Bug 194973

Summary: Infinite recursion in ahash_def_finup_done2 when ghash_clmulni_intel is loaded
Product: Other Reporter: John Morrissey (jwm)
Component: ModulesAssignee: other_modules
Status: NEW ---    
Severity: normal    
Priority: P1    
Hardware: Intel   
OS: Linux   
Kernel Version: 4.9.13 Subsystem:
Regression: No Bisected commit-id:
Attachments: Kernel trace output

Description John Morrissey 2017-03-23 17:26:35 UTC 
Created attachment 255489 [details]
Kernel trace output

I'm experiencing lockups due to seemingly infinite recursion in ahash_def_finup_done2 when ghash_clmulni_intel is loaded on an ASRock IMB-150 (http://www.asrock.com/IPC/overview.asp?Model=IMB-150) with a Celeron J1900. Attached is the full trace output.

I can reliably reproduce the lockups by bringing up an IPSec VPN connection from an OS X client to the affected system (running StrongSwan 5.5.1) and starting a Time Machine backup from the OS X client over that IPSec connection. After a minute or two, the affected system locks up.

Blacklisting ghash_clmulni_intel (and letting ghash_generic load) works around this problem.

This is with 4.9.13 from Debian backports, but Debian doesn't patch the ghash subsystem in their non-RT kernels, so this is AFAICT stock code. The affected code doesn't seem to have changed materially since 4.9.13.