Ubuntu
linux package

Bug #2032176
Comment #17

Comment 17 for bug 2032176

Revision history for this message

Stefan Bader (smb) wrote on 2023-08-23:

#17

So this looks to be the origin of the lockup (extracted from kernel.log):

[ 117.132909] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 117.133529] #PF: supervisor write access in kernel mode
[ 117.133968] #PF: error_code(0x0002) - not-present page
[ 117.134383] PGD 0 P4D 0
[ 117.134570] Oops: 0002 [#1] SMP NOPTI
[ 117.134810] CPU: 0 PID: 6720 Comm: qemu-system-x86 Tainted: P O 5.15.0-83-generic #92-Ubuntu
[ 117.135424] Hardware name: OpenStack Foundation OpenStack Nova, BIOS 1.13.0-1ubuntu1.1 04/01/2014
[ 117.135987] RIP: 0010:handle_removed_tdp_mmu_page+0x88/0x280 [kvm]
[ 117.136483] Code: 8b 40 28 83 e3 0f 48 89 45 a8 0f 1f 44 00 00 41 0f b6 c5 89 45 b4 45 84 ed 0f 85 b8 01 00 00 48 8b 7d b8 48 8b 47 08 48 8b 17 <48> 89 42 08 48 89 10 44 0f b6 67 23 48 b8 00 01 00 00 00 00 ad de
[ 117.137696] RSP: 0018:ffffa85380c5b7f0 EFLAGS: 00010246
[ 117.138054] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 000000000000001e
[ 117.138531] RDX: 0000000000000000 RSI: ffff8e4e0cb04000 RDI: ffff8e4e0caf5398
[ 117.139015] RBP: ffffa85380c5b858 R08: 0000000000000000 R09: 0000000000000003
[ 117.139488] R10: 000000000cb04800 R11: 0000000000000000 R12: 000000010cb04827
[ 117.139938] R13: 0000000000000001 R14: ffffa85381781000 R15: 000000010cb04801
[ 117.140407] FS: 00007fa8515be640(0000) GS:ffff8e5813c00000(0000) knlGS:0000000000000000
[ 117.140920] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.141286] CR2: 0000000000000008 CR3: 00000001101fa000 CR4: 0000000000350ef0
[ 117.141744] Call Trace:
[ 117.141909] <TASK>
[ 117.142063] ? show_trace_log_lvl+0x1d6/0x2ea
[ 117.142349] ? show_trace_log_lvl+0x1d6/0x2ea
[ 117.142632] ? __handle_changed_spte+0x1bc/0x3f0 [kvm]
[ 117.142997] ? show_regs.part.0+0x23/0x29
[ 117.143259] ? __die_body.cold+0x8/0xd
[ 117.143505] ? __die+0x2b/0x37
[ 117.143707] ? page_fault_oops+0x13b/0x170
[ 117.143974] ? kvm_make_all_cpus_request_except+0xca/0x120 [kvm]
[ 117.144400] ? do_user_addr_fault+0x321/0x670
[ 117.144701] ? exc_page_fault+0x77/0x170
[ 117.144986] ? asm_exc_page_fault+0x27/0x30
[ 117.145292] ? handle_removed_tdp_mmu_page+0x88/0x280 [kvm]
[ 117.145709] __handle_changed_spte+0x1bc/0x3f0 [kvm]
[ 117.146086] ? update_load_avg+0x82/0x620
[ 117.146375] handle_removed_tdp_mmu_page+0x138/0x280 [kvm]
[ 117.146787] __handle_changed_spte+0x1bc/0x3f0 [kvm]
[ 117.147166] ? psi_task_switch+0xc6/0x220
[ 117.147455] ? tdp_iter_refresh_sptep+0x90/0x90 [kvm]
[ 117.147891] zap_gfn_range+0x216/0x360 [kvm]
[ 117.148235] ? __traceiter_kvm_test_age_hva+0x40/0x40 [kvm]
[ 117.148647] kvm_tdp_mmu_zap_invalidated_roots+0x5b/0xb0 [kvm]
[ 117.149076] kvm_mmu_zap_all_fast+0x18e/0x1c0 [kvm]
[ 117.149451] kvm_mmu_invalidate_zap_pages_in_memslot+0xe/0x20 [kvm]
[ 117.149907] kvm_page_track_flush_slot+0x59/0x90 [kvm]
[ 117.150849] kvm_arch_flush_shadow_memslot+0xe/0x20 [kvm]
[ 117.151813] kvm_set_memslot+0x36f/0x600 [kvm]
[ 117.152897] kvm_delete_memslot+0x65/0x90 [kvm]
[ 117.153756] __kvm_set_memory_region+0x440/0x7c0 [kvm]
[ 117.154633] ? _copy_to_user+0x20/0x30
[ 117.155396] ? kvm_get_dirty_log_protect+0x1de/0x290 [kvm]
[ 117.156300] ? __seccomp_filter+0x4a/0x4a0
[ 117.157090] kvm_vm_ioctl+0x2f6/0x810 [kvm]
[ 117.157907] ? __fget_files+0x86/0xc0
[ 117.158645] __x64_sys_ioctl+0x95/0xd0
[ 117.159376] do_syscall_64+0x5c/0xc0
[ 117.160081] ? irqentry_exit_to_user_mode+0x9/0x20
[ 117.160858] ? irqentry_exit+0x1d/0x30
[ 117.161549] ? exc_page_fault+0x89/0x170
[ 117.162243] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 117.163007] RIP: 0033:0x7faa5d0edaff
[ 117.163684] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00
[ 117.166045] RSP: 002b:00007fa8515b9ad0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 117.167015] RAX: ffffffffffffffda RBX: 000000004020ae46 RCX: 00007faa5d0edaff
[ 117.167940] RDX: 00007fa8515b9bf0 RSI: 000000004020ae46 RDI: 0000000000000015
[ 117.168882] RBP: 00005563cb849af0 R08: 00007fa840d74700 R09: 0000000000000000
[ 117.169793] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa8515b9bf0
[ 117.170709] R13: 0000000000800000 R14: 00005563cd43dad0 R15: 0000000080000000
[ 117.171629] </TASK>
[ 117.172267] Modules linked in: vhost_net tap nft_meta_bridge nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct br_netfilter nft_masq zfs(PO) zunicode(PO) zzstd(O) zlua(O) zavl(PO) icp(PO) zcommon(PO) znvpair(PO) spl(O) vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock unix_diag tls xt_nat nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_counter nf_tables nfnetlink vxlan ip6_udp_tunnel udp_tunnel bridge stp llc intel_rapl_msr binfmt_misc nls_iso8859_1 intel_rapl_common kvm_amd ccp kvm joydev input_leds serio_raw qemu_fw_cfg mac_hid dm_multipath sch_fq_codel scsi_dh_rdac scsi_dh_emc scsi_dh_alua ramoops pstore_blk reed_solomon pstore_zone efi_pstore ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel qxl drm_ttm_helper ttm drm_kms_helper
[ 117.172496] syscopyarea sysfillrect sysimgblt fb_sys_fops aesni_intel crypto_simd cec rc_core virtio_net net_failover psmouse cryptd drm virtio_rng pata_acpi virtio_blk failover i2c_piix4 floppy
[ 117.184832] CR2: 0000000000000008
[ 117.185715] ---[ end trace 52ac43d9385d4d0f ]---
[ 117.186675] RIP: 0010:handle_removed_tdp_mmu_page+0x88/0x280 [kvm]
[ 117.187778] Code: 8b 40 28 83 e3 0f 48 89 45 a8 0f 1f 44 00 00 41 0f b6 c5 89 45 b4 45 84 ed 0f 85 b8 01 00 00 48 8b 7d b8 48 8b 47 08 48 8b 17 <48> 89 42 08 48 89 10 44 0f b6 67 23 48 b8 00 01 00 00 00 00 ad de
[ 117.190328] RSP: 0018:ffffa85380c5b7f0 EFLAGS: 00010246
[ 117.191361] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 000000000000001e
[ 117.192525] RDX: 0000000000000000 RSI: ffff8e4e0cb04000 RDI: ffff8e4e0caf5398
[ 117.193677] RBP: ffffa85380c5b858 R08: 0000000000000000 R09: 0000000000000003
[ 117.194828] R10: 000000000cb04800 R11: 0000000000000000 R12: 000000010cb04827
[ 117.196228] R13: 0000000000000001 R14: ffffa85381781000 R15: 000000010cb04801
[ 117.197400] FS: 00007fa8515be640(0000) GS:ffff8e5813c00000(0000) knlGS:0000000000000000
[ 117.198617] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.199687] CR2: 0000000000000008 CR3: 00000001101fa000 CR4: 0000000000350ef0

So this looks to be the origin of the lockup (extracted from kernel.log):

[  117.132909] BUG: kernel NULL pointer dereference, address: 0000000000000008
[  117.133529] #PF: supervisor write access in kernel mode
[  117.133968] #PF: error_code(0x0002) - not-present page
[  117.134383] PGD 0 P4D 0 
[  117.134570] Oops: 0002 [#1] SMP NOPTI
[  117.134810] CPU: 0 PID: 6720 Comm: qemu-system-x86 Tainted: P           O      5.15.0-83-generic #92-Ubuntu
[  117.135424] Hardware name: OpenStack Foundation OpenStack Nova, BIOS 1.13.0-1ubuntu1.1 04/01/2014
[  117.135987] RIP: 0010:handle_removed_tdp_mmu_page+0x88/0x280 [kvm]
[  117.136483] Code: 8b 40 28 83 e3 0f 48 89 45 a8 0f 1f 44 00 00 41 0f b6 c5 89 45 b4 45 84 ed 0f 85 b8 01 00 00 48 8b 7d b8 48 8b 47 08 48 8b 17 <48> 89 42 08 48 89 10 44 0f b6 67 23 48 b8 00 01 00 00 00 00 ad de
[  117.137696] RSP: 0018:ffffa85380c5b7f0 EFLAGS: 00010246
[  117.138054] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 000000000000001e
[  117.138531] RDX: 0000000000000000 RSI: ffff8e4e0cb04000 RDI: ffff8e4e0caf5398
[  117.139015] RBP: ffffa85380c5b858 R08: 0000000000000000 R09: 0000000000000003
[  117.139488] R10: 000000000cb04800 R11: 0000000000000000 R12: 000000010cb04827
[  117.139938] R13: 0000000000000001 R14: ffffa85381781000 R15: 000000010cb04801
[  117.140407] FS:  00007fa8515be640(0000) GS:ffff8e5813c00000(0000) knlGS:0000000000000000
[  117.140920] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.141286] CR2: 0000000000000008 CR3: 00000001101fa000 CR4: 0000000000350ef0
[  117.141744] Call Trace:
[  117.141909]  <TASK>
[  117.142063]  ? show_trace_log_lvl+0x1d6/0x2ea
[  117.142349]  ? show_trace_log_lvl+0x1d6/0x2ea
[  117.142632]  ? __handle_changed_spte+0x1bc/0x3f0 [kvm]
[  117.142997]  ? show_regs.part.0+0x23/0x29
[  117.143259]  ? __die_body.cold+0x8/0xd
[  117.143505]  ? __die+0x2b/0x37
[  117.143707]  ? page_fault_oops+0x13b/0x170
[  117.143974]  ? kvm_make_all_cpus_request_except+0xca/0x120 [kvm]
[  117.144400]  ? do_user_addr_fault+0x321/0x670
[  117.144701]  ? exc_page_fault+0x77/0x170
[  117.144986]  ? asm_exc_page_fault+0x27/0x30
[  117.145292]  ? handle_removed_tdp_mmu_page+0x88/0x280 [kvm]
[  117.145709]  __handle_changed_spte+0x1bc/0x3f0 [kvm]
[  117.146086]  ? update_load_avg+0x82/0x620
[  117.146375]  handle_removed_tdp_mmu_page+0x138/0x280 [kvm]
[  117.146787]  __handle_changed_spte+0x1bc/0x3f0 [kvm]
[  117.147166]  ? psi_task_switch+0xc6/0x220
[  117.147455]  ? tdp_iter_refresh_sptep+0x90/0x90 [kvm]
[  117.147891]  zap_gfn_range+0x216/0x360 [kvm]
[  117.148235]  ? __traceiter_kvm_test_age_hva+0x40/0x40 [kvm]
[  117.148647]  kvm_tdp_mmu_zap_invalidated_roots+0x5b/0xb0 [kvm]
[  117.149076]  kvm_mmu_zap_all_fast+0x18e/0x1c0 [kvm]
[  117.149451]  kvm_mmu_invalidate_zap_pages_in_memslot+0xe/0x20 [kvm]
[  117.149907]  kvm_page_track_flush_slot+0x59/0x90 [kvm]
[  117.150849]  kvm_arch_flush_shadow_memslot+0xe/0x20 [kvm]
[  117.151813]  kvm_set_memslot+0x36f/0x600 [kvm]
[  117.152897]  kvm_delete_memslot+0x65/0x90 [kvm]
[  117.153756]  __kvm_set_memory_region+0x440/0x7c0 [kvm]
[  117.154633]  ? _copy_to_user+0x20/0x30
[  117.155396]  ? kvm_get_dirty_log_protect+0x1de/0x290 [kvm]
[  117.156300]  ? __seccomp_filter+0x4a/0x4a0
[  117.157090]  kvm_vm_ioctl+0x2f6/0x810 [kvm]
[  117.157907]  ? __fget_files+0x86/0xc0
[  117.158645]  __x64_sys_ioctl+0x95/0xd0
[  117.159376]  do_syscall_64+0x5c/0xc0
[  117.160081]  ? irqentry_exit_to_user_mode+0x9/0x20
[  117.160858]  ? irqentry_exit+0x1d/0x30
[  117.161549]  ? exc_page_fault+0x89/0x170
[  117.162243]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  117.163007] RIP: 0033:0x7faa5d0edaff
[  117.163684] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00
[  117.166045] RSP: 002b:00007fa8515b9ad0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  117.167015] RAX: ffffffffffffffda RBX: 000000004020ae46 RCX: 00007faa5d0edaff
[  117.167940] RDX: 00007fa8515b9bf0 RSI: 000000004020ae46 RDI: 0000000000000015
[  117.168882] RBP: 00005563cb849af0 R08: 00007fa840d74700 R09: 0000000000000000
[  117.169793] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa8515b9bf0
[  117.170709] R13: 0000000000800000 R14: 00005563cd43dad0 R15: 0000000080000000
[  117.171629]  </TASK>
[  117.172267] Modules linked in: vhost_net tap nft_meta_bridge nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct br_netfilter nft_masq zfs(PO) zunicode(PO) zzstd(O) zlua(O) zavl(PO) icp(PO) zcommon(PO) znvpair(PO) spl(O) vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock unix_diag tls xt_nat nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_counter nf_tables nfnetlink vxlan ip6_udp_tunnel udp_tunnel bridge stp llc intel_rapl_msr binfmt_misc nls_iso8859_1 intel_rapl_common kvm_amd ccp kvm joydev input_leds serio_raw qemu_fw_cfg mac_hid dm_multipath sch_fq_codel scsi_dh_rdac scsi_dh_emc scsi_dh_alua ramoops pstore_blk reed_solomon pstore_zone efi_pstore ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel qxl drm_ttm_helper ttm drm_kms_helper
[  117.172496]  syscopyarea sysfillrect sysimgblt fb_sys_fops aesni_intel crypto_simd cec rc_core virtio_net net_failover psmouse cryptd drm virtio_rng pata_acpi virtio_blk failover i2c_piix4 floppy
[  117.184832] CR2: 0000000000000008
[  117.185715] ---[ end trace 52ac43d9385d4d0f ]---
[  117.186675] RIP: 0010:handle_removed_tdp_mmu_page+0x88/0x280 [kvm]
[  117.187778] Code: 8b 40 28 83 e3 0f 48 89 45 a8 0f 1f 44 00 00 41 0f b6 c5 89 45 b4 45 84 ed 0f 85 b8 01 00 00 48 8b 7d b8 48 8b 47 08 48 8b 17 <48> 89 42 08 48 89 10 44 0f b6 67 23 48 b8 00 01 00 00 00 00 ad de
[  117.190328] RSP: 0018:ffffa85380c5b7f0 EFLAGS: 00010246
[  117.191361] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 000000000000001e
[  117.192525] RDX: 0000000000000000 RSI: ffff8e4e0cb04000 RDI: ffff8e4e0caf5398
[  117.193677] RBP: ffffa85380c5b858 R08: 0000000000000000 R09: 0000000000000003
[  117.194828] R10: 000000000cb04800 R11: 0000000000000000 R12: 000000010cb04827
[  117.196228] R13: 0000000000000001 R14: ffffa85381781000 R15: 000000010cb04801
[  117.197400] FS:  00007fa8515be640(0000) GS:ffff8e5813c00000(0000) knlGS:0000000000000000
[  117.198617] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.199687] CR2: 0000000000000008 CR3: 00000001101fa000 CR4: 0000000000350ef0

Ubuntulinux package

Comment 17 for bug 2032176

Ubuntu
linux package