[pkg-cryptsetup-devel] Bug#904926: cryptroot-unlock: timeout waiting for askpass

Sun Jul 29 16:42:45 BST 2018

Package: cryptsetup-initramfs
Version: 2:2.0.3-6
Severity: critical
Justification: breaks the whole system

Dear Maintainer,

after installing updates today, I cannot unlock the cryptroot anymore.
After sshing to the dropbear instance of the machine and starting
cryptroot-unlock, the command responds with the error message:

timeout waiting for askpass.

askpass is installed in the initrd under /lib/cryptsetup (iirc).

Logging into the machines remote console (done via spice) also fails,
as I always get the error message that the password is wrong.
I tried entering the password using US-keyboard layout, to no avail.

I've had to boot into an older kernel, that kernels initramfs still
works. The kernel where the cryptroot-unlock is not working is 4.17.0-1.

The machine has a single disk with 2 partitions, vda1 being the
unencrypted boot partition having the boot loader, kernel and initramfs.

The second partition is the luks volume, having a single LVM volume
group with two logical volumes (see fstab below, hostname redacted)

I have booted into the older kernel and updated the 4.17.0-1 initramfs
with update-initramfs -u
That did not help, either.

Regards,
C. Dominik Bódi

-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-4.16.0-2-amd64 root=/dev/mapper/xxxxx-root ro elevator=noop ip=aaa.bbb.ccc.ddd::aaa.bbb.ccc.xxx:255.255.255.zzz::eth0:none quiet

-- /etc/crypttab
vda2_crypt UUID=aecd1a7c-efe5-44e5-a14a-74f1c8c3d046 none luks

-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/mapper/xxxxx-root /     xfs     defaults        0       1
/dev/mapper/xxxxx-data /data xfs     defaults        0       2
# /boot was on /dev/vda1 during installation
/dev/vda1       /boot           ext2    defaults        0       2
#/dev/mapper/odysseus-swap_1 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto     0       0

-- lsmod
Module                  Size  Used by
ip6t_REJECT            16384  4
nf_reject_ipv6         16384  1 ip6t_REJECT
ip6table_nat           16384  1
nf_nat_ipv6            16384  1 ip6table_nat
ip6table_mangle        16384  1
ip6table_raw           16384  1
nf_conntrack_ipv6      16384  21
nf_defrag_ipv6         36864  1 nf_conntrack_ipv6
nf_log_ipv6            16384  5
ip6table_filter        16384  1
ip6_tables             32768  4 ip6table_mangle,ip6table_filter,ip6table_raw,ip6table_nat
ipt_MASQUERADE         16384  1
nf_nat_masquerade_ipv4    16384  1 ipt_MASQUERADE
xt_nat                 16384  2
xt_recent              20480  2
xt_comment             16384  54
xt_set                 16384  2
ip_set_hash_ip         36864  1
ip_set                 45056  2 xt_set,ip_set_hash_ip
xt_AUDIT               16384  0
ipt_REJECT             16384  4
nf_reject_ipv4         16384  1 ipt_REJECT
xt_addrtype            16384  7
iptable_nat            16384  1
nf_nat_ipv4            16384  1 iptable_nat
xt_mark                16384  2
iptable_mangle         16384  1
xt_tcpudp              16384  78
xt_CT                  16384  36
iptable_raw            16384  1
xt_multiport           16384  10
nf_conntrack_ipv4      16384  35
nf_defrag_ipv4         16384  1 nf_conntrack_ipv4
xt_conntrack           16384  15
xt_NFLOG               16384  0
nfnetlink_log          20480  1 xt_NFLOG
nf_log_ipv4            16384  6
nf_log_common          16384  2 nf_log_ipv6,nf_log_ipv4
xt_LOG                 16384  11
nf_conntrack_sane      16384  4
nf_conntrack_netlink    49152  0
nfnetlink              16384  3 nfnetlink_log,ip_set,nf_conntrack_netlink
nf_nat_tftp            16384  0
nf_nat_snmp_basic      16384  0
nf_conntrack_snmp      16384  3 nf_nat_snmp_basic
nf_nat_sip             20480  0
nf_nat_pptp            16384  0
nf_nat_proto_gre       16384  1 nf_nat_pptp
nf_nat_irc             16384  0
nf_nat_h323            20480  0
nf_nat_ftp             16384  0
nf_nat_amanda          16384  0
nf_nat                 36864  12 nf_nat_pptp,nf_nat_proto_gre,xt_nat,nf_nat_h323,nf_nat_sip,nf_nat_irc,nf_nat_ftp,nf_nat_amanda,nf_nat_ipv6,nf_nat_masquerade_ipv4,nf_nat_ipv4,nf_nat_tftp
nf_conntrack_tftp      16384  5 nf_nat_tftp
nf_conntrack_sip       32768  5 nf_nat_sip
nf_conntrack_pptp      16384  3 nf_nat_pptp
nf_conntrack_proto_gre    16384  1 nf_conntrack_pptp
nf_conntrack_netbios_ns    16384  2
nf_conntrack_broadcast    16384  2 nf_conntrack_snmp,nf_conntrack_netbios_ns
nf_conntrack_irc       16384  3 nf_nat_irc
nf_conntrack_h323      77824  9 nf_nat_h323
nf_conntrack_ftp       20480  5 nf_nat_ftp
ts_kmp                 16384  5
nf_conntrack_amanda    16384  5 nf_nat_amanda
nf_conntrack          151552  31 nf_nat_pptp,nf_conntrack_sip,nf_conntrack_snmp,nf_conntrack_irc,xt_nat,nf_nat_h323,nf_conntrack_ipv6,nf_conntrack_ftp,nf_nat_snmp_basic,nf_nat_sip,nf_conntrack_ipv4,nf_conntrack_tftp,ipt_MASQUERADE,nf_nat_irc,nf_conntrack_pptp,nf_conntrack_amanda,nf_conntrack_broadcast,nf_nat_ftp,nf_conntrack_sane,nf_nat_amanda,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_CT,nf_nat_ipv6,nf_nat_masquerade_ipv4,nf_conntrack_h323,xt_conntrack,nf_nat_ipv4,nf_nat_tftp,nf_nat
iptable_filter         16384  1
wireguard             229376  0
ip6_udp_tunnel         16384  1 wireguard
udp_tunnel             16384  1 wireguard
cpufreq_userspace      16384  0
cpufreq_powersave      16384  0
cpufreq_conservative    16384  0
ext4                  720896  1
crc16                  16384  1 ext4
mbcache                16384  1 ext4
jbd2                  118784  1 ext4
fscrypto               32768  1 ext4
ecb                    16384  0
snd_hda_codec_generic    86016  1
snd_hda_intel          45056  0
snd_hda_codec         151552  2 snd_hda_intel,snd_hda_codec_generic
snd_hda_core           94208  3 snd_hda_intel,snd_hda_codec,snd_hda_codec_generic
snd_hwdep              20480  1 snd_hda_codec
snd_pcm               118784  3 snd_hda_intel,snd_hda_codec,snd_hda_core
snd_timer              36864  1 snd_pcm
qxl                    77824  1
ttm                   122880  1 qxl
snd                    94208  6 snd_hda_intel,snd_hwdep,snd_hda_codec,snd_timer,snd_hda_codec_generic,snd_pcm
drm_kms_helper        196608  1 qxl
sg                     36864  0
pcspkr                 16384  0
joydev                 24576  0
evdev                  28672  2
soundcore              16384  1 snd
serio_raw              16384  0
drm                   458752  4 qxl,ttm,drm_kms_helper
virtio_console         32768  0
virtio_balloon         20480  0
button                 16384  0
loop                   32768  0
virtio_rng             16384  0
rng_core               16384  1 virtio_rng
ip_tables              28672  4 iptable_mangle,iptable_filter,iptable_raw,iptable_nat
x_tables               45056  24 xt_comment,xt_LOG,xt_AUDIT,xt_multiport,ipt_REJECT,xt_nat,iptable_mangle,ip_tables,iptable_filter,xt_set,xt_mark,xt_tcpudp,iptable_raw,ipt_MASQUERADE,ip6t_REJECT,ip6table_mangle,xt_recent,ip6table_filter,xt_addrtype,xt_CT,ip6table_raw,xt_conntrack,ip6_tables,xt_NFLOG
autofs4                49152  2
xfs                  1433600  2
libcrc32c              16384  3 nf_conntrack,xfs,nf_nat
crc32c_generic         16384  0
algif_skcipher         16384  0
af_alg                 28672  1 algif_skcipher
hid_generic            16384  0
usbhid                 57344  0
hid                   135168  2 hid_generic,usbhid
dm_crypt               40960  1
dm_mod                147456  9 dm_crypt
sr_mod                 28672  0
cdrom                  69632  1 sr_mod
ata_generic            16384  0
virtio_net             49152  0
virtio_blk             20480  3
crct10dif_pclmul       16384  0
crc32_pclmul           16384  0
crc32c_intel           24576  2
ghash_clmulni_intel    16384  0
pcbc                   16384  0
aesni_intel           188416  3
aes_x86_64             20480  1 aesni_intel
crypto_simd            16384  1 aesni_intel
glue_helper            16384  1 aesni_intel
cryptd                 28672  4 crypto_simd,ghash_clmulni_intel,aesni_intel
psmouse               172032  0
ata_piix               36864  0
floppy                 86016  0
libata                278528  2 ata_piix,ata_generic
scsi_mod              253952  3 libata,sr_mod,sg
virtio_pci             28672  0
virtio_ring            28672  6 virtio_blk,virtio_net,virtio_rng,virtio_balloon,virtio_console,virtio_pci
virtio                 16384  6 virtio_blk,virtio_net,virtio_rng,virtio_balloon,virtio_console,virtio_pci
ehci_pci               16384  0
uhci_hcd               49152  0
ehci_hcd               94208  1 ehci_pci
usbcore               290816  4 usbhid,ehci_hcd,uhci_hcd,ehci_pci
usb_common             16384  1 usbcore
i2c_piix4              24576  0

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cryptsetup-initramfs depends on:
ii  busybox                                 1:1.27.2-3
ii  cryptsetup-run                          2:2.0.3-6
ii  initramfs-tools [linux-initramfs-tool]  0.132

Versions of packages cryptsetup-initramfs recommends:
ii  console-setup  1.184
ii  kbd            2.0.4-4

cryptsetup-initramfs suggests no packages.

-- no debconf information