So, I’m using nanobsd that is using read-only /. Using fresh current from today. But while hacking it, I’ve switched it to read-write then restarted the system. -> So the RC script, during shutdown started save_dev_random() and because the RW / it was able to generate and write the file /entropy. But at the next start, while starting random_start() it try to read with dd this /entropy file from a Read-Only /, and this create a 100% reproducible panic created by dd: Fatal trap 12: page fault while in kernel mode cpuid = 6; apic id = 0c fault virtual address = 0x4 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff807d67ec stack pointer = 0x28:0xfffffe008db0cc70 frame pointer = 0x28:0xfffffe008db0cc90 code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 275 (dd) rdi: ffffffff81a5cde4 rsi: 0000000000000040 rdx: 00000000000000b9 rcx: 0000000000000002 r8: 0000000000000000 r9: fffffe008db0ca92 rax: 0000000000000000 rbx: ffffffff81a5cde4 rbp: fffffe008db0cc90 r10: 0000000000000000 r11: f4539e9490d76bac r12: 000000000000000c r13: ffffffff807d67b0 r14: fffffe008db0cda8 r15: fffffe008db0ccb4 trap number = 12 panic: page fault cpuid = 6 time = 1755009441 KDB: stack backtrace: #0 0xffffffff809f6f2d at kdb_backtrace+0x5d #1 0xffffffff809adff6 at vpanic+0x136 #2 0xffffffff809adeb3 at panic+0x43 #3 0xffffffff80dccb29 at trap_pfault+0x3c9 #4 0xffffffff80da3a08 at calltrap+0x8 #5 0xffffffff807d5caf at randomdev_write+0x16f #6 0xffffffff808d4dba at devfs_write_f+0xda #7 0xffffffff80a18e76 at dofilewrite+0x66 #8 0xffffffff80a18997 at sys_write+0x127 #9 0xffffffff80dcd458 at amd64_syscall+0x118
(In reply to Olivier Cochard from comment #0) Just my 2 cents, based on the stack trace, that the problem seems to be with writing to /dev/random, not with reading the file.
Is there any way to see the line numbers from the stack trace?
Olivier, are you still able to reproduce this?
Hey there, I have the same issue with recent 15-STABLE and custom kernel config - writing to /dev/random panics; doing the same w/ GENERIC kernel works; the same kernel config causes no such issues w/ 14-STABLE. I'm currently trying to bisect which exact config option causes this
(In reply to xmirya from comment #4) If you can obtain a stack trace with line numbers from kgdb, that'd help a lot too.
(In reply to Mark Johnston from comment #3) Still arround but traveling, will try that again once back in front of this machine (or I should be able to reproduce in a VM).
At least in my case it's caused by "options RANDOM_FENESTRASX" in the kernel config, it's enough to add it to GENERIC in 15-STABLE to cause reproducible crash on amd64 (tried on older/newer hardware); summing up: 1. 15-STABLE works well with with GENERIC kernel 2. 15-STABLE with GENERIC+RANDOM_FENESTRASX panics in fxrng_event_processor() when writing to /dev/random the first time (`dd if=/entropy of=/dev/random bs=4096` as done by rc on boot) 3. 14-STABLE with GENERIC+RANDOM_FENESTRASX works well
(In reply to xmirya from comment #7) Thanks! That was enough of a clue to figure out what's happening. https://reviews.freebsd.org/D52633
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=174d5d9397c492aff67f7ad49e130039697dc1dd commit 174d5d9397c492aff67f7ad49e130039697dc1dd Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2025-09-19 22:58:22 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2025-09-20 12:21:57 +0000 random: fxrng: Add an entry for RANDOM_RANDOMDEV to the source table Otherwise we get a NULL pointer dereference when writing to /dev/random. PR: 288826 Reviewed by: cem MFC after: 1 week Fixes: fa8db724ae6e ("random: Treat writes to /dev/random as separate from /entropy") Differential Revision: https://reviews.freebsd.org/D52633 sys/dev/random/fenestrasX/fx_pool.c | 3 +++ 1 file changed, 3 insertions(+)
I had indeed this RANDOM_FENESTRASX option in my kernel too.
A commit in branch stable/15 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=597b606207cf48243b430a0bcff8c6ba6f8d2c7d commit 597b606207cf48243b430a0bcff8c6ba6f8d2c7d Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2025-09-19 22:58:22 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2025-09-30 09:43:08 +0000 random: fxrng: Add an entry for RANDOM_RANDOMDEV to the source table Otherwise we get a NULL pointer dereference when writing to /dev/random. PR: 288826 Reviewed by: cem MFC after: 1 week Fixes: fa8db724ae6e ("random: Treat writes to /dev/random as separate from /entropy") Differential Revision: https://reviews.freebsd.org/D52633 (cherry picked from commit 174d5d9397c492aff67f7ad49e130039697dc1dd) sys/dev/random/fenestrasX/fx_pool.c | 3 +++ 1 file changed, 3 insertions(+)