Bug 250455 - General protection fault when booting 12.1 via qemu/i386 with -enable-kvm -cpu max
Summary: General protection fault when booting 12.1 via qemu/i386 with -enable-kvm -cp...
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 12.1-RELEASE
Hardware: i386 Any
: --- Affects Only Me
Assignee: freebsd-bugs (Nobody)
Depends on:
Reported: 2020-10-19 10:48 UTC by Michał Górny
Modified: 2020-10-20 16:35 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny 2020-10-19 10:48:32 UTC
I'm trying to boot FreeBSD-12.1-RELEASE-i386-bootonly.iso inside qemu:

$ qemu-system-i386 -enable-kvm -boot d -cdrom FreeBSD-12.1-RELEASE-i386-bootonly.iso -cpu max -display curses

To reproduce the fault, both -enable-kvm and '-cpu max' must be used.

The host is Gentoo Linux.  The CPU is:

processor       : 0
vendor_id       : AuthenticAMD
cpu family      : 23
model           : 113
model name      : AMD Ryzen 5 3600 6-Core Processor
stepping        : 0
microcode       : 0x8701021
cpu MHz         : 2794.608
cache size      : 512 KB
physical id     : 0
siblings        : 12
core id         : 0
cpu cores       : 6
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 16
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt p
dpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcn
t aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_c
ore perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate sme ssbd mba sev ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 cqm rdt_a rdse
ed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr rdpru 
wbnoinvd arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif umip rdp
id overflow_recov succor smca
bugs            : sysret_ss_attrs spectre_v1 spectre_v2 spec_store_bypass
bogomips        : 7190.59
TLB size        : 3072 4K pages
clflush size    : 64
cache_alignment : 64
address sizes   : 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

I'm getting:

Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
error code              = 0
instruction pointer     = 0x20:0x157cfe3
stack pointer           = 0x28:0x2423bb8
frame pointer           = 0x28:0x2423bdc
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 0 ()
trap number             = 9
panic: general protection fault
cpuid = 0
time = 1
KDB: stack backtrace:
#0 0x103c50e at kdb_backtrace+0x4e
#1 0xff6001 at vpanic+0x121
#2 0xff5ed4 at panic+0x14
#3 0x155cf0e at trap_fatal+0x34e
#4 0x155c392 at trap+0xd2
#5 0xffc0316d at PTDpde+0x4175
#6 0xf96644 at mi_startup+0xe4
#7 0x8fa05f at btext+0x5f
Uptime: 1s

I'm going to try installing it without '-cpu max' and then building fresh kernel with debug.
Comment 1 Michał Górny 2020-10-19 12:03:28 UTC
FWICS the issue doesn't happen on master anymore but it does happen on releng/12.1 branch.
Comment 2 Ed Maste freebsd_committer 2020-10-19 16:38:11 UTC
Do 12.2-RC images boot?
Comment 3 Michał Górny 2020-10-19 16:57:34 UTC
FreeBSD-12.2-RC3-i386-bootonly.iso fails the same way.
Comment 4 Michał Górny 2020-10-19 17:02:08 UTC
I'm going to try a reverse-bisect.
Comment 5 Michał Górny 2020-10-20 02:51:25 UTC
I've been able to go back as far as to a93b5bbe069508aa0f8973501712d9c3664fc683 (2019-12-06) and reproduce the new (i.e. working) behavior.  My next stop ended up to be incompatible with userland, so I'll need to try approaching in the other direction.
Comment 6 Michał Górny 2020-10-20 16:35:25 UTC
Curious enough, 12.0 doesn't seem to suffer from it.