Skip to content

Regression in v8.0.0-rc1: `Abort trap: 6` during `hvf/x86_emu.c:exec_mov()` (`-cpu host` + UEFI)

Host environment

  • Operating system: macOS 13.3.1
  • OS/kernel version: Darwin Kernel Version 22.4.0
  • Architecture: x86_64 (Intel(R) Core(TM) i7-1068NG7 CPU @ 2.30GHz, MacBook Pro 2020)
  • QEMU flavor: qemu-system-x86_64
  • QEMU version: QEMU emulator version 7.2.94 (v7.0.0-8004-g7dbd6f8a27) (i.e., v8.0.0-rc4)
  • QEMU command line: 
    qemu-system-x86_64 -accel hvf -cpu host -drive if=pflash,format=raw,readonly=on,file=/usr/local/share/qemu/edk2-x86_64-code.fd

Emulated/Virtualized environment

  • Operating system: Just starting UEFI is enough to hit this issue.
  • Architecture: x86_64

Description of problem

qemu-system-x86_64 -accel hvf -cpu host -drive <UEFI> crashes.

Steps to reproduce

$ qemu-system-x86_64 -accel hvf -cpu host -drive if=pflash,format=raw,readonly=on,file=/usr/local/share/qemu/edk2-x86_64-code.fd 
vmx_read_mem: mmu_gva_to_gpa ffc00000 failed
Abort trap: 6

Additional information

This is a regression in v8.0.0-rc1.

  • v8.0.0-rc0: works
  • v8.0.0-rc1: crashes
  • ...
  • v8.0.0-rc4: crashes

Backtrace:

$ lldb /usr/local/bin/qemu-system-x86_64 
(lldb) target create "/usr/local/bin/qemu-system-x86_64"
Current executable set to '/usr/local/bin/qemu-system-x86_64' (x86_64).
(lldb) process handle SIGUSR2 -s false -p true
NAME         PASS     STOP     NOTIFY
===========  =======  =======  =======
SIGUSR2      true     false    not set
(lldb) run  -accel hvf -cpu host -drive if=pflash,format=raw,readonly=on,file=/usr/local/share/qemu/edk2-x86_64-code.fd
Process 17627 launched: '/usr/local/bin/qemu-system-x86_64' (x86_64)
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
Process 17627 stopped and restarted: thread 1 received signal: SIGUSR2
2023-04-14 17:16:22.879194+0900 qemu-system-x86_64[17627:1529741] [Window] Warning: Window NSWindow 0x10391def0 ordered front from a non-active application and may order beneath the active application's windows.
vmx_read_mem: mmu_gva_to_gpa ffc00000 failed
Process 17627 stopped
* thread #4, stop reason = signal SIGABRT
    frame #0: 0x00007ff8121331f2 libsystem_kernel.dylib`__pthread_kill + 10
libsystem_kernel.dylib`:
->  0x7ff8121331f2 <+10>: jae    0x7ff8121331fc            ; <+20>
    0x7ff8121331f4 <+12>: movq   %rax, %rdi
    0x7ff8121331f7 <+15>: jmp    0x7ff81212ccdb            ; cerror_nocancel
    0x7ff8121331fc <+20>: retq   
Target 0: (qemu-system-x86_64) stopped.
(lldb) bt
* thread #4, stop reason = signal SIGABRT
  * frame #0: 0x00007ff8121331f2 libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007ff81216aee6 libsystem_pthread.dylib`pthread_kill + 263
    frame #2: 0x00007ff812091b45 libsystem_c.dylib`abort + 123
    frame #3: 0x0000000100223608 qemu-system-x86_64`vmx_read_mem + 201
    frame #4: 0x000000010021fa5b qemu-system-x86_64`read_val_ext + 65
    frame #5: 0x000000010021fc02 qemu-system-x86_64`fetch_operands + 197
    frame #6: 0x0000000100220f8b qemu-system-x86_64`exec_mov + 31
    frame #7: 0x0000000100220f01 qemu-system-x86_64`exec_instruction + 48
    frame #8: 0x000000010021c81f qemu-system-x86_64`hvf_vcpu_exec + 4144
    frame #9: 0x000000010033fa53 qemu-system-x86_64`hvf_cpu_thread_fn + 270
    frame #10: 0x0000000100492e49 qemu-system-x86_64`qemu_thread_start + 130
    frame #11: 0x00007ff81216b1d3 libsystem_pthread.dylib`_pthread_start + 125
    frame #12: 0x00007ff812166bd3 libsystem_pthread.dylib`thread_start + 15
(lldb)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information