VirtualBox

#21332 closed defect (fixed)

Guru Meditation (VERR_VMX_INVALID_GUEST_STATE) in the FreeBSD boot loader => fixed in SVN

Reported by: mslw Owned by:
Component: VMM Version: VirtualBox-7.0.4
Keywords: Cc:
Guest type: BSD Host type: Linux

Description

Booting a newly created VM with the FreeBSD 12.3 ISO from https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/12.3/FreeBSD-12.3-RELEASE-amd64-disc1.iso gives the attached Guru Meditation.

This is a regression in VirtualBox 7.

I've looked at what causes it and found the following.

  1. The HM status is:
    00:00:05.485406 CPU[0]: VT-x info:
    00:00:05.485406   HM error           = 0x23a (570)
    00:00:05.485407   rcLastExitToR3     = VERR_VMX_INVALID_GUEST_STATE
    00:00:05.485409   Guest VMCS active
    00:00:05.485410     Real-on-v86 active = true
    00:00:05.485410       EFlags  = 0x7
    00:00:05.485411       Attr CS = 0x9b
    00:00:05.485412       Attr SS = 0xc093
    00:00:05.485412       Attr DS = 0xc093
    00:00:05.485413       Attr ES = 0xc093
    00:00:05.485413       Attr FS = 0xc0f3
    00:00:05.485414       Attr GS = 0xc0f3
    
  1. The above HM error 570 is VMX_IGS_V86_GS_LIMIT_INVALID and indeed the gs register has an invalid limit=ffffffff while the CPU is in real mode:
    00:00:05.481475 gs={0000 base=0000000000000000 limit=ffffffff flags=0000c0f3} cr0=00000010 cr2=00000000
    
  1. The eip=00009568 in the report is the real mode interrupt handler for Int 0x28 (IRQ8 = RTC) from FreeBSD's btx.S.
  1. This interrupt is generated while the CPU is stopped in the hlt instruction inside the 0x86 case of int15_function in src/VBox/Devices/PC/BIOS/system.c.
  1. The problem doesn't happen in VirtualBox 6.1.40 because that case of int15_function didn't use hlt (changed in r87784).
  1. int15_function is called from protected mode using Int 0x31 (v86int) from `delay`.
  1. Running with the VM debugger shows that the limit=ffffffff in the segment registers starts from where Int 0x31 switches to real mode in btx.S.

Attachments (2)

crashing-VBox.log (363.8 KB ) - added by mslw 16 months ago.
VBox.log from the crash
OS-2022-12-25-15-17-01.log (265.3 KB ) - added by @… 15 months ago.
A critical error has occurred while running the virtual machine and the machine execution has been stopped.

Download all attachments as: .zip

Change History (8)

by mslw, 16 months ago

Attachment: crashing-VBox.log added

VBox.log from the crash

comment:2 by fth0, 16 months ago

Adding myself to the watchlist by writing a meaningful comment: ;)

I find it interesting that in both cases the GS limit check is hit, because the FS limit check (and others) before that were not hit. The timing seems to be somewhat reproducible. When I engaged in the forum thread, I didn't analyze it as far as you did here. Kudos for the detailed bug report.

comment:3 by mslw, 16 months ago

Yes, I wondered about FS as well. Then I looked at the macro HMVMX_CHECK_BREAK and saw why...the break just exits from the macro's own do...while, not the outer one!

comment:4 by bird, 16 months ago

Summary: Guru Meditation (VERR_VMX_INVALID_GUEST_STATE) in the FreeBSD boot loaderGuru Meditation (VERR_VMX_INVALID_GUEST_STATE) in the FreeBSD boot loader => fixed in SVN

Scheduling bug. We didn't check if HM could run the guest state after injecting an interrupt. Just committed a fix. Will be included in the next 7.0.x build.

comment:5 by fth0, 16 months ago

This issue should be fixed in the VirtualBox test builds 7.0.5r154910 and newer.

by @…, 15 months ago

Attachment: OS-2022-12-25-15-17-01.log added

A critical error has occurred while running the virtual machine and the machine execution has been stopped.

comment:6 by galitsyn, 15 months ago

Resolution: fixed
Status: newclosed

Hello,

We just released VirtualBox 7.0.6. This issue should be fixed in this version. Yoy can download it from https://www.virtualbox.org/wiki/Downloads.

Version 0, edited 15 months ago by galitsyn (next)
Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use