On Thu, Mar 31, 2022 at 08:04:04AM +0000, Wang, Zhi A wrote: > Hi Chris: > > Thanks for the testing. Can you attach the dmesg? I tested mostly on my skylake desktop with some 3D workload. Sure, I should have done that from the beginning: [ 25.354587] vfio_mdev 6814f392-50ac-4236-ae3d-26d472fd8aae: Adding to iommu group 0 [ 25.583015] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.429492] kvm [2555]: vcpu0, guest rIP: 0xffffffff81003e6e disabled perfctr wrmsr: 0xc2 data 0xffff [ 30.206202] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 30.206206] #PF: supervisor instruction fetch in kernel mode [ 30.206208] #PF: error_code(0x0010) - not-present page [ 30.206209] PGD 0 P4D 0 [ 30.206211] Oops: 0010 [#1] PREEMPT SMP PTI [ 30.206214] CPU: 6 PID: 2565 Comm: qemu-system-x86 Tainted: G E 5.17.0+ #1292 [ 30.206216] Hardware name: LENOVO 20KH006JGE/20KH006JGE, BIOS N23ET62W (1.37 ) 02/19/2019 [ 30.206217] RIP: 0010:0x0 [ 30.206223] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [ 30.206224] RSP: 0018:ffffa775c3fb3e18 EFLAGS: 00010286 [ 30.206226] RAX: 0000000000000000 RBX: ffff90a808bc0000 RCX: 0000000000000004 [ 30.206227] RDX: ffffa775c3fb3e80 RSI: 0000000000042300 RDI: ffffa775c40ad000 [ 30.206228] RBP: ffffa775c40ad000 R08: 0000000000000001 R09: 0000000000021180 [ 30.206230] R10: ffffa775c3fb3e80 R11: ffffa775c3fb3e80 R12: 0000000000000004 [ 30.206231] R13: 00000000fd042300 R14: 0000000000042300 R15: ffffa775c40ad008 [ 30.206232] FS: 00007fdd9cbfc700(0000) GS:ffff90ab92780000(0000) knlGS:0000000000000000 [ 30.206233] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.206235] CR2: ffffffffffffffd6 CR3: 00000001c117c002 CR4: 00000000003726e0 [ 30.206236] Call Trace: [ 30.206238] <TASK> [ 30.206239] intel_vgpu_emulate_mmio_read+0xe9/0x390 [ 30.206247] intel_vgpu_rw.isra.0+0x1a7/0x1e0 [ 30.206249] intel_vgpu_read+0x15c/0x200 [ 30.206252] vfs_read+0x9b/0x190 [ 30.206257] __x64_sys_pread64+0x8d/0xc0 [ 30.206259] do_syscall_64+0x3b/0x90 [ 30.206263] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 30.206266] RIP: 0033:0x7fddb17e41a7 [ 30.206268] Code: 08 89 3c 24 48 89 4c 24 18 e8 f5 7b f9 ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 25 7c f9 ff 48 8b [ 30.206270] RSP: 002b:00007fdd9cbfb2f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 30.206272] RAX: ffffffffffffffda RBX: 000055ee30d20ed8 RCX: 00007fddb17e41a7 [ 30.206273] RDX: 0000000000000004 RSI: 00007fdd9cbfb338 RDI: 000000000000001b [ 30.206274] RBP: 0000000000000004 R08: 0000000000000000 R09: 00000000ffffffff [ 30.206275] R10: 0000000000042300 R11: 0000000000000293 R12: 0000000000042300 [ 30.206276] R13: 000055ee30d20df0 R14: 0000000000000004 R15: 0000000000042300 [ 30.206278] </TASK> [ 30.206279] Modules linked in: cmac(E) ctr(E) ccm(E) rfcomm(E) sd_mod(E) sg(E) uvcvideo(E) videobuf2_vmalloc(E) videobuf2_memops(E) videobuf2_v4l2(E) videobuf2_common(E) videodev(E) mc(E) btusb(E) btrtl(E) btbcm(E) btintel(E) uas(E) usb_storage(E) scsi_mod(E) scsi_common(E) bnep(E) snd_hda_codec_hdmi(E) wmi_bmof(E) intel_wmi_thunderbolt(E) joydev(E) bluetooth(E) intel_rapl_msr(E) crc16(E) x86_pkg_temp_thermal(E) jitterentropy_rng(E) intel_powerclamp(E) sha512_generic(E) drbg(E) coretemp(E) ansi_cprng(E) crc32_pclmul(E) ecdh_generic(E) ghash_clmulni_intel(E) ecc(E) aesni_intel(E) libaes(E) crypto_simd(E) iwlmvm(E) snd_soc_skl(E) cryptd(E) snd_soc_hdac_hda(E) mac80211(E) snd_ctl_led(E) snd_hda_ext_core(E) snd_hda_codec_realtek(E) libarc4(E) snd_soc_core(E) snd_hda_codec_generic(E) snd_soc_acpi_intel_match(E) kvm_intel(E) snd_soc_acpi(E) snd_soc_sst_ipc(E) iwlwifi(E) snd_soc_sst_dsp(E) intel_cstate(E) intel_uncore(E) snd_hda_intel(E) serio_raw(E) snd_intel_dspcfg(E) pcspkr(E) [ 30.206314] snd_hda_codec(E) efi_pstore(E) snd_hwdep(E) tpm_crb(E) processor_thermal_device_pci_legacy(E) snd_hda_core(E) intel_soc_dts_iosf(E) iTCO_wdt(E) iTCO_vendor_support(E) cfg80211(E) processor_thermal_device(E) snd_pcm(E) tpm_tis(E) processor_thermal_rfim(E) thinkpad_acpi(E) watchdog(E) processor_thermal_mbox(E) tpm_tis_core(E) ucsi_acpi(E) nvram(E) mei_me(E) snd_timer(E) processor_thermal_rapl(E) ledtrig_audio(E) intel_pch_thermal(E) tpm(E) intel_rapl_common(E) mei(E) platform_profile(E) typec_ucsi(E) typec(E) rng_core(E) wmi(E) snd(E) battery(E) ac(E) soundcore(E) int3403_thermal(E) rfkill(E) int340x_thermal_zone(E) int3400_thermal(E) evdev(E) acpi_pad(E) acpi_thermal_rel(E) parport_pc(E) ppdev(E) lp(E) parport(E) efivarfs(E) ip_tables(E) x_tables(E) autofs4(E) i2c_designware_platform(E) i2c_designware_core(E) nvme(E) nvme_core(E) t10_pi(E) xhci_pci(E) e1000e(E) crc32c_intel(E) crc64_rocksoft(E) psmouse(E) xhci_hcd(E) ptp(E) i2c_i801(E) crc64(E) pps_core(E) thunderbolt(E) [ 30.206347] i2c_smbus(E) crc_t10dif(E) usbcore(E) crct10dif_generic(E) intel_lpss_pci(E) crct10dif_pclmul(E) intel_lpss(E) crct10dif_common(E) idma64(E) mfd_core(E) usb_common(E) [ 30.206355] CR2: 0000000000000000 [ 30.206356] ---[ end trace 0000000000000000 ]--- [ 30.348825] RIP: 0010:0x0 [ 30.348839] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [ 30.348840] RSP: 0018:ffffa775c3fb3e18 EFLAGS: 00010286 [ 30.348842] RAX: 0000000000000000 RBX: ffff90a808bc0000 RCX: 0000000000000004 [ 30.348844] RDX: ffffa775c3fb3e80 RSI: 0000000000042300 RDI: ffffa775c40ad000 [ 30.348845] RBP: ffffa775c40ad000 R08: 0000000000000001 R09: 0000000000021180 [ 30.348846] R10: ffffa775c3fb3e80 R11: ffffa775c3fb3e80 R12: 0000000000000004 [ 30.348847] R13: 00000000fd042300 R14: 0000000000042300 R15: ffffa775c40ad008 [ 30.348849] FS: 00007fdd9cbfc700(0000) GS:ffff90ab92780000(0000) knlGS:0000000000000000 [ 30.348850] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.348851] CR2: ffffffffffffffd6 CR3: 00000001c117c002 CR4: 00000000003726e0