Invalid opcode exception when booting Linux using qemu on hvf MacOS hypervisor

Question

I am trying to boot Arch Linux in qemu adding console=ttyS0 to the kernel boot args. I downloaded the .iso, unpacked and ran the following command

qemu-system-x86_64 -accel hvf -cpu host -m 2048 -nographic -append "console=ttyS0" -kernel arch/boot/x86_64/vmlinuz-linux -initrd arch/boot/x86_64/initramfs-linux.img

As a result I get the following output

SeaBIOS (version rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org)

iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+7FF8F130+7FEEF130 CA00

Booting from ROM...
Probing EDD (edd=off to disable)... o
[    0.233432] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[    0.233903] CPU: 0 PID: 13 Comm: migration/0 Not tainted 5.8.12-arch1-1 #1
[    0.234504] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014
[    0.235521] RIP: 0010:read_tsc+0x0/0x10
[    0.235870] Code: cc cc cc cc cc cc cc cc cc cc 8b 05 b6 23 93 01 c3 66 0f 1f 84 00 00 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 41
[    0.236718] RSP: 0000:ffffaf1480073e28 EFLAGS: 00010002
[    0.236718] RAX: ffffffff9da35aa0 RBX: ffffffff9f227520 RCX: 0000003b9aca0000
[    0.236718] RDX: 0000003b9aca0000 RSI: 0000003b9aca0000 RDI: ffffffff9f227520
[    0.236718] RBP: ffffffff9f25d1a0 R08: 0000000000000000 R09: 0000000000000004
[    0.236718] R10: 0000000000000204 R11: 0000000000000000 R12: 0000000000000002
[    0.236718] R13: ffffffff9f369520 R14: 0000000000000000 R15: 0000000000000003
[    0.236718] FS:  0000000000000000(0000) GS:ffff9d957b000000(0000) knlGS:0000000000000000
[    0.236718] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.236718] CR2: 0000000000000000 CR3: 000000004200a001 CR4: 00000000003606f0
[    0.236718] Call Trace:
[    0.236718]  tk_setup_internals.constprop.0+0x39/0x150
[    0.236718]  change_clocksource+0x5b/0xc0
[    0.236718]  multi_cpu_stop+0x6b/0x110
[    0.236718]  ? stop_machine_yield+0x10/0x10
[    0.236718]  cpu_stopper_thread+0x72/0x100
[    0.236718]  ? smpboot_register_percpu_thread+0xe0/0xe0
[    0.236718]  smpboot_thread_fn+0x19a/0x230
[    0.236718]  kthread+0x142/0x160
[    0.236718]  ? __kthread_bind_mask+0x60/0x60
[    0.236718]  ret_from_fork+0x1f/0x30
[    0.236718] Modules linked in:
[    0.236718] ---[ end trace 18ea92f06c5f9ac2 ]---
[    0.236718] RIP: 0010:read_tsc+0x0/0x10
[    0.236718] Code: cc cc cc cc cc cc cc cc cc cc 8b 05 b6 23 93 01 c3 66 0f 1f 84 00 00 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 41
[    0.236718] RSP: 0000:ffffaf1480073e28 EFLAGS: 00010002
[    0.236718] RAX: ffffffff9da35aa0 RBX: ffffffff9f227520 RCX: 0000003b9aca0000
[    0.236718] RDX: 0000003b9aca0000 RSI: 0000003b9aca0000 RDI: ffffffff9f227520
[    0.236718] RBP: ffffffff9f25d1a0 R08: 0000000000000000 R09: 0000000000000004
[    0.236718] R10: 0000000000000204 R11: 0000000000000000 R12: 0000000000000002
[    0.236718] R13: ffffffff9f369520 R14: 0000000000000000 R15: 0000000000000003
[    0.236718] FS:  0000000000000000(0000) GS:ffff9d957b000000(0000) knlGS:0000000000000000
[    0.236718] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.236718] CR2: 0000000000000000 CR3: 000000004200a001 CR4: 00000000003606f0
[    0.236718] note: migration/0[13] exited with preempt_count 2

I've tried to disable PTI by adding pti=off spectre_v2=off to the boot args but the result was exactly the same.

Answer 1

The key would seem to be in this line:

[    0.236718] RIP: 0010:read_tsc+0x0/0x10

Try changing your --cpu to --cpu host,-rdtscp, which will disable TSC support in the CPU flags advertised to the Linux guest. You may need/want to add clocksource=hpet to your kernel arguments to get the guest a stable timesource afterwards.