* Re: Bug#1135235: linux-image-6.19.13+deb14-amd64: Reoccuring host crash "Invalid SPTE change" with gaming win kvm/qemu guest and device passthrough [not found] <177749023441.304242.8022456530166067549.reportbug@mspc2024debian.lan> @ 2026-05-17 13:24 ` Salvatore Bonaccorso 2026-05-17 13:28 ` Paolo Bonzini 2026-05-18 13:43 ` Sean Christopherson 0 siblings, 2 replies; 3+ messages in thread From: Salvatore Bonaccorso @ 2026-05-17 13:24 UTC (permalink / raw) To: Maximilian Senftleben, Sean Christopherson, Paolo Bonzini, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen Cc: 1135235, x86, kvm, linux-kernel Control: forwwarded -1 https://lore.kernel.org/all/177902420697.2035014.8796825668567298024@eldamar.lan Hi Maximilian Senftleben reported the following in Debian (cf. https://bugs.debian.org/1135235), it should be noted while Maximilian uses the looking-glass application (which is acompanied with dkms modules, they are not loaded and do not tain the kernel). Do you have an idea how to debug this? On Wed, Apr 29, 2026 at 09:17:14PM +0200, Maximilian Senftleben wrote: > Package: src:linux > Version: 6.19.13-1 > Severity: important > > Dear Maintainer, > > - I have a Windows kvm/qemu guest that uses device passthrough for my GPU. > - Sometimes while playing the host system crashes/freezes, this only happens > during load/gaming, and sometimes 1-2 times a day, sometimes not at all. > > > System: > Linux myhost 6.19.13+deb14-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.19.13-1 > (2026-04-18) x86_64 GNU/Linux > > CPU: > vendor_id : GenuineIntel > cpu family : 6 > model : 183 > model name : Intel(R) Core(TM) i5-14400 > [...] > > Apr 29 12:10:33 myhost kernel: kvm: Invalid SPTE change: cannot replace a present leaf > SPTE with another present leaf SPTE mapping a > different PFN! > as_id: 0 gfn: 80ec33 old_spte: 860000aae3d00bc8 new_spte: 86000009e3d00b77 level: 1 > Apr 29 12:10:33 myhost kernel: ------------[ cut here ]------------ > Apr 29 12:10:33 myhost kernel: kernel BUG at arch/x86/kvm/mmu/tdp_mmu.c:600! > Apr 29 12:10:33 myhost kernel: Oops: invalid opcode: 0000 [#1] SMP NOPTI > Apr 29 12:10:33 myhost kernel: CPU: 7 UID: 1000 PID: 8419 Comm: CPU 2/KVM Not tainted 6.19.13+deb14-amd64 #1 PREEMPT(lazy) Debian 6.19.13-1 > Apr 29 12:10:33 myhost kernel: Hardware name: Micro-Star International Co., Ltd. MS-7D96/MAG B760 TOMAHAWK WIFI (MS-7D96), BIOS A.B0 10/07/2024 > Apr 29 12:10:33 myhost kernel: RIP: 0010:handle_changed_spte.cold+0x1d/0x84 [kvm] > Apr 29 12:10:33 myhost kernel: Code: fb c1 4c 8b 44 24 78 48 8b 0c 24 eb b0 48 8b 14 24 8b 74 24 18 45 89 e9 4d 89 e0 48 89 e9 48 c7 c7 98 6d cf c1 e8 2d 49 69 c1 <0f> 0b 48 63 d1 be 01 00 00 00 4c 89 54 24 40 48 c7 c7 20 65 e0 c1 > Apr 29 12:10:33 myhost kernel: RSP: 0018:ffffd100808b78d8 EFLAGS: 00010246 > Apr 29 12:10:33 myhost kernel: RAX: 00000000000000c8 RBX: ffff8eb262062000 RCX: 0000000000000000 > Apr 29 12:10:33 myhost kernel: RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8ebf7f5dd2c0 > Apr 29 12:10:33 myhost kernel: RBP: 860000aae3d00bc8 R08: 0000000000000000 R09: ffffd100808b7780 > Apr 29 12:10:33 myhost kernel: R10: ffffffff850dbfe8 R11: 00000000ffffefff R12: 86000009e3d00b77 > Apr 29 12:10:33 myhost kernel: R13: 0000000000000001 R14: 00000000009e3d00 R15: 0000000000000001 > Apr 29 12:10:33 myhost kernel: FS: 00007f23e5dff6c0(0000) GS:ffff8ebff9966000(0000) knlGS:ffffde0104510000 > Apr 29 12:10:33 myhost kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > Apr 29 12:10:33 myhost kernel: CR2: 0000016ddcd2e000 CR3: 000000017fe6b004 CR4: 0000000000f72ef0 > Apr 29 12:10:33 myhost kernel: PKRU: 55555554 > Apr 29 12:10:33 myhost kernel: Call Trace: > Apr 29 12:10:33 myhost kernel: <TASK> > Apr 29 12:10:33 myhost kernel: kvm_tdp_mmu_map+0x642/0x890 [kvm] > Apr 29 12:10:33 myhost kernel: ? __pfx_handle_ept_violation+0x10/0x10 [kvm_intel] > Apr 29 12:10:33 myhost kernel: kvm_tdp_page_fault+0xc4/0xf0 [kvm] > Apr 29 12:10:33 myhost kernel: kvm_mmu_do_page_fault+0x1d9/0x210 [kvm] > Apr 29 12:10:33 myhost kernel: kvm_mmu_page_fault+0x7e/0x790 [kvm] > Apr 29 12:10:33 myhost kernel: ? asm_fred_entry_from_kvm+0x58/0x60 > Apr 29 12:10:33 myhost kernel: ? vmx_vmexit+0x9d/0xd0 [kvm_intel] > Apr 29 12:10:33 myhost kernel: ? __pfx_handle_ept_violation+0x10/0x10 [kvm_intel] > Apr 29 12:10:33 myhost kernel: vmx_handle_exit+0x14f/0x8f0 [kvm_intel] > Apr 29 12:10:33 myhost kernel: kvm_arch_vcpu_ioctl_run+0x91e/0x18e0 [kvm] > Apr 29 12:10:33 myhost kernel: kvm_vcpu_ioctl+0x2e4/0xa00 [kvm] > Apr 29 12:10:33 myhost kernel: ? vfio_pci_rw+0xa3/0x1a0 [vfio_pci_core] > Apr 29 12:10:33 myhost kernel: __x64_sys_ioctl+0x97/0xe0 > Apr 29 12:10:33 myhost kernel: do_syscall_64+0x81/0x5e0 > Apr 29 12:10:33 myhost kernel: ? __x64_sys_pread64+0xb0/0xd0 > Apr 29 12:10:33 myhost kernel: ? do_syscall_64+0xbe/0x5e0 > Apr 29 12:10:33 myhost kernel: ? kvm_on_user_return+0x59/0xc0 [kvm] > Apr 29 12:10:33 myhost kernel: ? __x64_sys_ioctl+0xb1/0xe0 > Apr 29 12:10:33 myhost kernel: ? fire_user_return_notifiers+0x37/0x60 > Apr 29 12:10:33 myhost kernel: ? do_syscall_64+0x2b5/0x5e0 > Apr 29 12:10:33 myhost kernel: ? count_memcg_events+0xd6/0x210 > Apr 29 12:10:33 myhost kernel: ? handle_mm_fault+0x1d6/0x2d0 > Apr 29 12:10:33 myhost kernel: ? do_user_addr_fault+0x2b4/0x7b0 > Apr 29 12:10:33 myhost kernel: ? irqentry_exit+0x6e/0x570 > Apr 29 12:10:33 myhost kernel: ? exc_page_fault+0x7e/0x1a0 > Apr 29 12:10:33 myhost kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e > Apr 29 12:10:33 myhost kernel: RIP: 0033:0x7f2c02368d3b > Apr 29 12:10:33 myhost kernel: Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 > Apr 29 12:10:33 myhost kernel: RSP: 002b:00007f23e5dfe5c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 > Apr 29 12:10:33 myhost kernel: RAX: ffffffffffffffda RBX: 000055e177ba5170 RCX: 00007f2c02368d3b > Apr 29 12:10:33 myhost kernel: RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000028 > Apr 29 12:10:33 myhost kernel: RBP: 000000000000ae80 R08: 000055e146fe70d0 R09: 0000000000000004 > Apr 29 12:10:33 myhost kernel: R10: 0000070000000000 R11: 0000000000000246 R12: 0000000000000000 > Apr 29 12:10:33 myhost kernel: R13: 0000000000000006 R14: 0000000000000071 R15: 0000000000000000 > Apr 29 12:10:33 myhost kernel: </TASK> > Apr 29 12:10:33 myhost kernel: Modules linked in: vhost_net vhost vhost_iotlb tap tun rfcomm snd_seq_dummy snd_hrtimer snd_seq xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp nft_compat x_tables nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables bridge stp llc sunrpc uinput qrtr cmac algif_hash algif_skcipher af_alg bnep dm_crypt hid_corsair joydev snd_sof_pci_intel_tgl snd_sof_pci_intel_cnl snd_sof_intel_hda_generic soundwire_intel snd_sof_intel_hda_sdw_bpt snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda_mlink snd_sof_intel_hda soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp snd_hda_codec_intelhdmi snd_sof snd_hda_codec_hdmi intel_rapl_msr intel_rapl_common iwlmvm snd_sof_utils snd_soc_acpi_intel_match snd_soc_acpi_intel_sdca_quirks intel_uncore_frequency soundwire_generic_allocation intel_uncore_frequency_common snd_soc_sdw_utils snd_soc_acpi snd_hda_codec_alc662 x86_pkg_temp_thermal crc8 intel_powerclamp snd_hda_codec_realtek_lib uvcvideo soundwire_bus coretemp mac80211 > Apr 29 12:10:33 myhost kernel: snd_hda_codec_generic videobuf2_vmalloc snd_soc_sdca uvc videobuf2_memops snd_usb_audio videobuf2_v4l2 snd_soc_avs videodev snd_soc_hda_codec kvm_intel snd_hda_intel snd_usbmidi_lib snd_hda_ext_core snd_rawmidi snd_hda_codec videobuf2_common snd_seq_device nls_ascii mc hid_generic snd_soc_core nls_cp437 libarc4 iTCO_wdt snd_hda_core vfat intel_pmc_bxt kvm fat mei_hdcp mei_pxp spd5118 snd_intel_dspcfg iTCO_vendor_support snd_compress iwlwifi snd_intel_sdw_acpi watchdog snd_pcm_dmaengine snd_hwdep rapl snd_pcm intel_cstate r8169 battery snd_timer cfg80211 intel_uncore wmi_bmof mxm_wmi snd mei_me realtek pcspkr i2c_i801 i2c_smbus soundcore mei fan btusb intel_pmc_core btmtk uas btrtl btbcm btintel pmt_telemetry serial_multi_instantiate usb_storage bluetooth pmt_discovery pmt_class intel_pmc_ssram_telemetry acpi_tad acpi_pad usbhid ecdh_generic hid button evdev sg rfkill binfmt_misc dm_mod efi_pstore nfnetlink xe drm_ttm_helper drm_suballoc_helper gpu_sched drm_gpuvm drm_exec configfs drm_gpusvm_helper ext4 > Apr 29 12:10:33 myhost kernel: crc16 mbcache jbd2 crc32c_cryptoapi i915 drm_client_lib sd_mod i2c_algo_bit drm_buddy ttm drm_display_helper ahci drm_kms_helper libahci xhci_pci libata xhci_hcd drm nvme nvme_core usbcore scsi_mod nvme_keyring cec nvme_auth video ghash_clmulni_intel hkdf rc_core scsi_common intel_vsec usb_common wmi pinctrl_alderlake vfio_pci vfio_pci_core irqbypass vfio_iommu_type1 vfio parport_pc lp ppdev parport i2c_dev msr efivarfs autofs4 aesni_intel > Apr 29 12:10:33 myhost kernel: ---[ end trace 0000000000000000 ]--- > Apr 29 12:10:33 myhost kernel: kvm: get_mmio_spte: reserved bits set on MMU-present spte, addr 0x80ec3098c, hierarchy: > Apr 29 12:10:33 myhost kernel: kvm: ------ spte = 0x8000000109193907 level = 4, rsvd bits = 0xfff80000000f8 > Apr 29 12:10:33 myhost kernel: kvm: ------ spte = 0x80000008d8b33907 level = 3, rsvd bits = 0xfff8000000078 > Apr 29 12:10:33 myhost kernel: kvm: ------ spte = 0x8000000371e37907 level = 2, rsvd bits = 0xfff8000000078 > Apr 29 12:10:33 myhost kernel: kvm: ------ spte = 0x86000004e3cfdb26 level = 1, rsvd bits = 0xfff8000000000 > Apr 29 12:10:33 myhost kernel: ------------[ cut here ]------------ > Apr 29 12:10:33 myhost kernel: WARNING: arch/x86/kvm/mmu/mmu.c:4452 at kvm_mmu_page_fault.cold+0xc7/0xe4 [kvm], CPU#11: CPU 4/KVM/8421 > Apr 29 12:10:33 myhost kernel: Modules linked in: vhost_net vhost vhost_iotlb tap tun rfcomm snd_seq_dummy snd_hrtimer snd_seq xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp nft_compat x_tables nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables bridge stp llc sunrpc uinput qrtr cmac algif_hash algif_skcipher af_alg bnep dm_crypt hid_corsair joydev snd_sof_pci_intel_tgl snd_sof_pci_intel_cnl snd_sof_intel_hda_generic soundwire_intel snd_sof_intel_hda_sdw_bpt snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda_mlink snd_sof_intel_hda soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp snd_hda_codec_intelhdmi snd_sof snd_hda_codec_hdmi intel_rapl_msr intel_rapl_common iwlmvm snd_sof_utils snd_soc_acpi_intel_match snd_soc_acpi_intel_sdca_quirks intel_uncore_frequency soundwire_generic_allocation intel_uncore_frequency_common snd_soc_sdw_utils snd_soc_acpi snd_hda_codec_alc662 x86_pkg_temp_thermal crc8 intel_powerclamp snd_hda_codec_realtek_lib uvcvideo soundwire_bus coretemp mac80211 > Apr 29 12:10:33 myhost kernel: snd_hda_codec_generic videobuf2_vmalloc snd_soc_sdca uvc videobuf2_memops snd_usb_audio videobuf2_v4l2 snd_soc_avs videodev snd_soc_hda_codec kvm_intel snd_hda_intel snd_usbmidi_lib snd_hda_ext_core snd_rawmidi snd_hda_codec videobuf2_common snd_seq_device nls_ascii mc hid_generic snd_soc_core nls_cp437 libarc4 iTCO_wdt snd_hda_core vfat intel_pmc_bxt kvm fat mei_hdcp mei_pxp spd5118 snd_intel_dspcfg iTCO_vendor_support snd_compress iwlwifi snd_intel_sdw_acpi watchdog snd_pcm_dmaengine snd_hwdep rapl snd_pcm intel_cstate r8169 battery snd_timer cfg80211 intel_uncore wmi_bmof mxm_wmi snd mei_me realtek pcspkr i2c_i801 i2c_smbus soundcore mei fan btusb intel_pmc_core btmtk uas btrtl btbcm btintel pmt_telemetry serial_multi_instantiate usb_storage bluetooth pmt_discovery pmt_class intel_pmc_ssram_telemetry acpi_tad acpi_pad usbhid ecdh_generic hid button evdev sg rfkill binfmt_misc dm_mod efi_pstore nfnetlink xe drm_ttm_helper drm_suballoc_helper gpu_sched drm_gpuvm drm_exec configfs drm_gpusvm_helper ext4 > Apr 29 12:10:33 myhost kernel: crc16 mbcache jbd2 crc32c_cryptoapi i915 drm_client_lib sd_mod i2c_algo_bit drm_buddy ttm drm_display_helper ahci drm_kms_helper libahci xhci_pci libata xhci_hcd drm nvme nvme_core usbcore scsi_mod nvme_keyring cec nvme_auth video ghash_clmulni_intel hkdf rc_core scsi_common intel_vsec usb_common wmi pinctrl_alderlake vfio_pci vfio_pci_core irqbypass vfio_iommu_type1 vfio parport_pc lp ppdev parport i2c_dev msr efivarfs autofs4 aesni_intel > Apr 29 12:10:33 myhost kernel: CPU: 11 UID: 1000 PID: 8421 Comm: CPU 4/KVM Tainted: G D 6.19.13+deb14-amd64 #1 PREEMPT(lazy) Debian 6.19.13-1 > Apr 29 12:10:33 myhost kernel: Tainted: [D]=DIE > Apr 29 12:10:33 myhost kernel: Hardware name: Micro-Star International Co., Ltd. MS-7D96/MAG B760 TOMAHAWK WIFI (MS-7D96), BIOS A.B0 10/07/2024 > Apr 29 12:10:33 myhost kernel: RIP: 0010:kvm_mmu_page_fault.cold+0xc7/0xe4 [kvm] > Apr 29 12:10:33 myhost kernel: Code: 60 26 e0 c1 e8 a5 8e fb c1 44 89 ea 48 89 d9 4c 89 f6 48 c7 c7 70 67 cf c1 e8 20 50 69 c1 48 83 ed 08 45 89 fd e9 6e ff ff ff <0f> 0b b8 ea ff ff ff e9 47 10 fe ff 48 89 de 48 c7 c7 80 26 e0 c1 > Apr 29 12:10:33 myhost kernel: RSP: 0018:ffffd100867db930 EFLAGS: 00010202 > Apr 29 12:10:33 myhost kernel: RAX: 000000000000004c RBX: 000fff8000000000 RCX: 0000000000000027 > Apr 29 12:10:33 myhost kernel: RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8ebf7f6dd2c0 > Apr 29 12:10:33 myhost kernel: RBP: ffffd100867db988 R08: 0000000000000000 R09: ffffd100867db7d8 > Apr 29 12:10:33 myhost kernel: R10: ffffffff850dbfe8 R11: 00000000ffffefff R12: 0000000000000001 > Apr 29 12:10:33 myhost kernel: R13: 0000000000000000 R14: 86000004e3cfdb26 R15: 0000000000000000 > Apr 29 12:10:33 myhost kernel: FS: 00007f23cffff6c0(0000) GS:ffff8ebff9a66000(0000) knlGS:ffffde01045e6000 > Apr 29 12:10:33 myhost kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > Apr 29 12:10:33 myhost kernel: CR2: 0000016dcbc5c000 CR3: 000000017fe6b003 CR4: 0000000000f72ef0 > Apr 29 12:10:33 myhost kernel: PKRU: 55555554 > Apr 29 12:10:33 myhost kernel: Call Trace: > Apr 29 12:10:33 myhost kernel: <TASK> > Apr 29 12:10:33 myhost kernel: ? __kvm_io_bus_write+0x28/0xb0 [kvm] > Apr 29 12:10:33 myhost kernel: vmx_handle_exit+0x81a/0x8f0 [kvm_intel] > Apr 29 12:10:33 myhost kernel: kvm_arch_vcpu_ioctl_run+0x91e/0x18e0 [kvm] > Apr 29 12:10:33 myhost kernel: kvm_vcpu_ioctl+0x2e4/0xa00 [kvm] > Apr 29 12:10:33 myhost kernel: ? __kvm_io_bus_write+0x28/0xb0 [kvm] > Apr 29 12:10:33 myhost kernel: __x64_sys_ioctl+0x97/0xe0 > Apr 29 12:10:33 myhost kernel: do_syscall_64+0x81/0x5e0 > Apr 29 12:10:33 myhost kernel: ? kvm_arch_vcpu_ioctl_run+0x22d/0x18e0 [kvm] > Apr 29 12:10:33 myhost kernel: ? kvm_vcpu_ioctl+0x275/0xa00 [kvm] > Apr 29 12:10:33 myhost kernel: ? kvm_on_user_return+0x59/0xc0 [kvm] > Apr 29 12:10:33 myhost kernel: ? __x64_sys_ioctl+0xb1/0xe0 > Apr 29 12:10:33 myhost kernel: ? fire_user_return_notifiers+0x37/0x60 > Apr 29 12:10:33 myhost kernel: ? do_syscall_64+0x2b5/0x5e0 > Apr 29 12:10:33 myhost kernel: ? kvm_on_user_return+0x59/0xc0 [kvm] > Apr 29 12:10:33 myhost kernel: ? __x64_sys_ioctl+0xb1/0xe0 > Apr 29 12:10:33 myhost kernel: ? fire_user_return_notifiers+0x37/0x60 > Apr 29 12:10:33 myhost kernel: ? do_syscall_64+0x2b5/0x5e0 > Apr 29 12:10:33 myhost kernel: ? fire_user_return_notifiers+0x37/0x60 > Apr 29 12:10:33 myhost kernel: ? do_syscall_64+0x2b5/0x5e0 > Apr 29 12:10:33 myhost kernel: ? do_syscall_64+0xbe/0x5e0 > Apr 29 12:10:33 myhost kernel: ? do_futex+0xc5/0x190 > Apr 29 12:10:33 myhost kernel: ? __x64_sys_futex+0x12d/0x220 > Apr 29 12:10:33 myhost kernel: ? kvm_on_user_return+0x59/0xc0 [kvm] > Apr 29 12:10:33 myhost kernel: ? __x64_sys_ioctl+0xb1/0xe0 > Apr 29 12:10:33 myhost kernel: ? do_syscall_64+0x245/0x5e0 > Apr 29 12:10:33 myhost kernel: ? __irq_exit_rcu+0x3d/0xe0 > Apr 29 12:10:33 myhost kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e > Apr 29 12:10:33 myhost kernel: RIP: 0033:0x7f2c02368d3b > Apr 29 12:10:33 myhost kernel: Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 > Apr 29 12:10:33 myhost kernel: RSP: 002b:00007f23cfffe5c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 > Apr 29 12:10:33 myhost kernel: RAX: ffffffffffffffda RBX: 000055e177bb8810 RCX: 00007f2c02368d3b > Apr 29 12:10:33 myhost kernel: RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000002c > Apr 29 12:10:33 myhost kernel: RBP: 000000000000ae80 R08: 000055e146fe70d0 R09: 0000000000000004 > Apr 29 12:10:33 myhost kernel: R10: 000055e1797d3da0 R11: 0000000000000246 R12: 0000000000000000 > Apr 29 12:10:33 myhost kernel: R13: 0000000000000006 R14: 0000000000000608 R15: 0000000000000002 > Apr 29 12:10:33 myhost kernel: </TASK> > Apr 29 12:10:33 myhost kernel: ---[ end trace 0000000000000000 ]--- > Apr 29 12:10:33 myhost kernel: RIP: 0010:handle_changed_spte.cold+0x1d/0x84 [kvm] > Apr 29 12:10:33 myhost kernel: Code: fb c1 4c 8b 44 24 78 48 8b 0c 24 eb b0 48 8b 14 24 8b 74 24 18 45 89 e9 4d 89 e0 48 89 e9 48 c7 c7 98 6d cf c1 e8 2d 49 69 c1 <0f> 0b 48 63 d1 be 01 00 00 00 4c 89 54 24 40 48 c7 c7 20 65 e0 c1 > Apr 29 12:10:33 myhost kernel: RSP: 0018:ffffd100808b78d8 EFLAGS: 00010246 > Apr 29 12:10:33 myhost kernel: RAX: 00000000000000c8 RBX: ffff8eb262062000 RCX: 0000000000000000 > Apr 29 12:10:33 myhost kernel: RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8ebf7f5dd2c0 > Apr 29 12:10:33 myhost kernel: RBP: 860000aae3d00bc8 R08: 0000000000000000 R09: ffffd100808b7780 > Apr 29 12:10:33 myhost kernel: R10: ffffffff850dbfe8 R11: 00000000ffffefff R12: 86000009e3d00b77 > Apr 29 12:10:33 myhost kernel: R13: 0000000000000001 R14: 00000000009e3d00 R15: 0000000000000001 > Apr 29 12:10:33 myhost kernel: FS: 00007f23e5dff6c0(0000) GS:ffff8ebff9966000(0000) knlGS:ffffde0104510000 > Apr 29 12:10:33 myhost kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > Apr 29 12:10:33 myhost kernel: CR2: 0000016ddcd2e000 CR3: 000000017fe6b004 CR4: 0000000000f72ef0 > Apr 29 12:10:33 myhost kernel: PKRU: 55555554 > Apr 29 12:10:33 myhost kernel: note: CPU 2/KVM[8419] exited with preempt_count 1 > Apr 29 12:10:34 myhost looking-glass-client.desktop[17000]: 01:08:26.337 [I] main.c:1751 | lg_run | Waiting for the host to restart... > Apr 29 12:10:54 myhost kernel: rcu: INFO: rcu_preempt self-detected stall on CPU > Apr 29 12:10:54 myhost kernel: rcu: 15-....: (5250 ticks this GP) idle=dce4/1/0x4000000000000000 softirq=753021/753022 fqs=2223 > Apr 29 12:10:54 myhost kernel: rcu: (t=5251 jiffies g=1262685 q=2029 ncpus=16) > Apr 29 12:10:54 myhost kernel: CPU: 15 UID: 1000 PID: 8403 Comm: qemu-system-x86 Tainted: G D W 6.19.13+deb14-amd64 #1 PREEMPT(lazy) Debian 6.19.13-1 > Apr 29 12:10:54 myhost kernel: Tainted: [D]=DIE, [W]=WARN > Apr 29 12:10:54 myhost kernel: Hardware name: Micro-Star International Co., Ltd. MS-7D96/MAG B760 TOMAHAWK WIFI (MS-7D96), BIOS A.B0 10/07/2024 > Apr 29 12:10:54 myhost kernel: RIP: 0010:queued_write_lock_slowpath+0x63/0x130 > Apr 29 12:10:54 myhost kernel: Code: ef c6 07 00 0f 1f 00 0f 1f 44 00 00 5b 5d c3 cc cc cc cc f0 81 0b 00 01 00 00 ba ff 00 00 00 8b 03 3d 00 01 00 00 74 0b f3 90 <8b> 03 3d 00 01 00 00 75 f5 b8 00 01 00 00 f0 0f b1 13 74 c0 eb df > Apr 29 12:10:54 myhost kernel: RSP: 0018:ffffd10086e07920 EFLAGS: 00000206 > Apr 29 12:10:54 myhost kernel: RAX: 0000000000000300 RBX: ffff8eb262062000 RCX: 0000000000000000 > Apr 29 12:10:54 myhost kernel: RDX: 00000000000000ff RSI: 00007f23d4165718 RDI: ffff8eb262062000 > Apr 29 12:10:54 myhost kernel: RBP: ffff8eb262062004 R08: ffffd1008a955008 R09: 00007fff14e314d0 > Apr 29 12:10:54 myhost kernel: R10: 0000000000000000 R11: 0000000000000000 R12: ffff8eb262062000 > Apr 29 12:10:54 myhost kernel: R13: ffffd10086e079d8 R14: ffffd1008a955008 R15: 0000000000000008 > Apr 29 12:10:54 myhost kernel: FS: 00007f2c0052e300(0000) GS:ffff8ebff9b66000(0000) knlGS:0000000000000000 > Apr 29 12:10:54 myhost kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > Apr 29 12:10:54 myhost kernel: CR2: 0000016e38b10000 CR3: 000000017fe6b004 CR4: 0000000000f72ef0 > Apr 29 12:10:54 myhost kernel: PKRU: 55555554 > Apr 29 12:10:54 myhost kernel: Call Trace: > Apr 29 12:10:54 myhost kernel: <TASK> > Apr 29 12:10:54 myhost kernel: kvm_clear_dirty_log_protect+0x191/0x2d0 [kvm] > Apr 29 12:10:54 myhost kernel: kvm_vm_ioctl+0x9f8/0x1ae0 [kvm] > Apr 29 12:10:54 myhost kernel: ? kvm_vm_ioctl+0x88c/0x1ae0 [kvm] > Apr 29 12:10:54 myhost kernel: __x64_sys_ioctl+0x97/0xe0 > Apr 29 12:10:54 myhost kernel: do_syscall_64+0x81/0x5e0 > Apr 29 12:10:54 myhost kernel: ? __pfx_pollwake+0x10/0x10 > Apr 29 12:10:54 myhost kernel: ? find_vmap_area+0xc0/0xe0 > Apr 29 12:10:54 myhost kernel: ? __check_object_size+0x1d3/0x240 > Apr 29 12:10:54 myhost kernel: ? kvm_get_dirty_log_protect+0x1e6/0x290 [kvm] > Apr 29 12:10:54 myhost kernel: ? kvm_vm_ioctl+0x88c/0x1ae0 [kvm] > Apr 29 12:10:54 myhost kernel: ? __x64_sys_ioctl+0xb1/0xe0 > Apr 29 12:10:54 myhost kernel: ? do_syscall_64+0xbe/0x5e0 > Apr 29 12:10:54 myhost kernel: ? switch_fpu_return+0x5b/0xe0 > Apr 29 12:10:54 myhost kernel: ? do_syscall_64+0x245/0x5e0 > Apr 29 12:10:54 myhost kernel: ? ksys_write+0xcd/0xf0 > Apr 29 12:10:54 myhost kernel: ? do_syscall_64+0xbe/0x5e0 > Apr 29 12:10:54 myhost kernel: ? irqentry_exit+0x6e/0x570 > Apr 29 12:10:54 myhost kernel: ? __irq_exit_rcu+0x3d/0xe0 > Apr 29 12:10:54 myhost kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e > Apr 29 12:10:54 myhost kernel: RIP: 0033:0x7f2c02368d3b > Apr 29 12:10:54 myhost kernel: Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 > Apr 29 12:10:54 myhost kernel: RSP: 002b:00007fff14e31360 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 > Apr 29 12:10:54 myhost kernel: RAX: ffffffffffffffda RBX: 00000000c018aec0 RCX: 00007f2c02368d3b > Apr 29 12:10:54 myhost kernel: RDX: 00007fff14e314d0 RSI: ffffffffc018aec0 RDI: 0000000000000015 > Apr 29 12:10:54 myhost kernel: RBP: 000055e177b41000 R08: 0000000000000040 R09: 0000000000000000 > Apr 29 12:10:54 myhost kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff14e314d0 > Apr 29 12:10:54 myhost kernel: R13: 0000000000000000 R14: 0000000000000008 R15: 000055e177b410b0 > Apr 29 12:10:54 myhost kernel: </TASK> Any ideas here? Regards, Salvatore ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Bug#1135235: linux-image-6.19.13+deb14-amd64: Reoccuring host crash "Invalid SPTE change" with gaming win kvm/qemu guest and device passthrough 2026-05-17 13:24 ` Bug#1135235: linux-image-6.19.13+deb14-amd64: Reoccuring host crash "Invalid SPTE change" with gaming win kvm/qemu guest and device passthrough Salvatore Bonaccorso @ 2026-05-17 13:28 ` Paolo Bonzini 2026-05-18 13:43 ` Sean Christopherson 1 sibling, 0 replies; 3+ messages in thread From: Paolo Bonzini @ 2026-05-17 13:28 UTC (permalink / raw) To: Salvatore Bonaccorso Cc: Maximilian Senftleben, Sean Christopherson, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, 1135235, x86, kvm, linux-kernel On Sun, May 17, 2026 at 3:24 PM Salvatore Bonaccorso <carnil@debian.org> wrote: > > Control: forwwarded -1 https://lore.kernel.org/all/177902420697.2035014.8796825668567298024@eldamar.lan > > Hi > > Maximilian Senftleben reported the following in Debian (cf. > https://bugs.debian.org/1135235), it should be noted while Maximilian > uses the looking-glass application (which is acompanied with dkms > modules, they are not loaded and do not tain the kernel). Do you have > an idea how to debug this? Hi Maximilian, do you have any idea when this started occurring? Can you try an earlier 6.19.x kernel? Thanks, Paolo ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Bug#1135235: linux-image-6.19.13+deb14-amd64: Reoccuring host crash "Invalid SPTE change" with gaming win kvm/qemu guest and device passthrough 2026-05-17 13:24 ` Bug#1135235: linux-image-6.19.13+deb14-amd64: Reoccuring host crash "Invalid SPTE change" with gaming win kvm/qemu guest and device passthrough Salvatore Bonaccorso 2026-05-17 13:28 ` Paolo Bonzini @ 2026-05-18 13:43 ` Sean Christopherson 1 sibling, 0 replies; 3+ messages in thread From: Sean Christopherson @ 2026-05-18 13:43 UTC (permalink / raw) To: Salvatore Bonaccorso Cc: Maximilian Senftleben, Paolo Bonzini, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, 1135235, x86, kvm, linux-kernel On Sun, May 17, 2026, Salvatore Bonaccorso wrote: > Control: forwwarded -1 https://lore.kernel.org/all/177902420697.2035014.8796825668567298024@eldamar.lan > > Hi > > Maximilian Senftleben reported the following in Debian (cf. > https://bugs.debian.org/1135235), it should be noted while Maximilian > uses the looking-glass application (which is acompanied with dkms > modules, they are not loaded and do not tain the kernel). Do you have > an idea how to debug this? > > On Wed, Apr 29, 2026 at 09:17:14PM +0200, Maximilian Senftleben wrote: > > Package: src:linux > > Version: 6.19.13-1 > > Severity: important > > > > Dear Maintainer, > > > > - I have a Windows kvm/qemu guest that uses device passthrough for my GPU. > > - Sometimes while playing the host system crashes/freezes, this only happens > > during load/gaming, and sometimes 1-2 times a day, sometimes not at all. > > > > > > System: > > Linux myhost 6.19.13+deb14-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.19.13-1 > > (2026-04-18) x86_64 GNU/Linux > > > > CPU: > > vendor_id : GenuineIntel > > cpu family : 6 > > model : 183 > > model name : Intel(R) Core(TM) i5-14400 > > [...] > > > > Apr 29 12:10:33 myhost kernel: kvm: Invalid SPTE change: cannot replace a present leaf > > SPTE with another present leaf SPTE mapping a > > different PFN! > > as_id: 0 gfn: 80ec33 old_spte: 860000aae3d00bc8 new_spte: 86000009e3d00b77 level: 1 > > Apr 29 12:10:33 myhost kernel: ------------[ cut here ]------------ > > Apr 29 12:10:33 myhost kernel: kernel BUG at arch/x86/kvm/mmu/tdp_mmu.c:600! > > Apr 29 12:10:33 myhost kernel: Oops: invalid opcode: 0000 [#1] SMP NOPTI > > Apr 29 12:10:33 myhost kernel: CPU: 7 UID: 1000 PID: 8419 Comm: CPU 2/KVM Not tainted 6.19.13+deb14-amd64 #1 PREEMPT(lazy) Debian 6.19.13-1 > > Apr 29 12:10:33 myhost kernel: Hardware name: Micro-Star International Co., Ltd. MS-7D96/MAG B760 TOMAHAWK WIFI (MS-7D96), BIOS A.B0 10/07/2024 > > Apr 29 12:10:33 myhost kernel: RIP: 0010:handle_changed_spte.cold+0x1d/0x84 [kvm] > > Apr 29 12:10:33 myhost kernel: Modules linked in: vhost_net vhost vhost_iotlb tap tun rfcomm snd_seq_dummy snd_hrtimer snd_seq xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp nft_compat x_tables nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables bridge stp llc sunrpc uinput qrtr cmac algif_hash algif_skcipher af_alg bnep dm_crypt hid_corsair joydev snd_sof_pci_intel_tgl snd_sof_pci_intel_cnl snd_sof_intel_hda_generic soundwire_intel snd_sof_intel_hda_sdw_bpt snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda_mlink snd_sof_intel_hda soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp snd_hda_codec_intelhdmi snd_sof snd_hda_codec_hdmi intel_rapl_msr intel_rapl_common iwlmvm snd_sof_utils snd_soc_acpi_intel_match snd_soc_acpi_intel_sdca_quirks intel_uncore_frequency soundwire_generic_allocation intel_uncore_frequency_common snd_soc_sdw_utils snd_soc_acpi snd_hda_codec_alc662 x86_pkg_temp_thermal crc8 intel_powerclamp snd_hda_codec_realtek_lib uvcvideo soundwire_bus coretemp mac80211 > > Apr 29 12:10:33 myhost kernel: snd_hda_codec_generic videobuf2_vmalloc snd_soc_sdca uvc videobuf2_memops snd_usb_audio videobuf2_v4l2 snd_soc_avs videodev snd_soc_hda_codec kvm_intel snd_hda_intel snd_usbmidi_lib snd_hda_ext_core snd_rawmidi snd_hda_codec videobuf2_common snd_seq_device nls_ascii mc hid_generic snd_soc_core nls_cp437 libarc4 iTCO_wdt snd_hda_core vfat intel_pmc_bxt kvm fat mei_hdcp mei_pxp spd5118 snd_intel_dspcfg iTCO_vendor_support snd_compress iwlwifi snd_intel_sdw_acpi watchdog snd_pcm_dmaengine snd_hwdep rapl snd_pcm intel_cstate r8169 battery snd_timer cfg80211 intel_uncore wmi_bmof mxm_wmi snd mei_me realtek pcspkr i2c_i801 i2c_smbus soundcore mei fan btusb intel_pmc_core btmtk uas btrtl btbcm btintel pmt_telemetry serial_multi_instantiate usb_storage bluetooth pmt_discovery pmt_class intel_pmc_ssram_telemetry acpi_tad acpi_pad usbhid ecdh_generic hid button evdev sg rfkill binfmt_misc dm_mod efi_pstore nfnetlink xe drm_ttm_helper drm_suballoc_helper gpu_sched drm_gpuvm drm_exec configfs drm_gpusvm_helper ext4 > > Apr 29 12:10:33 myhost kernel: crc16 mbcache jbd2 crc32c_cryptoapi i915 drm_client_lib sd_mod i2c_algo_bit drm_buddy ttm drm_display_helper ahci drm_kms_helper libahci xhci_pci libata xhci_hcd drm nvme nvme_core usbcore scsi_mod nvme_keyring cec nvme_auth video ghash_clmulni_intel hkdf rc_core scsi_common intel_vsec usb_common wmi pinctrl_alderlake vfio_pci vfio_pci_core irqbypass vfio_iommu_type1 vfio parport_pc lp ppdev parport i2c_dev msr efivarfs autofs4 aesni_intel > > Apr 29 12:10:33 myhost kernel: ---[ end trace 0000000000000000 ]--- > > Apr 29 12:10:33 myhost kernel: kvm: get_mmio_spte: reserved bits set on MMU-present spte, addr 0x80ec3098c, hierarchy: > > Apr 29 12:10:33 myhost kernel: kvm: ------ spte = 0x8000000109193907 level = 4, rsvd bits = 0xfff80000000f8 > > Apr 29 12:10:33 myhost kernel: kvm: ------ spte = 0x80000008d8b33907 level = 3, rsvd bits = 0xfff8000000078 > > Apr 29 12:10:33 myhost kernel: kvm: ------ spte = 0x8000000371e37907 level = 2, rsvd bits = 0xfff8000000078 > > Apr 29 12:10:33 myhost kernel: kvm: ------ spte = 0x86000004e3cfdb26 level = 1, rsvd bits = 0xfff8000000000 > > Apr 29 12:10:33 myhost kernel: ------------[ cut here ]------------ Odds are very good this is due to host memory corruption, and is not a bug in KVM's MMU. We (Google) had a period of time where our kernel was triggering stack overflows if a networking IRQ hit at just the right/wrong time, and whenever the overflow wandered into KVM page tables, it would result in failures like these. I got quite familiar with the signature :-) If you aren't already, can you try running with CONFIG_VMAP_STACK=y? Stack overflow doesn't seem likely in this case since the gfn would put the SPTE in the middle of the page table, but it's easy enough to rule out. The other thing to try would be to run with CONFIG_KASAN=y. That might make your gaming quite miserable, but if this is indeed due to a rogue write, it's the best shot for catching the culprit. Or as Paolo suggested, you could try bisecting. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-05-18 13:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <177749023441.304242.8022456530166067549.reportbug@mspc2024debian.lan>
2026-05-17 13:24 ` Bug#1135235: linux-image-6.19.13+deb14-amd64: Reoccuring host crash "Invalid SPTE change" with gaming win kvm/qemu guest and device passthrough Salvatore Bonaccorso
2026-05-17 13:28 ` Paolo Bonzini
2026-05-18 13:43 ` Sean Christopherson
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox