From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932825AbbCRUGY (ORCPT ); Wed, 18 Mar 2015 16:06:24 -0400 Received: from mx1.redhat.com ([209.132.183.28]:32992 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752981AbbCRUGX (ORCPT ); Wed, 18 Mar 2015 16:06:23 -0400 Message-ID: <5509DABC.7040401@redhat.com> Date: Wed, 18 Mar 2015 21:06:20 +0100 From: Denys Vlasenko User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Andy Lutomirski , Stefan Seyfried , Linus Torvalds CC: Takashi Iwai , X86 ML , LKML , Tejun Heo Subject: Re: PANIC: double fault, error_code: 0x0 in 4.0.0-rc3-2, kvm related? References: <5505400B.8050300@message-id.googlemail.com> <5509CBF7.3040602@message-id.googlemail.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/18/2015 08:26 PM, Andy Lutomirski wrote: > Hi Linus- > > You seem to enjoy debugging these things. Want to give this a shot? > My guess is a vmalloc fault accessing either old_rsp or kernel_stack > right after swapgs in syscall entry. The code is: ENTRY(system_call) SWAPGS_UNSAFE_STACK GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(rsp_scratch) movq PER_CPU_VAR(kernel_stack),%rsp If PER_CPU_VAR(var) memory access can page fault (I was thinking this is ensured to never fault), then on these two instructions such page fault will be fatal: we will still have userspace %rsp. I thought we can only get a NMI or debug interrupt here, and they are both set up to use IST stacks to prevent this scenario (among other reasons). -- vda