Re: [BUG] KVM: NULL pointer dereference in kvm_tdp_mmu_map under memory pressure

[Sean Christopherson]

On Wed, Apr 08, 2026, punixcorn wrote:
> Hi Sean,
> 
> I attempted to trigger your debug patch via fault injection (zeroing
> page_private on the allocated sp before it's linked), but the resulting
> logs aren't meaningful -- every captured entry shows spte =
> 8000000000000000, a non-present SPTE, which doesn't reflect the real
> crash scenario where the SPTE is present but page_private returns 0.
> So I'm not sending those.

Ya, I wouldn't expect synthetic injection to help root cause this.  
 
> Natural reproduction is rare and I haven't caught it yet with your patch
> applied.

How rare is rare?  Are we talking hours of runtime?  Days?

> Given that, what would you recommend as a next step?

If it's not too onerous, keep trying to reproduce with that initial debug patch.
If the time to repro is several hours (or more), I can try to provide a more
elaborate debug patch.

> Would lockdep, KASAN, or RCU debugging (CONFIG_PROVE_RCU) be worth enabling
> to catch the violation when it happens naturally?

Hmm, of those, KASAN has the best chance of being useful.  Thought it might make
reproducing the bug even more difficult.

> Environment:
> - CPU: 13th Gen Intel(R) Core(TM) i5-13420H (12) @ 4.60 GHz
> - RAM: 16GB (15Gi usable, 16Gi swap)
> - OS: Arch Linux
> - Kernel: 6.19.10-dirty #1 SMP PREEMPT_DYNAMIC Wed Apr 8 06:08:08 GMT 2026 x86_64
> - /proc/cpuinfo: https://pastebin.com/pwvNYsCu
> - .config: https://pastebin.com/z4fVZENs
> 
> The crash occurs while running an Android emulator (QEMU) under host
> memory pressure.
> 
> Signed-off-by: punixcorn <ohyunwoods663@xxxxxxxxx>