From: Sean Christopherson <seanjc@google.com>
To: punixcorn <ohyunwoods663@gmail.com>
Cc: pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [BUG] KVM: NULL pointer dereference in kvm_tdp_mmu_map under memory pressure
Date: Wed, 8 Apr 2026 09:33:59 -0700 [thread overview]
Message-ID: <adaDd65SA_W9LUUT@google.com> (raw)
In-Reply-To: <20260408153650.34484-1-ohyunwoods663@gmail.com>
On Wed, Apr 08, 2026, punixcorn wrote:
> Hi Sean,
>
> I attempted to trigger your debug patch via fault injection (zeroing
> page_private on the allocated sp before it's linked), but the resulting
> logs aren't meaningful -- every captured entry shows spte =
> 8000000000000000, a non-present SPTE, which doesn't reflect the real
> crash scenario where the SPTE is present but page_private returns 0.
> So I'm not sending those.
Ya, I wouldn't expect synthetic injection to help root cause this.
> Natural reproduction is rare and I haven't caught it yet with your patch
> applied.
How rare is rare? Are we talking hours of runtime? Days?
> Given that, what would you recommend as a next step?
If it's not too onerous, keep trying to reproduce with that initial debug patch.
If the time to repro is several hours (or more), I can try to provide a more
elaborate debug patch.
> Would lockdep, KASAN, or RCU debugging (CONFIG_PROVE_RCU) be worth enabling
> to catch the violation when it happens naturally?
Hmm, of those, KASAN has the best chance of being useful. Thought it might make
reproducing the bug even more difficult.
> Environment:
> - CPU: 13th Gen Intel(R) Core(TM) i5-13420H (12) @ 4.60 GHz
> - RAM: 16GB (15Gi usable, 16Gi swap)
> - OS: Arch Linux
> - Kernel: 6.19.10-dirty #1 SMP PREEMPT_DYNAMIC Wed Apr 8 06:08:08 GMT 2026 x86_64
> - /proc/cpuinfo: https://pastebin.com/pwvNYsCu
> - .config: https://pastebin.com/z4fVZENs
>
> The crash occurs while running an Android emulator (QEMU) under host
> memory pressure.
>
> Signed-off-by: punixcorn <ohyunwoods663@gmail.com>
next prev parent reply other threads:[~2026-04-08 16:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <202604081418.sean.christopherson@intel.com>
2026-04-08 15:36 ` [BUG] KVM: NULL pointer dereference in kvm_tdp_mmu_map under memory pressure punixcorn
2026-04-08 16:33 ` Sean Christopherson [this message]
[not found] <202604081633.sean.christopherson@intel.com>
2026-04-08 18:43 ` punixcorn
2026-04-13 21:47 ` Sean Christopherson
2026-04-08 10:29 punixcorn
2026-04-08 11:21 ` punixcorn
2026-04-08 14:18 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=adaDd65SA_W9LUUT@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ohyunwoods663@gmail.com \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.