Description of problem:
running a guest ubuntu14.04 img in a rhel 7.1 host causes kernel crash

Version-Release number of selected component (if applicable):


How reproducible:
it can be reproduced in a specific physical host while restart the guest vm。
once restart the vm ，the pyhsical machine get crashed。

call trace：
[ 43.547542] BUG: unable to handle kernel paging request at 00000000a2a09579
[ 43.547609] IP: [<00000000a2a09579>] 0xa2a09578
[ 43.547655] PGD 0
[ 43.547677] Oops: 0010 [#1] SMP
[ 43.547709] Modules linked in: nbd(OF-) nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_raw xt_mac xt_conntrack xt_physdev xt_CT iptable_mangle xt_comment iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack act_police cls_basic sch_ingress vhost_net macvtap macvlan tun iptable_raw veth bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter openvswitch gre vxlan ip_tunnel dm_mirror dm_region_hash dm_log dm_mod intel_powerclamp coretemp intel_rapl kvm_intel kvm crc32_pclmul ghash_clmulni_intel aesni_intel iTCO_wdt lrw gf128mul glue_helper ablk_helper cryptd iTCO_vendor_support dcdbas ipmi_devintf sg mei_me sb_edac pcspkr mei edac_core shpchp lpc_ich mfd_core ipmi_si wmi ipmi_msghandler acpi_power_meter nfsd auth_rpcgss nfs_acl lockd sunrpc ip_tables xfs
[ 43.548405] libcrc32c sd_mod crc_t10dif mgag200 syscopyarea sysfillrect sysimgblt drm_kms_helper ttm crct10dif_pclmul crct10dif_common ixgbe crc32c_intel drm igb ahci libahci mdio ptp i2c_algo_bit libata pps_core i2c_core megaraid_sas dca [last unloaded: nbd]
[ 43.548627] CPU: 34 PID: 4581 Comm: qemu-kvm Tainted: GF O-------------- 3.10.0-229.20.1.el7.x86_64 #1
[ 43.548696] Hardware name: Dell Inc. PowerEdge R630/0CNCJW, BIOS 1.3.6 06/03/2015
[ 43.548748] task: ffff881fcb932d80 ti: ffff881fb20a0000 task.ti: ffff881fb20a0000
[ 43.548799] RIP: 0010:[<00000000a2a09579>] [<00000000a2a09579>] 0xa2a09578
[ 43.548855] RSP: 0018:ffff881fb20a3ca8 EFLAGS: 00010002
[ 43.548892] RAX: 000000007b605ec6 RBX: 00000001316b4d60 RCX: 00000000000006e0
[ 43.548941] RDX: 000000000000000b RSI: 000000007b605ec6 RDI: 00000000000006e0
[ 43.548989] RBP: ffff88003e403e90 R08: 0000000000000004 R09: 0000000000000000
[ 43.549037] R10: 0000000000000004 R11: 0000000000000005 R12: 0000000084caf3cb
[ 43.549086] R13: 0000000000000000 R14: 00000004aab72b00 R15: 0000000425ec18e2
[ 43.549135] FS: 00007fd2a652f700(0000) GS:ffff881fff620000(0000) knlGS:0000000000000000
[ 43.549190] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 43.549230] CR2: 00000000a2a09579 CR3: 0000003fa42b0000 CR4: 00000000001427e0
[ 43.549278] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 43.549327] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 43.549374] Stack:
[ 43.549391] ffff883fa0e30000 ffff883fa0e30000 ffff881fb20a3d28 0000000000006c14
[ 43.549457] 0000000000000000 ffff883fa0e30000 00000000b20a3cf0 ffffffffa06a65d7
[ 43.549524] ffff883fa0e30000 ffff881fb20a3d28 00000000b654bfd4 ffff883fa0e30000
[ 43.549591] Call Trace:
[ 43.549634] [<ffffffffa06a65d7>] ? kvm_set_shared_msr+0x57/0x80 [kvm]
[ 43.549696] [<ffffffffa06ad8b3>] ? vcpu_enter_guest+0x5e3/0xd70 [kvm]
[ 43.549748] [<ffffffff810980f6>] ? finish_wait+0x56/0x70
[ 43.549796] [<ffffffffa06999db>] ? kvm_vcpu_block+0xab/0xd0 [kvm]
[ 43.549842] [<ffffffff81098240>] ? wake_up_bit+0x30/0x30
[ 43.549896] [<ffffffffa06b2218>] ? kvm_arch_vcpu_ioctl_run+0x208/0x480 [kvm]
[ 43.551615] [<ffffffffa069c32a>] ? kvm_vcpu_ioctl+0x2aa/0x580 [kvm]
[ 43.553325] [<ffffffff811da035>] ? do_vfs_ioctl+0x2e5/0x4c0
[ 43.555046] [<ffffffffa06a6674>] ? kvm_on_user_return+0x74/0x80 [kvm]
[ 43.556754] [<ffffffff811da2b1>] ? SyS_ioctl+0xa1/0xc0
[ 43.558439] [<ffffffff81614409>] ? system_call_fastpath+0x16/0x1b
[ 43.560103] Code: Bad RIP value.
[ 43.561781] RIP [<00000000a2a09579>] 0xa2a09578
[ 43.563489] RSP <ffff881fb20a3ca8>
[ 43.565199] CR2: 00000000a2a09579