Re: [BUG] KVM: NULL pointer dereference in kvm_tdp_mmu_map under memory pressure

Next message: tip-bot2 for Michal Koutn&#xFD;: "[tip: sched/core] sched/rt: Cleanup global RT bandwidth functions"
Previous message: tip-bot2 for Anshuman Khandual: "[tip: perf/core] perf/events: Replace READ_ONCE() with standard pgtable accessors"
In reply to: punixcorn: "[BUG] KVM: NULL pointer dereference in kvm_tdp_mmu_map under memory pressure"
Next in thread: Sean Christopherson: "Re: [BUG] KVM: NULL pointer dereference in kvm_tdp_mmu_map under memory pressure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: punixcorn

Date: Wed Apr 08 2026 - 07:21:32 EST

Following up with additional analysis from gdb.

The crash is at spte.h:263 in to_shadow_page(), not at the
tdp_mmu_alloc_sp() path as initially suspected.

(gdb) list *(kvm_tdp_mmu_map+0x471)
0x79451 is in kvm_tdp_mmu_map (mmu/spte.h:263)
return (struct kvm_mmu_page *)page_private(page);

The crash location suggests page_private() is returning 0 for the
parent shadow page in tdp_mmu_init_child_sp(). The exact cause is
unclear. Sharing for maintainer review.

My earlier speculative fix (checking sp == NULL) was incorrect.
I am not familiar enough with the KVM MMU internals to propose a
correct fix. Sharing this in case it helps maintainers narrow down
the root cause.