id summary reporter owner description type status component version resolution keywords cc guest host 21332 Guru Meditation (VERR_VMX_INVALID_GUEST_STATE) in the FreeBSD boot loader => fixed in SVN mslw "Booting a newly created VM with the FreeBSD 12.3 ISO from https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/12.3/FreeBSD-12.3-RELEASE-amd64-disc1.iso gives the attached Guru Meditation. This is a regression in VirtualBox 7. I've looked at what causes it and found the following. 1. The HM status is: {{{ 00:00:05.485406 CPU[0]: VT-x info: 00:00:05.485406 HM error = 0x23a (570) 00:00:05.485407 rcLastExitToR3 = VERR_VMX_INVALID_GUEST_STATE 00:00:05.485409 Guest VMCS active 00:00:05.485410 Real-on-v86 active = true 00:00:05.485410 EFlags = 0x7 00:00:05.485411 Attr CS = 0x9b 00:00:05.485412 Attr SS = 0xc093 00:00:05.485412 Attr DS = 0xc093 00:00:05.485413 Attr ES = 0xc093 00:00:05.485413 Attr FS = 0xc0f3 00:00:05.485414 Attr GS = 0xc0f3 }}} 2. The above HM error 570 is VMX_IGS_V86_GS_LIMIT_INVALID and indeed the gs register has an invalid limit=ffffffff while the CPU is in real mode: {{{ 00:00:05.481475 gs={0000 base=0000000000000000 limit=ffffffff flags=0000c0f3} cr0=00000010 cr2=00000000 }}} 3. The eip=00009568 in the report is the real mode interrupt handler for Int 0x28 (IRQ8 = RTC) from FreeBSD's [https://github.com/freebsd/freebsd-src/blob/main/stand/i386/btx/btx/btx.S#L959 btx.S]. 4. This interrupt is generated while the CPU is stopped in the `hlt` instruction inside the 0x86 case of `int15_function` in [https://www.virtualbox.org/browser/vbox/trunk/src/VBox/Devices/PC/BIOS/system.c#L464 src/VBox/Devices/PC/BIOS/system.c]. 5. The problem doesn't happen in VirtualBox 6.1.40 because that case of `int15_function` didn't use `hlt` (changed in r87784). 6. `int15_function` is called from protected mode using Int 0x31 (`v86int`) from [https://github.com/freebsd/freebsd-src/blob/main/stand/i386/libi386/time.c#L109 `delay`]. 7. Running with the VM debugger shows that the limit=ffffffff in the segment registers starts from where Int 0x31 switches to real mode in [https://github.com/freebsd/freebsd-src/blob/main/stand/i386/btx/btx/btx.S#L574 btx.S]. " defect closed VMM VirtualBox-7.0.4 fixed BSD Linux