Regression in 8.2: Synchronous Exception when running a VM on AArch64
Environment:
- Hardware: MacBook Pro M2 Max
- OS: macOS Sonoma 14.2.1
- QEMU version: 8.2.0 (installed via Homebrew)
- Guest: Ubuntu Jammy (ARM64)
Reproduction
wget https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-arm64.img
qemu-img create -F qcow2 -b jammy-server-cloudimg-arm64.img -f qcow2 ubuntu0.img 128G
qemu-system-aarch64 \
-nographic \
-machine virt,accel=hvf,highmem=on \
-cpu host \
-smp 2 \
-m 2G \
-bios /opt/homebrew/share/qemu/edk2-aarch64-code.fd \
-hda ubuntu0.imgResult
The VM crashes when booting, with the following error:
UEFI firmware (version edk2-stable202302-for-qemu built at 18:12:10 on Sep 11 2023)
Error: Image at 000BFD42000 start failed: Not Found
Error: Image at 000BFC94000 start failed: Unsupported
Error: Image at 000BFC13000 start failed: Not Found
Tpm2SubmitCommand - Tcg2 - Not Found
Tpm2GetCapabilityPcrs fail!
Tpm2SubmitCommand - Tcg2 - Not Found
Image type X64 can't be loaded on AARCH64 UEFI system.
BdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x2,0x0)
BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x2,0x0)
Synchronous Exception at 0x00000000BC564000
PC 0x0000BC564000
PC 0x0000BC5C23F4
PC 0x0000BC5C2608
PC 0x0000BC5C332C
PC 0x0000BC5C0030
PC 0x000047685788 (0x00004767E000+0x00007788) [ 1] DxeCore.dll
PC 0x0000BFCCAECC (0x0000BFCC4000+0x00006ECC) [ 2] BdsDxe.dll
PC 0x0000BFCCDFD4 (0x0000BFCC4000+0x00009FD4) [ 2] BdsDxe.dll
PC 0x00004768900C (0x00004767E000+0x0000B00C) [ 3] DxeCore.dll
[ 1] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
[ 2] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Universal/BdsDxe/BdsDxe/DEBUG/BdsDxe.dll
[ 3] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
X0 0x00000000BE8AAF18 X1 0x00000000BFFD0018 X2 0x00000000BC564000 X3 0x0000000000000000
X4 0x00000000BFD3E088 X5 0x0000000000000001 X6 0x00000000BC560000 X7 0x0000000000000000
X8 0x00600000BC56070F X9 0x00000000BC560000 X10 0x0000000000000003 X11 0x00000000BC578FFF
X12 0x0000000000000000 X13 0x0000000000000008 X14 0x000000006ED9EBA1 X15 0x000000008F1BBCDC
X16 0x00000000BFD362BC X17 0x00000000C19CD528 X18 0x0000000000000011 X19 0x00000000BC641000
X20 0x0000000000000000 X21 0x00000000BE8AAF18 X22 0x00000000BC655930 X23 0x0000000000000001
X24 0x00000000BC655000 X25 0x00000000BC6559F8 X26 0x00000000BC655A00 X27 0x00000000BC655A08
X28 0x00000000BC655A10 FP 0x000000004767D720 LR 0x00000000BC5C23F4
V0 0xAFAFAFAFAFAFAFAF AFAFAFAFAFAFAFAF V1 0xFFFFFF80FFFFFFD0 000000004767D3A0
V2 0x554E65213A544C55 41464544464F544E V3 0x0000000000000000 0010000000000000
V4 0x0000000040000000 0000000000000000 V5 0x4010040140100401 4010040140100401
V6 0x0040000000001000 0040000000001000 V7 0x0000000000000000 0000000000000000
V8 0x0000000000000000 0000000000000000 V9 0x0000000000000000 0000000000000000
V10 0x0000000000000000 0000000000000000 V11 0x0000000000000000 0000000000000000
V12 0x0000000000000000 0000000000000000 V13 0x0000000000000000 0000000000000000
V14 0x0000000000000000 0000000000000000 V15 0x0000000000000000 0000000000000000
V16 0x0000000000000000 0000000000000000 V17 0x0000000000000000 0000000000000000
V18 0x0000000000000000 0000000000000000 V19 0x0000000000000000 0000000000000000
V20 0x0000000000000000 0000000000000000 V21 0x0000000000000000 0000000000000000
V22 0x0000000000000000 0000000000000000 V23 0x0000000000000000 0000000000000000
V24 0x0000000000000000 0000000000000000 V25 0x0000000000000000 0000000000000000
V26 0x0000000000000000 0000000000000000 V27 0x0000000000000000 0000000000000000
V28 0x0000000000000000 0000000000000000 V29 0x0000000000000000 0000000000000000
V30 0x0000000000000000 0000000000000000 V31 0x0000000000000000 0000000000000000
SP 0x000000004767D720 ELR 0x00000000BC564000 SPSR 0x60000A05 FPSR 0x00000000
ESR 0x8600000F FAR 0x00000000BC564000
ESR : EC 0x21 IL 0x1 ISS 0x0000000F
Instruction abort: Permission fault, third level
Stack dump:
000004767D620: 0000000000000001 00000000BC655000 00000000BC6559F8 00000000BC655A00
000004767D640: 00000000BC655A08 00000000BC655A10 000000004767D690 00000000BC579018
000004767D660: 000000004767D6D0 000000004767D768 00000000BC56E000 00000000BC56E009
000004767D680: 00000000BC630607 00000000000000C3 000000004767D6B0 FE3688847501A94B
000004767D6A0: DE86230ED9A8988D 00000000E17B053C 16CF6509F217BF38 F2BD26032C1D0511
000004767D6C0: E54DFA145B8EB223 220B01409C0E646C 0000000000000000 0000000000018000
000004767D6E0: 0000000000004000 0000000000000400 000010000007D720 00000000BC5791A0
000004767D700: 00000000BC579148 00000000BC579140 0000000000000010 00000000BC579098
> 000004767D720: 000000004767D780 00000000BC5C2608 0000000000000001 00000000BC641000
000004767D740: 00000000BE8AAF18 0000000000000000 000160184767D780 00000000BC564000
000004767D760: 00000000BC560000 0000000000000019 00000000BCB41D18 00000000BC579018
000004767D780: 000000004767D7E0 00000000BC5C332C 0000000000000000 00000000BC5C0428
000004767D7A0: 00000000BC6559DF 00000000BE8AAF18 000000004767D850 00000000BC5C32F0
000004767D7C0: 00000000BEFFE6C0 00000000BEE31030 00000000BF0076A0 00000000BF069D20
000004767D7E0: 000000004767D880 00000000BC5C0030 0000000000000000 0000000000000000
000004767D800: 0000000000000000 0000000000000001 00000000BFCDE000 00000000BE8A5FE4
Synchronous Exception at 0x00000000BC564000
ASSERT [ArmCpuDxe] /home/kraxel/projects/qemu/roms/edk2/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(343): ((BOOLEAN)(0==1))Downgrading QEMU to 8.1.3 fixes the problem, therefore indicating a likely regression in version 8.2
Edited by Roman Janusz