Bug 211469

Summary: Kernel panic when virtualbox VM is started, only when CONFIG_DEBUG_SPINLOCK=y
Product: Other Reporter: Adjudicator Darren (adjudicatordarren)
Component: OtherAssignee: other_other
Status: NEW ---    
Severity: normal CC: grzegorz.alibozek
Priority: P1    
Hardware: x86-64   
OS: Linux   
Kernel Version: Subsystem:
Regression: No Bisected commit-id:

Description Adjudicator Darren 2021-01-30 00:52:26 UTC 
It panics when kernel was built with CONFIG_DEBUG_SPINLOCK=y and then starting any virtualbox VM, at the time of its start.
But it doesn't panic when it was built with CONFIG_DEBUG_SPINLOCK=n

It seems to panic due to code added in https://www.virtualbox.org/ticket/20055  which which can be seen in the sister bug(to this kernel bug) in https://www.virtualbox.org/ticket/20163 (you find it if you search for IPRT_USE_APPLY_TO_PAGE_RANGE_FOR_EXEC).

I've made this kernel bug report just in case it's the kernel code that's causing that. I can't tell whether it's so or not. Experts please chime in.

Here's how it looks on dmesg:

[   71.485469] snd_hda_intel 0000:00:1f.3: power state changed by ACPI to D3hot
[   72.024850] SUPR0GipMap: fGetGipCpu=0x1b
[   73.474107] BUGGY: kernel NULL pointer dereference, address: 0000000000000004
[   73.474120] #PF: supervisor read access in kernel mode
[   73.474126] #PF: error_code(0x0000) - not-present page
[   73.474131] PGD 0 P4D 0 
[   73.474143] Oops: 0000 [#1] SMP NOPTI
[   73.474151] CPU: 2 PID: 14833 Comm: EMT-0 Kdump: loaded Tainted: G     U  W  O      5.10.11-gentoo-x86_64 #1
[   73.474157] Hardware name: System manufacturer System Product Name/PRIME Z370-A, BIOS 2401 07/12/2019
[   73.474174] RIP: 0010:do_raw_spin_lock+0x4/0x90
[   73.474181] Code: 48 8d 88 b8 06 00 00 48 c7 c7 58 48 d3 9a e8 79 3a 04 01 e9 5b 3b 06 01 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 53 48 89 fb <8b> 47 04 3d ad 4e ad de 75 46 48 8b 53 10 65 48 8b 04 25 00 6f 01
[   73.474187] RSP: 0018:ffffb3294a0ebd30 EFLAGS: 00010296
[   73.474194] RAX: ffffffff992838a1 RBX: 0000000000000000 RCX: 0000000000000000
[   73.474199] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   73.474204] RBP: ffffb3294a0ebdf8 R08: 0000000000000001 R09: 0000000000000000
[   73.474209] R10: ffffffffc026f760 R11: 000000000007b438 R12: ffffffffc0240080
[   73.474213] R13: ffffb3294bea1000 R14: 0000000000000001 R15: ffffb3294a0ebde0
[   73.474220] FS:  0000754d3c1f4640(0000) GS:ffff996609600000(0000) knlGS:0000000000000000
[   73.474225] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   73.474230] CR2: 0000000000000004 CR3: 00000002d7102004 CR4: 00000000001706e0
[   73.474234] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   73.474239] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   73.474243] Call Trace:
[   73.474255]  ? __apply_to_page_range+0x2e1/0x6a0
[   73.474286]  ? rtR0TermNative+0xd0/0x220 [vboxdrv]
[   73.474313]  ? rtR0MemObjNativeProtect+0x74/0xa0 [vboxdrv]
[   73.474338]  ? VBoxHost_RTR0MemObjProtect+0x81/0xc0 [vboxdrv]
[   73.474360]  ? supdrvIOCtl+0x3265/0x3800 [vboxdrv]
[   73.474379]  ? SUPR0Printf+0x22f/0x330 [vboxdrv]
[   73.474388]  ? __x64_sys_ioctl+0x7e/0xb0
[   73.474395]  ? do_syscall_64+0x33/0x40
[   73.474402]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   73.474407] Modules linked in: vboxnetadp(O) vboxnetflt(O) vboxdrv(O) pcspkr
[   73.474425] CR2: 0000000000000004

OR from 'crash':

PID: 14833  TASK: ffff9959886acf80  CPU: 2   COMMAND: "EMT-0"
 #0 [ffffb3294a0eba68] machine_kexec+0x191 at ffffffff9904d3b1
    /usr/src/linux-5.10.11-gentoo/arch/x86/include/asm/mem_encrypt.h: 77
    ffffb3294a0eba70: 0000000000000018 0000ffff99574000 
    ffffb3294a0eba80: ffff995740000000 0000000f0a001000 
    ffffb3294a0eba90: ffff99664a001000 0000000f0a000000 
    ffffb3294a0ebaa0: 0000000000000000 cc4567c5b1908400 
    ffffb3294a0ebab0: ffffb3294a0ebc88 ffffb3294a0ebc88 
    ffffb3294a0ebac0: 0000000000000009 __crash_kexec+225 
 #1 [ffffb3294a0ebac8] __crash_kexec+0xe1 at ffffffff99188a21
    /usr/src/linux-5.10.11-gentoo/kernel/kexec_core.c: 963
    ffffb3294a0ebad0: ffffb3294a0ebde0 0000000000000001 
    ffffb3294a0ebae0: ffffb3294bea1000 rtR0TermNative+208 
    ffffb3294a0ebaf0: ffffb3294a0ebdf8 0000000000000000 
    ffffb3294a0ebb00: 000000000007b438 __this_module+992 
    ffffb3294a0ebb10: 0000000000000000 0000000000000001 
    ffffb3294a0ebb20: __apply_to_page_range+737 0000000000000000 
    ffffb3294a0ebb30: 0000000000000000 0000000000000000 
    ffffb3294a0ebb40: 0000000000000000 ffffffffffffffff 
    ffffb3294a0ebb50: do_raw_spin_lock+4 0000000000000010 
    ffffb3294a0ebb60: 0000000000010296 ffffb3294a0ebd30 
    ffffb3294a0ebb70: 0000000000000018 cc4567c5b1908400 
    ffffb3294a0ebb80: 0000000000000046 crash_kexec+52   
 #2 [ffffb3294a0ebb88] crash_kexec+0x34 at ffffffff99189954
    /usr/src/linux-5.10.11-gentoo/arch/x86/include/asm/atomic.h: 41
    ffffb3294a0ebb90: ffffb3294a0ebc88 oops_end+132     
 #3 [ffffb3294a0ebb98] oops_end+0x84 at ffffffff99022034
    /usr/src/linux-5.10.11-gentoo/arch/x86/kernel/dumpstack.c: 359
    ffffb3294a0ebba0: [task_struct]    ffffb3294a0ebc88 
    ffffb3294a0ebbb0: 0000000000000004 no_context+572   
    ffffb3294a0ebbc0: 0000000000000000 contig_page_data+3600 
    ffffb3294a0ebbd0: 0000000000000004 0000000000000000 
    ffffb3294a0ebbe0: 0000000000000000 0000000000000000 
    ffffb3294a0ebbf0: cc4567c5b1908400 0000000000000000 
    ffffb3294a0ebc00: ffffb3294a0ebc88 0000000000000000 
    ffffb3294a0ebc10: 0000000000000004 0000000000000000 
    ffffb3294a0ebc20: [mm_struct]      exc_page_fault+732 
 #4 [ffffb3294a0ebc28] exc_page_fault+0x2dc at ffffffff9a22a69c
    /usr/src/linux-5.10.11-gentoo/arch/x86/mm/fault.c: 1320
    ffffb3294a0ebc30: 0000000000000000 0000000000000000 
    ffffb3294a0ebc40: 0000000000000000 00042cc000000000 
    ffffb3294a0ebc50: 0000000000000000 0000000000000000 
    ffffb3294a0ebc60: 0000000000000000 0000000000000000 
    ffffb3294a0ebc70: 0000000000000000 0000000000000000 
    ffffb3294a0ebc80: asm_exc_page_fault+27 
 #5 [ffffb3294a0ebc80] asm_exc_page_fault+0x1b at ffffffff9a400acb
    /usr/src/linux-5.10.11-gentoo/arch/x86/include/asm/idtentry.h: 583
    ffffb3294a0ebc88: ffffb3294a0ebde0 0000000000000001 
    ffffb3294a0ebc98: ffffb3294bea1000 rtR0TermNative+208 
 #6 [ffffb3294a0ebca0] rtR0TermNative+0xd0 at ffffffffc0240080 [vboxdrv]
    ffffb3294a0ebca8: ffffb3294a0ebdf8 0000000000000000 
    ffffb3294a0ebcb8: 000000000007b438 __this_module+992 
    ffffb3294a0ebcc8: 0000000000000000 0000000000000001 
    ffffb3294a0ebcd8: __apply_to_page_range+737 
 #7 [ffffb3294a0ebcd8] __apply_to_page_range+0x2e1 at ffffffff992838a1
    /usr/src/linux-5.10.11-gentoo/include/linux/spinlock.h: 354
    ffffb3294a0ebce0: 0000000000000000 0000000000000000 
    ffffb3294a0ebcf0: 0000000000000000 0000000000000000 
    ffffb3294a0ebd00: ffffffffffffffff do_raw_spin_lock+4 
    ffffb3294a0ebd10: 0000000000000010 0000000000010296 
    ffffb3294a0ebd20: ffffb3294a0ebd30 0000000000000018 
    ffffb3294a0ebd30: ffffb3294beed000 __apply_to_page_range+737 
    ffffb3294a0ebd40: ffff9958401012f8 ffffb3294beed000 
    ffffb3294a0ebd50: [mm_struct]      ffff995858f00508 
    ffffb3294a0ebd60: 0000000000000000 ffffb3294beecfff 
    ffffb3294a0ebd70: ffffb3294beed000 ffff995840000528 
    ffffb3294a0ebd80: ffffb3294beed000 ffff995a17102b30 
    ffffb3294a0ebd90: ffffb3294beecfff rtR0TermNative+208 
 #8 [ffffb3294a0ebd98] rtR0TermNative+0xd0 at ffffffffc0240080 [vboxdrv]
    ffffb3294a0ebda0: ffffb3294beecfff [kmalloc-8k]     
    ffffb3294a0ebdb0: ffffb3294a0ebdf8 0000000000000000 
    ffffb3294a0ebdc0: 0000000000000000 ffffb3294c609010 
    ffffb3294a0ebdd0: [kmalloc-192]    rtR0MemObjNativeProtect+116 
 #9 [ffffb3294a0ebdd8] rtR0MemObjNativeProtect+0x74 at ffffffffc0241774 [vboxdrv]
    ffffb3294a0ebde0: [kmalloc-8k]     8000000000000161 
    ffffb3294a0ebdf0: cc4567c5b1908400 ffffb3294a0ebe10 
    ffffb3294a0ebe00: VBoxHost_RTR0MemObjProtect+129 
#10 [ffffb3294a0ebe00] VBoxHost_RTR0MemObjProtect+0x81 at ffffffffc023ecd1 [vboxdrv]
    ffffb3294a0ebe08: __this_module+992 ffffb3294a0ebea8 
    ffffb3294a0ebe18: supdrvIOCtl+12901 
#11 [ffffb3294a0ebe18] supdrvIOCtl+0x3265 at ffffffffc02339a5 [vboxdrv]
    ffffb3294a0ebe20: 0000000000000004 [kmalloc-2k]     
    ffffb3294a0ebe30: __this_module+992 00000004001fc060 
    ffffb3294a0ebe40: 00000000000004ff 0000000000205900 
    ffffb3294a0ebe50: __this_module+992 0000000000000000 
    ffffb3294a0ebe60: 0000000000000000 0000000000000000 
    ffffb3294a0ebe70: ffffb3294a0ebea8 cc4567c5b1908400 
    ffffb3294a0ebe80: 0000000000205978 0000000000005684 
    ffffb3294a0ebe90: 0000754d24911010 [kmalloc-2k]     
    ffffb3294a0ebea0: ffffb3294c609010 ffffb3294a0ebf08 
    ffffb3294a0ebeb0: SUPR0Printf+559  
#12 [ffffb3294a0ebeb0] SUPR0Printf+0x22f at ffffffffc022b67f [vboxdrv]
    RIP: 0000754d82eb9e37  RSP: 0000754d3c1f2b58  RFLAGS: 00000246
    RAX: ffffffffffffffda  RBX: 0000754d24911010  RCX: 0000754d82eb9e37
    RDX: 0000754d24911010  RSI: 0000000000005684  RDI: 000000000000000b
    RBP: 0000754d3c1f2b70   R8: 0000000000000000   R9: 00000000fffffffc
    R10: 0000000000000000  R11: 0000000000000246  R12: 0000754d6ef3afcf
    R13: 0000000000000000  R14: 0000754d3c1f2e20  R15: 0000000000000004
    ORIG_RAX: 0000000000000010  CS: 0033  SS: 002b

more details in https://www.virtualbox.org/ticket/20163

This is on Gentoo app-emulation/virtualbox-6.1.18::gentoo
with kernel 5.10.11