Date: Thu, 21 Jun 2018 23:59:58 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 229222] 11.2-PRERELEASE panic-General Protection Fault, aesni_encrypt_cbc implicated Message-ID: <bug-229222-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229222 Bug ID: 229222 Summary: 11.2-PRERELEASE panic-General Protection Fault, aesni_encrypt_cbc implicated Product: Base System Version: 11.2-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: dewayne@heuristicsystems.com.au Platform:CPU: Intel(R) Xeon(R) CPU E3-1230L v3 @ 1.80GHz (1795.88-MHz K8-cl= ass CPU) Filesystems: ufs2=20 OS: FreeBSD 11.2-PRERELEASE r335442M amd64 hqdev-amd64-smp-vga 1102501 1102500 Relevant apps:=20 openssh-portable-7.7.p1_2,1=20=20=20=20 libressl-2.6.4_1 all ports are built using binutils-2.30_3,1 which is why its installed Observation: - System boots, runs multiple sambas, sendmail, squid, ss5,...=20 - Unpredictable crashes, nothing in logs. - seems related to ssh'ing outbound, unsure because computer triggers connections/commands to firewalls - sshd connections use chacha20. - crashes have been occuring since May, we usually rebuild stable fortnight= ly. - after a failed test we revert to FreeBSD 11.1-STABLE r329008M amd64 hqdev-amd64-smp-vga 1101509 1102500 - this most recent crash uses revision 335442, however we reverted parts of llvm back to 333070 as we wrongly suspected that as the cause. Using:=20 svnlite update /usr/src svnlite update -r 333070 /usr/src/contrib/llvm /usr/src/lib/clang/freebsd_cc_version.h /usr/src/lib/clang/libllvm/Makefile - the systems were built using=20 ~# "/usr/bin/cc" -v FreeBSD clang version 6.0.0 (tags/RELEASE_600/final 326565) (based on LLVM 6.0.0) Target: x86_64-unknown-freebsd11.2 Thread model: posix InstalledDir: /usr/bin ~# "/usr/bin/ld" -v GNU ld 2.17.50 [FreeBSD] 2007-07-03 - The kernel was placed in the normal location, /boot/kernel,=20 but as this was a temporary/test build it was destined for /pd2/tmp/destP. /smallblocks is where we place src and ports, ie /usr/src equivalent to /smallblocks/src. The minidump follows: # kgdb /pd2/tmp/destP/usr/lib/debug/boot/kernel/kernel.debug /var/crash/vmcore.0 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain condition= s. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: [21419] [21419] [21419] Fatal trap 9: general protection fault while in kernel mode [21419] cpuid =3D 7; apic id =3D 07 [21419] instruction pointer =3D 0x20:0xffffffff80df76ee [21419] stack pointer =3D 0x0:0xfffffe0688f57df8 [21419] frame pointer =3D 0x0:0xfffffe0688f57e88 [21419] code segment =3D base 0x0, limit 0xfffff, type 0x1b [21419] =3D DPL 0, pres 1, long 1, def32 0, gran 1 [21419] processor eflags =3D interrupt enabled, resume, IOPL =3D 0 [21419] current process =3D 47820 (ssh) [21419] trap number =3D 9 [21419] panic: general protection fault [21419] cpuid =3D 7 [21419] Uptime: 5h56m59s [21419] Dumping 2135 out of 24501 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91% Reading symbols from /pd2/tmp/destP/usr/lib/debug/boot/kernel/mac_ifoff.ko.debug...done. Loaded symbols for /pd2/tmp/destP/usr/lib/debug/boot/kernel/mac_ifoff.ko.de= bug Reading symbols from /pd2/tmp/destP/usr/lib/debug/boot/kernel/cpufreq.ko.debug...done. Loaded symbols for /pd2/tmp/destP/usr/lib/debug/boot/kernel/cpufreq.ko.debug Reading symbols from /pd2/tmp/destP/usr/lib/debug/boot/kernel/coretemp.ko.debug...done. Loaded symbols for /pd2/tmp/destP/usr/lib/debug/boot/kernel/coretemp.ko.deb= ug Reading symbols from /pd2/tmp/destP/usr/lib/debug/boot/kernel/uplcom.ko.debug...done. Loaded symbols for /pd2/tmp/destP/usr/lib/debug/boot/kernel/uplcom.ko.debug Reading symbols from /pd2/tmp/destP/usr/lib/debug/boot/kernel/ucom.ko.debug...done. Loaded symbols for /pd2/tmp/destP/usr/lib/debug/boot/kernel/ucom.ko.debug #0 doadump (textdump=3D1) at /smallblocks/src/sys/kern/kern_shutdown.c:315 315 dumptid =3D curthread->td_tid; (kgdb) list 0xffffffff80df76ee Function "0xffffffff80df76ee" not defined. (kgdb) list *0xffffffff80df76ee 0xffffffff80df76ee is in aesni_encrypt_cbc (/smallblocks/src/sys/crypto/aesni/aesni_wrap.c:64). 59 { 60 __m128i tot, ivreg; 61 size_t i; 62 63 len /=3D AES_BLOCK_LEN; 64 ivreg =3D _mm_loadu_si128((const __m128i *)iv); 65 for (i =3D 0; i < len; i++) { 66 tot =3D aesni_enc(rounds - 1, key_schedule, 67 _mm_loadu_si128((const __m128i *)from) ^ ivreg); 68 ivreg =3D tot; Current language: auto; currently minimal (kgdb) 69 _mm_storeu_si128((__m128i *)to, tot); 70 from +=3D AES_BLOCK_LEN; 71 to +=3D AES_BLOCK_LEN; 72 } 73 } 74 75 void 76 aesni_decrypt_cbc(int rounds, const void *key_schedule, size_t len, 77 uint8_t *buf, const uint8_t iv[static AES_BLOCK_LEN]) 78 { (kgdb) Quit (kgdb) backtrace #0 doadump (textdump=3D1) at /smallblocks/src/sys/kern/kern_shutdown.c:315 #1 0xffffffff8080973b in kern_reboot (howto=3D260) at /smallblocks/src/sys/kern/kern_shutdown.c:383 #2 0xffffffff80809f7c in vpanic (fmt=3D0xffffffff80e8993a "%s", ap=3D0xfffffe0688f57900) at /smallblocks/src/sys/kern/kern_shutdown.c:776 #3 0xffffffff80809d60 in panic (fmt=3D0xffffffff80e8993a "%s") at /smallblocks/src/sys/kern/kern_shutdown.c:707 #4 0xffffffff80de9597 in trap_fatal (frame=3D0xfffffe0688f57d30, eva=3D0) at /smallblocks/src/sys/amd64/amd64/trap.c:875 #5 0xffffffff80de8c1d in trap (frame=3D0xfffffe0688f57d30) at /smallblocks/src/sys/amd64/amd64/trap.c:608 #6 0xffffffff80de99e5 in trap_check (frame=3D0xfffffe0688f57d30) at /smallblocks/src/sys/amd64/amd64/trap.c:657 #7 0xffffffff80dbe7de in calltrap () at /smallblocks/src/sys/amd64/amd64/exception.S:231 #8 0xffffffff80df76ee in aesni_encrypt_cbc (rounds=3D10, key_schedule=3D0xfffff8001446cc00, len=3D2, from=3D0xfffff8001408bb80 "\016\005", to=3D0xfffff8001408bb80 "\016\005= ", iv=3D0xfffffe0688f57fa8 "\003\024|Dc=E2=96=92\0200a%=E2=96=92\032!=E2= =96=92\016") at /smallblocks/src/sys/crypto/aesni/aesni_wrap.c:64 #9 0xffffffff80defb0b in aesni_cipher_process (ses=3D0xfffff8001446cc00, enccrd=3D0xfffff803905493f0, authcrd=3D0x0, crp=3D0xfffff80390258bb0) at /smallblocks/src/sys/crypto/aesni/aesni.c:606 #10 0xffffffff80def050 in aesni_process (dev=3D0xfffff8000567de00, crp=3D0xfffff80390258bb0, hint=3D0) at /smallblocks/src/sys/crypto/aesni/aesni.c:413 #11 0xffffffff80c79eb5 in CRYPTODEV_PROCESS (dev=3D0xfffff8000567de00, op=3D0xfffff80390258bb0, flags=3D0) at cryptodev_if.h:53 #12 0xffffffff80c78894 in crypto_invoke (cap=3D0xfffff80005023078, crp=3D0xfffff80390258bb0, hint=3D0) at /smallblocks/src/sys/opencrypto/crypto.c:1083 #13 0xffffffff80c7861a in crypto_dispatch (crp=3D0xfffff80390258bb0) at /smallblocks/src/sys/opencrypto/crypto.c:844 #14 0xffffffff80c7c9fa in cryptodev_op (cse=3D0xfffff800c4669900, cop=3D0xfffffe0688f583f0, active_cred=3D0xfffff805bc031700, td=3D0xfffff802b9250620) at /smallblocks/src/sys/opencrypto/cryptodev.c:849 #15 0xffffffff80c7ba9f in cryptof_ioctl (fp=3D0xfffff8001434b0f0, cmd=3D322= 3085927, data=3D0xfffffe0688f58720, active_cred=3D0xfffff805bc031700, td=3D0xfffff802b9250620) at /smallblocks/src/sys/opencrypto/cryptodev.c:633 #16 0xffffffff80898cec in fo_ioctl (fp=3D0xfffff8001434b0f0, com=3D32230859= 27, data=3D0xfffffe0688f58720, active_cred=3D0xfffff805bc031700, td=3D0xfffff802b9250620) at file.h:323 #17 0xffffffff80898ae4 in kern_ioctl (td=3D0xfffff802b9250620, fd=3D5, com=3D3223085927, data=3D0xfffffe0688f58720 "") at /smallblocks/src/sys/kern/sys_generic.= c:836 #18 0xffffffff808986aa in sys_ioctl (td=3D0xfffff802b9250620, uap=3D0xfffffe0688f58878) at /smallblocks/src/sys/kern/sys_generic.c:745 #19 0xffffffff8030e321 in freebsd32_ioctl (td=3D0xfffff802b9250620, uap=3D0xfffff802b9250b58) at /smallblocks/src/sys/compat/freebsd32/freebsd32_ioctl.c:470 #20 0xffffffff80e315be in syscallenter (td=3D0xfffff802b9250620) at subr_syscall.c:132 #21 0xffffffff80e30f3f in ia32_syscall (frame=3D0xfffffe0688f58ab8) at /smallblocks/src/sys/amd64/ia32/ia32_syscall.c:218 #22 0xffffffff80dbf796 in int0x80_syscall_common () at ia32_exception.S:76 #23 0x0000000000000000 in ?? () (kgdb) quit I have retained the core dump and debug symbols if further information required, or compressed to 208MB upon request. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229222-227>