devices -l
List of devices attached
* daemon not running; starting now at tcp:5037
ADB server didn't ACK
Full server startup log: /tmp/adb.1000.log
Server had pid: 16703
--- adb starting (pid 16703) ---
adb I 08-04 11:37:16 16703 16703 main.cpp:57] Android Debug Bridge version 
1.0.39
adb I 08-04 11:37:16 16703 16703 main.cpp:57] Version 1:8.1.0+r23-5
adb I 08-04 11:37:16 16703 16703 main.cpp:57] Installed as 
/usr/lib/android-sdk/platform-tools/adb
adb I 08-04 11:37:16 16703 16703 main.cpp:57] 
adb I 08-04 11:37:16 16703 16703 adb_auth_host.cpp:416] adb_auth_init...
adb I 08-04 11:37:16 16703 16703 adb_auth_host.cpp:174] read_key_file 
'/home/till/.android/adbkey'...
adb I 08-04 11:37:16 16703 16703 adb_auth_host.cpp:391] adb_auth_inotify_init...
adb I 08-04 11:37:16 16703 16703 adb_auth_host.cpp:467] Calling 
send_auth_response

* failed to start daemon
error: cannot connect to daemon
--- snap ---


Note: /tmp/adb.1000.log shows exactly what's on stdout/stderr (seen above).


The problem appears to be that adb gets killed by SIGBUS:

--- snip ---
user@box:~> strace - -o adb adb devices -l
[...]
* failed to start daemon
error: cannot connect to daemon


user@box:~> grep killed adb.167*
adb.16702:--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=16703, 
si_uid=1000, si_status=SIGBUS, si_utime=2, si_stime=8} ---
adb.16703:+++ killed by SIGBUS +++
adb.16705:+++ killed by SIGBUS +++
adb.16706:+++ killed by SIGBUS +++
adb.16713:+++ killed by SIGBUS +++
adb.16715:+++ killed by SIGBUS +++
adb.16716:+++ killed by SIGBUS +++


user@box:~> cat adb.16703
set_robust_list(0xb6b25540, 12) = 0
close(3)= 0
execve("/usr/lib/android-sdk/platform-tools/adb", ["adb", "-L", "tcp:5037", 
"fork-server", "server", "--reply-fd", "4"], 0xbecde0d4 /* 30 vars */) = 0
brk(NULL)   = 0xde9000
[...]
bind(6, {sa_family=AF_INET, sin_port=htons(5037), 
sin_addr=inet_addr("127.0.0.1")}, 16) = 0
listen(6, 4)= 0
[...]
futex(0xb6bd9860, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getrandom("\xd6\x33\x59\xbc\xf7\x11\x33\x14\x38\x2d\x14\x48\x24\x14\xfb\xe0\x17\x40\xfd\x73\x07\x9a\xec\x6e\x89\x28\x25\xb6\x3e\x41\x04\x94",
 32, 0) = 32
futex(0xb6bd9bec, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getrandom("\xd2\x6f\x66\x87\x1c\x98\x22\x65\xd0\x70\x74\x8d\x8e\xd6\xe6\xa8\x83\xce\xc5\x63\x09\x25\x63\xe4\xbf\x97\x95\xfe\x6c\x3a\x9b\x89"...,
 48, 0) = 48
--- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRALN, si_addr=0xb6b9dba1} ---
+++ killed by SIGBUS +++
--- snap ---


Forcibly installing these packages gives me a working adb:

  adb_7.0.0+r33-1_armhf.deb
  android-libadb_7.0.0+r33-1_armhf.deb
  android-libbase_7.0.0+r33-1_armhf.deb
  android-libcutils_7.0.0+r33-1_armhf.deb


-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: armhf (armv7l)

Kernel: Linux 4.19.0-5-armmp-lpae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages adb depends on:
ii  android-libadb   1:8.1.0+r23-5
ii  android-libbase  1:8.1.0+r23-5
ii  libc62.28-10
ii  libgcc1  1:8.3.0-6
ii  libstdc++6   8.3.0-6

Versions of packages adb recommends:
ii  android-sdk-platform-tools-common  27.0.0+10

adb suggests no packages.

-- no debconf information

Bug#933865: adb crashes on startup with SIGBUS

2019-12-14 Thread John Scott 
Control: reassign -1 android-libboringssl/8.1.0+r23-1
Control: tags -1 upstream patch fixed-upstream
Control: retitle -1  adb crashes on startup with SIGBUS (armhf)
Control: forwarded -1 
https://boringssl.googlesource.com/boringssl/+/672f6fc2486745d0cabc3aaeb4e0a3cd13b37b12%5E%21/
Control: affects -1 adb
Control: severity -1 serious
(justification: it works on other architectures)

> A package android-libboringssl build with that patch applied could
> successfuly create the keys and did no crash on "adb devices" (just tested
> without a device connected).

signature.asc
Description: This is a digitally signed message part.