← Back to team overview

kernel-packages team mailing list archive

[Bug 1556562] Re: VIA C7-D machine "kernel NULL pointer dereference" in skcipher_recvmsg_async

 

Hi Jeffrey-  Can you confirm that the Wily kernel (4.2.0-36.41)
currently in -proposed fixes this bug?  Thanks!

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1556562

Title:
  VIA C7-D machine "kernel NULL pointer dereference" in
  skcipher_recvmsg_async

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Wily:
  Fix Committed

Bug description:
  I'm working on an Lubuntu 15 machine. It was chosen because it
  supports VIA C7-D processor and the VIA PM400 chipset without crashing
  (also see ). Lubuntu 15 uses the 4.2 kernel:

    $ lsb_release -a
    No LSB modules are available.
    Distributor ID:	Ubuntu
    Description:	Ubuntu 15.10
    Release:	15.10
    Codename:	wily

  And:

    $ uname -a
    Linux via 4.2.0-30-generic #36-Ubuntu SMP Fri Feb 26 00:57:19 UTC 2016 i686 i686 i686 GNU/Linux

  When running a particular program (details below), it hangs in syscall
  248 and results in the following dmesg/syslog output. The process
  cannot be killed, the machine does not respond to a 'shutdown -r now',
  and the machine requires a hard reset.

  ...
  [ 4505.429577] BUG: unable to handle kernel NULL pointer dereference at 00000008
  [ 4505.429593] IP: [<f8a6ccf2>] skcipher_recvmsg_async.isra.13+0x4b2/0x500 [algif_skcipher]
  [ 4505.429607] *pdpt = 0000000034ee3001 *pde = 0000000000000000 
  [ 4505.429614] Oops: 0000 [#3] SMP 
  [ 4505.429621] Modules linked in: jitterentropy_rng drbg ansi_cprng algif_skcipher af_alg snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi padlock_sha snd_seq padlock_aes snd_seq_device via_cputemp snd_timer hwmon_vid via_rng snd input_leds serio_raw soundcore i2c_viapro shpchp 8250_fintek mac_hid parport_pc ppdev lp parport autofs4 pata_acpi hid_generic usbhid hid psmouse r8169 pata_via sata_via mii
  [ 4505.429689] CPU: 0 PID: 1532 Comm: afalgtest Tainted: G      D         4.2.0-30-generic #36-Ubuntu
  [ 4505.429695] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Weibu, BIOS 080014  11/17/2011
  [ 4505.429700] task: f4e0e040 ti: f4e3c000 task.ti: f4e3c000
  [ 4505.429705] EIP: 0060:[<f8a6ccf2>] EFLAGS: 00010202 CPU: 0
  [ 4505.429712] EIP is at skcipher_recvmsg_async.isra.13+0x4b2/0x500 [algif_skcipher]
  [ 4505.429717] EAX: f3f97c00 EBX: f3f3ee00 ECX: f3f97c00 EDX: 00000000
  [ 4505.429722] ESI: f3f3ee00 EDI: 00000ff0 EBP: f4e3ddc8 ESP: f4e3dd70
  [ 4505.429726]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
  [ 4505.429731] CR0: 80050033 CR2: 00000008 CR3: 3247a520 CR4: 000006b0
  [ 4505.429735] Stack:
  [ 4505.429738]  f3f97df4 f3f97c00 f3f97de0 00000000 f3f97c04 00000020 f4e3dd00 00000018
  [ 4505.429750]  00001ff0 f3fb4400 f3f97c04 00000ff0 f4e3de40 f3f97de8 f4e3de38 f3fa0000
  [ 4505.429761]  00000002 00000002 f3f97c00 f1f58180 c1210510 f4e3de38 f4e3ddf4 f8a6cd6b
  [ 4505.429772] Call Trace:
  [ 4505.429788]  [<c1210510>] ? free_ioctx_users+0xa0/0xa0
  [ 4505.429795]  [<f8a6cd6b>] skcipher_recvmsg+0x2b/0x1f0 [algif_skcipher]
  [ 4505.429803]  [<f8a6c71a>] ? skcipher_check_key.isra.8+0x2a/0xb0 [algif_skcipher]
  [ 4505.429810]  [<f8a6cf61>] skcipher_recvmsg_nokey+0x31/0x40 [algif_skcipher]
  [ 4505.429820]  [<c164e1fd>] sock_recvmsg+0x3d/0x50
  [ 4505.429826]  [<c164e294>] sock_read_iter+0x84/0xd0
  [ 4505.429833]  [<c164e210>] ? sock_recvmsg+0x50/0x50
  [ 4505.429839]  [<c12108b0>] aio_run_iocb+0x110/0x2c0
  [ 4505.429846]  [<c164e210>] ? sock_recvmsg+0x50/0x50
  [ 4505.429854]  [<c1767b8f>] ? error_code+0x67/0x6c
  [ 4505.429865]  [<c11b25e4>] ? kmem_cache_alloc+0x1b4/0x1e0
  [ 4505.429875]  [<c11e5112>] ? __fdget+0x12/0x20
  [ 4505.429881]  [<c121168f>] do_io_submit+0x1ef/0x4a0
  [ 4505.429893]  [<c12ddd2f>] ? security_file_alloc+0x2f/0x50
  [ 4505.429900]  [<c1211960>] SyS_io_submit+0x20/0x30
  [ 4505.429911]  [<c176695f>] sysenter_do_call+0x12/0x12
  [ 4505.429915] Code: 00 00 00 75 24 8b 45 ac ff 52 0c 89 c7 83 ff 8d 75 8f 8b 45 e4 3e ff 80 fc 01 00 00 bf ef fd ff ff e9 62 fc ff ff 8d 76 00 89 c8 <ff> 52 08 89 c7 eb db 8b 45 e4 31 d2 8b 80 20 02 00 00 8b 58 1c
  [ 4505.429982] EIP: [<f8a6ccf2>] skcipher_recvmsg_async.isra.13+0x4b2/0x500 [algif_skcipher] SS:ESP 0068:f4e3dd70
  [ 4505.429991] CR2: 0000000000000008
  [ 4505.429997] ---[ end trace 3cce7cc6be0ad960 ]---

  **********

  The process details is this is a failed self test for the upcoming
  OpenSSL 1.1.0. The OpenSSL RT bug report for this issue is at
  http://rt.openssl.org/Ticket/Display.html?id=4411. Two attempts to
  debug it resulted in two hung processes:

  $ ps -A | grep afalgtest
  1030 pts/0    00:00:00 afalgtest
  1196 pts/0    00:00:00 afalgtest

  And:

  via:test$ sudo cat /proc/1030/syscall 
  248 0xb7fd6000 0x1 0xbfff98d4 0xb7fb9270 0xbfff98e0 0xb7ec45f7 0xbfff986c 0xb7fdbbe8
  via:test$ sudo cat /proc/1196/syscall 
  248 0xb7fd6000 0x1 0xbfff98d4 0xb7fb9270 0xbfff98e0 0xb7ec45f7 0xbfff986c 0xb7fdbbe8

  Its not clear to me what that particular syscall is:

  $ cat /usr/include/asm-generic/unistd.h
  ...
  /*
   * Architectures may provide up to 16 syscalls of their own
   * starting with this value.
   */
  #define __NR_arch_specific_syscall 244

  #define __NR_wait4 260
  __SC_COMP(__NR_wait4, sys_wait4, compat_sys_wait4)
  #define __NR_prlimit64 261
  __SYSCALL(__NR_prlimit64, sys_prlimit64)
  #define __NR_fanotify_init 262
  __SYSCALL(__NR_fanotify_init, sys_fanotify_init)
  #define __NR_fanotify_mark 263
  ...

  **********

  If interested, you should be able to duplicate it with the following.
  That's resuming you have the hardware.

  $ git clone git://git.openssl.org/openssl.git
  $ cd openssl

  $ ./config -d
  $ make
  $ make test/afalgtest
  $ cd test
  $ OPENSSL_ENGINES=../engines/afalg gdb ./afalgtest

  **********

  In this case, the hardware was selected for the VIA C7-D processor and the Padlock engine. Its relatively low-end, and can be found at http://www.amazon.com/gp/product/B01AXR2KBQ.
  --- 
  ApportVersion: 2.19.1-0ubuntu5
  Architecture: i386
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC0:  jwalton   16458 F.... lxpanel
  DistroRelease: Ubuntu 15.10
  HibernationDevice: RESUME=UUID=e056d1a4-73ea-4667-a51f-604158d1b9fb
  InstallationDate: Installed on 2016-03-22 (1 days ago)
  InstallationMedia: Lubuntu 15.10 "Wily Werewolf" - Release i386 (20151021)
  IwConfig:
   lo        no wireless extensions.
   
   enp3s0    no wireless extensions.
  MachineType: To Be Filled By O.E.M. To Be Filled By O.E.M.
  Package: linux (not installed)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 VESA VGA
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.2.0-35-generic root=UUID=ed37a08c-3f91-4903-b20a-ba9829326044 ro ipv6.disable=1 biosdevname=0 audit=0 quiet splash vt.handoff=7
  ProcVersionSignature: Ubuntu 4.2.0-35.40-generic 4.2.8-ckt5
  RelatedPackageVersions:
   linux-restricted-modules-4.2.0-35-generic N/A
   linux-backports-modules-4.2.0-35-generic  N/A
   linux-firmware                            1.149.3
  RfKill:
   
  Tags:  wily wily
  UdevLog: Error: [Errno 2] No such file or directory: '/var/log/udev'
  Uname: Linux 4.2.0-35-generic i686
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups:
   
  _MarkForUpload: True
  dmi.bios.date: 11/17/2011
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: 080014
  dmi.board.asset.tag: To Be Filled By O.E.M.
  dmi.board.name: Weibu
  dmi.board.vendor: WB
  dmi.board.version: 1.0
  dmi.chassis.asset.tag: To Be Filled By O.E.M.
  dmi.chassis.type: 3
  dmi.chassis.vendor: To Be Filled By O.E.M.
  dmi.chassis.version: To Be Filled By O.E.M.
  dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr080014:bd11/17/2011:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnWB:rnWeibu:rvr1.0:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
  dmi.product.name: To Be Filled By O.E.M.
  dmi.product.version: To Be Filled By O.E.M.
  dmi.sys.vendor: To Be Filled By O.E.M.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1556562/+subscriptions


Follow ups