bisecting cause commit starting from ac08b1c68d1b1ed3cebb218fc3ea2c07484eb07d
building syzkaller on e2776ee417c18d6e0056b058f3b6055f65206ee9
testing commit ac08b1c68d1b1ed3cebb218fc3ea2c07484eb07d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 8da007ca40b26348ab697fb34565a75a49801aa03d8860d551f4919e173aee51
run #0: crashed: WARNING in static_key_slow_try_dec
run #1: crashed: WARNING in static_key_slow_try_dec
run #2: crashed: WARNING in static_key_slow_try_dec
run #3: crashed: WARNING in static_key_slow_try_dec
run #4: crashed: WARNING in static_key_slow_try_dec
run #5: crashed: WARNING in static_key_slow_try_dec
run #6: crashed: WARNING in static_key_slow_try_dec
run #7: crashed: WARNING in static_key_slow_try_dec
run #8: crashed: WARNING in static_key_slow_try_dec
run #9: crashed: WARNING in static_key_slow_try_dec
run #10: crashed: WARNING in static_key_slow_try_dec
run #11: crashed: WARNING in static_key_slow_try_dec
run #12: crashed: WARNING in static_key_slow_try_dec
run #13: crashed: WARNING in static_key_slow_try_dec
run #14: crashed: WARNING in static_key_slow_try_dec
run #15: crashed: WARNING in static_key_slow_try_dec
run #16: crashed: WARNING in static_key_slow_try_dec
run #17: crashed: WARNING in static_key_slow_try_dec
run #18: crashed: WARNING in static_key_slow_try_dec
run #19: boot failed: KFENCE: use-after-free in kvm_fastop_exception
testing release v5.14
testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 780e01b7faf9c44608128a56f47a36fee5b24072cfc0753fb40d3e64dac3817c
all runs: OK
# git bisect start ac08b1c68d1b1ed3cebb218fc3ea2c07484eb07d 7d2a07b769330c34b4deabeed939325c77a7ec2f
Bisecting: 5091 revisions left to test after this (roughly 12 steps)
[0d290223a6c77107b1c3988959e49279a8dafaba] Merge tag 'sound-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

testing commit 0d290223a6c77107b1c3988959e49279a8dafaba
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 25a7ebe1d4ab6c94b0685330e36f7129a11fd8d119b16321c74b9fdc8a475fe7
run #0: crashed: general protection fault in rcu_segcblist_enqueue
run #1: crashed: general protection fault in rcu_segcblist_enqueue
run #2: crashed: KASAN: use-after-free Read in __d_alloc
run #3: crashed: KASAN: use-after-free Read in __d_alloc
run #4: crashed: KASAN: use-after-free Read in __d_alloc
run #5: crashed: KASAN: use-after-free Read in __d_alloc
run #6: crashed: KASAN: use-after-free Read in __d_alloc
run #7: crashed: KASAN: use-after-free Read in __d_alloc
run #8: crashed: KASAN: use-after-free Read in __d_alloc
run #9: crashed: KASAN: use-after-free Read in __d_alloc
# git bisect bad 0d290223a6c77107b1c3988959e49279a8dafaba
Bisecting: 3322 revisions left to test after this (roughly 11 steps)
[29ce8f9701072fc221d9c38ad952de1a9578f95c] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 29ce8f9701072fc221d9c38ad952de1a9578f95c
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: b9d1c0341830ed7a03c10468f25361076d560de0d4f161dea145950f54faa07d
all runs: OK
# git bisect good 29ce8f9701072fc221d9c38ad952de1a9578f95c
Bisecting: 1676 revisions left to test after this (roughly 11 steps)
[8e235ff9a1e3dc3d800224ab97bcd2418d3b19c3] Merge tag 'devprop-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

testing commit 8e235ff9a1e3dc3d800224ab97bcd2418d3b19c3
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: b235e0603a02dbfedfcd92947b631c32aec92d90ce583f0327234870cf00d4ec
run #0: crashed: general protection fault in rcu_segcblist_enqueue
run #1: crashed: general protection fault in rcu_segcblist_enqueue
run #2: crashed: KASAN: use-after-free Read in __d_alloc
run #3: crashed: KASAN: use-after-free Read in __d_alloc
run #4: crashed: KASAN: use-after-free Read in __d_alloc
run #5: crashed: KASAN: use-after-free Read in __d_alloc
run #6: crashed: KASAN: use-after-free Read in __d_alloc
run #7: crashed: KASAN: use-after-free Read in __d_alloc
run #8: OK
run #9: OK
# git bisect bad 8e235ff9a1e3dc3d800224ab97bcd2418d3b19c3
Bisecting: 843 revisions left to test after this (roughly 10 steps)
[8596e589b787732c8346f0482919e83cc9362db1] Merge tag 'timers-core-2021-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit 8596e589b787732c8346f0482919e83cc9362db1
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: b264876ac9adaace76cce29104194d7c90f0756ea2bc42c077e73202d4cc02d6
all runs: OK
# git bisect good 8596e589b787732c8346f0482919e83cc9362db1
Bisecting: 303 revisions left to test after this (roughly 9 steps)
[e24c567b7ecff1c8b6023a10d7f78256cef742c4] Merge tag '5.15-rc-first-ksmbd-merge' of git://git.samba.org/ksmbd

testing commit e24c567b7ecff1c8b6023a10d7f78256cef742c4
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: f20c09e80118165874ad48cc3eafee3bae57af87374d48309e5eaabe5c196f78
run #0: crashed: general protection fault in rcu_segcblist_enqueue
run #1: crashed: KASAN: use-after-free Read in __d_alloc
run #2: crashed: KASAN: use-after-free Read in __d_alloc
run #3: crashed: KASAN: use-after-free Read in __d_alloc
run #4: crashed: KASAN: use-after-free Read in __d_alloc
run #5: crashed: KASAN: use-after-free Read in __d_alloc
run #6: crashed: KASAN: use-after-free Read in __d_alloc
run #7: crashed: KASAN: use-after-free Read in __d_alloc
run #8: crashed: KASAN: use-after-free Read in __d_alloc
run #9: crashed: KASAN: use-after-free Read in __d_alloc
# git bisect bad e24c567b7ecff1c8b6023a10d7f78256cef742c4
Bisecting: 262 revisions left to test after this (roughly 8 steps)
[c547d89a9a445f6bb757b93247de43d312e722da] Merge tag 'for-5.15/io_uring-2021-08-30' of git://git.kernel.dk/linux-block

testing commit c547d89a9a445f6bb757b93247de43d312e722da
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 049f6509fefad8a7d47ca476e6cb9a071bd3180d67ef115b694a5f66900a64f2
run #0: crashed: general protection fault in rcu_segcblist_enqueue
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
# git bisect bad c547d89a9a445f6bb757b93247de43d312e722da
Bisecting: 146 revisions left to test after this (roughly 7 steps)
[679369114e55f422dc593d0628cfde1d04ae59b3] Merge tag 'for-5.15/block-2021-08-30' of git://git.kernel.dk/linux-block

testing commit 679369114e55f422dc593d0628cfde1d04ae59b3
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: d0f524182460aec1c1fcd4e2396c89c83a28415f3fa937b61e5cce895d9b695f
run #0: crashed: general protection fault in rcu_segcblist_enqueue
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 679369114e55f422dc593d0628cfde1d04ae59b3
Bisecting: 64 revisions left to test after this (roughly 6 steps)
[7f6be3765e113e0d4b8e6b65e1074982de94377e] block: pass a gendisk to bdev_add_partition

testing commit 7f6be3765e113e0d4b8e6b65e1074982de94377e
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 26bad2351ecfd84bb01fa50c7a68af21f6c58585b7ea9f9c88b4cfef3c34013a
run #0: crashed: general protection fault in rcu_segcblist_enqueue
run #1: crashed: general protection fault in rcu_segcblist_enqueue
run #2: crashed: general protection fault in rcu_segcblist_enqueue
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 7f6be3765e113e0d4b8e6b65e1074982de94377e
Bisecting: 32 revisions left to test after this (roughly 5 steps)
[87eb710747126ca6606f064deef93d045486ebbe] block: export the diskseq in uevents

testing commit 87eb710747126ca6606f064deef93d045486ebbe
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: ef59c3b3c211c0c171febb7d4801b540bb30784d650978c053b9ae5d2eeb14ad
run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #1: crashed: BUG: spinlock bad magic in synchronize_srcu
run #2: crashed: BUG: spinlock bad magic in synchronize_srcu
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 87eb710747126ca6606f064deef93d045486ebbe
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[503469b5b30f76169c6302d1469e69a2fb67faf9] block: use bvec_kmap_local in bio_integrity_process

testing commit 503469b5b30f76169c6302d1469e69a2fb67faf9
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: d4b5d00332dd5a1620dbd24bc92ea9e4d2e9be2b8fc8ee6631dcf973c0b46476
run #0: crashed: BUG: spinlock bad magic in synchronize_srcu
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 503469b5b30f76169c6302d1469e69a2fb67faf9
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[18a6234ccf0661401f07b6316a25d4adbba1d4bd] dm-writecache: use bvec_kmap_local instead of bvec_kmap_irq

testing commit 18a6234ccf0661401f07b6316a25d4adbba1d4bd
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 5af85e658394b60d3fe4ffa526843c0f3a90463e1fba0a1f6776fdb486ff54da
run #0: crashed: BUG: spinlock bad magic in synchronize_srcu
run #1: crashed: BUG: spinlock bad magic in synchronize_srcu
run #2: crashed: BUG: spinlock bad magic in synchronize_srcu
run #3: crashed: BUG: spinlock bad magic in synchronize_srcu
run #4: crashed: BUG: spinlock bad magic in synchronize_srcu
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 18a6234ccf0661401f07b6316a25d4adbba1d4bd
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[e6e7471706dc42cbe0e01278540c0730138d43e5] bvec: add a bvec_kmap_local helper

testing commit e6e7471706dc42cbe0e01278540c0730138d43e5
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 64aa4d3b3c9fd7ca5c1565d489c916b1d05d50c40b29c35417b38a0680ebf295
run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad e6e7471706dc42cbe0e01278540c0730138d43e5
Bisecting: 1 revision left to test after this (roughly 1 step)
[4c7251e1b576d884046e62d23505e75486f88c1f] MIPS: don't include <linux/genhd.h> in <asm/mach-rc32434/rb.h>

testing commit 4c7251e1b576d884046e62d23505e75486f88c1f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: d0f0c707afa96d05f0adbbfe075da88d40f1b5bc2e06f8a599bdc15d85782598
run #0: crashed: BUG: spinlock bad magic in synchronize_srcu
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 4c7251e1b576d884046e62d23505e75486f88c1f
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[06447ae5e33bfbc5a777cc06d9854a31f3912833] ioprio: move user space relevant ioprio bits to UAPI includes

testing commit 06447ae5e33bfbc5a777cc06d9854a31f3912833
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: d0f0c707afa96d05f0adbbfe075da88d40f1b5bc2e06f8a599bdc15d85782598
run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #1: crashed: BUG: spinlock bad magic in synchronize_srcu
run #2: crashed: BUG: spinlock bad magic in synchronize_srcu
run #3: crashed: BUG: spinlock bad magic in synchronize_srcu
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 06447ae5e33bfbc5a777cc06d9854a31f3912833
06447ae5e33bfbc5a777cc06d9854a31f3912833 is the first bad commit
commit 06447ae5e33bfbc5a777cc06d9854a31f3912833
Author: Oliver Hartkopp <socketcan@hartkopp.net>
Date:   Wed Jul 14 21:56:55 2021 +0200

    ioprio: move user space relevant ioprio bits to UAPI includes
    
    systemd added a modified copy of include/linux/ioprio.h into its
    code to get the relevant content definitions for the exposed
    ioprio_[get|set] system calls.
    
    Move the user space relevant ioprio bits to the UAPI includes to be
    able to use the ioprio_[get|set] syscalls as intended.
    
    Cc: Kay Sievers <kay@vrfy.org>
    Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Cc: Jens Axboe <axboe@kernel.dk>
    Cc: linux-block@vger.kernel.org
    Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
    Link: https://lore.kernel.org/r/20210714195655.181943-1-socketcan@hartkopp.net
    Signed-off-by: Jens Axboe <axboe@kernel.dk>

 include/linux/ioprio.h      | 41 +---------------------------------------
 include/uapi/linux/ioprio.h | 46 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 40 deletions(-)
 create mode 100644 include/uapi/linux/ioprio.h

parent commit c500bee1c5b2f1d59b1081ac879d73268ab0ff17 wasn't tested
testing commit c500bee1c5b2f1d59b1081ac879d73268ab0ff17
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: d0f0c707afa96d05f0adbbfe075da88d40f1b5bc2e06f8a599bdc15d85782598
culprit signature: d0f0c707afa96d05f0adbbfe075da88d40f1b5bc2e06f8a599bdc15d85782598
parent  signature: d0f0c707afa96d05f0adbbfe075da88d40f1b5bc2e06f8a599bdc15d85782598
Reproducer flagged being flaky
revisions tested: 16, total time: 5h0m10.73107799s (build: 1h53m47.781927228s, test: 3h4m28.060256389s)
first bad commit: 06447ae5e33bfbc5a777cc06d9854a31f3912833 ioprio: move user space relevant ioprio bits to UAPI includes
recipients (to): ["axboe@kernel.dk" "linux-kernel@vger.kernel.org" "socketcan@hartkopp.net"]
recipients (cc): ["jens.axboe@oracle.com"]
crash: BUG: spinlock bad magic in synchronize_srcu
BUG: spinlock bad magic on CPU#1, syz-executor.0/32660
 lock: 0xffff8880b9f00040, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0
CPU: 1 PID: 32660 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105
 debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]
 do_raw_spin_lock+0x216/0x2b0 kernel/locking/spinlock_debug.c:112
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]
 _raw_spin_lock_irqsave+0x41/0x50 kernel/locking/spinlock.c:159
 srcu_might_be_idle kernel/rcu/srcutree.c:767 [inline]
 synchronize_srcu+0x4f/0x1c0 kernel/rcu/srcutree.c:1008
 kvm_mmu_uninit_vm+0x10/0x20 arch/x86/kvm/mmu/mmu.c:5557
 kvm_arch_destroy_vm+0x431/0x5e0 arch/x86/kvm/x86.c:11268
 kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:1046 [inline]
 kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:4472 [inline]
 kvm_dev_ioctl+0xf0b/0x14f0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4527
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:1069 [inline]
 __se_sys_ioctl fs/ioctl.c:1055 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:1055
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f875184a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffd6c6803bf R14: 00007f875184a300 R15: 0000000000022000
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 1 PID: 32660 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:rcu_segcblist_enqueue+0xb9/0x130 kernel/rcu/rcu_segcblist.c:348
Code: 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4e 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 20 48 89 ea 48 c1 ea 03 <80> 3c 02 00 75 21 48 89 75 00 48 89 73 20 48 83 c4 08 5b 5d c3 48
RSP: 0018:ffffc9000a5cfbf0 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff8880b9f00080 RCX: ffffffff81531e20
RDX: 0000000000000000 RSI: ffffc9000a5cfcd8 RDI: ffff8880b9f000a0
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000003
R10: fffff520014b9f70 R11: 6637303030302052 R12: ffffc9000a5cfcd8
R13: ffff8880b9f00080 R14: 0000000000000000 R15: ffff8880b9f00040
FS:  00007f875184a700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3cb48e1718 CR3: 000000004dbb7000 CR4: 00000000001526e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 srcu_gp_start_if_needed+0x116/0xbc0 kernel/rcu/srcutree.c:823
 __call_srcu kernel/rcu/srcutree.c:883 [inline]
 __synchronize_srcu+0x21f/0x290 kernel/rcu/srcutree.c:929
 kvm_mmu_uninit_vm+0x10/0x20 arch/x86/kvm/mmu/mmu.c:5557
 kvm_arch_destroy_vm+0x431/0x5e0 arch/x86/kvm/x86.c:11268
 kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:1046 [inline]
 kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:4472 [inline]
 kvm_dev_ioctl+0xf0b/0x14f0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4527
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:1069 [inline]
 __se_sys_ioctl fs/ioctl.c:1055 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:1055
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f875184a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffd6c6803bf R14: 00007f875184a300 R15: 0000000000022000
Modules linked in:
---[ end trace 510efb9bec623e98 ]---
RIP: 0010:rcu_segcblist_enqueue+0xb9/0x130 kernel/rcu/rcu_segcblist.c:348
Code: 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4e 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 20 48 89 ea 48 c1 ea 03 <80> 3c 02 00 75 21 48 89 75 00 48 89 73 20 48 83 c4 08 5b 5d c3 48
RSP: 0018:ffffc9000a5cfbf0 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff8880b9f00080 RCX: ffffffff81531e20
RDX: 0000000000000000 RSI: ffffc9000a5cfcd8 RDI: ffff8880b9f000a0
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000003
R10: fffff520014b9f70 R11: 6637303030302052 R12: ffffc9000a5cfcd8
R13: ffff8880b9f00080 R14: 0000000000000000 R15: ffff8880b9f00040
FS:  00007f875184a700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3cb48e1718 CR3: 000000004dbb7000 CR4: 00000000001526e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 7 bytes skipped:
   0:	df 48 89             	fisttps -0x77(%rax)
   3:	fa                   	cli
   4:	48 c1 ea 03          	shr    $0x3,%rdx
   8:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   c:	75 4e                	jne    0x5c
   e:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  15:	fc ff df
  18:	48 8b 6b 20          	mov    0x20(%rbx),%rbp
  1c:	48 89 ea             	mov    %rbp,%rdx
  1f:	48 c1 ea 03          	shr    $0x3,%rdx
* 23:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  27:	75 21                	jne    0x4a
  29:	48 89 75 00          	mov    %rsi,0x0(%rbp)
  2d:	48 89 73 20          	mov    %rsi,0x20(%rbx)
  31:	48 83 c4 08          	add    $0x8,%rsp
  35:	5b                   	pop    %rbx
  36:	5d                   	pop    %rbp
  37:	c3                   	retq
  38:	48                   	rex.W