Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Sep 2021 20:21:34 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 241417] panic: Fatal trap 1: privileged instruction fault while in kernel mode
Message-ID:  <bug-241417-227-T9c5Jwk539@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-241417-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-241417-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241417

--- Comment #12 from Cy Schubert <cy@FreeBSD.org> ---
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:
interrupt enabled, resume, IOPL =3D 0
current process         =3D 5200 (cc)
trap number             =3D 1
panic: privileged instruction fault
cpuid =3D 3
time =3D 1632253591
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00e5237=
7d0
vpanic() at vpanic+0x187/frame 0xfffffe00e5237830
panic() at panic+0x43/frame 0xfffffe00e5237890
trap_fatal() at trap_fatal+0x387/frame 0xfffffe00e52378f0
trap() at trap+0x8b/frame 0xfffffe00e5237a00
calltrap() at calltrap+0x8/frame 0xfffffe00e5237a00
--- trap 0x1, rip =3D 0xffffffff80a5fef1, rsp =3D 0xfffffe00e5237ad0, rbp =
=3D
0xfffffe00e5237af0 ---
ia32_get_mcontext() at ia32_get_mcontext+0x181/frame 0xfffffe00e5237af0
freebsd32_getcontext() at freebsd32_getcontext+0x52/frame 0xfffffe00e5237df0
ia32_syscall() at ia32_syscall+0x126/frame 0xfffffe00e5237f30
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xffffca38
Uptime: 8m48s
Dumping 526 out of 8161 MB: (CTRL-C to abort)
..4%..13%..22%..31%..43%..52%..61%..73%..83%..92%

__curthread () at /opt/src/git-src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru=
ct
pcpu,
(kgdb) bt
#0  __curthread () at /opt/src/git-src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=3Dtextdump@entry=3D1)
    at /opt/src/git-src/sys/kern/kern_shutdown.c:399
#2  0xffffffff806d417b in kern_reboot (howto=3D260)
    at /opt/src/git-src/sys/kern/kern_shutdown.c:486
#3  0xffffffff806d45f6 in vpanic (fmt=3D0xffffffff80a9b26c "%s",=20
    ap=3D<optimized out>) at /opt/src/git-src/sys/kern/kern_shutdown.c:919
#4  0xffffffff806d43f3 in panic (fmt=3D<unavailable>)
    at /opt/src/git-src/sys/kern/kern_shutdown.c:843
#5  0xffffffff80a3a587 in trap_fatal (frame=3D0xfffffe00e5237a10, eva=3D0)
    at /opt/src/git-src/sys/amd64/amd64/trap.c:946
#6  0xffffffff80a39a7b in trap (frame=3D0xfffffe00e5237a10)
    at /opt/src/git-src/sys/amd64/amd64/trap.c:251
#7  <signal handler called>
#8  0xffffffff80a5fef1 in ia32_get_fpcontext (td=3D0xfffffe00e468f3a0,=20
    mcp=3D0xfffffe00e5237b10, xfpusave=3D0x0, xfpusave_len=3D0x0)
    at /opt/src/git-src/sys/amd64/ia32/ia32_signal.c:107
#9  ia32_get_mcontext (td=3Dtd@entry=3D0xfffffe00e468f3a0,=20
    mcp=3Dmcp@entry=3D0xfffffe00e5237b10, flags=3D1)
    at /opt/src/git-src/sys/amd64/ia32/ia32_signal.c:177
#10 0xffffffff80a5fca2 in freebsd32_getcontext (td=3D0xfffffe00e468f3a0,=20
    uap=3D0xfffffe00e468f790)
    at /opt/src/git-src/sys/amd64/ia32/ia32_signal.c:260
#11 0xffffffff80a61a16 in syscallenter (td=3D0xfffffe00e468f3a0)
    at /opt/src/git-src/sys/amd64/ia32/../../kern/subr_syscall.c:189
#12 ia32_syscall (frame=3D0xfffffe00e5237f40)
    at /opt/src/git-src/sys/amd64/ia32/ia32_syscall.c:218
#13 0xffffffff80a12bcf in int0x80_syscall_common ()
    at /opt/src/git-src/sys/amd64/ia32/ia32_exception.S:77
#14 0x00000000ffffc710 in ?? ()
#15 0x00000000ffffc9d0 in ?? ()
#16 0x000000002540b9ad in ?? ()
#17 0x000000002526104f in ?? ()
#18 0x0000000000000000 in ?? ()
(kgdb) frame 8
#8  0xffffffff80a5fef1 in ia32_get_fpcontext (td=3D0xfffffe00e468f3a0,=20
    mcp=3D0xfffffe00e5237b10, xfpusave=3D0x0, xfpusave_len=3D0x0)
    at /opt/src/git-src/sys/amd64/ia32/ia32_signal.c:107
107                     *xfpusave_len =3D mcp->mc_xfpustate_len =3D
(kgdb) l
102             if (!use_xsave || cpu_max_ext_state_size <=3D sizeof(struct
savefpu)) {
103                     *xfpusave_len =3D 0;
104                     *xfpusave =3D NULL;
105             } else {
106                     mcp->mc_flags |=3D _MC_IA32_HASFPXSTATE;
107                     *xfpusave_len =3D mcp->mc_xfpustate_len =3D
108                         cpu_max_ext_state_size - sizeof(struct savefpu);
109                     *xfpusave =3D (char *)(get_pcb_user_save_td(td) + 1=
);
110             }
111     }
(kgdb) disassemble /m
Dump of assembler code for function ia32_get_mcontext:
98              mcp->mc_ownedfp =3D fpugetregs(td);
   0xffffffff80a5fe9d <+301>:   mov    %r14,%rdi
   0xffffffff80a5fea0 <+304>:   call   0xffffffff80a16ca0 <fpugetregs>
   0xffffffff80a5fea5 <+309>:   mov    %eax,0x58(%rbx)

99              bcopy(get_pcb_user_save_td(td), &mcp->mc_fpstate[0],
   0xffffffff80a5fea8 <+312>:   lea    0x60(%rbx),%r15
   0xffffffff80a5feac <+316>:   mov    %r14,%rdi
   0xffffffff80a5feaf <+319>:   call   0xffffffff80a3bbc0
<get_pcb_user_save_td>
   0xffffffff80a5feb4 <+324>:   mov    $0x200,%edx
   0xffffffff80a5feb9 <+329>:   mov    %r15,%rdi
   0xffffffff80a5febc <+332>:   mov    %rax,%rsi
   0xffffffff80a5febf <+335>:   call   0xffffffff80a35d20 <memmove_std>

100                 sizeof(mcp->mc_fpstate));
101             mcp->mc_fpformat =3D fpuformat();
   0xffffffff80a5fec4 <+340>:   call   0xffffffff80a169e0 <fpuformat>
   0xffffffff80a5fec9 <+345>:   mov    %eax,0x54(%rbx)

102             if (!use_xsave || cpu_max_ext_state_size <=3D sizeof(struct
savefpu)) {
   0xffffffff80a5fecc <+348>:   cmpl   $0x0,0x53c73d(%rip)        #
0xffffffff80f9c610 <use_xsave>
   0xffffffff80a5fed3 <+355>:   je     0xffffffff80a5fef1
<ia32_get_mcontext+385>
   0xffffffff80a5fed5 <+357>:   mov    0x5274bd(%rip),%eax        #
0xffffffff80f87398 <cpu_max_ext_state_size>
   0xffffffff80a5fedb <+363>:   cmp    $0x200,%eax
   0xffffffff80a5fee0 <+368>:   jbe    0xffffffff80a5fef1
<ia32_get_mcontext+385>

103                     *xfpusave_len =3D 0;
104                     *xfpusave =3D NULL;
105             } else {
106                     mcp->mc_flags |=3D _MC_IA32_HASFPXSTATE;
   0xffffffff80a5fee2 <+370>:   orb    $0x4,0x5c(%rbx)

107                     *xfpusave_len =3D mcp->mc_xfpustate_len =3D
   0xffffffff80a5feeb <+379>:   mov    %eax,0x26c(%rbx)
=3D> 0xffffffff80a5fef1 <+385>:   ud2=20=20=20=20
   0xffffffff80a5fef3 <+387>:   xor    %eax,%eax
   0xffffffff80a5fef5 <+389>:   mov    $0x140,%edi

108                         cpu_max_ext_state_size - sizeof(struct savefpu);
   0xffffffff80a5fee6 <+374>:   add    $0xfffffe00,%eax

109                     *xfpusave =3D (char *)(get_pcb_user_save_td(td) + 1=
);
110             }
111     }
112=20=20=20=20=20
113     static int
--Type <RET> for more, q to quit, c to continue without paging--q
Quit
(kgdb)

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-241417-227-T9c5Jwk539>