Created attachment 181301 [details] vmcore-dmesg.txt kernel panic in vmx_vcpu_run [ 691.712536] BUG: unable to handle kernel paging request at 000000005901feb0 [ 691.713582] IP: [<ffffffffa08d4f96>] vmx_vcpu_run+0x276/0x700 [kvm_intel] [ 691.714727] PGD 0 [ 691.715708] Oops: 0002 [#1] SMP [ 691.716698] Modules linked in: vhost_net vhost macvtap macvlan rfcomm fuse ccm cmac xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 iptable_filter ip_tables tun bridge stp llc bnep dm_mirror dm_region_hash dm_log dm_mod arc4 iwldvm mac80211 intel_rapl x86_pkg_temp_thermal vfat intel_powerclamp fat coretemp kvm_intel snd_hda_codec_hdmi kvm snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel snd_hda_codec iwlwifi crct10dif_pclmul crc32_pclmul crc32c_intel snd_hda_core ghash_clmulni_intel uvcvideo snd_hwdep snd_seq aesni_intel lrw iTCO_wdt gf128mul btusb glue_helper cfg80211 iTCO_vendor_support videobuf2_vmalloc ablk_helper btbcm snd_seq_device videobuf2_core cryptd [ 691.721529] btintel videobuf2_memops snd_pcm v4l2_common bluetooth videodev pcspkr input_leds lpc_ich i2c_i801 mfd_core snd_timer thinkpad_acpi rfkill snd mei_me wmi mei shpchp soundcore nfsd auth_rpcgss nfs_acl lockd grace sunrpc ext4 mbcache jbd2 sd_mod sr_mod cdrom i915 serio_raw e1000e ahci libahci sdhci_pci libata sdhci mmc_core i2c_algo_bit drm_kms_helper drm ptp pps_core i2c_core video [ 691.724350] CPU: 0 PID: 3990 Comm: qemu-system-x86 Not tainted 4.1.0+ #7 [ 691.725733] Hardware name: LENOVO 2356BG6/2356BG6, BIOS G7ET94WW (2.54 ) 04/30/2013 [ 691.727123] task: ffff88005f3aa500 ti: ffff8800b1740000 task.ti: ffff8800b1740000 [ 691.728534] RIP: 0010:[<ffffffffa08d4f96>] [<ffffffffa08d4f96>] vmx_vcpu_run+0x276/0x700 [kvm_intel] [ 691.730001] RSP: 0018:ffff88005901fc68 EFLAGS: 00010806 [ 691.731448] RAX: 00000000fffffffb RBX: 000000000000003e RCX: 00000000000001d9 [ 691.732913] RDX: 0000000000004408 RSI: 000000005901fc68 RDI: 00000000000001d9 [ 691.734385] RBP: ffff88005901fc78 R08: 0000000000000001 R09: ffff88007cc00000 [ 691.735855] R10: ffff88007cc00040 R11: 0000000000000000 R12: ffff88007c8dbdd8 [ 691.737334] R13: 00000000ffffffff R14: 000000000000003e R15: 0000000000000000 [ 691.738809] FS: 00007f4f5b40b700(0000) GS:ffff88013e200000(0000) knlGS:0000000000000000 [ 691.740326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 691.741827] CR2: 000000005901feb0 CR3: 00000001374d9000 CR4: 00000000001427f0 [ 691.743334] Stack: [ 691.744833] ffff880042680000 ffff880042680008 ffff88005901fc98 ffffffffa0798c98 [ 691.746381] ffff88005901fca8 ffff88013e216bc0 ffff88005901fca8 ffffffffa077db4d [ 691.747947] ffff88005901fcf8 ffff88005901fcf8 ffffffff819ae500 ffff880042594a00 [ 691.749491] Call Trace: [ 691.751030] <UNK> [ 691.751041] Code: [ 691.752566] 38 02 00 00 0f 20 d0 48 89 81 60 02 00 00 5d 5a 0f 96 81 88 30 00 00 48 83 7d 90 00 0f 85 65 02 00 00 48 8b 75 98 ba 08 44 00 00 <c7> 86 48 02 00 00 ef ff e0 ff c7 86 4c 02 00 00 00 00 00 00 0f [ 691.756071] RIP [<ffffffffa08d4f96>] vmx_vcpu_run+0x276/0x700 [kvm_intel] [ 691.757828] RSP <ffff88005901fc68> [ 691.759582] CR2: 000000005901feb0
Created attachment 181311 [details] objdump result
i think the stack is broken. so the rsi value is error. vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) bf8d: 48 8b 75 98 mov -0x68(%rbp),%rsi static __always_inline unsigned long vmcs_readl(unsigned long field) { unsigned long value; asm volatile (__ex_clear(ASM_VMX_VMREAD_RDX_RAX, "%0") bf91: ba 08 44 00 00 mov $0x4408,%edx */ loadsegment(ds, __USER_DS); loadsegment(es, __USER_DS); #endif vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) bf96: c7 86 48 02 00 00 ef movl $0xffe0ffef,0x248(%rsi)
Please try to reproduce this bug with latest kernel image.