Date: Sun, 24 Jun 2018 11:02:39 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 229222] 11.2-PRERELEASE panic-General Protection Fault, aesni_encrypt_cbc implicated Message-ID: <bug-229222-227-UlEpWLBuvM@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-229222-227@https.bugs.freebsd.org/bugzilla/> References: <bug-229222-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229222 --- Comment #21 from dewayne@heuristicsystems.com.au --- (In reply to Konstantin Belousov from comment #20) Kib, Apologies an unusual level of activity from multiple locations (& countries) occurred within a 90 second interval. Please email me and I'll = send the access detail. (I supposed I shouldn't kernel dump on our main dev server)... Response to Kib's instructions (kgdb) p/x *(long *)0xfffffe06892d9138 $1 =3D 0xfffffe06892d91d8 Current language: auto; currently minimal (kgdb) p/x *(long *)(0xfffffe06892d9138 + 8) $2 =3D 0xffffffff808e41dc (kgdb) list *0xffffffff808e41dc 0xffffffff808e41dc is in aesni_process (/smallblocks/src/sys/crypto/aesni/aesni.c:609). 604 case CRYPTO_AES_CBC: 605 if (encflag) 606 aesni_encrypt_cbc(ses->rounds, ses->enc_schedule, 607 enccrd->crd_len, buf, buf, iv); 608 else 609 aesni_decrypt_cbc(ses->rounds, ses->dec_schedule, 610 enccrd->crd_len, buf, iv); 611 break; 612 case CRYPTO_AES_ICM: 613 /* encryption & decryption are the same */ (kgdb) p/x *(long *)0xfffffe06892d91d8 $3 =3D 0xfffffe06892d9208 (kgdb) p/x *(long *)(0xfffffe06892d91d8 + 8) $4 =3D 0xffffffff8080cab3 (kgdb) list *0xffffffff8080cab3 0xffffffff8080cab3 is in crypto_dispatch (/smallblocks/src/sys/opencrypto/crypto.c:844). 839 */ 840 cap =3D crypto_checkdriver(hid); 841 /* Driver cannot disappeared when there is an active session. */ 842 KASSERT(cap !=3D NULL, ("%s: Driver disappeared.", __func__)); 843 if (!cap->cc_qblocked) { 844 result =3D crypto_invoke(cap, crp, 0); 845 if (result !=3D ERESTART) 846 return (result); 847 /* 848 * The driver ran out of resources, put the request on (kgdb) p/x *(long *)0xfffffe06892d9208 $5 =3D 0xfffffe06892d9388 (kgdb) p/x *(long *)(0xfffffe06892d9208 + 8) $6 =3D 0xffffffff8080f6a7 (kgdb) list *0xffffffff8080f6a7 0xffffffff8080f6a7 is in cryptof_ioctl (/smallblocks/src/sys/opencrypto/cryptodev.c:849). 844 * callback before checking if the operation completed and going 845 * to sleep. This insures drivers don't inherit our lock w= hich 846 * results in a lock order reversal between crypto_dispatch forced 847 * entry and the crypto_done callback into us. 848 */ 849 error =3D crypto_dispatch(crp); 850 mtx_lock(&cse->lock); 851 if (error =3D=3D 0 && (crp->crp_flags & CRYPTO_F_DONE) =3D= =3D 0) 852 error =3D msleep(crp, &cse->lock, PWAIT, "crydev", = 0); 853 mtx_unlock(&cse->lock); (kgdb) p/x *(long *)0xfffffe06892d9388 $7 =3D 0xfffffe06892d93f8 (kgdb) p/x *(long *)(0xfffffe06892d9388 + 8) $8 =3D 0xffffffff806046d2 (kgdb) list *0xffffffff806046d2 0xffffffff806046d2 is in kern_ioctl (file.h:323). 318 static __inline int 319 fo_ioctl(struct file *fp, u_long com, void *data, struct ucred *active_cred, 320 struct thread *td) 321 { 322 323 return ((*fp->f_ops->fo_ioctl)(fp, com, data, active_cred, td)); 324 } 325 326 static __inline int 327 fo_poll(struct file *fp, int events, struct ucred *active_cred, (kgdb) p/x *(long *)0xfffffe06892d93f8 $9 =3D 0xfffffe06892d94c8 (kgdb) p/x *(long *)(0xfffffe06892d93f8 + 8) $10 =3D 0xffffffff8060445d (kgdb) list *0xffffffff8060445d 0xffffffff8060445d is in sys_ioctl (/smallblocks/src/sys/kern/sys_generic.c:745). 740 * gets back something deterministic. 741 */ 742 bzero(data, size); 743 } 744 745 error =3D kern_ioctl(td, uap->fd, com, data); 746 747 if (error =3D=3D 0 && (com & IOC_OUT)) 748 error =3D copyout(data, uap->data, (u_int)size); 749 (kgdb) p/x *(long *)0xfffffe06892d94c8 $11 =3D 0xfffffe06892d9968 (kgdb) p/x *(long *)(0xfffffe06892d94c8 + 8) $12 =3D 0xffffffff802dbe1c (kgdb) list *0xffffffff802dbe1c 0xffffffff802dbe1c is in freebsd32_ioctl (/smallblocks/src/sys/compat/freebsd32/freebsd32_ioctl.c:470). 465 default: 466 fdrop(fp, td); 467 ap.fd =3D uap->fd; 468 ap.com =3D uap->com; 469 PTRIN_CP(*uap, ap, data); 470 return sys_ioctl(td, &ap); 471 } 472 473 fdrop(fp, td); 474 return error; (kgdb) p/x *(long *)0xfffffe06892d9968 $13 =3D 0xfffffe06892d9aa8 (kgdb) p/x *(long *)(0xfffffe06892d9968 + 8) $14 =3D 0xffffffff809092fc (kgdb) list *0xffffffff809092fc 0xffffffff809092fc is in ia32_syscall (subr_syscall.c:132). 127 if (systrace_probe_func !=3D NULL && sa->callp->sy_= entry !=3D 0) 128 (*systrace_probe_func)(sa, SYSTRACE_ENTRY, = 0); 129 #endif 130 131 AUDIT_SYSCALL_ENTER(sa->code, td); 132 error =3D (sa->callp->sy_call)(td, sa->args); 133 AUDIT_SYSCALL_EXIT(error, td); 134 135 /* Save the latest error return value. */ 136 if ((td->td_pflags & TDP_NERRNO) =3D=3D 0) (kgdb) p/x *(long *)0xfffffe06892d9aa8 $15 =3D 0xffff9d58 (kgdb) p/x *(long *)(0xfffffe06892d9aa8 + 8) $16 =3D 0xffffffff808c3bf6 (kgdb) list *0xffffffff808c3bf6 0xffffffff808c3bf6 is at ia32_exception.S:78. 73 cld 74 FAKE_MCOUNT(TF_RIP(%rsp)) 75 movq %rsp, %rdi 76 call ia32_syscall 77 MEXITCOUNT 78 jmp doreti (kgdb) p/x *(long *)0xffff9d58 Cannot access memory at address 0xffff9d58 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229222-227-UlEpWLBuvM>