VirtualBox

Ticket #19408 (new defect)

Opened 7 months ago

Last modified 8 weeks ago

Linux panic with a 'not-present page' when rebooting resumed VM

Reported by: the_source_him Owned by:
Component: other Version: VirtualBox 6.1.4
Keywords: Cc:
Guest type: all Host type: Linux

Description

After I suspended/resumed Windows 10 guest (Fedora 31 host, kernel 5.5.9), the rebooted it, VM caused kernel oops and virtual box froze (all windows, including manager). Attaching kernel oops report.

Attachments

vboxdrv_crash.txt Download (5.7 KB) - added by the_source_him 7 months ago.
Kernel oops report
Windows10-2020-03-16-11-08-53.log Download (99.0 KB) - added by the_source_him 7 months ago.
Log file of frozen guest

Change History

Changed 7 months ago by the_source_him

Kernel oops report

comment:1 Changed 7 months ago by fbatschu

please be more specfic here in the problem description:

Where did you suspend/resume? I assume Windows suspend/resume in the guest or was it the Virtualbox "Save machine state"? And the "reboot" was also done from inside the Windows guest?

btw, Fedora 31 is currently at offical kernel version 5.5.8?

comment:2 Changed 7 months ago by the_source_him

Here's what I did:

  1. Used "save machine state" to suspend my Win10 guest
  2. Restored it after some time.
  3. Inside the guest some updates finished installing via windows update and the guest OS requested a reboot for applying those updates.
  4. I pressed reboot button on windows update window.
  5. When Win10 guest started to boot, the boot screen was different: green progress bar instead of circling dots.
  6. After several seconds all virtualbox windows (Win10 guest and manager) stopped responding and a popup notification about kernel oops appeared in my host system tray.
  7. I checked dmesg and copied it for this report.
  8. I forcefully terminated virtualbox windows and restarted vboxdrv service.
  9. After that Win10 guest was able to boot normally.

Host OS: Fedora 31 (5.5.9-200.fc31.x86_64) Guest OS: Windows 10 64bit 1909

Changed 7 months ago by the_source_him

Log file of frozen guest

comment:3 Changed 7 months ago by fbatschu

  • Summary changed from Linux vboxdrv crash after VM reboot to Linux panic with a 'not-present page' when rebooting resumed VM

comment:4 Changed 7 months ago by fbatschu

The following simple steps produce the kernel panic and the vbox guest VM and the whole vbox GUI dies and depending on the systems configuration, the OS crashes and writes a crash dump.

Virtualbox 6.4.1

1) boot Windows10 guest VM (I used 1909)
2) use the vbox "Close" menu button and select "save machine state"
3) wait some time (I did wait for ca. 30 minutes)
4) click on the Windows10 vm in the vbox manager GUI to resume the VM
5) inside the guest VM, select Windows "Reboot"
6) and watch the vbox vm, the manager and possibly the entire
system to fade away

with a 'not-present page' panic stacktrace.

Host: Fedora 31, kernel version 5.5.8, EXT4, picture:

[23259.943054] vboxdrv: 00000000e82eb655 VBoxDDR0.r0
[23259.993672] vboxdrv: 00000000fd49a166 VBoxEhciR0.r0
[23259.995056] VMMR0InitVM: eflags=246 fKernelFeatures=0x0 (SUPKERNELFEATURES_SMAP=0)

24192.207110] BUG: unable to handle page fault for address: ffffa94ec9b14388
[24192.207113] #PF: supervisor write access in kernel mode
[24192.207114] #PF: error_code(0x0002) - not-present page
[24192.207114] PGD fe094b067 P4D fe094b067 PUD fe094e067 PMD fc8b10067 PTE 0
[24192.207116] Oops: 0002 [#1] SMP PTI
[24192.207118] CPU: 3 PID: 11919 Comm: EMT-1 Kdump: loaded Tainted: G           OE     5.5.8-200.fc31.x86_64 #1
[24192.207119] Hardware name: System manufacturer System Product Name/PRIME H270-PRO, BIOS 0808 07/10/2017
[24192.207121] RIP: 0010:0xffffffffc019f0d1
[24192.207122] Code: 18 44 89 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 2e 0f 1f 84 00 00 00 00 00 89 45 c4 4c 89 e8 49 2b 87 e8 33 01 00 48 c1 e8 0c <41> 0f ab 87 c8 13 01 00 b8 01 01 00 00 49 8b b7 e8 33 01 00 4c 89
[24192.207123] RSP: 0018:ffffa94ec993b958 EFLAGS: 00010206
[24192.207123] RAX: 00000000000e3e00 RBX: ffffa94ec9af9bf0 RCX: 0000000000000001
[24192.207124] RDX: ffffa94ec9af9bf4 RSI: 0000000000000467 RDI: 0000000000000000
[24192.207125] RBP: ffffa94ec993b998 R08: 0000000000000000 R09: 00000000e3e00000
[24192.207125] R10: ffffa94ec9a05000 R11: ffffa94eca42e000 R12: ffffa94ec9ae5000
[24192.207126] R13: 00000000e3e00000 R14: ffffa94ec99d5000 R15: ffffa94ec9ae6800
[24192.207127] FS:  00007f8cd7fff700(0000) GS:ffff95d5e6d80000(0000) knlGS:0000004b5aa36000
[24192.207127] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[24192.207128] CR2: ffffa94ec9b14388 CR3: 00000002a69b2006 CR4: 00000000003626e0
[24192.207129] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[24192.207129] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[24192.207130] Call Trace:
[24192.207135]  ? ext4_mark_iloc_dirty+0x50c/0x850
[24192.207137]  ? __wake_up_common_lock+0x8a/0xc0
[24192.207150]  ? VBoxHost_RTThreadCtxHookEnable+0x31/0x50 [vboxdrv]
[24192.207156]  ? supdrvIOCtlFast+0x66/0xb0 [vboxdrv]
[24192.207160]  ? VBoxDrvLinuxIOCtl_6_1_4+0x56/0x260 [vboxdrv]
[24192.207161]  ? selinux_file_ioctl+0x174/0x220
[24192.207163]  ? do_vfs_ioctl+0x461/0x6d0
[24192.207164]  ? ksys_ioctl+0x5e/0x90
[24192.207165]  ? __x64_sys_ioctl+0x16/0x20
[24192.207167]  ? do_syscall_64+0x5b/0x1c0
[24192.207169]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[24192.207170] Modules linked in: xt_CHECKSUM xt_MASQUERADE nf_nat_tftp nf_conntrack_tftp nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_REJECT nf_reject_ipv6 ip6t_rpfilter ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat iptable_mangle iptable_raw iptable_security nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 tun bridge stp llc ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) sunrpc btrfs intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp blake2b_generic coretemp xor kvm_intel zstd_compress kvm raid6_pq snd_seq_dummy snd_seq_oss snd_emu10k1_synth snd_emux_synth snd_seq_midi_emul snd_seq_virmidi snd_hda_codec_hdmi snd_hda_codec_realtek snd_seq_midi snd_seq_midi_event snd_hda_codec_generic eeepc_wmi ledtrig_audio libcrc32c asus_wmi irqbypass snd_emu10k1 zstd_decompress snd_hda_intel
[24192.207186]  snd_intel_dspcfg crct10dif_pclmul crc32_pclmul snd_hda_codec sparse_keymap snd_util_mem rfkill ghash_clmulni_intel snd_ac97_codec joydev snd_hda_core ac97_bus snd_hwdep snd_rawmidi snd_seq snd_seq_device snd_pcm snd_timer intel_cstate snd intel_uncore iTCO_wdt iTCO_vendor_support wmi_bmof i2c_i801 soundcore intel_rapl_perf mei_hdcp pcspkr mei_me mei acpi_pad binfmt_misc ip_tables nouveau i2c_algo_bit drm_kms_helper ttm drm e1000e mxm_wmi crc32c_intel wmi video fuse
[24192.207197] CR2: ffffa94ec9b14388
[24192.207199] ---[ end trace da7045c082601a5d ]---
[24192.207200] RIP: 0010:0xffffffffc019f0d1
[24192.207201] Code: 18 44 89 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 2e 0f 1f 84 00 00 00 00 00 89 45 c4 4c 89 e8 49 2b 87 e8 33 01 00 48 c1 e8 0c <41> 0f ab 87 c8 13 01 00 b8 01 01 00 00 49 8b b7 e8 33 01 00 4c 89
[24192.207201] RSP: 0018:ffffa94ec993b958 EFLAGS: 00010206
[24192.207202] RAX: 00000000000e3e00 RBX: ffffa94ec9af9bf0 RCX: 0000000000000001
[24192.207203] RDX: ffffa94ec9af9bf4 RSI: 0000000000000467 RDI: 0000000000000000
[24192.207203] RBP: ffffa94ec993b998 R08: 0000000000000000 R09: 00000000e3e00000
[24192.207204] R10: ffffa94ec9a05000 R11: ffffa94eca42e000 R12: ffffa94ec9ae5000
[24192.207204] R13: 00000000e3e00000 R14: ffffa94ec99d5000 R15: ffffa94ec9ae6800
[24192.207205] FS:  00007f8cd7fff700(0000) GS:ffff95d5e6d80000(0000) knlGS:0000004b5aa36000
[24192.207206] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[24192.207206] CR2: ffffa94ec9b14388 CR3: 00000002a69b2006 CR4: 00000000003626e0
[24192.207207] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[24192.207207] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Host: Ubuntu 18.04.4, kernel version 5.3.0-42-generic #34~18.04.1-Ubuntu SMP, BTRFS, picture:

[ 2634.063648] vboxdrv: 0000000000000000 VBoxDDR0.r0
[ 2634.131387] vboxdrv: 0000000000000000 VBoxEhciR0.r0
[ 2634.132254] VMMR0InitVM: eflags=246 fKernelFeatures=0x0 (SUPKERNELFEATURES_SMAP=0)
[ 2750.879090] BUG: unable to handle page fault for address: ffffb95a030e8388
[ 2750.879093] #PF: supervisor write access in kernel mode
[ 2750.879094] #PF: error_code(0x0002) - not-present page
[ 2750.879094] PGD fe054f067 P4D fe054f067 PUD fe0552067 PMD f78efa067 PTE 0
[ 2750.879096] Oops: 0002 [#1] SMP PTI
[ 2750.879098] CPU: 2 PID: 8912 Comm: EMT-1 Kdump: loaded Tainted: P           OE     5.3.0-42-generic #34~18.04.1-Ubuntu
[ 2750.879099] Hardware name: System manufacturer System Product Name/PRIME H270-PRO, BIOS 0808 07/10/2017
[ 2750.879101] RIP: 0010:0xffffffffc01a208f
[ 2750.879102] Code: 4d c8 74 17 48 83 c4 18 44 89 f8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 1f 44 00 00 48 89 c8 49 2b 84 24 e8 33 01 00 48 c1 e8 0c <41> 0f ab 84 24 c8 13 01 00 49 8b b4 24 e8 33 01 00 41 c6 84 24 c8
[ 2750.879103] RSP: 0018:ffffb95a018c7928 EFLAGS: 00010206
[ 2750.879104] RAX: 00000000000e3e00 RBX: ffffb95a030b9000 RCX: 00000000e3e00000
[ 2750.879104] RDX: ffffb95a030cdbf4 RSI: 0000000000000401 RDI: 0000000000000000
[ 2750.879105] RBP: ffffb95a018c7968 R08: 00000000e3e00000 R09: 00000000ffffffff
[ 2750.879105] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb95a030ba800
[ 2750.879106] R13: ffffb95a030cdbf0 R14: ffffb95a03649000 R15: 0000000000000000
[ 2750.879107] FS:  00007f9841c75700(0000) GS:ffff942666b00000(0000) knlGS:000000be5e6fc000
[ 2750.879108] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2750.879108] CR2: ffffb95a030e8388 CR3: 0000000bf3274003 CR4: 00000000003626e0
[ 2750.879109] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2750.879109] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2750.879110] Call Trace:
[ 2750.879130]  ? free_extent_state+0x48/0xc0 [btrfs]
[ 2750.879133]  ? __wake_up_common_lock+0x8c/0xc0
[ 2750.879143]  ? merge_state.part.50+0x44/0x170 [btrfs]
[ 2750.879155]  ? __btrfs_block_rsv_release+0x79/0x1a0 [btrfs]
[ 2750.879166]  ? btrfs_buffered_write.isra.30+0x6de/0x780 [btrfs]
[ 2750.879173]  ? SUPR0GetCurrentGdtRw+0xe/0x10 [vboxdrv]
[ 2750.879180]  ? VBoxHost_RTThreadCtxHookEnable+0x36/0x40 [vboxdrv]
[ 2750.879185]  ? rtR0MemAllocEx+0x180/0x230 [vboxdrv]
[ 2750.879190]  ? supdrvIOCtlFast+0x65/0xb0 [vboxdrv]
[ 2750.879193]  ? VBoxDrvLinuxIOCtl_6_1_4+0x57/0x230 [vboxdrv]
[ 2750.879195]  ? new_sync_write+0x125/0x1c0
[ 2750.879197]  ? do_vfs_ioctl+0xa9/0x640
[ 2750.879198]  ? vfs_write+0x12e/0x1a0
[ 2750.879199]  ? ksys_ioctl+0x75/0x80
[ 2750.879201]  ? __x64_sys_ioctl+0x1a/0x20
[ 2750.879202]  ? do_syscall_64+0x5a/0x130
[ 2750.879204]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 2750.879205] Modules linked in: ip6table_filter ip6_tables xt_CHECKSUM iptable_mangle xt_MASQUERADE iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp bridge stp llc iptable_filter bpfilter aufs overlay vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) binfmt_misc zfs(PO) zunicode(PO) zavl(PO) icp(POE) zlua(PO) zcommon(PO) znvpair(PO) spl(O) intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel mei_hdcp eeepc_wmi aes_x86_64 snd_hda_codec_hdmi snd_hda_codec_realtek snd_emu10k1_synth snd_hda_codec_generic snd_emux_synth crypto_simd cryptd snd_seq_midi_emul ledtrig_audio asus_wmi snd_hda_intel snd_intel_nhlt snd_seq_virmidi sparse_keymap mxm_wmi wmi_bmof snd_emu10k1 snd_hda_codec snd_util_mem glue_helper intel_cstate intel_rapl_perf snd_ac97_codec snd_seq_midi snd_seq_midi_event snd_rawmidi snd_hda_core ac97_bus joydev snd_seq input_leds snd_hwdep snd_pcm snd_seq_device
[ 2750.879224]  snd_timer snd mac_hid soundcore mei_me mei nvidia_uvm(OE) acpi_pad sch_fq_codel nfsd auth_rpcgss nfs_acl lockd grace sunrpc parport_pc ppdev lp parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid nvidia_drm(POE) nvidia_modeset(POE) nvidia(POE) drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm e1000e ahci libahci ipmi_devintf video ipmi_msghandler wmi
[ 2750.879238] CR2: ffffb95a030e8388
Last edited 7 months ago by fbatschu (previous) (diff)

comment:5 Changed 7 months ago by fbatschu

  • Guest type changed from Windows to all

I could also reproduce this trying a bit harder with a Linux guest (Fedora 30) after 2 save state/resume/reboot cycles eventually:

[15781.292828] vboxdrv: 0000000000000000 VBoxDDR0.r0
[15781.343946] vboxdrv: 0000000000000000 VBoxEhciR0.r0
[15781.344757] VMMR0InitVM: eflags=246 fKernelFeatures=0x0 (SUPKERNELFEATURES_SMAP=0)

[15950.494385] BUG: unable to handle page fault for address: ffff9e02c2520d28
[15950.494388] #PF: supervisor write access in kernel mode
[15950.494389] #PF: error_code(0x0002) - not-present page
[15950.494389] PGD fe054f067 P4D fe054f067 PUD fe0552067 PMD f52711067 PTE 0
[15950.494391] Oops: 0002 [#1] SMP PTI
[15950.494393] CPU: 1 PID: 13583 Comm: EMT-1 Kdump: loaded Tainted: P           OE     5.3.0-42-generic #34~18.04.1-Ubuntu
[15950.494393] Hardware name: System manufacturer System Product Name/PRIME H270-PRO, BIOS 0808 07/10/2017
[15950.494396] RIP: 0010:0xffffffffc000308f
[15950.494397] Code: 4d c8 74 17 48 83 c4 18 44 89 f8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 1f 44 00 00 48 89 c8 49 2b 84 24 e8 33 01 00 48 c1 e8 0c <41> 0f ab 84 24 c8 13 01 00 49 8b b4 24 e8 33 01 00 41 c6 84 24 c8
[15950.494398] RSP: 0018:ffff9e02c228f928 EFLAGS: 00010202
[15950.494398] RAX: 00000000000f0b0e RBX: ffff9e02c24f0000 RCX: 00000000f0b0e000
[15950.494399] RDX: ffff9e02c2504bf4 RSI: 0000000000000401 RDI: 0000000000000000
[15950.494400] RBP: ffff9e02c228f968 R08: 00000000f0b0e000 R09: 00000000ffffffff
[15950.494400] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9e02c24f1800
[15950.494401] R13: ffff9e02c2504bf0 R14: ffff9e02c2561000 R15: 0000000000000000
[15950.494402] FS:  00007f9c614e7700(0000) GS:ffff8f9526a80000(0000) knlGS:0000000000000000
[15950.494402] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[15950.494403] CR2: ffff9e02c2520d28 CR3: 0000000daac78002 CR4: 00000000003626e0
[15950.494404] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[15950.494404] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[15950.494405] Call Trace:
[15950.494410]  ? hrtimer_try_to_cancel+0xb2/0x110
[15950.494412]  ? schedule_hrtimeout_range_clock+0xc5/0x190
[15950.494413]  ? __hrtimer_init+0xc0/0xc0
[15950.494424]  ? rtR0SemEventMultiLnxWait.isra.4+0x2a3/0x360 [vboxdrv]
[15950.494429]  ? SUPR0GetCurrentGdtRw+0xe/0x10 [vboxdrv]
[15950.494435]  ? VBoxHost_RTThreadCtxHookEnable+0x36/0x40 [vboxdrv]
[15950.494437]  ? _cond_resched+0x19/0x40
[15950.494438]  ? __kmalloc+0x183/0x260
[15950.494444]  ? rtR0MemAllocEx+0x180/0x230 [vboxdrv]
[15950.494449]  ? rtR0MemAllocEx+0x180/0x230 [vboxdrv]
[15950.494453]  ? supdrvIOCtlFast+0x65/0xb0 [vboxdrv]
[15950.494457]  ? VBoxDrvLinuxIOCtl_6_1_4+0x57/0x230 [vboxdrv]
[15950.494459]  ? do_vfs_ioctl+0xa9/0x640
[15950.494461]  ? __schedule+0x2b0/0x670
[15950.494462]  ? ksys_ioctl+0x75/0x80
[15950.494464]  ? __x64_sys_ioctl+0x1a/0x20
[15950.494466]  ? do_syscall_64+0x5a/0x130
[15950.494467]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[15950.494468] Modules linked in: ip6table_filter ip6_tables xt_CHECKSUM iptable_mangle xt_MASQUERADE iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp bridge stp llc iptable_filter bpfilter aufs overlay vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) binfmt_misc zfs(PO) zunicode(PO) zavl(PO) icp(POE) zlua(PO) zcommon(PO) znvpair(PO) spl(O) intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm mei_hdcp irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 snd_emu10k1_synth snd_emux_synth crypto_simd cryptd snd_seq_midi_emul eeepc_wmi snd_seq_virmidi asus_wmi snd_hda_codec_realtek snd_emu10k1 glue_helper snd_hda_codec_generic ledtrig_audio input_leds joydev snd_hda_codec_hdmi intel_cstate intel_rapl_perf snd_util_mem snd_hda_intel snd_intel_nhlt sparse_keymap snd_hda_codec snd_ac97_codec mxm_wmi wmi_bmof ac97_bus snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device
[15950.494486]  snd_timer snd soundcore mei_me mei nvidia_uvm(OE) mac_hid acpi_pad sch_fq_codel nfsd auth_rpcgss nfs_acl lockd grace parport_pc ppdev lp parport sunrpc ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid nvidia_drm(POE) nvidia_modeset(POE) nvidia(POE) drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm ipmi_devintf e1000e ipmi_msghandler ahci libahci wmi video
[15950.494501] CR2: ffff9e02c2520d28

I could also reproduce this problem quickly on:

Host: Ubuntu 19.10, 5.3.0-42-generic #34-Ubuntu SMP Guest: Fedora Rawhide

[81313.466883] vboxdrv: 0000000000000000 VBoxDDR0.r0
[81313.640929] vboxdrv: 0000000000000000 VBoxEhciR0.r0
[81313.643437] VMMR0InitVM: eflags=246 fKernelFeatures=0x0 (SUPKERNELFEATURES_SMAP=0)
[81376.699768] BUG: unable to handle page fault for address: ffffae6843931c3c
[81376.699770] #PF: supervisor write access in kernel mode
[81376.699771] #PF: error_code(0x0002) - not-present page
[81376.699772] PGD 4aa557067 P4D 4aa557067 PUD 4aa558067 PMD 42e0b1067 PTE 0
[81376.699774] Oops: 0002 [#1] SMP PTI
[81376.699775] CPU: 5 PID: 6696 Comm: EMT-1 Kdump: loaded Tainted: G           OE     5.3.0-40-generic #32-Ubuntu
[81376.699776] Hardware name: LENOVO 10SGS1XL0N/3132, BIOS M1UKT45A 07/11/2019
[81376.699778] RIP: 0010:0xffffffffc01a1201
[81376.699779] Code: 18 44 89 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 2e 0f 1f 84 00 00 00 00 00 89 45 c4 4c 89 e8 49 2b 87 e8 33 01 00 48 c1 e8 0c <41> 0f ab 87 c8 13 01 00 b8 01 01 00 00 49 8b b7 e8 33 01 00 4c 89
[81376.699779] RSP: 0018:ffffae6843857940 EFLAGS: 00010206
[81376.699780] RAX: 00000000000f03aa RBX: ffffae6843915bf0 RCX: 0000000000000001
[81376.699781] RDX: ffffae6843915bf4 RSI: 0000000000000467 RDI: 0000000000000000
[81376.699781] RBP: ffffae6843857980 R08: 0000000000000000 R09: 00000000f03aa000
[81376.699782] R10: ffffae684453d000 R11: ffffae6844f9c000 R12: ffffae6843901000
[81376.699782] R13: 00000000f03aa000 R14: ffffae684450d000 R15: ffffae6843902800
[81376.699783] FS:  00007fbba84c7700(0000) GS:ffff8a4fac140000(0000) knlGS:0000000000000000
[81376.699784] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[81376.699785] CR2: ffffae6843931c3c CR3: 000000010802a005 CR4: 00000000003626e0
[81376.699785] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[81376.699786] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[81376.699786] Call Trace:
[81376.699791]  ? enqueue_task_fair+0x15e/0x450
[81376.699792]  ? check_preempt_curr+0x4e/0x90
[81376.699793]  ? ttwu_do_wakeup+0x1e/0x150
[81376.699794]  ? ttwu_do_activate+0x5b/0x70
[81376.699795]  ? try_to_wake_up+0x224/0x6a0
[81376.699797]  ? __x2apic_send_IPI_dest+0x32/0x36
[81376.699806]  ? SUPR0GetCurrentGdtRw+0xe/0x10 [vboxdrv]
[81376.699812]  ? VBoxHost_RTThreadCtxHookEnable+0x31/0x50 [vboxdrv]
[81376.699814]  ? __kmalloc+0x180/0x270
[81376.699819]  ? rtR0MemAllocEx+0x152/0x240 [vboxdrv]
[81376.699823]  ? supdrvIOCtlFast+0x66/0xb0 [vboxdrv]
[81376.699826]  ? VBoxDrvLinuxIOCtl_6_1_4+0x56/0x260 [vboxdrv]
[81376.699828]  ? do_vfs_ioctl+0x407/0x670
[81376.699830]  ? do_futex+0x14e/0x1e0
[81376.699831]  ? ksys_ioctl+0x67/0x90
[81376.699832]  ? __x64_sys_ioctl+0x1a/0x20
[81376.699834]  ? do_syscall_64+0x5a/0x130
[81376.699836]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[81376.699837] Modules linked in: ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs cpuid uas usb_storage rfcomm xt_CHECKSUM xt_MASQUERADE xt_tcpudp ip6t_REJECT nf_reject_ipv6 ip6t_rpfilter ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat iptable_mangle iptable_raw iptable_security nf_conntrack bridge nf_defrag_ipv6 stp nf_defrag_ipv4 llc aufs nf_tables_set ip_set nf_tables nfnetlink overlay ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter bpfilter cmac bnep vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) binfmt_misc nls_iso8859_1 sof_pci_dev intel_rapl_msr intel_rapl_common snd_sof_intel_hda_common snd_sof_intel_hda snd_sof_intel_byt snd_sof_intel_ipc snd_sof snd_sof_xtensa_dsp x86_pkg_temp_thermal intel_powerclamp snd_soc_skl snd_soc_hdac_hda coretemp iwlmvm snd_hda_ext_core mac80211 snd_soc_skl_ipc libarc4 snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_acpi_intel_match snd_hda_codec_hdmi snd_soc_acpi btusb
[81376.699854]  snd_soc_core btrtl btbcm btintel snd_hda_codec_realtek snd_hda_codec_generic snd_compress kvm_intel ledtrig_audio bluetooth input_leds joydev ac97_bus snd_pcm_dmaengine snd_hda_intel kvm snd_hda_codec ecdh_generic snd_hda_core snd_hwdep ecc snd_pcm irqbypass intel_cstate intel_rapl_perf snd_seq_midi snd_seq_midi_event mei_hdcp snd_rawmidi snd_seq snd_seq_device iwlwifi snd_timer snd soundcore intel_wmi_thunderbolt wmi_bmof mei_me mei cfg80211 ie31200_edac acpi_pad acpi_tad mac_hid sch_fq_codel parport_pc nfsd ppdev lp auth_rpcgss nfs_acl lockd parport grace sunrpc ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel i915 aesni_intel i2c_algo_bit drm_kms_helper syscopyarea aes_x86_64 sysfillrect crypto_simd sysimgblt fb_sys_fops cryptd glue_helper nvme drm e1000e ahci nvme_core i2c_i801
[81376.699874]  libahci wmi video
[81376.699877] CR2: ffffae6843931c3c

complete usable crash dump was written.

In all cases we die due to a non-present page around:

VBox-6.1/src/VBox/HostDrivers/Support/SUPDrv.cpp

4105 SUPR0DECL(int) SUPR0GetCurrentGdtRw(RTHCUINTPTR *pGdtRw)                                                                           
4106 {                                                                                                                                  
4107 #ifdef RT_OS_LINUX                                                                                                                 
4108     return supdrvOSGetCurrentGdtRw(pGdtRw);     

VBox-6.1/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c

1444 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)                                                                                 
1445     *pGdtRw = (RTHCUINTPTR)get_current_gdt_rw();                                                                                   
1446     return VINF_SUCCESS;    

 https://elixir.bootlin.com/linux/v5.3/source/arch/x86/include/asm/desc.h#L61

/* Provide the current original GDT */
static inline struct desc_struct *get_current_gdt_rw(void)
{
	return this_cpu_ptr(&gdt_page)->gdt;

===================

However, the good news is, I cannot reproduce the problem anymore with the current Trunk bits, revision: r136516 So we need to figure out what changed.

comment:6 Changed 8 weeks ago by Corax

Repro'd with 6.1.12 on Arch Linux, host kernel 5.8.3, guest Windows 10. It happened just a few minutes after I rebooted the VM, no obvious cause. Log:

BUG: kernel NULL pointer dereference, address: 0000000000000044
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 0 P4D 0 
Oops: 0002 [#1] PREEMPT SMP PTI
CPU: 2 PID: 119859 Comm: EMT-2 Tainted: P           OE     5.8.3-arch1-1 #1
Hardware name: System manufacturer System Product Name/ROG STRIX Z370-F GAMING, BIOS 0612 03/01/2018
RIP: 0010:0xffffa7d0c9b4b8a9
Code: 49 01 f7 4c 89 7d d0 4d 85 ed 0f 84 d8 01 00 00 4d 85 ff 0f 84 7c 01 00 00 41 89 c7 45 29 e7 41 29 c4 45 89 7d 28 48 8b 45 d0 <44> 89 60 2c 48 c7 46 28 00 00 00 00 e9 1a ff ff ff 66 0f 1f 44 00
RSP: 0018:ffffa7d0c96cf740 EFLAGS: 00010287
RAX: 0000000000000018 RBX: ffffa7d0cec083e0 RCX: 0000000000000002
RDX: ffffa7d0c9b7a52c RSI: ffffa7d0cec083c0 RDI: ffffa7d0cec09c70
RBP: ffffa7d0c96cf768 R08: 0000000000000001 R09: 0000000000000008
R10: 0000000000000006 R11: 0000000000000003 R12: 0000000000000000
R13: ffffa7d0c97ac3d0 R14: 000000000000000a R15: ffffa7d0cec05e70
FS:  00007f6e52413640(0000) GS:ffff964916a80000(0000) knlGS:00000011883cf000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000044 CR3: 0000000230912002 CR4: 00000000003626e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ? finish_task_switch+0x80/0x270
 ? __switch_to_asm+0x36/0x70
 ? __schedule+0x2b1/0x820
 ? timerqueue_del+0x1e/0x40
 ? __remove_hrtimer+0x35/0x70
 ? _raw_spin_unlock_irqrestore+0x20/0x40
 ? hrtimer_try_to_cancel+0x78/0x120
 ? __hrtimer_init+0xd0/0xd0
 ? preempt_count_add+0x68/0xa0
 ? preempt_count_add+0x68/0xa0
 ? VBoxHost_RTThreadPreemptRestore+0x17/0x50 [vboxdrv]
 ? supdrvIOCtl+0x1008/0x35d0 [vboxdrv]
 ? supdrvIOCtlFast+0x66/0xb0 [vboxdrv]
 ? VBoxDrvLinuxIOCtl_6_1_12+0x56/0x250 [vboxdrv]
 ? ksys_ioctl+0x82/0xc0
 ? __x64_sys_ioctl+0x16/0x20
 ? do_syscall_64+0x44/0x70
 ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
Modules linked in: dm_crypt cbc encrypted_keys trusted tpm rng_core loop dm_mod rfcomm fuse input_leds mousedev joydev nvidia_drm(POE) nvidia_modeset(POE) cmac algif_hash algif_skcipher af_alg bnep nvidia(POE) btusb btrtl btbcm btintel hid_generic bluetooth uvcvideo snd_usb_audio videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 snd_usbmidi_lib videobuf2_common snd_rawmidi ecdh_generic usbhid ecc videodev snd_seq_device hid mc intel_rapl_msr intel_rapl_common eeepc_wmi asus_wmi x86_pkg_temp_thermal intel_powerclamp battery coretemp iTCO_wdt sparse_keymap intel_pmc_bxt ee1004 mei_hdcp iTCO_vendor_support rfkill wmi_bmof mxm_wmi kvm_intel nls_iso8859_1 snd_hda_codec_realtek nls_cp437 vfat snd_hda_codec_generic fat kvm ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg drm_kms_helper irqbypass snd_hda_codec crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel snd_hda_core crypto_simd cec cryptd snd_hwdep glue_helper rapl snd_pcm rc_core uas intel_cstate
 syscopyarea snd_timer i2c_i801 usb_storage e1000e intel_uncore mei_me sysfillrect i2c_smbus sysimgblt snd pcspkr mei soundcore ie31200_edac fb_sys_fops wmi evdev mac_hid vboxnetflt(OE) vboxnetadp(OE) vboxdrv(OE) drm sg crypto_user agpgart ip_tables x_tables ext4 crc32c_generic crc16 mbcache jbd2 crc32c_intel xhci_pci xhci_pci_renesas sr_mod cdrom xhci_hcd
CR2: 0000000000000044
---[ end trace 41c9f8f79f46666b ]---
RIP: 0010:0xffffa7d0c9b4b8a9
Code: 49 01 f7 4c 89 7d d0 4d 85 ed 0f 84 d8 01 00 00 4d 85 ff 0f 84 7c 01 00 00 41 89 c7 45 29 e7 41 29 c4 45 89 7d 28 48 8b 45 d0 <44> 89 60 2c 48 c7 46 28 00 00 00 00 e9 1a ff ff ff 66 0f 1f 44 00
RSP: 0018:ffffa7d0c96cf740 EFLAGS: 00010287
RAX: 0000000000000018 RBX: ffffa7d0cec083e0 RCX: 0000000000000002
RDX: ffffa7d0c9b7a52c RSI: ffffa7d0cec083c0 RDI: ffffa7d0cec09c70
RBP: ffffa7d0c96cf768 R08: 0000000000000001 R09: 0000000000000008
R10: 0000000000000006 R11: 0000000000000003 R12: 0000000000000000
R13: ffffa7d0c97ac3d0 R14: 000000000000000a R15: ffffa7d0cec05e70
FS:  00007f6e52413640(0000) GS:ffff964916a80000(0000) knlGS:00000011883cf000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000044 CR3: 0000000230912002 CR4: 00000000003626e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use