Bug #1758819 “HVF Illegal instruction: 4, High Sierra, v2.12-rc0...” : Bugs : QEMU

Revision history for this message

Erik Kristian Sverre Uri (eksu) wrote on 2018-03-31:

#1

Download full text (7.4 KiB)

Process: qemu-system-x86_64 [6330]
Path: /Users/USER/*/qemu-system-x86_64
Identifier: qemu-system-x86_64
Version: 0
Code Type: X86-64 (Native)
Parent Process: bash [1558]
Responsible: qemu-system-x86_64 [6330]
User ID: 501

Date/Time: 2018-03-31 13:46:58.355 -0700
OS Version: Mac OS X 10.13.4 (17E199)
Report Version: 12
Anonymous UUID: 28693BB0-7F66-6066-026C-DDE857D912F6

Time Awake Since Boot: 1800 seconds

System Integrity Protection: disabled

Crashed Thread: 0 Dispatch queue: com.apple.main-thread

Exception Type: EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes: 0x0000000000000001, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Signal: Illegal instruction: 4
Termination Reason: Namespace SIGNAL, Code 0x4
Terminating Process: exc handler [0]

Thread 0 Crashed:: 0 qemu-system-x86_64 1 qemu-system-x86_64 2 qemu-system-x86_64 3 qemu-system-x86_64 4 qemu-system-x86_64 5 qemu-system-x86_64 6 qemu-system-x86_64 7 qemu-system-x86_64 8 qemu-system-x86_64 9 qemu-system-x86_64 10 qemu-system-x86_64 11 com.apple.Foundation 17 com.apple.AppKit 18 com.apple.AppKit 19 com.apple.AppKit 20 com.apple.AppKit 21 com.apple.Foundation Dispatch queue: com.apple.main-thread
0x000000010d8acafc hvf_get_supported_cpuid + 300 (x86_cpuid.c:102)
0x000000010d8453e8 x86_cpu_expand_features + 200 (cpu.c:2408)
0x000000010d847770 x86_cpu_realizefn + 288 (cpu.c:3669)
0x000000010d92fa73 device_set_realized + 899 (qdev.c:917)
0x000000010da6e123 property_set_bool + 99
0x000000010da6f410 object_property_set_qobject + 48 (qom-qobject.c:28)
0x000000010da6ca71 object_property_set_bool + 49 (qobject.h:81)
0x000000010d824baf pc_cpus_init + 415 (pc.c:1104)
0x000000010d829c6d pc_init1 + 349 (pc_piix.c:157)
0x000000010d8cb234 qemu_main + 17476 (vl.c:1275)
0x000000010da6723e -[QemuCocoaAppController startEmulationWithArgc:argv:] + 30 (cocoa.m:1017)
/>CoreFoundation 0x00007fff5294561c __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 12
/>CoreFoundation 0x00007fff529454ea _CFXRegistrationPost + 458
/>CoreFoundation 0x00007fff52945221 ___CFXNotificationPost_block_invoke + 225
/>CoreFoundation 0x00007fff52903d72 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1826
/>CoreFoundation 0x00007fff52902e03 _CFXNotificationPost + 659
0x00007fff54a1f8c7 -[NSNotificationCenter postNotificationName:object:userInfo:] + 66
0x00007fff4fff3206 -[NSApplication _postDidFinishNotification] + 313
0x00007fff4fff2e4f -[NSApplication _sendFinishLaunchingNotification] + 220
0x00007fff4fec5ab3 -[NSApplication(NSAppleEventHandling) _handleAEOpenEvent:] + 562
0x00007fff4fec56e9 -[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] + 690
0x00007fff54a62714 -[NSAppleEvent...

Process:               qemu-system-x86_64 [6330]
Path:                  /Users/USER/*/qemu-system-x86_64
Identifier:            qemu-system-x86_64
Version:               0
Code Type:             X86-64 (Native)
Parent Process:        bash [1558]
Responsible:           qemu-system-x86_64 [6330]
User ID:               501

Date/Time:             2018-03-31 13:46:58.355 -0700
OS Version:            Mac OS X 10.13.4 (17E199)
Report Version:        12
Anonymous UUID:        28693BB0-7F66-6066-026C-DDE857D912F6

Time Awake Since Boot: 1800 seconds

System Integrity Protection: disabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes:       0x0000000000000001, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Illegal instruction: 4
Termination Reason:    Namespace SIGNAL, Code 0x4
Terminating Process:   exc handler [0]

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   qemu-system-x86_64            	0x000000010d8acafc hvf_get_supported_cpuid + 300 (x86_cpuid.c:102)
1   qemu-system-x86_64            	0x000000010d8453e8 x86_cpu_expand_features + 200 (cpu.c:2408)
2   qemu-system-x86_64            	0x000000010d847770 x86_cpu_realizefn + 288 (cpu.c:3669)
3   qemu-system-x86_64            	0x000000010d92fa73 device_set_realized + 899 (qdev.c:917)
4   qemu-system-x86_64            	0x000000010da6e123 property_set_bool + 99
5   qemu-system-x86_64            	0x000000010da6f410 object_property_set_qobject + 48 (qom-qobject.c:28)
6   qemu-system-x86_64            	0x000000010da6ca71 object_property_set_bool + 49 (qobject.h:81)
7   qemu-system-x86_64            	0x000000010d824baf pc_cpus_init + 415 (pc.c:1104)
8   qemu-system-x86_64            	0x000000010d829c6d pc_init1 + 349 (pc_piix.c:157)
9   qemu-system-x86_64            	0x000000010d8cb234 qemu_main + 17476 (vl.c:1275)
10  qemu-system-x86_64            	0x000000010da6723e -[QemuCocoaAppController startEmulationWithArgc:argv:] + 30 (cocoa.m:1017)
11  com.apple.CoreFoundation      	0x00007fff5294561c __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 12
12  com.apple.CoreFoundation      	0x00007fff529454ea _CFXRegistrationPost + 458
13  com.apple.CoreFoundation      	0x00007fff52945221 ___CFXNotificationPost_block_invoke + 225
14  com.apple.CoreFoundation      	0x00007fff52903d72 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1826
15  com.apple.CoreFoundation      	0x00007fff52902e03 _CFXNotificationPost + 659
16  com.apple.Foundation          	0x00007fff54a1f8c7 -[NSNotificationCenter postNotificationName:object:userInfo:] + 66
17  com.apple.AppKit              	0x00007fff4fff3206 -[NSApplication _postDidFinishNotification] + 313
18  com.apple.AppKit              	0x00007fff4fff2e4f -[NSApplication _sendFinishLaunchingNotification] + 220
19  com.apple.AppKit              	0x00007fff4fec5ab3 -[NSApplication(NSAppleEventHandling) _handleAEOpenEvent:] + 562
20  com.apple.AppKit              	0x00007fff4fec56e9 -[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] + 690
21  com.apple.Foundation          	0x00007fff54a62714 -[NSAppleEventManager dispatchRawAppleEvent:withRawReply:handlerRefCon:] + 287
22  com.apple.Foundation          	0x00007fff54a62592 _NSAppleEventManagerGenericHandler + 102
23  com.apple.AE                  	0x00007fff53a3bdd0 aeDispatchAppleEvent(AEDesc const*, AEDesc*, unsigned int, unsigned char*) + 1788
24  com.apple.AE                  	0x00007fff53a3b677 dispatchEventAndSendReply(AEDesc const*, AEDesc*) + 41
25  com.apple.AE                  	0x00007fff53a3b565 aeProcessAppleEvent + 383
26  com.apple.HIToolbox           	0x00007fff51c1d4a0 AEProcessAppleEvent + 55
27  com.apple.AppKit              	0x00007fff4fec0d32 _DPSNextEvent + 2788
28  com.apple.AppKit              	0x00007fff50656e34 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044
29  com.apple.AppKit              	0x00007fff4feb5885 -[NSApplication run] + 764
30  qemu-system-x86_64            	0x000000010da68e99 main + 2537 (cocoa.m:1462)
31  libdyld.dylib                 	0x00007fff7ace7015 start + 1

Thread 1:
0   libsystem_kernel.dylib        	0x00007fff7ae37d8a __semwait_signal + 10
1   libsystem_c.dylib             	0x00007fff7adb2724 nanosleep + 199
2   libglib-2.0.0.dylib           	0x000000010e8fc9fe g_usleep + 71
3   qemu-system-x86_64            	0x000000010db55f39 call_rcu_thread + 217 (rcu.c:244)
4   libsystem_pthread.dylib       	0x00007fff7afff661 _pthread_body + 340
5   libsystem_pthread.dylib       	0x00007fff7afff50d _pthread_start + 377
6   libsystem_pthread.dylib       	0x00007fff7affebf9 thread_start + 13

Thread 2:: Dispatch queue: NSCGSDisableUpdates
0   libsystem_kernel.dylib        	0x00007fff7ae2e20a mach_msg_trap + 10
1   libsystem_kernel.dylib        	0x00007fff7ae2d724 mach_msg + 60
2   com.apple.SkyLight            	0x00007fff74b129f5 CGSUpdateManager::enable_updates_common() + 565
3   com.apple.SkyLight            	0x00007fff74ab6b28 CGSUpdateManager::enable_update(unsigned long long) + 320
4   libdispatch.dylib             	0x00007fff7acb564a _dispatch_call_block_and_release + 12
5   libdispatch.dylib             	0x00007fff7acade08 _dispatch_client_callout + 8
6   libdispatch.dylib             	0x00007fff7acc2267 _dispatch_queue_serial_drain + 635
7   libdispatch.dylib             	0x00007fff7acb51b6 _dispatch_queue_invoke + 373
8   libdispatch.dylib             	0x00007fff7acc2f5d _dispatch_root_queue_drain_deferred_wlh + 332
9   libdispatch.dylib             	0x00007fff7acc6d71 _dispatch_workloop_worker_thread + 880
10  libsystem_pthread.dylib       	0x00007fff7affefd2 _pthread_wqthread + 980
11  libsystem_pthread.dylib       	0x00007fff7affebe9 start_wqthread + 13

Thread 3:
0   libsystem_kernel.dylib        	0x00007fff7ae38292 __workq_kernreturn + 10
1   libsystem_pthread.dylib       	0x00007fff7afff009 _pthread_wqthread + 1035
2   libsystem_pthread.dylib       	0x00007fff7affebe9 start_wqthread + 13

Thread 4:
0   libsystem_kernel.dylib        	0x00007fff7ae38292 __workq_kernreturn + 10
1   libsystem_pthread.dylib       	0x00007fff7afff009 _pthread_wqthread + 1035
2   libsystem_pthread.dylib       	0x00007fff7affebe9 start_wqthread + 13

Thread 5:
0   libsystem_kernel.dylib        	0x00007fff7ae38292 __workq_kernreturn + 10
1   libsystem_pthread.dylib       	0x00007fff7afff009 _pthread_wqthread + 1035
2   libsystem_pthread.dylib       	0x00007fff7affebe9 start_wqthread + 13

Thread 6:
0   libsystem_kernel.dylib        	0x00007fff7ae38042 __sigwait + 10
1   libsystem_pthread.dylib       	0x00007fff7b001ad9 sigwait + 61
2   qemu-system-x86_64            	0x000000010db4061b sigwait_compat + 59 (compatfd.c:37)
3   libsystem_pthread.dylib       	0x00007fff7afff661 _pthread_body + 340
4   libsystem_pthread.dylib       	0x00007fff7afff50d _pthread_start + 377
5   libsystem_pthread.dylib       	0x00007fff7affebf9 thread_start + 13

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x000000010d8acae7  rbx: 0x000000000000000d  rcx: 0x0000000000000000  rdx: 0x0000000000000002
  rdi: 0x000000000000000d  rsi: 0x0000000000000000  rbp: 0x00007ffee246eed0  rsp: 0x00007ffee246ee80
   r8: 0x00007ffee246ee8c   r9: 0x00007ffee246ee88  r10: 0x00007ffee246ee90  r11: 0x00007ffee246ee94
  r12: 0x0000000000000000  r13: 0x00007f875509b201  r14: 0x0000000000000000  r15: 0x0000000000000000
  rip: 0x000000010d8acafc  rfl: 0x0000000000010246  cr2: 0x000000010d847650
  
Logical CPU:     2
Error Code:      0x00000000
Trap Number:     6

Revision history for this message

Erik Kristian Sverre Uri (eksu) wrote on 2018-03-31:

#2

Download full text (7.9 KiB)

Disregard the above log; that was from a September 2017 build.

On RC1:

Process: qemu-system-x86_64 [6567]
Path: /usr/local/bin/qemu-system-x86_64
Identifier: qemu-system-x86_64
Version: 0
Code Type: X86-64 (Native)
Parent Process: bash [1558]
Responsible: qemu-system-x86_64 [6567]
User ID: 501

Date/Time: 2018-03-31 13:53:57.851 -0700
OS Version: Mac OS X 10.13.4 (17E199)
Report Version: 12
Anonymous UUID: 28693BB0-7F66-6066-026C-DDE857D912F6

Time Awake Since Boot: 2200 seconds

System Integrity Protection: disabled

Crashed Thread: 0 Dispatch queue: com.apple.main-thread

Exception Type: EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes: 0x0000000000000001, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Signal: Illegal instruction: 4
Termination Reason: Namespace SIGNAL, Code 0x4
Terminating Process: exc handler [0]

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 qemu-system-x86_64 0x000000010524165b 0x105134000 + 1103451
1 qemu-system-x86_64 0x00000001051e2481 0x105134000 + 713857
2 qemu-system-x86_64 0x00000001051e2170 0x105134000 + 713072
3 qemu-system-x86_64 0x00000001051e3e2a 0x105134000 + 720426
4 qemu-system-x86_64 0x00000001052b625a 0x105134000 + 1581658
5 qemu-system-x86_64 0x00000001053e5606 0x105134000 + 2823686
6 qemu-system-x86_64 0x00000001053e65bb 0x105134000 + 2827707
7 qemu-system-x86_64 0x00000001053e4126 0x105134000 + 2818342
8 qemu-system-x86_64 0x00000001051c35fc 0x105134000 + 587260
9 qemu-system-x86_64 0x00000001051c36e6 0x105134000 + 587494
10 qemu-system-x86_64 0x00000001051c8040 0x105134000 + 606272
11 qemu-system-x86_64 0x000000010525a462 0x105134000 + 1205346
12 qemu-system-x86_64 0x00000001053c8e28 0x105134000 + 2706984
13 com.apple.CoreFoundation 0x00007fff5294561c __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 12
14 com.apple.CoreFoundation 0x00007fff529454ea _CFXRegistrationPost + 458
15 com.apple.CoreFoundation 0x00007fff52945221 ___CFXNotificationPost_block_invoke + 225
16 com.apple.CoreFoundation 0x00007fff52903d72 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1826
17 com.apple.CoreFoundation 0x00007fff52902e03 _CFXNotificationPost + 659
18 com.apple.Foundation 0x00007fff54a1f8c7 -[NSNotificationCenter postNotificationName:object:userInfo:] + 66
19 com.apple.AppKit 0x00007fff4fff3206 -[NSApplication _postDidFinishNotification] + 313
20 com.apple.AppKit 0x00007fff4fff2e4f -[NSApplication _sendFinishLaunchingNotification] + 220
21 com.apple.AppKit 0x00007fff4fec5ab3 -[NSApplication(NSAppleEventHandling) _handleAEOpenEvent:] + 562
22 com.apple.AppKit 0x00007fff4fec56e9 -[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] + 690
23 com.apple.Foundation 0x00007fff54a62714 -[NSAp...

Disregard the above log; that was from a September 2017 build.

On RC1:

Process:               qemu-system-x86_64 [6567]
Path:                  /usr/local/bin/qemu-system-x86_64
Identifier:            qemu-system-x86_64
Version:               0
Code Type:             X86-64 (Native)
Parent Process:        bash [1558]
Responsible:           qemu-system-x86_64 [6567]
User ID:               501

Date/Time:             2018-03-31 13:53:57.851 -0700
OS Version:            Mac OS X 10.13.4 (17E199)
Report Version:        12
Anonymous UUID:        28693BB0-7F66-6066-026C-DDE857D912F6

Time Awake Since Boot: 2200 seconds

System Integrity Protection: disabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes:       0x0000000000000001, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Illegal instruction: 4
Termination Reason:    Namespace SIGNAL, Code 0x4
Terminating Process:   exc handler [0]

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   qemu-system-x86_64            	0x000000010524165b 0x105134000 + 1103451
1   qemu-system-x86_64            	0x00000001051e2481 0x105134000 + 713857
2   qemu-system-x86_64            	0x00000001051e2170 0x105134000 + 713072
3   qemu-system-x86_64            	0x00000001051e3e2a 0x105134000 + 720426
4   qemu-system-x86_64            	0x00000001052b625a 0x105134000 + 1581658
5   qemu-system-x86_64            	0x00000001053e5606 0x105134000 + 2823686
6   qemu-system-x86_64            	0x00000001053e65bb 0x105134000 + 2827707
7   qemu-system-x86_64            	0x00000001053e4126 0x105134000 + 2818342
8   qemu-system-x86_64            	0x00000001051c35fc 0x105134000 + 587260
9   qemu-system-x86_64            	0x00000001051c36e6 0x105134000 + 587494
10  qemu-system-x86_64            	0x00000001051c8040 0x105134000 + 606272
11  qemu-system-x86_64            	0x000000010525a462 0x105134000 + 1205346
12  qemu-system-x86_64            	0x00000001053c8e28 0x105134000 + 2706984
13  com.apple.CoreFoundation      	0x00007fff5294561c __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 12
14  com.apple.CoreFoundation      	0x00007fff529454ea _CFXRegistrationPost + 458
15  com.apple.CoreFoundation      	0x00007fff52945221 ___CFXNotificationPost_block_invoke + 225
16  com.apple.CoreFoundation      	0x00007fff52903d72 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1826
17  com.apple.CoreFoundation      	0x00007fff52902e03 _CFXNotificationPost + 659
18  com.apple.Foundation          	0x00007fff54a1f8c7 -[NSNotificationCenter postNotificationName:object:userInfo:] + 66
19  com.apple.AppKit              	0x00007fff4fff3206 -[NSApplication _postDidFinishNotification] + 313
20  com.apple.AppKit              	0x00007fff4fff2e4f -[NSApplication _sendFinishLaunchingNotification] + 220
21  com.apple.AppKit              	0x00007fff4fec5ab3 -[NSApplication(NSAppleEventHandling) _handleAEOpenEvent:] + 562
22  com.apple.AppKit              	0x00007fff4fec56e9 -[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] + 690
23  com.apple.Foundation          	0x00007fff54a62714 -[NSAppleEventManager dispatchRawAppleEvent:withRawReply:handlerRefCon:] + 287
24  com.apple.Foundation          	0x00007fff54a62592 _NSAppleEventManagerGenericHandler + 102
25  com.apple.AE                  	0x00007fff53a3bdd0 aeDispatchAppleEvent(AEDesc const*, AEDesc*, unsigned int, unsigned char*) + 1788
26  com.apple.AE                  	0x00007fff53a3b677 dispatchEventAndSendReply(AEDesc const*, AEDesc*) + 41
27  com.apple.AE                  	0x00007fff53a3b565 aeProcessAppleEvent + 383
28  com.apple.HIToolbox           	0x00007fff51c1d4a0 AEProcessAppleEvent + 55
29  com.apple.AppKit              	0x00007fff4fec0d32 _DPSNextEvent + 2788
30  com.apple.AppKit              	0x00007fff50656e34 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044
31  com.apple.AppKit              	0x00007fff4feb5885 -[NSApplication run] + 764
32  qemu-system-x86_64            	0x00000001053ca853 0x105134000 + 2713683
33  libdyld.dylib                 	0x00007fff7ace7015 start + 1

Thread 1:
0   libsystem_kernel.dylib        	0x00007fff7ae37a1e __psynch_cvwait + 10
1   libsystem_pthread.dylib       	0x00007fff7b000589 _pthread_cond_wait + 732
2   qemu-system-x86_64            	0x00000001054b0b27 0x105134000 + 3656487
3   qemu-system-x86_64            	0x00000001054bf128 0x105134000 + 3715368
4   libsystem_pthread.dylib       	0x00007fff7afff661 _pthread_body + 340
5   libsystem_pthread.dylib       	0x00007fff7afff50d _pthread_start + 377
6   libsystem_pthread.dylib       	0x00007fff7affebf9 thread_start + 13

Thread 2:
0   libsystem_kernel.dylib        	0x00007fff7ae38292 __workq_kernreturn + 10
1   libsystem_pthread.dylib       	0x00007fff7afff009 _pthread_wqthread + 1035
2   libsystem_pthread.dylib       	0x00007fff7affebe9 start_wqthread + 13

Thread 3:: Dispatch queue: NSCGSDisableUpdates
0   libsystem_kernel.dylib        	0x00007fff7ae2e20a mach_msg_trap + 10
1   libsystem_kernel.dylib        	0x00007fff7ae2d724 mach_msg + 60
2   com.apple.SkyLight            	0x00007fff74b129f5 CGSUpdateManager::enable_updates_common() + 565
3   com.apple.SkyLight            	0x00007fff74ab6b28 CGSUpdateManager::enable_update(unsigned long long) + 320
4   libdispatch.dylib             	0x00007fff7acb564a _dispatch_call_block_and_release + 12
5   libdispatch.dylib             	0x00007fff7acade08 _dispatch_client_callout + 8
6   libdispatch.dylib             	0x00007fff7acc2267 _dispatch_queue_serial_drain + 635
7   libdispatch.dylib             	0x00007fff7acb51b6 _dispatch_queue_invoke + 373
8   libdispatch.dylib             	0x00007fff7acc2f5d _dispatch_root_queue_drain_deferred_wlh + 332
9   libdispatch.dylib             	0x00007fff7acc6d71 _dispatch_workloop_worker_thread + 880
10  libsystem_pthread.dylib       	0x00007fff7affefd2 _pthread_wqthread + 980
11  libsystem_pthread.dylib       	0x00007fff7affebe9 start_wqthread + 13

Thread 4:
0   libsystem_pthread.dylib       	0x00007fff7affebdc start_wqthread + 0
1   ???                           	0x000070000e958b50 0 + 123145546992464

Thread 5:
0   libsystem_kernel.dylib        	0x00007fff7ae38292 __workq_kernreturn + 10
1   libsystem_pthread.dylib       	0x00007fff7afff009 _pthread_wqthread + 1035
2   libsystem_pthread.dylib       	0x00007fff7affebe9 start_wqthread + 13

Thread 6:
0   libsystem_kernel.dylib        	0x00007fff7ae38042 __sigwait + 10
1   libsystem_pthread.dylib       	0x00007fff7b001ad9 sigwait + 61
2   qemu-system-x86_64            	0x00000001054aee62 0x105134000 + 3649122
3   libsystem_pthread.dylib       	0x00007fff7afff661 _pthread_body + 340
4   libsystem_pthread.dylib       	0x00007fff7afff50d _pthread_start + 377
5   libsystem_pthread.dylib       	0x00007fff7affebf9 thread_start + 13

Thread 7:
0   libsystem_kernel.dylib        	0x00007fff7ae37cfa __select + 10
1   libglib-2.0.0.dylib           	0x00000001061ebb60 g_poll + 430
2   qemu-system-x86_64            	0x00000001054ae80b 0x105134000 + 3647499
3   qemu-system-x86_64            	0x0000000105252eb2 0x105134000 + 1175218
4   libsystem_pthread.dylib       	0x00007fff7afff661 _pthread_body + 340
5   libsystem_pthread.dylib       	0x00007fff7afff50d _pthread_start + 377
6   libsystem_pthread.dylib       	0x00007fff7affebf9 thread_start + 13

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000001  rbx: 0x000000000000000d  rcx: 0x0000000000000000  rdx: 0x0000000000000000
  rdi: 0x000000000000000d  rsi: 0x0000000000000000  rbp: 0x00007ffeeaac9f40  rsp: 0x00007ffeeaac9f00
   r8: 0x00007ffeeaac9f04   r9: 0x00007ffeeaac9f00  r10: 0x00007ffeeaac9f08  r11: 0x00007ffeeaac9f0c
  r12: 0x0000000000000000  r13: 0x00007fe43f0af400  r14: 0x0000000000000000  r15: 0x0000000000000000
  rip: 0x000000010524165b  rfl: 0x0000000000010246  cr2: 0x000000010518235d
  
Logical CPU:     0
Error Code:      0x00000000
Trap Number:     6

Revision history for this message

Nathan Wallace (nathanwaffles) wrote on 2018-11-07:

#3

Download full text (5.8 KiB)

I am also able to reproduce this bug. The problem is that when hvf is enabled, qemu will attempt to execute the xgetbv instruction, which isn't supported on my processor (Intel Xeon X5670).

Here is a stack trace from lldb; the behavior is 100% reproducible for me.

nathan@Nathans-Mac-Pro:~/src/qemu/qemu-3.0.0/x86_64-softmmu
$ lldb -- qemu-system-x86_64 --accel hvf
(lldb) target create "qemu-system-x86_64"
runCurrent executable set to 'qemu-system-x86_64' (x86_64).
(lldb) settings set -- target.run-args "--accel" "hvf"
(lldb) run
Process 27479 launched: '/Users/nathan/src/qemu/qemu-3.0.0/x86_64-softmmu/qemu-system-x86_64' (x86_64)
Process 27479 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0)
    frame #0: 0x00000001001bca3a qemu-system-x86_64`xgetbv(xcr=0) at x86_cpuid.c:34
   31 {
   32 uint32_t eax, edx;
   33
-> 34 __asm__ volatile ("xgetbv"
   35 : "=a" (eax), "=d" (edx)
   36 : "c" (xcr));
   37
Target 0: (qemu-system-x86_64) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0)
  * frame #0: 0x00000001001bca3a qemu-system-x86_64`xgetbv(xcr=0) at x86_cpuid.c:34
    frame #1: 0x00000001001bc8a6 qemu-system-x86_64`hvf_get_supported_cpuid(func=13, idx=0, reg=0) at x86_cpuid.c:116
    frame #2: 0x0000000100143a21 qemu-system-x86_64`x86_cpu_get_supported_feature_word(w=FEAT_XSAVE_COMP_LO, migratable_only=false) at cpu.c:3498
    frame #3: 0x000000010014367d qemu-system-x86_64`x86_cpu_filter_features(cpu=0x00000001040a2c00) at cpu.c:4749
    frame #4: 0x0000000100146c65 qemu-system-x86_64`x86_cpu_realizefn(dev=0x00000001040a2c00, errp=0x00007ffeefbfd620) at cpu.c:4834
    frame #5: 0x000000010028a84b qemu-system-x86_64`device_set_realized(obj=0x00000001040a2c00, value=true, errp=0x00007ffeefbfd7d0) at qdev.c:826
    frame #6: 0x00000001004b6d4d qemu-system-x86_64`property_set_bool(obj=0x00000001040a2c00, v=0x0000000101c49a20, name="realized", opaque=0x0000000101a996d0, errp=0x00007ffeefbfd7d0) at object.c:1984
    frame #7: 0x00000001004b4ae8 qemu-system-x86_64`object_property_set(obj=0x00000001040a2c00, v=0x0000000101c49a20, name="realized", errp=0x00007ffeefbfd7d0) at object.c:1176
    frame #8: 0x00000001004b8e8a qemu-system-x86_64`object_property_set_qobject(obj=0x00000001040a2c00, value=0x0000000101c49a00, name="realized", errp=0x00007ffeefbfd7d0) at qom-qobject.c:27
    frame #9: 0x00000001004b5092 qemu-system-x86_64`object_property_set_bool(obj=0x00000001040a2c00, value=true, name="realized", errp=0x00007ffeefbfd7d0) at object.c:1242
    frame #10: 0x000000010010ae20 qemu-system-x86_64`pc_new_cpu(typename="qemu64-x86_64-cpu", apic_id=0, errp=0x0000000100c44de0) at pc.c:1107
    frame #11: 0x000000010010af4c qemu-system-x86_64`pc_cpus_init(pcms=0x0000000101d630b0) at pc.c:1155
    frame #12: 0x000000010011294e qemu-system-x86_64`pc_init1(machine=0x0000000101d630b0, host_type="i440FX-pcihost", pci_type="i440FX") at pc_piix.c:153
    frame #13: 0x0000000100112640 qemu-system-x86_64`pc_init_v3_0(machine=0x0000000101d630b0) at ...

I am also able to reproduce this bug. The problem is that when hvf is enabled, qemu will attempt to execute the xgetbv instruction, which isn't supported on my processor (Intel Xeon X5670).

Here is a stack trace from lldb; the behavior is 100% reproducible for me.

nathan@Nathans-Mac-Pro:~/src/qemu/qemu-3.0.0/x86_64-softmmu
$ lldb -- qemu-system-x86_64 --accel hvf
(lldb) target create "qemu-system-x86_64"
runCurrent executable set to 'qemu-system-x86_64' (x86_64).
(lldb) settings set -- target.run-args  "--accel" "hvf"
(lldb) run
Process 27479 launched: '/Users/nathan/src/qemu/qemu-3.0.0/x86_64-softmmu/qemu-system-x86_64' (x86_64)
Process 27479 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0)
    frame #0: 0x00000001001bca3a qemu-system-x86_64`xgetbv(xcr=0) at x86_cpuid.c:34
   31  	{
   32  	    uint32_t eax, edx;
   33
-> 34  	    __asm__ volatile ("xgetbv"
   35  	                      : "=a" (eax), "=d" (edx)
   36  	                      : "c" (xcr));
   37
Target 0: (qemu-system-x86_64) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0)
  * frame #0: 0x00000001001bca3a qemu-system-x86_64`xgetbv(xcr=0) at x86_cpuid.c:34
    frame #1: 0x00000001001bc8a6 qemu-system-x86_64`hvf_get_supported_cpuid(func=13, idx=0, reg=0) at x86_cpuid.c:116
    frame #2: 0x0000000100143a21 qemu-system-x86_64`x86_cpu_get_supported_feature_word(w=FEAT_XSAVE_COMP_LO, migratable_only=false) at cpu.c:3498
    frame #3: 0x000000010014367d qemu-system-x86_64`x86_cpu_filter_features(cpu=0x00000001040a2c00) at cpu.c:4749
    frame #4: 0x0000000100146c65 qemu-system-x86_64`x86_cpu_realizefn(dev=0x00000001040a2c00, errp=0x00007ffeefbfd620) at cpu.c:4834
    frame #5: 0x000000010028a84b qemu-system-x86_64`device_set_realized(obj=0x00000001040a2c00, value=true, errp=0x00007ffeefbfd7d0) at qdev.c:826
    frame #6: 0x00000001004b6d4d qemu-system-x86_64`property_set_bool(obj=0x00000001040a2c00, v=0x0000000101c49a20, name="realized", opaque=0x0000000101a996d0, errp=0x00007ffeefbfd7d0) at object.c:1984
    frame #7: 0x00000001004b4ae8 qemu-system-x86_64`object_property_set(obj=0x00000001040a2c00, v=0x0000000101c49a20, name="realized", errp=0x00007ffeefbfd7d0) at object.c:1176
    frame #8: 0x00000001004b8e8a qemu-system-x86_64`object_property_set_qobject(obj=0x00000001040a2c00, value=0x0000000101c49a00, name="realized", errp=0x00007ffeefbfd7d0) at qom-qobject.c:27
    frame #9: 0x00000001004b5092 qemu-system-x86_64`object_property_set_bool(obj=0x00000001040a2c00, value=true, name="realized", errp=0x00007ffeefbfd7d0) at object.c:1242
    frame #10: 0x000000010010ae20 qemu-system-x86_64`pc_new_cpu(typename="qemu64-x86_64-cpu", apic_id=0, errp=0x0000000100c44de0) at pc.c:1107
    frame #11: 0x000000010010af4c qemu-system-x86_64`pc_cpus_init(pcms=0x0000000101d630b0) at pc.c:1155
    frame #12: 0x000000010011294e qemu-system-x86_64`pc_init1(machine=0x0000000101d630b0, host_type="i440FX-pcihost", pci_type="i440FX") at pc_piix.c:153
    frame #13: 0x0000000100112640 qemu-system-x86_64`pc_init_v3_0(machine=0x0000000101d630b0) at pc_piix.c:438
    frame #14: 0x0000000100291f25 qemu-system-x86_64`machine_run_board_init(machine=0x0000000101d630b0) at machine.c:830
    frame #15: 0x00000001001e583f qemu-system-x86_64`qemu_main(argc=3, argv=0x00007ffeefbff818, envp=0x00007ffeefbff838) at vl.c:4516
    frame #16: 0x0000000100486459 qemu-system-x86_64`-[QemuCocoaAppController startEmulationWithArgc:argv:](self=0x0000000101c16510, _cmd="startEmulationWithArgc:argv:", argc=3, argv=0x00007ffeefbff818) at cocoa.m:1093
    frame #17: 0x00000001004862f7 qemu-system-x86_64`-[QemuCocoaAppController applicationDidFinishLaunching:](self=0x0000000101c16510, _cmd="applicationDidFinishLaunching:", note=@"NSApplicationDidFinishLaunchingNotification") at cocoa.m:1045
    frame #18: 0x00007fff4c99447c CoreFoundation`__CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 12
    frame #19: 0x00007fff4c99434a CoreFoundation`_CFXRegistrationPost + 458
    frame #20: 0x00007fff4c994081 CoreFoundation`___CFXNotificationPost_block_invoke + 225
    frame #21: 0x00007fff4c952c12 CoreFoundation`-[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1826
    frame #22: 0x00007fff4c951ca3 CoreFoundation`_CFXNotificationPost + 659
    frame #23: 0x00007fff4ea7c817 Foundation`-[NSNotificationCenter postNotificationName:object:userInfo:] + 66
    frame #24: 0x00007fff4a041206 AppKit`-[NSApplication _postDidFinishNotification] + 313
    frame #25: 0x00007fff4a040e4f AppKit`-[NSApplication _sendFinishLaunchingNotification] + 220
    frame #26: 0x00007fff49f13ab3 AppKit`-[NSApplication(NSAppleEventHandling) _handleAEOpenEvent:] + 562
    frame #27: 0x00007fff49f136e9 AppKit`-[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] + 690
    frame #28: 0x00007fff4eabf664 Foundation`-[NSAppleEventManager dispatchRawAppleEvent:withRawReply:handlerRefCon:] + 287
    frame #29: 0x00007fff4eabf4e2 Foundation`_NSAppleEventManagerGenericHandler + 102
    frame #30: 0x00007fff4da97dd0 AE`aeDispatchAppleEvent(AEDesc const*, AEDesc*, unsigned int, unsigned char*) + 1788
    frame #31: 0x00007fff4da97677 AE`dispatchEventAndSendReply(AEDesc const*, AEDesc*) + 41
    frame #32: 0x00007fff4da97565 AE`aeProcessAppleEvent + 383
    frame #33: 0x00007fff4bc6e4a0 HIToolbox`AEProcessAppleEvent + 55
    frame #34: 0x00007fff49f0ed32 AppKit`_DPSNextEvent + 2788
    frame #35: 0x00007fff4a6a4e34 AppKit`-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044
    frame #36: 0x00007fff49f03885 AppKit`-[NSApplication run] + 764
    frame #37: 0x0000000100489161 qemu-system-x86_64`main(argc=3, argv=0x00007ffeefbff818) at cocoa.m:1537
    frame #38: 0x00007fff7493e015 libdyld.dylib`start + 1
    frame #39: 0x00007fff7493e015 libdyld.dylib`start + 1
(lldb) p xcr
(uint32_t) $0 = 0

Revision history for this message

MIke Pestorich (mmpestorich) wrote on 2019-04-21:

#4

x86_cpuid.c.diff Edit (667 bytes, text/plain)

According to the response here: https://<email address hidden>/msg572220.html

...the call to xgetbv should be guarded against processors that don't support the instruction. The attached patch seems to work for me but must admit I am way out of my depth here (I understand nothing about cpu architecture, features, etc...) and have not tested on anything but my old MacBook Pro (15-inch, Mid 2010) / MacBookPro6,2. All that I can say is that for this machine the call to xgetbv is not made and everything seems to work. I have no idea if this is correct for other machines/processors or if it correctly detects support of this call...

Revision history for this message

Thomas Huth (th-huth) wrote on 2020-11-24:

#5

Looking through old bug tickets ... Did you ever send your patch to the qemu-devel mailing list? See https://wiki.qemu.org/Contribute/SubmitAPatch for more information

Revision history for this message

Thomas Huth (th-huth) wrote on 2021-04-30:

#6

Looks like this should have been fixed here:
https://gitlab.com/qemu-project/qemu/-/commit/118f2aadbc66aaae4e8d52

Changed in qemu:
status:	New → Fix Released

QEMU

HVF Illegal instruction: 4, High Sierra, v2.12-rc0

Bug Description

Other bug subscribers

Patches

Remote bug watches