VIA C7-D machine "kernel NULL pointer dereference" in skcipher_recvmsg_async
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Critical
|
Kamal Mostafa | ||
Wily |
Fix Released
|
Critical
|
Kamal Mostafa |
Bug Description
I'm working on an Lubuntu 15 machine. It was chosen because it supports VIA C7-D processor and the VIA PM400 chipset without crashing (also see ). Lubuntu 15 uses the 4.2 kernel:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 15.10
Release: 15.10
Codename: wily
And:
$ uname -a
Linux via 4.2.0-30-generic #36-Ubuntu SMP Fri Feb 26 00:57:19 UTC 2016 i686 i686 i686 GNU/Linux
When running a particular program (details below), it hangs in syscall 248 and results in the following dmesg/syslog output. The process cannot be killed, the machine does not respond to a 'shutdown -r now', and the machine requires a hard reset.
...
[ 4505.429577] BUG: unable to handle kernel NULL pointer dereference at 00000008
[ 4505.429593] IP: [<f8a6ccf2>] skcipher_
[ 4505.429607] *pdpt = 0000000034ee3001 *pde = 0000000000000000
[ 4505.429614] Oops: 0000 [#3] SMP
[ 4505.429621] Modules linked in: jitterentropy_rng drbg ansi_cprng algif_skcipher af_alg snd_hda_
[ 4505.429689] CPU: 0 PID: 1532 Comm: afalgtest Tainted: G D 4.2.0-30-generic #36-Ubuntu
[ 4505.429695] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Weibu, BIOS 080014 11/17/2011
[ 4505.429700] task: f4e0e040 ti: f4e3c000 task.ti: f4e3c000
[ 4505.429705] EIP: 0060:[<f8a6ccf2>] EFLAGS: 00010202 CPU: 0
[ 4505.429712] EIP is at skcipher_
[ 4505.429717] EAX: f3f97c00 EBX: f3f3ee00 ECX: f3f97c00 EDX: 00000000
[ 4505.429722] ESI: f3f3ee00 EDI: 00000ff0 EBP: f4e3ddc8 ESP: f4e3dd70
[ 4505.429726] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 4505.429731] CR0: 80050033 CR2: 00000008 CR3: 3247a520 CR4: 000006b0
[ 4505.429735] Stack:
[ 4505.429738] f3f97df4 f3f97c00 f3f97de0 00000000 f3f97c04 00000020 f4e3dd00 00000018
[ 4505.429750] 00001ff0 f3fb4400 f3f97c04 00000ff0 f4e3de40 f3f97de8 f4e3de38 f3fa0000
[ 4505.429761] 00000002 00000002 f3f97c00 f1f58180 c1210510 f4e3de38 f4e3ddf4 f8a6cd6b
[ 4505.429772] Call Trace:
[ 4505.429788] [<c1210510>] ? free_ioctx_
[ 4505.429795] [<f8a6cd6b>] skcipher_
[ 4505.429803] [<f8a6c71a>] ? skcipher_
[ 4505.429810] [<f8a6cf61>] skcipher_
[ 4505.429820] [<c164e1fd>] sock_recvmsg+
[ 4505.429826] [<c164e294>] sock_read_
[ 4505.429833] [<c164e210>] ? sock_recvmsg+
[ 4505.429839] [<c12108b0>] aio_run_
[ 4505.429846] [<c164e210>] ? sock_recvmsg+
[ 4505.429854] [<c1767b8f>] ? error_code+
[ 4505.429865] [<c11b25e4>] ? kmem_cache_
[ 4505.429875] [<c11e5112>] ? __fdget+0x12/0x20
[ 4505.429881] [<c121168f>] do_io_submit+
[ 4505.429893] [<c12ddd2f>] ? security_
[ 4505.429900] [<c1211960>] SyS_io_
[ 4505.429911] [<c176695f>] sysenter_
[ 4505.429915] Code: 00 00 00 75 24 8b 45 ac ff 52 0c 89 c7 83 ff 8d 75 8f 8b 45 e4 3e ff 80 fc 01 00 00 bf ef fd ff ff e9 62 fc ff ff 8d 76 00 89 c8 <ff> 52 08 89 c7 eb db 8b 45 e4 31 d2 8b 80 20 02 00 00 8b 58 1c
[ 4505.429982] EIP: [<f8a6ccf2>] skcipher_
[ 4505.429991] CR2: 0000000000000008
[ 4505.429997] ---[ end trace 3cce7cc6be0ad960 ]---
**********
The process details is this is a failed self test for the upcoming OpenSSL 1.1.0. The OpenSSL RT bug report for this issue is at http://
$ ps -A | grep afalgtest
1030 pts/0 00:00:00 afalgtest
1196 pts/0 00:00:00 afalgtest
And:
via:test$ sudo cat /proc/1030/syscall
248 0xb7fd6000 0x1 0xbfff98d4 0xb7fb9270 0xbfff98e0 0xb7ec45f7 0xbfff986c 0xb7fdbbe8
via:test$ sudo cat /proc/1196/syscall
248 0xb7fd6000 0x1 0xbfff98d4 0xb7fb9270 0xbfff98e0 0xb7ec45f7 0xbfff986c 0xb7fdbbe8
Its not clear to me what that particular syscall is:
$ cat /usr/include/
...
/*
* Architectures may provide up to 16 syscalls of their own
* starting with this value.
*/
#define __NR_arch_
#define __NR_wait4 260
__SC_COMP(
#define __NR_prlimit64 261
__SYSCALL(
#define __NR_fanotify_init 262
__SYSCALL(
#define __NR_fanotify_mark 263
...
**********
If interested, you should be able to duplicate it with the following. That's resuming you have the hardware.
$ git clone git://git.
$ cd openssl
$ ./config -d
$ make
$ make test/afalgtest
$ cd test
$ OPENSSL_
**********
In this case, the hardware was selected for the VIA C7-D processor and the Padlock engine. Its relatively low-end, and can be found at http://
---
ApportVersion: 2.19.1-0ubuntu5
Architecture: i386
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/
DistroRelease: Ubuntu 15.10
HibernationDevice: RESUME=
InstallationDate: Installed on 2016-03-22 (1 days ago)
InstallationMedia: Lubuntu 15.10 "Wily Werewolf" - Release i386 (20151021)
IwConfig:
lo no wireless extensions.
enp3s0 no wireless extensions.
MachineType: To Be Filled By O.E.M. To Be Filled By O.E.M.
Package: linux (not installed)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 VESA VGA
ProcKernelCmdLine: BOOT_IMAGE=
ProcVersionSign
RelatedPackageV
linux-
linux-
linux-firmware 1.149.3
RfKill:
Tags: wily wily
UdevLog: Error: [Errno 2] No such file or directory: '/var/log/udev'
Uname: Linux 4.2.0-35-generic i686
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 11/17/2011
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 080014
dmi.board.
dmi.board.name: Weibu
dmi.board.vendor: WB
dmi.board.version: 1.0
dmi.chassis.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.
dmi.modalias: dmi:bvnAmerican
dmi.product.name: To Be Filled By O.E.M.
dmi.product.
dmi.sys.vendor: To Be Filled By O.E.M.
Related branches
affects: | ubuntu → linux-kernel-no-pae |
Changed in linux-kernel-no-pae: | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
affects: | linux-kernel-no-pae → linux |
no longer affects: | linux |
Changed in linux (Ubuntu Wily): | |
status: | New → In Progress |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
summary: |
- VIA C7-D machine and "unable to handle kernel NULL pointer dereference - at 00000008" + VIA C7-D machine "kernel NULL pointer dereference" in + skcipher_recvmsg_async |
Changed in linux (Ubuntu Wily): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
importance: | Undecided → Critical |
status: | Confirmed → Fix Committed |
Changed in linux (Ubuntu Wily): | |
importance: | Undecided → Critical |
Changed in linux (Ubuntu): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
tags: |
added: verification-done-wily removed: verification-needed-wily |
Changed in linux (Ubuntu): | |
status: | Fix Committed → Fix Released |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1556562
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.