From: Sean Christopherson <seanjc@google.com>
To: punixcorn <ohyunwoods663@gmail.com>
Cc: pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [BUG] KVM: NULL pointer dereference in kvm_tdp_mmu_map under memory pressure
Date: Mon, 13 Apr 2026 14:47:39 -0700 [thread overview]
Message-ID: <ad1ke3Yh0g0ko2u8@google.com> (raw)
In-Reply-To: <20260408184332.187482-1-ohyunwoods663@gmail.com>
On Wed, Apr 08, 2026, punixcorn wrote:
> To be honest, it could be days. The original crash happened only once
> in a month of heavy use,
Oof. Can you provide the full splat from the original crash? I want to look
at the register state to see if there are any clues.
> though my system has been hitting 100% RAM usage frequently.
>
> I suspect a specific transition-like a guest memory zap during high
> host contention-is the trigger.
It's counter-intuitive, but that's actually not very likely to manifest as this
type of failure. When zapping SPTEs in response to reclaim, KVM only zaps leaf
SPTEs. This specifically requires zapping and freeing a non-leaf, upper-level
SPTE. Reclaim could still definitely be contributing to whatever is going wrong,
but I don't think it would directly trigger this type of failure.
> I am currently trying to reproduce this by scripting a loop that reloads the
> guest project (Android emulator) while the host is under heavy memory load,
> as that was the environment when the crash occurred.
>
> I’ll keep the current debug patch running. If I can't catch it within
> the next 48 hours, I’d be very interested in that more elaborate
> debug patch you mentioned to help track the SPTE lifecycle more
> closely.
Honestly, until you're able to reproduce the failure, I wouldn't bother trying
to concoct and run a debug patch. Given how much this particular code gets
exercised, if you only ever see the one crash, something like a single bit flip,
e.g. due to radiation, is probably just as likely as a kernel bug.
next prev parent reply other threads:[~2026-04-13 21:47 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <202604081633.sean.christopherson@intel.com>
2026-04-08 18:43 ` [BUG] KVM: NULL pointer dereference in kvm_tdp_mmu_map under memory pressure punixcorn
2026-04-13 21:47 ` Sean Christopherson [this message]
[not found] <202604081418.sean.christopherson@intel.com>
2026-04-08 15:36 ` punixcorn
2026-04-08 16:33 ` Sean Christopherson
2026-04-08 10:29 punixcorn
2026-04-08 11:21 ` punixcorn
2026-04-08 14:18 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ad1ke3Yh0g0ko2u8@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ohyunwoods663@gmail.com \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox