From nobody Wed Oct 20 00:24:20 2021 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3BB0A17F3B86 for ; Wed, 20 Oct 2021 00:24:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HYrvm17LQz4vLj for ; Wed, 20 Oct 2021 00:24:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F1ADF1D778 for ; Wed, 20 Oct 2021 00:24:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 19K0OJII095869 for ; Wed, 20 Oct 2021 00:24:19 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 19K0OJOZ095868 for bugs@FreeBSD.org; Wed, 20 Oct 2021 00:24:19 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 259218] Fatal trap 12: page fault while in kernel mode Date: Wed, 20 Oct 2021 00:24:20 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dclarke@blastwave.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259218 --- Comment #13 from Dennis Clarke --- Here is the disassembly : dclarke@esther:~ $ uname -apKU FreeBSD esther 14.0-CURRENT FreeBSD 14.0-CURRENT #0 main-n250102-d95c0a12a2= d: Mon Oct 18 05:58:15 GMT 2021=20=20=20=20 root@esther:/usr/obj/usr/src/i386.i386/sys/GENERIC i386 i386 1400038 14000= 38 dclarke@esther:~ $=20 dclarke@esther:~ $=20 dclarke@esther:~ $ ls -lap /usr/obj/usr/src/i386.i386/sys/GENERIC/kernel.fu= ll -rwxr-xr-x 1 root wheel 86441196 Oct 18 05:58 /usr/obj/usr/src/i386.i386/sys/GENERIC/kernel.full dclarke@esther:~ $=20 dclarke@esther:~ $ TERM=3Ddumb gdb -q /usr/obj/usr/src/i386.i386/sys/GENERIC/kernel.full Reading symbols from /usr/obj/usr/src/i386.i386/sys/GENERIC/kernel.full... (gdb) disassemble random_nehemiah_read Dump of assembler code for function random_nehemiah_read: 0x014041e0 <+0>: push %ebp 0x014041e1 <+1>: mov %esp,%ebp 0x014041e3 <+3>: push %ebx 0x014041e4 <+4>: push %edi 0x014041e5 <+5>: push %esi 0x014041e6 <+6>: and $0xfffffff8,%esp 0x014041e9 <+9>: sub $0x18,%esp 0x014041ec <+12>: mov %fs:0x0,%eax 0x014041f2 <+18>: push $0x0 0x014041f4 <+20>: push 0x1e5bb30 0x014041fa <+26>: mov %eax,0xc(%esp) 0x014041fe <+30>: push %eax 0x014041ff <+31>: call 0x1416e90 0x01404204 <+36>: add $0xc,%esp 0x01404207 <+39>: cmpl $0x0,0xc(%ebp) 0x0140420b <+43>: je 0x1404277 0x0140420d <+45>: mov 0x8(%ebp),%esi 0x01404210 <+48>: mov 0xc(%ebp),%ebx 0x01404213 <+51>: jmp 0x1404235 0x01404215 <+53>: nop 0x01404216 <+54>: nop 0x01404217 <+55>: nop 0x01404218 <+56>: nop 0x01404219 <+57>: nop 0x0140421a <+58>: nop 0x0140421b <+59>: nop 0x0140421c <+60>: nop 0x0140421d <+61>: nop 0x0140421e <+62>: nop 0x0140421f <+63>: nop 0x01404220 <+64>: push %edi 0x01404221 <+65>: lea 0xc(%esp),%eax 0x01404225 <+69>: push %eax 0x01404226 <+70>: push %esi 0x01404227 <+71>: call 0x142caf8 0x0140422c <+76>: add $0xc,%esp 0x0140422f <+79>: add %edi,%esi 0x01404231 <+81>: sub %edi,%ebx 0x01404233 <+83>: je 0x1404277 0x01404235 <+85>: xor %edx,%edx 0x01404237 <+87>: lea 0x8(%esp),%edi --Type for more, q to quit, c to continue without paging-- 0x0140423b <+91>: mov $0x0,%edx 0x01404240 <+96>: repz xstore-rng=20 0x01404244 <+100>: and $0x1f,%eax 0x01404247 <+103>: test %edx,%edx 0x01404249 <+105>: mov $0x0,%ecx 0x0140424e <+110>: cmovne %ecx,%eax 0x01404251 <+113>: mov %ebx,%edi 0x01404253 <+115>: cmp %ebx,%eax 0x01404255 <+117>: jae 0x1404220 0x01404257 <+119>: xor %edx,%edx 0x01404259 <+121>: lea 0x8(%esp),%edi 0x0140425d <+125>: mov $0x0,%edx 0x01404262 <+130>: repz xstore-rng=20 0x01404266 <+134>: mov %eax,%edi 0x01404268 <+136>: and $0x1f,%edi 0x0140426b <+139>: test %edx,%edx 0x0140426d <+141>: mov $0x0,%eax 0x01404272 <+146>: cmovne %eax,%edi 0x01404275 <+149>: jmp 0x1404220 0x01404277 <+151>: push 0x1e5bb30 0x0140427d <+157>: push 0x8(%esp) 0x01404281 <+161>: call 0x1417100 0x01404286 <+166>: add $0x8,%esp 0x01404289 <+169>: mov 0xc(%ebp),%eax 0x0140428c <+172>: lea -0xc(%ebp),%esp 0x0140428f <+175>: pop %esi 0x01404290 <+176>: pop %edi 0x01404291 <+177>: pop %ebx 0x01404292 <+178>: pop %ebp 0x01404293 <+179>: ret=20=20=20=20 End of assembler dump. (gdb) list *random_nehemiah_read 0x14041e0 is in random_nehemiah_read (/usr/src/sys/dev/random/nehemiah.c:99= ). 94 } 95 96 /* It is specifically allowed that buf is a multiple of sizeof(long= ) */ 97 static u_int 98 random_nehemiah_read(void *buf, u_int c) 99 { 100 uint8_t *b; 101 size_t count, ret; 102 uint64_t tmp; 103 (gdb)=20 104 fpu_kern_enter(curthread, fpu_ctx_save, FPU_KERN_NORMAL); 105 b =3D buf; 106 for (count =3D c; count > 0; count -=3D ret) { 107 ret =3D MIN(VIA_RNG_store(&tmp), count); 108 memcpy(b, &tmp, ret); 109 b +=3D ret; 110 } 111 fpu_kern_leave(curthread, fpu_ctx_save); 112 113 return (c); (gdb)=20 114 } 115 116 static int 117 nehemiah_modevent(module_t mod, int type, void *unused) 118 { 119 int error =3D 0; 120 121 switch (type) { 122 case MOD_LOAD: 123 if (via_feature_rng & VIA_HAS_RNG) { (gdb) quit dclarke@esther:~ $ --=20 You are receiving this mail because: You are the assignee for the bug.=