FIX: “VirtualBox can’t operate in VMX root mode” on Linux 6.12+

December 21, 2024
VirtualBox error message VERR_VMX_IN_VMX_ROOT_MODE.

If you prefer, watch my video demonstrating this issue and fix.

If you use VirtualBox on a Linux PC, your VMs might fail to start on Linux kernel version 6.12 or newer. You will see the following error message:

VirtualBox can’t operate in VMX root mode. Please disable the KVM kernel extension…

The issue

By default, Linux 6.12 or newer loads KVM kernel modules on boot. This is a change from previous versions, which do not.

KVM kernel modules are part of mainline Linux and provide virtualization capabilities to applications like QEMU.

If KVM kernel modules are loaded, they will conflict with VirtualBox which uses its own kernel modules for virtualization.

To see if KVM modules are currently loaded, run the following command in a terminal:

lsmod | grep kvm

If KVM modules are loaded, you should see them listed:

Output of lsmod command showing loaded KVM modules

If your PC has an AMD CPU, you will see kvm_amd instead of kvm_intel.

The solution

Temporary fix

Unload the KVM modules by running the following command in a terminal (change kvm_intel to kvm_amd if your PC has an AMD CPU):

sudo modprobe -r kvm_intel

Your VirtualBox VMs should now work. However, this fix is not persistent. On reboot, the KVM modules will be loaded again.

Permanent fix

The easiest and most reliable fix is to blacklist the kvm_intel or kvm_amd kernel module. Blacklisting a kernel module means it will not load on boot. It is easy to do, easily reversible, and the module can still be loaded after boot if required.

Create your own blacklist text file in the directory /etc/modprobe.d/. Name the file whatever you like, so long as it ends with .conf. For example, using the nano text editor:

sudo nano /etc/modprobe.d/mc-blacklist.conf

Add the following line to your blacklist file (change kvm_intel to kvm_amd if necessary):

blacklist kvm_intel
Using the nano text editor to create a kernel modules blacklist file

TIP: If you are new to nano, save the file by pressing CTRL+O followed by ENTER. To exit, press CTRL+X.

This permanent fix should work on all Linux distributions.

Not a solution (for me)

I have tried an alternative fix, which others have recommended on the internet. It seems technically more correct. But, it does not work on my Fedora 41 system – the KVM modules still load on boot.

You are supposed to create a configuration file e.g. /etc/modprobe.d/mc-kvm.conf (any name will do as long as it ends with .conf), containing the following line:

options kvm enable_virt_at_load=0

This fix does not work for me, even if I regenerate initramfs. The KVM modules still load on boot.

There is nothing more frustrating for an end-user than a fix that does not work, so for now I will continue to recommend my blacklisting fix above.

Video demonstration

I made a video demonstrating the issue and fix:

Final words

I have no idea why the Linux developers decided that KVM modules should load on boot when previously they did not. I am sure there is a good reason (perhaps KVM-based VMs will start up faster?) but it is nonetheless a regression in behaviour that will cause some headaches.

If VirtualBox is updated to make this fix unnecessary, I will post an update.

Till next time,

Michal

Leave a Reply

Your email address will not be published. Required fields are marked *