Re: Illegal instruction (core dumped)

Reply: Bjoern A. Zeeb: "Re: Illegal instruction (core dumped)"
In reply to: Bjoern A. Zeeb: "Re: Illegal instruction (core dumped)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Konstantin Belousov <kostikbel_at_gmail.com>
Date: Sun, 29 Jun 2025 02:27:51 UTC
On Sat, Jun 28, 2025 at 11:23:01PM +0000, Bjoern A. Zeeb wrote:
> On Sun, 29 Jun 2025, Konstantin Belousov wrote:
> 
> > On Sat, Jun 28, 2025 at 05:32:17PM +0000, Bjoern A. Zeeb wrote:
> > > Hi,
> > > 
> > > happened in one of my dev VMs:
> > > 
> > > # more /etc/wpa_supplicant.conf Illegal instruction (core dumped)
> > > 
> > > As I see nothing in UPDATING in the range from HEAD to the commit I
> > > rebased --onto b93161a7e38d (downgrade of the kernel) that would
> > > explain this I am wondering.
> > > 
> > > 
> > > Mounted the disk image from the base system and checked the core:
> > > 
> > > Program terminated with signal SIGILL, Illegal instruction.
> > > (gdb) where
> > > #0  0x00003fabd04ebeed in tgetflag_sp (sp=0x3fa3ad42f3a0 <get_term[termbuf]>, id=0x3fa3ad42f3a0 <get_term[termbuf]> "") at /usr/src/contrib/ncurses/ncurses/tinfo/lib_termcap.c:259
> > > #1  0x00003fa3ad404e9e in get_term () at /usr/src/contrib/less/screen.c:1256
> > > #2  0x00003fa3ad4042ef in main (argc=1, argv=0x3fabce1f26b8) at /usr/src/contrib/less/main.c:344
> > > 
> > 
> > What is the instruction that faulted?
> > Also show the registers values used by the instruction.
> 
> I am a bit rusty with this user spaec stuff ;-)  Hope the below helps.
> 
> (gdb) display/i $pc
> 1: x/i $pc
> => 0x3fabd04ebeed <tgetflag_sp+29>:     cmove  %rbx,%rcx
> 

So this is kind of impossible.
The instruction CMOVE is there from the PentiumPro times.  It does not
access any resources except registers.  It cannot cause the vmexit on its
own since it cannot generate exceptions (well perhaps except code fetch
page fault).  The only possible vmexit on this instruction is due to
external events.  But then bhyve does not generate #UD.

BTW was it intel or amd cpu?

> (gdb) info f
> Stack level 0, frame at 0x3fabce1f25b0:
>  rip = 0x3fabd04ebeed in tgetflag_sp (/usr/src/src.pecunia/contrib/ncurses/ncurses/tinfo/lib_termcap.c:259); saved rip = 0x3fa3ad404e9e
>  called by frame at 0x3fabce1f2600
>  source language c.
>  Arglist at 0x3fabce1f25a0, args: sp=0x3fa3ad42f3a0 <get_term[termbuf]>, id=0x3fa3ad42f3a0 <get_term[termbuf]> ""
>  Locals at 0x3fabce1f25a0, Previous frame's sp is 0x3fabce1f25b0
>  Saved registers:
>   rbx at 0x3fabce1f2590, rbp at 0x3fabce1f25a0, r14 at 0x3fabce1f2598, rip at 0x3fabce1f25a8
> 
> (gdb) info r
> rax            0x3fabd04fec30      70007166856240
> rbx            0x3fabce1f4cb8      70007130115256
> rcx            0xd00b620ed25bfd23  -3455560473278415581
> rdx            0x3fabce1f2aaa      70007130106538
> rsi            0x3fa3ad42f3a0      69972219065248
> rdi            0x3fa3ad42f3a0      69972219065248
> rbp            0x3fabce1f25a0      0x3fabce1f25a0
> rsp            0x3fabce1f25a0      0x3fabce1f25a0
> r8             0x11                17
> r9             0x3                 3
> r10            0x10                16
> r11            0x40                64
> r12            0x3fabd145be60      70007182966368
> r13            0x2                 2
> r14            0x3fa3ad43bab8      69972219116216
> r15            0x1                 1
> rip            0x3fabd04ebeed      0x3fabd04ebeed <tgetflag_sp+29>
> eflags         0x10202             [ IF RF ]
> cs             0x43                67
> ss             0x3b                59
> ds             0x3b                59
> es             0x3b                59
> fs             0x13                19
> gs             0x1b                27
> fs_base        0x467b85825120      77496334831904
> gs_base        0x0                 0
> 
> 
> |   0x3fabd04ebed7 <tgetflag_sp+7>          test   %rdi,%rdi                                             |
> |   0x3fabd04ebeda <tgetflag_sp+10>         je     0x3fabd04ebef3 <tgetflag_sp+35>                       |
> |   0x3fabd04ebedc <tgetflag_sp+12>         mov    0x30(%rdi),%rcx                                       |
> |   0x3fabd04ebee0 <tgetflag_sp+16>         test   %rcx,%rcx                                             |
> |   0x3fabd04ebee3 <tgetflag_sp+19>         mov    0x10d6e(%rip),%rax        # 0x3fabd04fcc58            |
> |   0x3fabd04ebeea <tgetflag_sp+26>         mov    (%rax),%rbx                                           |
> |  >0x3fabd04ebeed <tgetflag_sp+29>         cmove  %rbx,%rcx                                             |
> |   0x3fabd04ebef1 <tgetflag_sp+33>         jmp    0x3fabd04ebf00 <tgetflag_sp+48>                       |
> |   0x3fabd04ebef3 <tgetflag_sp+35>         mov    0x10d5e(%rip),%rax        # 0x3fabd04fcc58            |
> |   0x3fabd04ebefa <tgetflag_sp+42>         mov    (%rax),%rbx                                           |
> |   0x3fabd04ebefd <tgetflag_sp+45>         mov    %rbx,%rcx                                             |
> |   0x3fabd04ebf00 <tgetflag_sp+48>         xor    %eax,%eax                                             |
> |   0x3fabd04ebf02 <tgetflag_sp+50>         test   %rcx,%rcx                                             |
> |   0x3fabd04ebf05 <tgetflag_sp+53>         je     0x3fabd04ebfe6 <tgetflag_sp+278>                      |
> |   0x3fabd04ebf0b <tgetflag_sp+59>         cmpb   $0x0,(%rsi)                                           |
> |   0x3fabd04ebf0e <tgetflag_sp+62>         je     0x3fabd04ebfe6 <tgetflag_sp+278>                      |
> |   0x3fabd04ebf14 <tgetflag_sp+68>         cmpb   $0x0,0x1(%rsi)                                        |
> |   0x3fabd04ebf18 <tgetflag_sp+72>         je     0x3fabd04ebfe6 <tgetflag_sp+278>                      |
> 
> --
> Bjoern A. Zeeb                                                     r15:7