My guess is that RFLAGS.ZF == 1 and one or a few of the checks on VMX controls have failed. So far I have verified the following checks (26-2 and 26-3 in Intel SDM Vol. 3C): * Reserved bits in Pin-based VM execution controls are set according to associated capabilities MSR * Reserved bits in Primary Proc-based VM execution controls are set according to associated capabilities MSR * Reserved bits in Secondary Proc-based VM execution controls are set according to associated capabilities MSR * CR-3 target count is not greater than 4. (the count is 0) * Use I/O bitmaps check is not applicable because "use I/O bitmaps" VM-execution control is 0. * Reserved bits in VM-exit controls are set according to associated capabilities MSR * Reserved bits in VM-entry controls are set according to associated capabilities MSR
However, the MSR-bitmap Address check might fail: "If the “use MSR bitmaps” VM-execution control is 1, bits 11:0 of the MSR-bitmap address must be 0. The address should not set any bits beyond the processor’s physical-address width." Bit 28 in Pin-based VM execution controls is set to 1 while the MSR address has bits 5:1 set to 1 (0x3f). There's no way to disable the "use MSR bitmaps" execution control so I'll try to make a patch that sets 4k- page aligned MSR bitmap address. Updated log lines show the VMX capabilities for the control fields and VMCS fields related to the failure: qemu-system-x86_64: hv_vcpu_run failed qemu-system-x86_64: exit reason: 0x0000000000000030 qemu-system-x86_64: exit qualification: 0x0000000000000083 qemu-system-x86_64: instruction error: 0x0000000000000007 qemu-system-x86_64: VM-EXECUTION CONTROL FIELDS qemu-system-x86_64: Pin-Based VM-Execution Controls qemu-system-x86_64: pin based ctls: 0x000000000000003f qemu-system-x86_64: pin based caps: 0x0000007f0000003f qemu-system-x86_64: Processor-Based VM-Execution Controls qemu-system-x86_64: pri proc based ctls: 0x0000000095206dfa qemu-system-x86_64: pri proc based caps: 0xfdf9fffe9500697a qemu-system-x86_64: sec proc based ctls: 0x00000000000000a3 qemu-system-x86_64: sec proc based caps: 0x00011cef000000a2 qemu-system-x86_64: CR3-Target Controls qemu-system-x86_64: cr3 target count: 0x0000000000000000 qemu-system-x86_64: MSR-Bitmap Address: 0x000000000000003f qemu-system-x86_64: VM-EXIT CONTROL FIELDS qemu-system-x86_64: VM-Exit Controls qemu-system-x86_64: vm exit ctls: 0x0000000000236fff qemu-system-x86_64: vm exit caps: 0x00636fff00236fff qemu-system-x86_64: VM-ENTRY CONTROL FIELDS qemu-system-x86_64: VM-Entry Controls qemu-system-x86_64: vm entry ctls: 0x00000000000093ff qemu-system-x86_64: vm entry caps: 0x000093ff000091ff qemu-system-x86_64: Error: HV_ERROR -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1818937 Title: Crash with HV_ERROR on macOS host Status in QEMU: New Bug description: On macOS host running Windows 10 guest, qemu crashed with error message: Error: HV_ERROR. Host: macOS Mojave 10.14.3 (18D109) Late 2014 Mac mini presumably Core i5 4278U. QEMU: git commit a3e3b0a7bd5de211a62cdf2d6c12b96d3c403560 QEMU parameter: qemu-system-x86_64 -m 3000 -drive file=disk.img,if=virtio,discard=unmap -accel hvf -soundhw hda -smp 3 thread list Process 56054 stopped thread #1: tid = 0x2ffec8, 0x00007fff48d0805a vImage`vLookupTable_Planar16 + 970, queue = 'com.apple.main-thread' thread #2: tid = 0x2ffecc, 0x00007fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10 thread #3: tid = 0x2ffecd, 0x00007fff79d715aa libsystem_kernel.dylib`__select + 10 thread #4: tid = 0x2ffece, 0x00007fff79d71d9a libsystem_kernel.dylib`__sigwait + 10 * thread #6: tid = 0x2ffed0, 0x00007fff79d7023e libsystem_kernel.dylib`__pthread_kill + 10, stop reason = signal SIGABRT thread #7: tid = 0x2ffed1, 0x00007fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10 thread #8: tid = 0x2ffed2, 0x00007fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10 thread #11: tid = 0x2fff34, 0x00007fff79d6a17a libsystem_kernel.dylib`mach_msg_trap + 10, name = 'com.apple.NSEventThread' thread #30: tid = 0x300c04, 0x00007fff79e233f8 libsystem_pthread.dylib`start_wqthread thread #31: tid = 0x300c16, 0x00007fff79e233f8 libsystem_pthread.dylib`start_wqthread thread #32: tid = 0x300c17, 0x0000000000000000 thread #33: tid = 0x300c93, 0x00007fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10 Crashed thread: * thread #6, stop reason = signal SIGABRT * frame #0: 0x00007fff79d7023e libsystem_kernel.dylib`__pthread_kill + 10 frame #1: 0x00007fff79e26c1c libsystem_pthread.dylib`pthread_kill + 285 frame #2: 0x00007fff79cd91c9 libsystem_c.dylib`abort + 127 frame #3: 0x000000010baa476d qemu-system-x86_64`assert_hvf_ok(ret=<unavailable>) at hvf.c:106 [opt] frame #4: 0x000000010baa4c8f qemu-system-x86_64`hvf_vcpu_exec(cpu=0x00007f8e5283de00) at hvf.c:681 [opt] frame #5: 0x000000010b988423 qemu-system-x86_64`qemu_hvf_cpu_thread_fn(arg=0x00007f8e5283de00) at cpus.c:1636 [opt] frame #6: 0x000000010bd9dfce qemu-system-x86_64`qemu_thread_start(args=<unavailable>) at qemu-thread-posix.c:502 [opt] frame #7: 0x00007fff79e24305 libsystem_pthread.dylib`_pthread_body + 126 frame #8: 0x00007fff79e2726f libsystem_pthread.dylib`_pthread_start + 70 frame #9: 0x00007fff79e23415 libsystem_pthread.dylib`thread_start + 13 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1818937/+subscriptions
