From nobody Tue Sep 21 20:21:34 2021
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id BC88517D6012
	for <bugs@mlmmj.nyi.freebsd.org>; Tue, 21 Sep 2021 20:21:34 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4HDXrZ4t1Vz4SqZ
	for <bugs@FreeBSD.org>; Tue, 21 Sep 2021 20:21:34 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 87DCB2627
	for <bugs@FreeBSD.org>; Tue, 21 Sep 2021 20:21:34 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 18LKLY22010678
	for <bugs@FreeBSD.org>; Tue, 21 Sep 2021 20:21:34 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 18LKLYNj010677
	for bugs@FreeBSD.org; Tue, 21 Sep 2021 20:21:34 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 241417] panic: Fatal trap 1: privileged instruction fault while
 in kernel mode
Date: Tue, 21 Sep 2021 20:21:34 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 12.0-RELEASE
X-Bugzilla-Keywords: panic
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: cy@FreeBSD.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: Unable to Reproduce
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-241417-227-T9c5Jwk539@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-241417-227@https.bugs.freebsd.org/bugzilla/>
References: <bug-241417-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@freebsd.org
MIME-Version: 1.0
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241417

--- Comment #12 from Cy Schubert <cy@FreeBSD.org> ---
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:
interrupt enabled, resume, IOPL =3D 0
current process         =3D 5200 (cc)
trap number             =3D 1
panic: privileged instruction fault
cpuid =3D 3
time =3D 1632253591
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00e5237=
7d0
vpanic() at vpanic+0x187/frame 0xfffffe00e5237830
panic() at panic+0x43/frame 0xfffffe00e5237890
trap_fatal() at trap_fatal+0x387/frame 0xfffffe00e52378f0
trap() at trap+0x8b/frame 0xfffffe00e5237a00
calltrap() at calltrap+0x8/frame 0xfffffe00e5237a00
--- trap 0x1, rip =3D 0xffffffff80a5fef1, rsp =3D 0xfffffe00e5237ad0, rbp =
=3D
0xfffffe00e5237af0 ---
ia32_get_mcontext() at ia32_get_mcontext+0x181/frame 0xfffffe00e5237af0
freebsd32_getcontext() at freebsd32_getcontext+0x52/frame 0xfffffe00e5237df0
ia32_syscall() at ia32_syscall+0x126/frame 0xfffffe00e5237f30
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xffffca38
Uptime: 8m48s
Dumping 526 out of 8161 MB: (CTRL-C to abort)
..4%..13%..22%..31%..43%..52%..61%..73%..83%..92%

__curthread () at /opt/src/git-src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru=
ct
pcpu,
(kgdb) bt
#0  __curthread () at /opt/src/git-src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=3Dtextdump@entry=3D1)
    at /opt/src/git-src/sys/kern/kern_shutdown.c:399
#2  0xffffffff806d417b in kern_reboot (howto=3D260)
    at /opt/src/git-src/sys/kern/kern_shutdown.c:486
#3  0xffffffff806d45f6 in vpanic (fmt=3D0xffffffff80a9b26c "%s",=20
    ap=3D<optimized out>) at /opt/src/git-src/sys/kern/kern_shutdown.c:919
#4  0xffffffff806d43f3 in panic (fmt=3D<unavailable>)
    at /opt/src/git-src/sys/kern/kern_shutdown.c:843
#5  0xffffffff80a3a587 in trap_fatal (frame=3D0xfffffe00e5237a10, eva=3D0)
    at /opt/src/git-src/sys/amd64/amd64/trap.c:946
#6  0xffffffff80a39a7b in trap (frame=3D0xfffffe00e5237a10)
    at /opt/src/git-src/sys/amd64/amd64/trap.c:251
#7  <signal handler called>
#8  0xffffffff80a5fef1 in ia32_get_fpcontext (td=3D0xfffffe00e468f3a0,=20
    mcp=3D0xfffffe00e5237b10, xfpusave=3D0x0, xfpusave_len=3D0x0)
    at /opt/src/git-src/sys/amd64/ia32/ia32_signal.c:107
#9  ia32_get_mcontext (td=3Dtd@entry=3D0xfffffe00e468f3a0,=20
    mcp=3Dmcp@entry=3D0xfffffe00e5237b10, flags=3D1)
    at /opt/src/git-src/sys/amd64/ia32/ia32_signal.c:177
#10 0xffffffff80a5fca2 in freebsd32_getcontext (td=3D0xfffffe00e468f3a0,=20
    uap=3D0xfffffe00e468f790)
    at /opt/src/git-src/sys/amd64/ia32/ia32_signal.c:260
#11 0xffffffff80a61a16 in syscallenter (td=3D0xfffffe00e468f3a0)
    at /opt/src/git-src/sys/amd64/ia32/../../kern/subr_syscall.c:189
#12 ia32_syscall (frame=3D0xfffffe00e5237f40)
    at /opt/src/git-src/sys/amd64/ia32/ia32_syscall.c:218
#13 0xffffffff80a12bcf in int0x80_syscall_common ()
    at /opt/src/git-src/sys/amd64/ia32/ia32_exception.S:77
#14 0x00000000ffffc710 in ?? ()
#15 0x00000000ffffc9d0 in ?? ()
#16 0x000000002540b9ad in ?? ()
#17 0x000000002526104f in ?? ()
#18 0x0000000000000000 in ?? ()
(kgdb) frame 8
#8  0xffffffff80a5fef1 in ia32_get_fpcontext (td=3D0xfffffe00e468f3a0,=20
    mcp=3D0xfffffe00e5237b10, xfpusave=3D0x0, xfpusave_len=3D0x0)
    at /opt/src/git-src/sys/amd64/ia32/ia32_signal.c:107
107                     *xfpusave_len =3D mcp->mc_xfpustate_len =3D
(kgdb) l
102             if (!use_xsave || cpu_max_ext_state_size <=3D sizeof(struct
savefpu)) {
103                     *xfpusave_len =3D 0;
104                     *xfpusave =3D NULL;
105             } else {
106                     mcp->mc_flags |=3D _MC_IA32_HASFPXSTATE;
107                     *xfpusave_len =3D mcp->mc_xfpustate_len =3D
108                         cpu_max_ext_state_size - sizeof(struct savefpu);
109                     *xfpusave =3D (char *)(get_pcb_user_save_td(td) + 1=
);
110             }
111     }
(kgdb) disassemble /m
Dump of assembler code for function ia32_get_mcontext:
98              mcp->mc_ownedfp =3D fpugetregs(td);
   0xffffffff80a5fe9d <+301>:   mov    %r14,%rdi
   0xffffffff80a5fea0 <+304>:   call   0xffffffff80a16ca0 <fpugetregs>
   0xffffffff80a5fea5 <+309>:   mov    %eax,0x58(%rbx)

99              bcopy(get_pcb_user_save_td(td), &mcp->mc_fpstate[0],
   0xffffffff80a5fea8 <+312>:   lea    0x60(%rbx),%r15
   0xffffffff80a5feac <+316>:   mov    %r14,%rdi
   0xffffffff80a5feaf <+319>:   call   0xffffffff80a3bbc0
<get_pcb_user_save_td>
   0xffffffff80a5feb4 <+324>:   mov    $0x200,%edx
   0xffffffff80a5feb9 <+329>:   mov    %r15,%rdi
   0xffffffff80a5febc <+332>:   mov    %rax,%rsi
   0xffffffff80a5febf <+335>:   call   0xffffffff80a35d20 <memmove_std>

100                 sizeof(mcp->mc_fpstate));
101             mcp->mc_fpformat =3D fpuformat();
   0xffffffff80a5fec4 <+340>:   call   0xffffffff80a169e0 <fpuformat>
   0xffffffff80a5fec9 <+345>:   mov    %eax,0x54(%rbx)

102             if (!use_xsave || cpu_max_ext_state_size <=3D sizeof(struct
savefpu)) {
   0xffffffff80a5fecc <+348>:   cmpl   $0x0,0x53c73d(%rip)        #
0xffffffff80f9c610 <use_xsave>
   0xffffffff80a5fed3 <+355>:   je     0xffffffff80a5fef1
<ia32_get_mcontext+385>
   0xffffffff80a5fed5 <+357>:   mov    0x5274bd(%rip),%eax        #
0xffffffff80f87398 <cpu_max_ext_state_size>
   0xffffffff80a5fedb <+363>:   cmp    $0x200,%eax
   0xffffffff80a5fee0 <+368>:   jbe    0xffffffff80a5fef1
<ia32_get_mcontext+385>

103                     *xfpusave_len =3D 0;
104                     *xfpusave =3D NULL;
105             } else {
106                     mcp->mc_flags |=3D _MC_IA32_HASFPXSTATE;
   0xffffffff80a5fee2 <+370>:   orb    $0x4,0x5c(%rbx)

107                     *xfpusave_len =3D mcp->mc_xfpustate_len =3D
   0xffffffff80a5feeb <+379>:   mov    %eax,0x26c(%rbx)
=3D> 0xffffffff80a5fef1 <+385>:   ud2=20=20=20=20
   0xffffffff80a5fef3 <+387>:   xor    %eax,%eax
   0xffffffff80a5fef5 <+389>:   mov    $0x140,%edi

108                         cpu_max_ext_state_size - sizeof(struct savefpu);
   0xffffffff80a5fee6 <+374>:   add    $0xfffffe00,%eax

109                     *xfpusave =3D (char *)(get_pcb_user_save_td(td) + 1=
);
110             }
111     }
112=20=20=20=20=20
113     static int
--Type <RET> for more, q to quit, c to continue without paging--q
Quit
(kgdb)

--=20
You are receiving this mail because:
You are the assignee for the bug.=