[Bug 229222] 11.2-PRERELEASE panic-General Protection Fault, aesni_encrypt_cbc implicated

Sun Jun 24 11:02:43 UTC 2018

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229222

--- Comment #21 from dewayne at heuristicsystems.com.au ---
(In reply to Konstantin Belousov from comment #20)
Kib, Apologies an unusual level of activity from multiple locations (&
countries) occurred within a 90 second interval.  Please email me and I'll send
the access detail.  (I supposed I shouldn't kernel dump on our main dev
server)...


Response to Kib's instructions
(kgdb) p/x *(long *)0xfffffe06892d9138
$1 = 0xfffffe06892d91d8
Current language:  auto; currently minimal
(kgdb) p/x *(long *)(0xfffffe06892d9138 + 8)
$2 = 0xffffffff808e41dc
(kgdb) list *0xffffffff808e41dc
0xffffffff808e41dc is in aesni_process
(/smallblocks/src/sys/crypto/aesni/aesni.c:609).
604             case CRYPTO_AES_CBC:
605                     if (encflag)
606                             aesni_encrypt_cbc(ses->rounds,
ses->enc_schedule,
607                                 enccrd->crd_len, buf, buf, iv);
608                     else
609                             aesni_decrypt_cbc(ses->rounds,
ses->dec_schedule,
610                                 enccrd->crd_len, buf, iv);
611                     break;
612             case CRYPTO_AES_ICM:
613                     /* encryption & decryption are the same */
(kgdb) p/x *(long *)0xfffffe06892d91d8
$3 = 0xfffffe06892d9208
(kgdb) p/x *(long *)(0xfffffe06892d91d8 + 8)
$4 = 0xffffffff8080cab3
(kgdb) list *0xffffffff8080cab3
0xffffffff8080cab3 is in crypto_dispatch
(/smallblocks/src/sys/opencrypto/crypto.c:844).
839                      */
840                     cap = crypto_checkdriver(hid);
841                     /* Driver cannot disappeared when there is an active
session. */
842                     KASSERT(cap != NULL, ("%s: Driver disappeared.",
__func__));
843                     if (!cap->cc_qblocked) {
844                             result = crypto_invoke(cap, crp, 0);
845                             if (result != ERESTART)
846                                     return (result);
847                             /*
848                              * The driver ran out of resources, put the
request on
(kgdb) p/x *(long *)0xfffffe06892d9208
$5 = 0xfffffe06892d9388
(kgdb) p/x *(long *)(0xfffffe06892d9208 + 8)
$6 = 0xffffffff8080f6a7
(kgdb) list *0xffffffff8080f6a7
0xffffffff8080f6a7 is in cryptof_ioctl
(/smallblocks/src/sys/opencrypto/cryptodev.c:849).
844              * callback before checking if the operation completed and
going
845              * to sleep.  This insures drivers don't inherit our lock which
846              * results in a lock order reversal between crypto_dispatch
forced
847              * entry and the crypto_done callback into us.
848              */
849             error = crypto_dispatch(crp);
850             mtx_lock(&cse->lock);
851             if (error == 0 && (crp->crp_flags & CRYPTO_F_DONE) == 0)
852                     error = msleep(crp, &cse->lock, PWAIT, "crydev", 0);
853             mtx_unlock(&cse->lock);
(kgdb) p/x *(long *)0xfffffe06892d9388
$7 = 0xfffffe06892d93f8
(kgdb) p/x *(long *)(0xfffffe06892d9388 + 8)
$8 = 0xffffffff806046d2
(kgdb) list *0xffffffff806046d2
0xffffffff806046d2 is in kern_ioctl (file.h:323).
318     static __inline int
319     fo_ioctl(struct file *fp, u_long com, void *data, struct ucred
*active_cred,
320         struct thread *td)
321     {
322
323             return ((*fp->f_ops->fo_ioctl)(fp, com, data, active_cred,
td));
324     }
325
326     static __inline int
327     fo_poll(struct file *fp, int events, struct ucred *active_cred,
(kgdb) p/x *(long *)0xfffffe06892d93f8
$9 = 0xfffffe06892d94c8
(kgdb) p/x *(long *)(0xfffffe06892d93f8 + 8)
$10 = 0xffffffff8060445d
(kgdb) list *0xffffffff8060445d
0xffffffff8060445d is in sys_ioctl
(/smallblocks/src/sys/kern/sys_generic.c:745).
740                      * gets back something deterministic.
741                      */
742                     bzero(data, size);
743             }
744
745             error = kern_ioctl(td, uap->fd, com, data);
746
747             if (error == 0 && (com & IOC_OUT))
748                     error = copyout(data, uap->data, (u_int)size);
749
(kgdb) p/x *(long *)0xfffffe06892d94c8
$11 = 0xfffffe06892d9968
(kgdb) p/x *(long *)(0xfffffe06892d94c8 + 8)
$12 = 0xffffffff802dbe1c
(kgdb) list *0xffffffff802dbe1c
0xffffffff802dbe1c is in freebsd32_ioctl
(/smallblocks/src/sys/compat/freebsd32/freebsd32_ioctl.c:470).
465             default:
466                     fdrop(fp, td);
467                     ap.fd = uap->fd;
468                     ap.com = uap->com;
469                     PTRIN_CP(*uap, ap, data);
470                     return sys_ioctl(td, &ap);
471             }
472
473             fdrop(fp, td);
474             return error;
(kgdb) p/x *(long *)0xfffffe06892d9968
$13 = 0xfffffe06892d9aa8
(kgdb) p/x *(long *)(0xfffffe06892d9968 + 8)
$14 = 0xffffffff809092fc
(kgdb) list *0xffffffff809092fc
0xffffffff809092fc is in ia32_syscall (subr_syscall.c:132).
127                     if (systrace_probe_func != NULL && sa->callp->sy_entry
!= 0)
128                             (*systrace_probe_func)(sa, SYSTRACE_ENTRY, 0);
129     #endif
130
131                     AUDIT_SYSCALL_ENTER(sa->code, td);
132                     error = (sa->callp->sy_call)(td, sa->args);
133                     AUDIT_SYSCALL_EXIT(error, td);
134
135                     /* Save the latest error return value. */
136                     if ((td->td_pflags & TDP_NERRNO) == 0)
(kgdb) p/x *(long *)0xfffffe06892d9aa8
$15 = 0xffff9d58
(kgdb) p/x *(long *)(0xfffffe06892d9aa8 + 8)
$16 = 0xffffffff808c3bf6
(kgdb) list *0xffffffff808c3bf6
0xffffffff808c3bf6 is at ia32_exception.S:78.
73              cld
74              FAKE_MCOUNT(TF_RIP(%rsp))
75              movq    %rsp, %rdi
76              call    ia32_syscall
77              MEXITCOUNT
78              jmp     doreti
(kgdb) p/x *(long *)0xffff9d58
Cannot access memory at address 0xffff9d58

-- 
You are receiving this mail because:
You are the assignee for the bug.