kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #169777
[Bug 1556562] Re: VIA C7-D machine "kernel NULL pointer dereference" in skcipher_recvmsg_async
** Changed in: linux (Ubuntu Wily)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1556562
Title:
VIA C7-D machine "kernel NULL pointer dereference" in
skcipher_recvmsg_async
Status in linux package in Ubuntu:
Confirmed
Status in linux source package in Wily:
Fix Committed
Bug description:
I'm working on an Lubuntu 15 machine. It was chosen because it
supports VIA C7-D processor and the VIA PM400 chipset without crashing
(also see ). Lubuntu 15 uses the 4.2 kernel:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 15.10
Release: 15.10
Codename: wily
And:
$ uname -a
Linux via 4.2.0-30-generic #36-Ubuntu SMP Fri Feb 26 00:57:19 UTC 2016 i686 i686 i686 GNU/Linux
When running a particular program (details below), it hangs in syscall
248 and results in the following dmesg/syslog output. The process
cannot be killed, the machine does not respond to a 'shutdown -r now',
and the machine requires a hard reset.
...
[ 4505.429577] BUG: unable to handle kernel NULL pointer dereference at 00000008
[ 4505.429593] IP: [<f8a6ccf2>] skcipher_recvmsg_async.isra.13+0x4b2/0x500 [algif_skcipher]
[ 4505.429607] *pdpt = 0000000034ee3001 *pde = 0000000000000000
[ 4505.429614] Oops: 0000 [#3] SMP
[ 4505.429621] Modules linked in: jitterentropy_rng drbg ansi_cprng algif_skcipher af_alg snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi padlock_sha snd_seq padlock_aes snd_seq_device via_cputemp snd_timer hwmon_vid via_rng snd input_leds serio_raw soundcore i2c_viapro shpchp 8250_fintek mac_hid parport_pc ppdev lp parport autofs4 pata_acpi hid_generic usbhid hid psmouse r8169 pata_via sata_via mii
[ 4505.429689] CPU: 0 PID: 1532 Comm: afalgtest Tainted: G D 4.2.0-30-generic #36-Ubuntu
[ 4505.429695] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Weibu, BIOS 080014 11/17/2011
[ 4505.429700] task: f4e0e040 ti: f4e3c000 task.ti: f4e3c000
[ 4505.429705] EIP: 0060:[<f8a6ccf2>] EFLAGS: 00010202 CPU: 0
[ 4505.429712] EIP is at skcipher_recvmsg_async.isra.13+0x4b2/0x500 [algif_skcipher]
[ 4505.429717] EAX: f3f97c00 EBX: f3f3ee00 ECX: f3f97c00 EDX: 00000000
[ 4505.429722] ESI: f3f3ee00 EDI: 00000ff0 EBP: f4e3ddc8 ESP: f4e3dd70
[ 4505.429726] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 4505.429731] CR0: 80050033 CR2: 00000008 CR3: 3247a520 CR4: 000006b0
[ 4505.429735] Stack:
[ 4505.429738] f3f97df4 f3f97c00 f3f97de0 00000000 f3f97c04 00000020 f4e3dd00 00000018
[ 4505.429750] 00001ff0 f3fb4400 f3f97c04 00000ff0 f4e3de40 f3f97de8 f4e3de38 f3fa0000
[ 4505.429761] 00000002 00000002 f3f97c00 f1f58180 c1210510 f4e3de38 f4e3ddf4 f8a6cd6b
[ 4505.429772] Call Trace:
[ 4505.429788] [<c1210510>] ? free_ioctx_users+0xa0/0xa0
[ 4505.429795] [<f8a6cd6b>] skcipher_recvmsg+0x2b/0x1f0 [algif_skcipher]
[ 4505.429803] [<f8a6c71a>] ? skcipher_check_key.isra.8+0x2a/0xb0 [algif_skcipher]
[ 4505.429810] [<f8a6cf61>] skcipher_recvmsg_nokey+0x31/0x40 [algif_skcipher]
[ 4505.429820] [<c164e1fd>] sock_recvmsg+0x3d/0x50
[ 4505.429826] [<c164e294>] sock_read_iter+0x84/0xd0
[ 4505.429833] [<c164e210>] ? sock_recvmsg+0x50/0x50
[ 4505.429839] [<c12108b0>] aio_run_iocb+0x110/0x2c0
[ 4505.429846] [<c164e210>] ? sock_recvmsg+0x50/0x50
[ 4505.429854] [<c1767b8f>] ? error_code+0x67/0x6c
[ 4505.429865] [<c11b25e4>] ? kmem_cache_alloc+0x1b4/0x1e0
[ 4505.429875] [<c11e5112>] ? __fdget+0x12/0x20
[ 4505.429881] [<c121168f>] do_io_submit+0x1ef/0x4a0
[ 4505.429893] [<c12ddd2f>] ? security_file_alloc+0x2f/0x50
[ 4505.429900] [<c1211960>] SyS_io_submit+0x20/0x30
[ 4505.429911] [<c176695f>] sysenter_do_call+0x12/0x12
[ 4505.429915] Code: 00 00 00 75 24 8b 45 ac ff 52 0c 89 c7 83 ff 8d 75 8f 8b 45 e4 3e ff 80 fc 01 00 00 bf ef fd ff ff e9 62 fc ff ff 8d 76 00 89 c8 <ff> 52 08 89 c7 eb db 8b 45 e4 31 d2 8b 80 20 02 00 00 8b 58 1c
[ 4505.429982] EIP: [<f8a6ccf2>] skcipher_recvmsg_async.isra.13+0x4b2/0x500 [algif_skcipher] SS:ESP 0068:f4e3dd70
[ 4505.429991] CR2: 0000000000000008
[ 4505.429997] ---[ end trace 3cce7cc6be0ad960 ]---
**********
The process details is this is a failed self test for the upcoming
OpenSSL 1.1.0. The OpenSSL RT bug report for this issue is at
http://rt.openssl.org/Ticket/Display.html?id=4411. Two attempts to
debug it resulted in two hung processes:
$ ps -A | grep afalgtest
1030 pts/0 00:00:00 afalgtest
1196 pts/0 00:00:00 afalgtest
And:
via:test$ sudo cat /proc/1030/syscall
248 0xb7fd6000 0x1 0xbfff98d4 0xb7fb9270 0xbfff98e0 0xb7ec45f7 0xbfff986c 0xb7fdbbe8
via:test$ sudo cat /proc/1196/syscall
248 0xb7fd6000 0x1 0xbfff98d4 0xb7fb9270 0xbfff98e0 0xb7ec45f7 0xbfff986c 0xb7fdbbe8
Its not clear to me what that particular syscall is:
$ cat /usr/include/asm-generic/unistd.h
...
/*
* Architectures may provide up to 16 syscalls of their own
* starting with this value.
*/
#define __NR_arch_specific_syscall 244
#define __NR_wait4 260
__SC_COMP(__NR_wait4, sys_wait4, compat_sys_wait4)
#define __NR_prlimit64 261
__SYSCALL(__NR_prlimit64, sys_prlimit64)
#define __NR_fanotify_init 262
__SYSCALL(__NR_fanotify_init, sys_fanotify_init)
#define __NR_fanotify_mark 263
...
**********
If interested, you should be able to duplicate it with the following.
That's resuming you have the hardware.
$ git clone git://git.openssl.org/openssl.git
$ cd openssl
$ ./config -d
$ make
$ make test/afalgtest
$ cd test
$ OPENSSL_ENGINES=../engines/afalg gdb ./afalgtest
**********
In this case, the hardware was selected for the VIA C7-D processor and the Padlock engine. Its relatively low-end, and can be found at http://www.amazon.com/gp/product/B01AXR2KBQ.
---
ApportVersion: 2.19.1-0ubuntu5
Architecture: i386
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: jwalton 16458 F.... lxpanel
DistroRelease: Ubuntu 15.10
HibernationDevice: RESUME=UUID=e056d1a4-73ea-4667-a51f-604158d1b9fb
InstallationDate: Installed on 2016-03-22 (1 days ago)
InstallationMedia: Lubuntu 15.10 "Wily Werewolf" - Release i386 (20151021)
IwConfig:
lo no wireless extensions.
enp3s0 no wireless extensions.
MachineType: To Be Filled By O.E.M. To Be Filled By O.E.M.
Package: linux (not installed)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 VESA VGA
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.2.0-35-generic root=UUID=ed37a08c-3f91-4903-b20a-ba9829326044 ro ipv6.disable=1 biosdevname=0 audit=0 quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 4.2.0-35.40-generic 4.2.8-ckt5
RelatedPackageVersions:
linux-restricted-modules-4.2.0-35-generic N/A
linux-backports-modules-4.2.0-35-generic N/A
linux-firmware 1.149.3
RfKill:
Tags: wily wily
UdevLog: Error: [Errno 2] No such file or directory: '/var/log/udev'
Uname: Linux 4.2.0-35-generic i686
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 11/17/2011
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 080014
dmi.board.asset.tag: To Be Filled By O.E.M.
dmi.board.name: Weibu
dmi.board.vendor: WB
dmi.board.version: 1.0
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr080014:bd11/17/2011:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnWB:rnWeibu:rvr1.0:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.name: To Be Filled By O.E.M.
dmi.product.version: To Be Filled By O.E.M.
dmi.sys.vendor: To Be Filled By O.E.M.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1556562/+subscriptions