Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 23 Jun 2018 03:41:04 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 229222] 11.2-PRERELEASE panic-General Protection Fault, aesni_encrypt_cbc implicated
Message-ID:  <bug-229222-227-jBAQO4UUrZ@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-229222-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-229222-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229222

--- Comment #10 from dewayne@heuristicsystems.com.au ---
(In reply to Konstantin Belousov from comment #8)
Just crashed, results being:
kgdb /pd2/tmp/destQ/usr/lib/debug/boot/kernel/kernel.debug /var/crash/vmcor=
e.10
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
[9024]
[9024]
[9024] Fatal trap 9: general protection fault while in kernel mode
[9024] cpuid =3D 2; apic id =3D 02
[9024] instruction pointer      =3D 0x20:0xffffffff80df7abe
[9024] stack pointer            =3D 0x0:0xfffffe0688b39df8
[9024] frame pointer            =3D 0x0:0xfffffe0688b39e88
[9024] code segment             =3D base 0x0, limit 0xfffff, type 0x1b
[9024]                  =3D DPL 0, pres 1, long 1, def32 0, gran 1
[9024] processor eflags =3D interrupt enabled, resume, IOPL =3D 0
[9024] current process          =3D 53068 (ssh)
[9024] trap number              =3D 9
[9024] panic: general protection fault
[9024] cpuid =3D 2
[9024] Uptime: 2h30m24s
[9024] Dumping 1861 out of 24501
MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

Reading symbols from
/pd2/tmp/destQ/usr/lib/debug/boot/kernel/mac_ifoff.ko.debug...done.
Loaded symbols for /pd2/tmp/destQ/usr/lib/debug/boot/kernel/mac_ifoff.ko.de=
bug
Reading symbols from
/pd2/tmp/destQ/usr/lib/debug/boot/kernel/cpufreq.ko.debug...done.
Loaded symbols for /pd2/tmp/destQ/usr/lib/debug/boot/kernel/cpufreq.ko.debug
Reading symbols from
/pd2/tmp/destQ/usr/lib/debug/boot/kernel/coretemp.ko.debug...done.
Loaded symbols for /pd2/tmp/destQ/usr/lib/debug/boot/kernel/coretemp.ko.deb=
ug
Reading symbols from
/pd2/tmp/destQ/usr/lib/debug/boot/kernel/uplcom.ko.debug...done.
Loaded symbols for /pd2/tmp/destQ/usr/lib/debug/boot/kernel/uplcom.ko.debug
Reading symbols from
/pd2/tmp/destQ/usr/lib/debug/boot/kernel/ucom.ko.debug...done.
Loaded symbols for /pd2/tmp/destQ/usr/lib/debug/boot/kernel/ucom.ko.debug
#0  doadump (textdump=3D1) at /smallblocks/src/sys/kern/kern_shutdown.c:315
315             dumptid =3D curthread->td_tid;
(kgdb) list *0xffffffff80df7abe
0xffffffff80df7abe is in aesni_encrypt_cbc
(/smallblocks/src/sys/crypto/aesni/aesni_wrap.c:64).
59      {
60              __m128i tot, ivreg;
61              size_t i;
62
63              len /=3D AES_BLOCK_LEN;
64              ivreg =3D _mm_loadu_si128((const __m128i *)iv);
65              for (i =3D 0; i < len; i++) {
66                      tot =3D aesni_enc(rounds - 1, key_schedule,
67                          _mm_loadu_si128((const __m128i *)from) ^ ivreg);
68                      ivreg =3D tot;
Current language:  auto; currently minimal
(kgdb) disassemble 0xffffffff80df7abe
Dump of assembler code for function aesni_encrypt_cbc:
0xffffffff80df7a80 <aesni_encrypt_cbc+0>:       push   %rbp
0xffffffff80df7a81 <aesni_encrypt_cbc+1>:       mov    %rsp,%rbp
0xffffffff80df7a84 <aesni_encrypt_cbc+4>:       sub    $0x90,%rsp
0xffffffff80df7a8b <aesni_encrypt_cbc+11>:      mov    %edi,-0x2c(%rbp)
0xffffffff80df7a8e <aesni_encrypt_cbc+14>:      mov    %rsi,-0x38(%rbp)
0xffffffff80df7a92 <aesni_encrypt_cbc+18>:      mov    %rdx,-0x40(%rbp)
0xffffffff80df7a96 <aesni_encrypt_cbc+22>:      mov    %rcx,-0x48(%rbp)
0xffffffff80df7a9a <aesni_encrypt_cbc+26>:      mov    %r8,-0x50(%rbp)
0xffffffff80df7a9e <aesni_encrypt_cbc+30>:      mov    %r9,-0x58(%rbp)
0xffffffff80df7aa2 <aesni_encrypt_cbc+34>:      mov    -0x40(%rbp),%rcx
0xffffffff80df7aa6 <aesni_encrypt_cbc+38>:      shr    $0x4,%rcx
0xffffffff80df7aaa <aesni_encrypt_cbc+42>:      mov    %rcx,-0x40(%rbp)
0xffffffff80df7aae <aesni_encrypt_cbc+46>:      mov    -0x58(%rbp),%rcx
0xffffffff80df7ab2 <aesni_encrypt_cbc+50>:      mov    %rcx,-0x28(%rbp)
0xffffffff80df7ab6 <aesni_encrypt_cbc+54>:      mov    -0x28(%rbp),%rcx
0xffffffff80df7aba <aesni_encrypt_cbc+58>:      movdqu (%rcx),%xmm0
0xffffffff80df7abe <aesni_encrypt_cbc+62>:      movdqa %xmm0,-0x80(%rbp)
0xffffffff80df7ac3 <aesni_encrypt_cbc+67>:      movq   $0x0,-0x88(%rbp)
0xffffffff80df7ace <aesni_encrypt_cbc+78>:      mov    -0x88(%rbp),%rax
0xffffffff80df7ad5 <aesni_encrypt_cbc+85>:      cmp    -0x40(%rbp),%rax
0xffffffff80df7ad9 <aesni_encrypt_cbc+89>:      jae    0xffffffff80df7b65
<aesni_encrypt_cbc+229>
0xffffffff80df7adf <aesni_encrypt_cbc+95>:      mov    -0x2c(%rbp),%eax
0xffffffff80df7ae2 <aesni_encrypt_cbc+98>:      sub    $0x1,%eax
0xffffffff80df7ae5 <aesni_encrypt_cbc+101>:     mov    -0x38(%rbp),%rcx
0xffffffff80df7ae9 <aesni_encrypt_cbc+105>:     mov    -0x48(%rbp),%rdx
0xffffffff80df7aed <aesni_encrypt_cbc+109>:     mov    %rdx,-0x8(%rbp)
0xffffffff80df7af1 <aesni_encrypt_cbc+113>:     mov    -0x8(%rbp),%rdx
0xffffffff80df7af5 <aesni_encrypt_cbc+117>:     movdqu (%rdx),%xmm0
0xffffffff80df7af9 <aesni_encrypt_cbc+121>:     pxor   -0x80(%rbp),%xmm0
0xffffffff80df7afe <aesni_encrypt_cbc+126>:     mov    %eax,%edi
0xffffffff80df7b00 <aesni_encrypt_cbc+128>:     mov    %rcx,%rsi
0xffffffff80df7b03 <aesni_encrypt_cbc+131>:     callq  0xffffffff80df7b70
<aesni_enc>
0xffffffff80df7b08 <aesni_encrypt_cbc+136>:     movdqa %xmm0,-0x70(%rbp)
0xffffffff80df7b0d <aesni_encrypt_cbc+141>:     movdqa -0x70(%rbp),%xmm0
0xffffffff80df7b12 <aesni_encrypt_cbc+146>:     movdqa %xmm0,-0x80(%rbp)
0xffffffff80df7b17 <aesni_encrypt_cbc+151>:     mov    -0x50(%rbp),%rcx
0xffffffff80df7b1b <aesni_encrypt_cbc+155>:     movdqa -0x70(%rbp),%xmm0
0xffffffff80df7b20 <aesni_encrypt_cbc+160>:     mov    %rcx,-0x10(%rbp)
0xffffffff80df7b24 <aesni_encrypt_cbc+164>:     movdqa %xmm0,-0x20(%rbp)
0xffffffff80df7b29 <aesni_encrypt_cbc+169>:     movdqa -0x20(%rbp),%xmm0
0xffffffff80df7b2e <aesni_encrypt_cbc+174>:     mov    -0x10(%rbp),%rcx
0xffffffff80df7b32 <aesni_encrypt_cbc+178>:     movdqu %xmm0,(%rcx)
0xffffffff80df7b36 <aesni_encrypt_cbc+182>:     mov    -0x48(%rbp),%rcx
0xffffffff80df7b3a <aesni_encrypt_cbc+186>:     add    $0x10,%rcx
---Type <return> to continue, or q <return> to quit---
0xffffffff80df7b3e <aesni_encrypt_cbc+190>:     mov    %rcx,-0x48(%rbp)
0xffffffff80df7b42 <aesni_encrypt_cbc+194>:     mov    -0x50(%rbp),%rcx
0xffffffff80df7b46 <aesni_encrypt_cbc+198>:     add    $0x10,%rcx
0xffffffff80df7b4a <aesni_encrypt_cbc+202>:     mov    %rcx,-0x50(%rbp)
0xffffffff80df7b4e <aesni_encrypt_cbc+206>:     mov    -0x88(%rbp),%rax
0xffffffff80df7b55 <aesni_encrypt_cbc+213>:     add    $0x1,%rax
0xffffffff80df7b59 <aesni_encrypt_cbc+217>:     mov    %rax,-0x88(%rbp)
0xffffffff80df7b60 <aesni_encrypt_cbc+224>:     jmpq   0xffffffff80df7ace
<aesni_encrypt_cbc+78>
0xffffffff80df7b65 <aesni_encrypt_cbc+229>:     add    $0x90,%rsp
0xffffffff80df7b6c <aesni_encrypt_cbc+236>:     pop    %rbp
0xffffffff80df7b6d <aesni_encrypt_cbc+237>:     retq
End of assembler dump.
(kgdb) backtrace
#0  doadump (textdump=3D1) at /smallblocks/src/sys/kern/kern_shutdown.c:315
#1  0xffffffff8080984b in kern_reboot (howto=3D260)
    at /smallblocks/src/sys/kern/kern_shutdown.c:383
#2  0xffffffff8080a08c in vpanic (fmt=3D0xffffffff80e89d2a "%s",
ap=3D0xfffffe0688b398e0)
    at /smallblocks/src/sys/kern/kern_shutdown.c:776
#3  0xffffffff80809e70 in panic (fmt=3D0xffffffff80e89d2a "%s")
    at /smallblocks/src/sys/kern/kern_shutdown.c:707
#4  0xffffffff80de9967 in trap_fatal (frame=3D0xfffffe0688b39d30, eva=3D0)
    at /smallblocks/src/sys/amd64/amd64/trap.c:877
#5  0xffffffff80de8ff2 in trap (frame=3D0xfffffe0688b39d30)
    at /smallblocks/src/sys/amd64/amd64/trap.c:610
#6  0xffffffff80de9db5 in trap_check (frame=3D0xfffffe0688b39d30)
    at /smallblocks/src/sys/amd64/amd64/trap.c:659
#7  0xffffffff80dbe8be in calltrap () at
/smallblocks/src/sys/amd64/amd64/exception.S:231
#8  0xffffffff80df7abe in aesni_encrypt_cbc (rounds=3D10,
key_schedule=3D0xfffff8001420a800, len=3D2,
    from=3D0xfffff8001203ede0 "\016\005", to=3D0xfffff8001203ede0 "\016\005=
",
    iv=3D0xfffffe0688b39fa8 "=E2=96=92:=E2=96=92=E2=96=92\214:d=E2=96=92w}4=
o=E2=96=92\232\235\214")
    at /smallblocks/src/sys/crypto/aesni/aesni_wrap.c:64
#9  0xffffffff80defedb in aesni_cipher_process (ses=3D0xfffff8001420a800,
    enccrd=3D0xfffff802de6533f0, authcrd=3D0x0, crp=3D0xfffff801c28d8bb0)
    at /smallblocks/src/sys/crypto/aesni/aesni.c:606
#10 0xffffffff80def420 in aesni_process (dev=3D0xfffff8000567de00,
crp=3D0xfffff801c28d8bb0, hint=3D0)
    at /smallblocks/src/sys/crypto/aesni/aesni.c:413
#11 0xffffffff80c7a085 in CRYPTODEV_PROCESS (dev=3D0xfffff8000567de00,
op=3D0xfffff801c28d8bb0,
    flags=3D0) at cryptodev_if.h:53
#12 0xffffffff80c78a64 in crypto_invoke (cap=3D0xfffff80005023078,
crp=3D0xfffff801c28d8bb0, hint=3D0)
    at /smallblocks/src/sys/opencrypto/crypto.c:1083
#13 0xffffffff80c787ea in crypto_dispatch (crp=3D0xfffff801c28d8bb0)
    at /smallblocks/src/sys/opencrypto/crypto.c:844
#14 0xffffffff80c7cbca in cryptodev_op (cse=3D0xfffff8028fb70e00,
cop=3D0xfffffe0688b3a3f0,
    active_cred=3D0xfffff8028fb71000, td=3D0xfffff80146055620)
    at /smallblocks/src/sys/opencrypto/cryptodev.c:849
#15 0xffffffff80c7bc6f in cryptof_ioctl (fp=3D0xfffff802de7e2690, cmd=3D322=
3085927,
    data=3D0xfffffe0688b3a720, active_cred=3D0xfffff8028fb71000,
td=3D0xfffff80146055620)
    at /smallblocks/src/sys/opencrypto/cryptodev.c:633
#16 0xffffffff80898dfc in fo_ioctl (fp=3D0xfffff802de7e2690, com=3D32230859=
27,
    data=3D0xfffffe0688b3a720, active_cred=3D0xfffff8028fb71000,
td=3D0xfffff80146055620)
    at file.h:323
#17 0xffffffff80898bf4 in kern_ioctl (td=3D0xfffff80146055620, fd=3D5,
com=3D3223085927,
    data=3D0xfffffe0688b3a720 "") at /smallblocks/src/sys/kern/sys_generic.=
c:836
#18 0xffffffff808987ba in sys_ioctl (td=3D0xfffff80146055620,
uap=3D0xfffffe0688b3a878)
    at /smallblocks/src/sys/kern/sys_generic.c:745
#19 0xffffffff8030e351 in freebsd32_ioctl (td=3D0xfffff80146055620,
uap=3D0xfffff80146055b58)
    at /smallblocks/src/sys/compat/freebsd32/freebsd32_ioctl.c:470
#20 0xffffffff80e3198e in syscallenter (td=3D0xfffff80146055620) at
subr_syscall.c:132
#21 0xffffffff80e3130f in ia32_syscall (frame=3D0xfffffe0688b3aab8)
---Type <return> to continue, or q <return> to quit---
    at /smallblocks/src/sys/amd64/ia32/ia32_syscall.c:218
#22 0xffffffff80dbf906 in int0x80_syscall_common () at ia32_exception.S:76
#23 0x0000000000000000 in ?? ()
(kgdb) p/x *(struct trapframe *)0xfffffe0688b39d30
$1 =3D {tf_rdi =3D 0xa, tf_rsi =3D 0xfffff8001420a800, tf_rdx =3D 0x20, tf_=
rcx =3D
0xfffffe0688b39fa8,
  tf_r8 =3D 0xfffff8001203ede0, tf_r9 =3D 0xfffffe0688b39fa8, tf_rax =3D
0xfffff802de6533f0,
  tf_rbx =3D 0xfffffe0688b3a698, tf_rbp =3D 0xfffffe0688b39e88, tf_r10 =3D =
0x28,
tf_r11 =3D 0x0,
  tf_r12 =3D 0x0, tf_r13 =3D 0x0, tf_r14 =3D 0x400000000000080, tf_r15 =3D =
0x0,
tf_trapno =3D 0x9,
  tf_fs =3D 0x13, tf_gs =3D 0x1b, tf_addr =3D 0x0, tf_flags =3D 0x1, tf_es =
=3D 0x3b,
tf_ds =3D 0x3b,
  tf_err =3D 0x0, tf_rip =3D 0xffffffff80df7abe, tf_cs =3D 0x20, tf_rflags =
=3D 0x10202,
  tf_rsp =3D 0xfffffe0688b39df8, tf_ss =3D 0x0}

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229222-227-jBAQO4UUrZ>