From owner-freebsd-bugs@freebsd.org  Sun Jun 24 11:02:43 2018
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id ABFB210246D8
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 24 Jun 2018 11:02:43 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 3D523848CF
 for <freebsd-bugs@freebsd.org>; Sun, 24 Jun 2018 11:02:43 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id E83AB10246D3; Sun, 24 Jun 2018 11:02:42 +0000 (UTC)
Delivered-To: bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C0C4A10246D2
 for <bugs@mailman.ysv.freebsd.org>; Sun, 24 Jun 2018 11:02:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 55E6C848C9
 for <bugs@FreeBSD.org>; Sun, 24 Jun 2018 11:02:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 989A4245B4
 for <bugs@FreeBSD.org>; Sun, 24 Jun 2018 11:02:41 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5OB2fbJ014831
 for <bugs@FreeBSD.org>; Sun, 24 Jun 2018 11:02:41 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5OB2f2E014830
 for bugs@FreeBSD.org; Sun, 24 Jun 2018 11:02:41 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 229222] 11.2-PRERELEASE panic-General Protection Fault,
 aesni_encrypt_cbc implicated
Date: Sun, 24 Jun 2018 11:02:39 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.2-STABLE
X-Bugzilla-Keywords: regression
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: dewayne@heuristicsystems.com.au
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-229222-227-UlEpWLBuvM@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-229222-227@https.bugs.freebsd.org/bugzilla/>
References: <bug-229222-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jun 2018 11:02:43 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229222

--- Comment #21 from dewayne@heuristicsystems.com.au ---
(In reply to Konstantin Belousov from comment #20)
Kib, Apologies an unusual level of activity from multiple locations (&
countries) occurred within a 90 second interval.  Please email me and I'll =
send
the access detail.  (I supposed I shouldn't kernel dump on our main dev
server)...


Response to Kib's instructions
(kgdb) p/x *(long *)0xfffffe06892d9138
$1 =3D 0xfffffe06892d91d8
Current language:  auto; currently minimal
(kgdb) p/x *(long *)(0xfffffe06892d9138 + 8)
$2 =3D 0xffffffff808e41dc
(kgdb) list *0xffffffff808e41dc
0xffffffff808e41dc is in aesni_process
(/smallblocks/src/sys/crypto/aesni/aesni.c:609).
604             case CRYPTO_AES_CBC:
605                     if (encflag)
606                             aesni_encrypt_cbc(ses->rounds,
ses->enc_schedule,
607                                 enccrd->crd_len, buf, buf, iv);
608                     else
609                             aesni_decrypt_cbc(ses->rounds,
ses->dec_schedule,
610                                 enccrd->crd_len, buf, iv);
611                     break;
612             case CRYPTO_AES_ICM:
613                     /* encryption & decryption are the same */
(kgdb) p/x *(long *)0xfffffe06892d91d8
$3 =3D 0xfffffe06892d9208
(kgdb) p/x *(long *)(0xfffffe06892d91d8 + 8)
$4 =3D 0xffffffff8080cab3
(kgdb) list *0xffffffff8080cab3
0xffffffff8080cab3 is in crypto_dispatch
(/smallblocks/src/sys/opencrypto/crypto.c:844).
839                      */
840                     cap =3D crypto_checkdriver(hid);
841                     /* Driver cannot disappeared when there is an active
session. */
842                     KASSERT(cap !=3D NULL, ("%s: Driver disappeared.",
__func__));
843                     if (!cap->cc_qblocked) {
844                             result =3D crypto_invoke(cap, crp, 0);
845                             if (result !=3D ERESTART)
846                                     return (result);
847                             /*
848                              * The driver ran out of resources, put the
request on
(kgdb) p/x *(long *)0xfffffe06892d9208
$5 =3D 0xfffffe06892d9388
(kgdb) p/x *(long *)(0xfffffe06892d9208 + 8)
$6 =3D 0xffffffff8080f6a7
(kgdb) list *0xffffffff8080f6a7
0xffffffff8080f6a7 is in cryptof_ioctl
(/smallblocks/src/sys/opencrypto/cryptodev.c:849).
844              * callback before checking if the operation completed and
going
845              * to sleep.  This insures drivers don't inherit our lock w=
hich
846              * results in a lock order reversal between crypto_dispatch
forced
847              * entry and the crypto_done callback into us.
848              */
849             error =3D crypto_dispatch(crp);
850             mtx_lock(&cse->lock);
851             if (error =3D=3D 0 && (crp->crp_flags & CRYPTO_F_DONE) =3D=
=3D 0)
852                     error =3D msleep(crp, &cse->lock, PWAIT, "crydev", =
0);
853             mtx_unlock(&cse->lock);
(kgdb) p/x *(long *)0xfffffe06892d9388
$7 =3D 0xfffffe06892d93f8
(kgdb) p/x *(long *)(0xfffffe06892d9388 + 8)
$8 =3D 0xffffffff806046d2
(kgdb) list *0xffffffff806046d2
0xffffffff806046d2 is in kern_ioctl (file.h:323).
318     static __inline int
319     fo_ioctl(struct file *fp, u_long com, void *data, struct ucred
*active_cred,
320         struct thread *td)
321     {
322
323             return ((*fp->f_ops->fo_ioctl)(fp, com, data, active_cred,
td));
324     }
325
326     static __inline int
327     fo_poll(struct file *fp, int events, struct ucred *active_cred,
(kgdb) p/x *(long *)0xfffffe06892d93f8
$9 =3D 0xfffffe06892d94c8
(kgdb) p/x *(long *)(0xfffffe06892d93f8 + 8)
$10 =3D 0xffffffff8060445d
(kgdb) list *0xffffffff8060445d
0xffffffff8060445d is in sys_ioctl
(/smallblocks/src/sys/kern/sys_generic.c:745).
740                      * gets back something deterministic.
741                      */
742                     bzero(data, size);
743             }
744
745             error =3D kern_ioctl(td, uap->fd, com, data);
746
747             if (error =3D=3D 0 && (com & IOC_OUT))
748                     error =3D copyout(data, uap->data, (u_int)size);
749
(kgdb) p/x *(long *)0xfffffe06892d94c8
$11 =3D 0xfffffe06892d9968
(kgdb) p/x *(long *)(0xfffffe06892d94c8 + 8)
$12 =3D 0xffffffff802dbe1c
(kgdb) list *0xffffffff802dbe1c
0xffffffff802dbe1c is in freebsd32_ioctl
(/smallblocks/src/sys/compat/freebsd32/freebsd32_ioctl.c:470).
465             default:
466                     fdrop(fp, td);
467                     ap.fd =3D uap->fd;
468                     ap.com =3D uap->com;
469                     PTRIN_CP(*uap, ap, data);
470                     return sys_ioctl(td, &ap);
471             }
472
473             fdrop(fp, td);
474             return error;
(kgdb) p/x *(long *)0xfffffe06892d9968
$13 =3D 0xfffffe06892d9aa8
(kgdb) p/x *(long *)(0xfffffe06892d9968 + 8)
$14 =3D 0xffffffff809092fc
(kgdb) list *0xffffffff809092fc
0xffffffff809092fc is in ia32_syscall (subr_syscall.c:132).
127                     if (systrace_probe_func !=3D NULL && sa->callp->sy_=
entry
!=3D 0)
128                             (*systrace_probe_func)(sa, SYSTRACE_ENTRY, =
0);
129     #endif
130
131                     AUDIT_SYSCALL_ENTER(sa->code, td);
132                     error =3D (sa->callp->sy_call)(td, sa->args);
133                     AUDIT_SYSCALL_EXIT(error, td);
134
135                     /* Save the latest error return value. */
136                     if ((td->td_pflags & TDP_NERRNO) =3D=3D 0)
(kgdb) p/x *(long *)0xfffffe06892d9aa8
$15 =3D 0xffff9d58
(kgdb) p/x *(long *)(0xfffffe06892d9aa8 + 8)
$16 =3D 0xffffffff808c3bf6
(kgdb) list *0xffffffff808c3bf6
0xffffffff808c3bf6 is at ia32_exception.S:78.
73              cld
74              FAKE_MCOUNT(TF_RIP(%rsp))
75              movq    %rsp, %rdi
76              call    ia32_syscall
77              MEXITCOUNT
78              jmp     doreti
(kgdb) p/x *(long *)0xffff9d58
Cannot access memory at address 0xffff9d58

--=20
You are receiving this mail because:
You are the assignee for the bug.=