Hi, We are seeing 2 errors with recent Fedora & ELN kernels that may be related to same issue: [1] alg: sig: test 1 failed for pkcs1(rsa-generic,sha256): err -38 [2] Kernel panic - not syncing: Certs RSA selftest: pkcs7_validate_trust() = -126 Last known good kernel was commit 158f238aa69d, commit fcc79e1714e8 is exhibiting the problem. Builds (and configs) can be found on Fedora koji: https://koji.fedoraproject.org/koji/packageinfo?packageID=8 I did try to run this alg test manually from a dummy module, and while it worked on older kernels as: int ret = alg_test("pkcs1pad(rsa-generic,sha256)", "pkcs1pad(rsa,sha256)", CRYPTO_ALG_INSTANCE|CRYPTO_ALG_TYPE_SIG, CRYPTO_ALG_TESTED); this now doesn't work (HEAD at commit 0393dda270e3): int ret = alg_test("pkcs1(rsa-generic,sha256)", "pkcs1(rsa,sha256)", CRYPTO_ALG_INSTANCE|CRYPTO_ALG_TYPE_SIG, CRYPTO_ALG_TESTED); I'll continue with bisect, unless someone can spot the problem sooner. Thanks, Jan [1][2] [ 2.039909] registered taskstats version 1 [ 2.041881] Loading compiled-in X.509 certificates [ 2.044931] Loaded X.509 cert 'Red Hat Enterprise Linux kernel signing key: d02591e7d874078d39c0a63aa29d0f3481a45682' [ 2.048828] alg: sig: sign test failed: err -38 [ 2.050391] alg: sig: test 1 failed for pkcs1(rsa-generic,sha256): err -38 [ 2.052618] alg: self-tests for pkcs1(rsa,sha256) using pkcs1(rsa-generic,sha256) failed (rc=-38) [ 2.052624] ------------[ cut here ]------------ [ 2.057056] alg: self-tests for pkcs1(rsa,sha256) using pkcs1(rsa-generic,sha256) failed (rc=-38) [ 2.057083] WARNING: CPU: 0 PID: 113 at crypto/testmgr.c:6048 alg_test.cold+0xb7/0xe0 [ 2.062500] Modules linked in: [ 2.063598] CPU: 0 UID: 0 PID: 113 Comm: cryptomgr_test Not tainted 6.12.0-8.test.eln.x86_64 #1 [ 2.066405] Hardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014 [ 2.068579] RIP: 0010:alg_test.cold+0xb7/0xe0 [ 2.070047] Code: c7 c7 c0 54 89 95 e8 52 b4 fe ff 41 83 fe fe 0f 84 3d 53 81 ff 44 89 f1 48 89 ea 4c 89 e6 48 c7 c7 f8 54 89 95 e8 93 42 2e ff <0f> 0b e9 21 53 81 ff 48 c7 c1 a6 6c 93 95 4c 89 e2 48 89 ee 48 c7 [ 2.075865] RSP: 0000:ffffab19004cfdf8 EFLAGS: 00010286 [ 2.077577] RAX: 0000000000000000 RBX: 00000000000000b5 RCX: 00000000ffff7fff [ 2.079864] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 2.082156] RBP: ffff902b417e9800 R08: 0000000000000000 R09: ffffffff963e2aa8 [ 2.084431] R10: ffffffff96322a68 R11: 0000000000000003 R12: ffff902b417e9880 [ 2.086694] R13: 00000000000000af R14: 00000000ffffffda R15: 00000000ffffffff [ 2.088983] FS: 0000000000000000(0000) GS:ffff902e6a800000(0000) knlGS:0000000000000000 [ 2.091601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2.093460] CR2: ffff902d0f401000 CR3: 00000002cde22001 CR4: 0000000000370ef0 [ 2.095734] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2.098017] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2.100280] Call Trace: [ 2.101197] <TASK> [ 2.102026] ? show_trace_log_lvl+0x1b0/0x2f0 [ 2.103487] ? show_trace_log_lvl+0x1b0/0x2f0 [ 2.104966] ? cryptomgr_test+0x24/0x40 [ 2.106282] ? alg_test.cold+0xb7/0xe0 [ 2.107564] ? __warn.cold+0x93/0xf4 [ 2.108809] ? alg_test.cold+0xb7/0xe0 [ 2.110091] ? report_bug+0xff/0x140 [ 2.111330] ? handle_bug+0x53/0x90 [ 2.112539] ? exc_invalid_op+0x17/0x70 [ 2.113844] ? asm_exc_invalid_op+0x1a/0x20 [ 2.115253] ? alg_test.cold+0xb7/0xe0 [ 2.116534] ? alg_test.cold+0xb7/0xe0 [ 2.117824] ? __call_rcu_common.constprop.0+0xa9/0x2f0 [ 2.119528] ? __schedule+0x265/0x570 [ 2.120811] ? __pfx_cryptomgr_test+0x10/0x10 [ 2.122270] cryptomgr_test+0x24/0x40 [ 2.123532] kthread+0xd2/0x100 [ 2.124643] ? __pfx_kthread+0x10/0x10 [ 2.125947] ret_from_fork+0x34/0x50 [ 2.127174] ? __pfx_kthread+0x10/0x10 [ 2.128464] ret_from_fork_asm+0x1a/0x30 [ 2.129813] </TASK> [ 2.130633] ---[ end trace 0000000000000000 ]--- [ 2.132283] Problem loading in-kernel X.509 certificate (-80) [ 2.134310] Problem loading in-kernel X.509 certificate (-80) [ 2.136231] Loaded X.509 cert 'Nvidia GPU OOT signing 001: 55e1cef88193e60419f0b0ec379c49f77545acf0' [ 2.177928] Loaded X.509 cert 'Fedora IMA CA: a8a00c31663f853f9c6ff2564872e378af026b28' [ 2.183693] usb 2-1: new high-speed USB device number 2 using ehci-pci [ 2.185954] Demotion targets for Node 0: null [ 2.187689] page_owner is disabled [ 2.189469] Key type .fscrypt registered [ 2.190849] Key type fscrypt-provisioning registered [ 2.192642] Key type big_key registered [ 2.194112] Key type trusted registered [ 2.217055] Key type encrypted registered [ 2.218516] Loading compiled-in module X.509 certificates [ 2.220817] Loaded X.509 cert 'Red Hat Enterprise Linux kernel signing key: d02591e7d874078d39c0a63aa29d0f3481a45682' [ 2.224230] ima: Allocated hash algorithm: sha256 [ 2.284425] ima: No architecture policies found [ 2.286106] evm: Initialising EVM extended attributes: [ 2.287807] evm: security.selinux [ 2.288981] evm: security.SMACK64 (disabled) [ 2.290418] evm: security.SMACK64EXEC (disabled) [ 2.291980] evm: security.SMACK64TRANSMUTE (disabled) [ 2.293646] evm: security.SMACK64MMAP (disabled) [ 2.295185] evm: security.apparmor (disabled) [ 2.296657] evm: security.ima [ 2.297732] evm: security.capability [ 2.298971] evm: HMAC attrs: 0x1 [ 2.303465] Running certificate verification RSA selftest [ 2.312640] Problem loading in-kernel X.509 certificate (-80) [ 2.318523] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 2.321349] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 2.323821] usb 2-1: Product: QEMU USB Tablet [ 2.325327] usb 2-1: Manufacturer: QEMU [ 2.326665] usb 2-1: SerialNumber: 28754-0000:00:05.7-1 [ 2.330363] Kernel panic - not syncing: Certs RSA selftest: pkcs7_validate_trust() = -126 [ 2.333231] CPU: 2 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W ------- --- 6.12.0-8.test.eln.x86_64 #1 [ 2.336670] Tainted: [W]=WARN [ 2.337729] Hardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014 [ 2.339918] Call Trace: [ 2.340826] <TASK> [ 2.341632] dump_stack_lvl+0x4e/0x70 [ 2.343196] panic+0x113/0x2dd [ 2.344290] fips_signature_selftest+0x12a/0x148 [ 2.345917] ? __pfx_fips_signature_selftest_init+0x10/0x10 [ 2.347744] fips_signature_selftest_rsa+0x3a/0x40 [ 2.349321] fips_signature_selftest_init+0xe/0x20 [ 2.351058] do_one_initcall+0x5b/0x300 [ 2.352439] do_initcalls+0xdf/0x100 [ 2.353691] ? __pfx_kernel_init+0x10/0x10 [ 2.355075] kernel_init_freeable+0x147/0x1a0 [ 2.356540] kernel_init+0x1a/0x140 [ 2.357753] ret_from_fork+0x34/0x50 [ 2.359058] ? __pfx_kernel_init+0x10/0x10 [ 2.360435] ret_from_fork_asm+0x1a/0x30 [ 2.361762] </TASK> [ 2.362730] Kernel Offset: 0x13000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 2.366169] ---[ end Kernel panic - not syncing: Certs RSA selftest: pkcs7_validate_trust() = -126 ]---
