I am trying to debug a custom kernel that is apparently making an error during an iretq instruction. I have the following data pushed on the stack, in this order, from most to least recent (all of the values below are 8 bytes in size), with the current location of the stack pointer as indicated:
trapno
trapfn
err
rip <- %rsp
cs
rflags
rsp
When I execute the iretq, it is my understanding that it will pop the rip, cs, rflags, and rsp values from the stack, in that order, and place them into the corresponding registers. However, for whatever reason the CPU is skipping the rip field and starting with cs instead. This has the effect that %rip has the value intended for %cs, and %rflags has the value intended for %rsp. This is causing a crash, as %cs does not contain a valid instruction address.
Note that the fields located above rip in the above listing were part of a large structure that was allocated on the stack, and then deallocated by moving %rsp back past its start, to the rip field. I have tried adjusting the amount by which %rsp is moved, to no effect.