bisecting cause commit starting from 234b69e3e089d850a98e7b3145bd00e9b52b1111 building syzkaller on 370797126e9ba28a49317bf099076a5ca06e4501 testing commit 234b69e3e089d850a98e7b3145bd00e9b52b1111 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: general protection fault in kvm_lapic_hv_timer_in_use run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: general protection fault in finish_task_switch testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: OK # git bisect start 234b69e3e089d850a98e7b3145bd00e9b52b1111 94710cac0ef4ee177a63b5227664b38c95bbf703 Bisecting: 7162 revisions left to test after this (roughly 13 steps) [54dbe75bbf1e189982516de179147208e90b5e45] Merge tag 'drm-next-2018-08-15' of git://anongit.freedesktop.org/drm/drm testing commit 54dbe75bbf1e189982516de179147208e90b5e45 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 54dbe75bbf1e189982516de179147208e90b5e45 Bisecting: 3587 revisions left to test after this (roughly 12 steps) [1d0926e99de7b486321e3db924b445531eea5e18] Merge tag 'char-misc-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 1d0926e99de7b486321e3db924b445531eea5e18 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 1d0926e99de7b486321e3db924b445531eea5e18 Bisecting: 1677 revisions left to test after this (roughly 11 steps) [2f34a64aeac4d87e8ed8275d9f1230e18a50079c] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc testing commit 2f34a64aeac4d87e8ed8275d9f1230e18a50079c with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: no output from test machine # git bisect bad 2f34a64aeac4d87e8ed8275d9f1230e18a50079c Bisecting: 953 revisions left to test after this (roughly 10 steps) [fe6f0ed0dac7df01014ef17fdad45e3eaf21b949] Merge tag 'f2fs-for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs testing commit fe6f0ed0dac7df01014ef17fdad45e3eaf21b949 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in kvm_lapic_hv_timer_in_use run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: general protection fault in finish_task_switch run #3: crashed: general protection fault in kvm_lapic_hv_timer_in_use run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect bad fe6f0ed0dac7df01014ef17fdad45e3eaf21b949 Bisecting: 477 revisions left to test after this (roughly 9 steps) [e58dd0de5eadf145895b13451a1fef8ef03946eb] bdi: use refcount_t for reference counting instead atomic_t testing commit e58dd0de5eadf145895b13451a1fef8ef03946eb with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: general protection fault in kvm_lapic_hv_timer_in_use run #4: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: general protection fault in finish_task_switch run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: general protection fault in finish_task_switch # git bisect bad e58dd0de5eadf145895b13451a1fef8ef03946eb Bisecting: 249 revisions left to test after this (roughly 8 steps) [61c4fc1eaf736344904767d201b0d4f7a2ebaf79] Merge tag 'backlight-next-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight testing commit 61c4fc1eaf736344904767d201b0d4f7a2ebaf79 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect bad 61c4fc1eaf736344904767d201b0d4f7a2ebaf79 Bisecting: 121 revisions left to test after this (roughly 7 steps) [e61cf2e3a5b452cfefcb145021f5a8ea88735cc1] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit e61cf2e3a5b452cfefcb145021f5a8ea88735cc1 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect bad e61cf2e3a5b452cfefcb145021f5a8ea88735cc1 Bisecting: 52 revisions left to test after this (roughly 6 steps) [afe828d1de4047d26eb0cd0c0154f5ac3722bf63] kvm: x86: Add ability to skip TLB flush when switching CR3 testing commit afe828d1de4047d26eb0cd0c0154f5ac3722bf63 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: general protection fault in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in vmx_vcpu_load run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in __schedule run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect bad afe828d1de4047d26eb0cd0c0154f5ac3722bf63 Bisecting: 26 revisions left to test after this (roughly 5 steps) [7f7f1ba33cf2c21d001821313088c231db42ff40] KVM: x86: do not load vmcs12 pages while still in SMM testing commit 7f7f1ba33cf2c21d001821313088c231db42ff40 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7f7f1ba33cf2c21d001821313088c231db42ff40 Bisecting: 13 revisions left to test after this (roughly 4 steps) [6d894f498f5d121b57a231315b0b459e185abed1] KVM: nVMX: vmread/vmwrite: Use shadow vmcs12 if running L2 testing commit 6d894f498f5d121b57a231315b0b459e185abed1 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: general protection fault in finish_task_switch # git bisect bad 6d894f498f5d121b57a231315b0b459e185abed1 Bisecting: 6 revisions left to test after this (roughly 3 steps) [a6192d40d52f6b86997a71449e2ebc3d7f5ca103] KVM: nVMX: Fail VMLAUNCH and VMRESUME on shadow VMCS testing commit a6192d40d52f6b86997a71449e2ebc3d7f5ca103 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: general protection fault in __schedule run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: general protection fault in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: general protection fault in __schedule run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect bad a6192d40d52f6b86997a71449e2ebc3d7f5ca103 Bisecting: 2 revisions left to test after this (roughly 2 steps) [392b2f25aa415c0222b348f95875409be49a1201] KVM: VMX: Create struct for VMCS header testing commit 392b2f25aa415c0222b348f95875409be49a1201 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: general protection fault in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: KASAN: use-after-free Read in __schedule run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect bad 392b2f25aa415c0222b348f95875409be49a1201 Bisecting: 0 revisions left to test after this (roughly 1 step) [cb5476379f0718046f3c6b3195d18838c5b25ea2] kvm: selftests: add test for nested state save/restore testing commit cb5476379f0718046f3c6b3195d18838c5b25ea2 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: KASAN: use-after-free Read in vmx_vcpu_load run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect bad cb5476379f0718046f3c6b3195d18838c5b25ea2 Bisecting: 0 revisions left to test after this (roughly 0 steps) [8fcc4b5923af5de58b80b53a069453b135693304] kvm: nVMX: Introduce KVM_CAP_NESTED_STATE testing commit 8fcc4b5923af5de58b80b53a069453b135693304 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: general protection fault in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect bad 8fcc4b5923af5de58b80b53a069453b135693304 8fcc4b5923af5de58b80b53a069453b135693304 is the first bad commit commit 8fcc4b5923af5de58b80b53a069453b135693304 Author: Jim Mattson Date: Tue Jul 10 11:27:20 2018 +0200 kvm: nVMX: Introduce KVM_CAP_NESTED_STATE For nested virtualization L0 KVM is managing a bit of state for L2 guests, this state can not be captured through the currently available IOCTLs. In fact the state captured through all of these IOCTLs is usually a mix of L1 and L2 state. It is also dependent on whether the L2 guest was running at the moment when the process was interrupted to save its state. With this capability, there are two new vcpu ioctls: KVM_GET_NESTED_STATE and KVM_SET_NESTED_STATE. These can be used for saving and restoring a VM that is in VMX operation. Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Thomas Gleixner Cc: Ingo Molnar Cc: H. Peter Anvin Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Jim Mattson [karahmed@ - rename structs and functions and make them ready for AMD and address previous comments. - handle nested.smm state. - rebase & a bit of refactoring. - Merge 7/8 and 8/8 into one patch. ] Signed-off-by: KarimAllah Ahmed Signed-off-by: Paolo Bonzini :040000 040000 bebd2794f126798c6d96ae75a46e31951122400e 08957b9d318f822a2411e400e858725e3913a05a M Documentation :040000 040000 2b79a65cf06e4945a989b9526b8944230152c0c7 05543a51892598ffb73a3ab0cadee1dd023f2178 M arch :040000 040000 2d941a89cbd12a6b2a52456da84962d94e466dbe d817491cb9566552dae55cb943aeeccdb5ea985b M include revisions tested: 16, total time: 3h4m14.209791058s (build: 1h30m43.810633744s, test: 1h29m5.691011876s) first bad commit: 8fcc4b5923af5de58b80b53a069453b135693304 kvm: nVMX: Introduce KVM_CAP_NESTED_STATE cc: ["hpa@zytor.com" "jmattson@google.com" "karahmed@amazon.de" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"] crash: KASAN: use-after-free Read in finish_task_switch 8021q: adding VLAN 0 to HW filter on device team0 8021q: adding VLAN 0 to HW filter on device team0 8021q: adding VLAN 0 to HW filter on device team0 8021q: adding VLAN 0 to HW filter on device team0 ================================================================== BUG: KASAN: use-after-free in __fire_sched_in_preempt_notifiers kernel/sched/core.c:2511 [inline] BUG: KASAN: use-after-free in fire_sched_in_preempt_notifiers kernel/sched/core.c:2517 [inline] BUG: KASAN: use-after-free in finish_task_switch+0x56e/0x8c0 kernel/sched/core.c:2709 Read of size 8 at addr ffff8801c46c8058 by task syz-executor0/6761 CPU: 0 PID: 6761 Comm: syz-executor0 Not tainted 4.18.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x16e/0x22a lib/dump_stack.c:113 print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.9+0x242/0x2fe mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 __fire_sched_in_preempt_notifiers kernel/sched/core.c:2511 [inline] fire_sched_in_preempt_notifiers kernel/sched/core.c:2517 [inline] finish_task_switch+0x56e/0x8c0 kernel/sched/core.c:2709 context_switch kernel/sched/core.c:2856 [inline] __schedule+0x83e/0x1f40 kernel/sched/core.c:3501 preempt_schedule_irq+0x87/0x110 kernel/sched/core.c:3728 retint_kernel+0x1b/0x2d RIP: 0010:jhash2 include/linux/jhash.h:128 [inline] RIP: 0010:hash_stack lib/stackdepot.c:161 [inline] RIP: 0010:depot_save_stack+0xbf/0x470 lib/stackdepot.c:230 Code: 01 c8 c1 c3 08 44 31 d3 41 vmwrite error: reg 6c0a value fffffe0000034000 (err 212992) 89 da 41 29 d9 01 c3 41 c1 c2 10 45 31 d1 45 89 ca 44 29 c8 41 01 d9 41 c1 ca 0d 44 31 d0 41 89 c2 <29> c3 44 01 c8 41 c1 c2 04 44 31 d3 41 83 f8 03 77 86 41 83 f8 02 RSP: 0018:ffff8801b88df1c8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 RAX: 00000000f053ad46 RBX: 000000009697aeaf RCX: ffff8801b88df228 RDX: ffff8801b88df24c RSI: 0000000000608040 RDI: 0000000000000014 RBP: ffff8801b88df200 R08: 000000000000001f R09: 000000004b2c9494 R10: 00000000f053ad46 R11: ffff8801dac23953 R12: ffff8801da97c0c0 R13: ffff8801b88df210 R14: 0000000000000000 R15: ffff8801cc817faf save_stack+0xa9/0xd0 mm/kasan/kasan.c:454 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490 kmem_cache_alloc+0x12e/0x780 mm/slab.c:3554 kmem_cache_zalloc include/linux/slab.h:697 [inline] new_inode_smack+0x1b/0xa0 security/smack/smack_lsm.c:299 smack_inode_alloc_security+0x85/0xf0 security/smack/smack_lsm.c:974 security_inode_alloc+0x63/0xa0 security/security.c:443 inode_init_always+0x685/0xdd0 fs/inode.c:168 alloc_inode+0x6c/0x150 fs/inode.c:217 new_inode_pseudo+0x66/0x190 fs/inode.c:895 new_inode+0x14/0x30 fs/inode.c:924 debugfs_get_inode+0xe/0x110 fs/debugfs/inode.c:37 __debugfs_create_file+0x74/0x390 fs/debugfs/inode.c:352 debugfs_create_file+0x24/0x30 fs/debugfs/inode.c:399 kvm_create_vm_debugfs arch/x86/kvm/../../../virt/kvm/kvm_main.c:614 [inline] kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3204 [inline] kvm_dev_ioctl+0xa24/0x1a30 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3231 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x195/0x1650 fs/ioctl.c:684 ksys_ioctl+0x62/0x90 fs/ioctl.c:701 __do_sys_ioctl fs/ioctl.c:708 [inline] __se_sys_ioctl fs/ioctl.c:706 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:706 do_syscall_64+0x183/0x700 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4577c9 Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fdc056e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fdc056e26d4 RCX: 00000000004577c9 RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006 RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004cfcc8 R14: 00000000004bfe00 R15: 0000000000000000 CPU: 1 PID: 6783 Comm: syz-executor4 Not tainted 4.18.0-rc6-syzkaller #0 Allocated by task 6761: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 save_stack+0x43/0xd0 mm/kasan/kasan.c:448 Call Trace: set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x16e/0x22a lib/dump_stack.c:113 kmem_cache_alloc+0x12e/0x780 mm/slab.c:3554 kmem_cache_zalloc include/linux/slab.h:697 [inline] vmx_create_vcpu+0xc6/0x1f50 arch/x86/kvm/vmx.c:10313 kvm_arch_vcpu_create+0xb0/0x1c0 arch/x86/kvm/x86.c:8387 vmwrite_error+0x2a/0x30 arch/x86/kvm/vmx.c:2097 kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2466 [inline] kvm_vm_ioctl+0x5e0/0x1c60 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2967 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x195/0x1650 fs/ioctl.c:684 __vmcs_writel arch/x86/kvm/vmx.c:2107 [inline] vmcs_writel arch/x86/kvm/vmx.c:2147 [inline] vmx_vcpu_load+0xad9/0xf40 arch/x86/kvm/vmx.c:2774 ksys_ioctl+0x62/0x90 fs/ioctl.c:701 __do_sys_ioctl fs/ioctl.c:708 [inline] __se_sys_ioctl fs/ioctl.c:706 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:706 do_syscall_64+0x183/0x700 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 6760: kvm_arch_vcpu_load+0x1d8/0x7a0 arch/x86/kvm/x86.c:3075 save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521 kvm_sched_in+0x63/0x80 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3965 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kmem_cache_free+0x83/0x2d0 mm/slab.c:3756 __fire_sched_in_preempt_notifiers kernel/sched/core.c:2511 [inline] fire_sched_in_preempt_notifiers kernel/sched/core.c:2517 [inline] finish_task_switch+0x537/0x8c0 kernel/sched/core.c:2709 vmx_free_vcpu+0x200/0x290 arch/x86/kvm/vmx.c:10307 kvm_arch_vcpu_free arch/x86/kvm/x86.c:8373 [inline] kvm_free_vcpus arch/x86/kvm/x86.c:8822 [inline] kvm_arch_destroy_vm+0x322/0x7a0 arch/x86/kvm/x86.c:8919 kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:746 [inline] kvm_put_kvm+0x59c/0xdd0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:767 kvm_vcpu_release+0x77/0xa0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2397 __fput+0x2e6/0x990 fs/file_table.c:209 ____fput+0x9/0x10 fs/file_table.c:243 context_switch kernel/sched/core.c:2856 [inline] __schedule+0x83e/0x1f40 kernel/sched/core.c:3501 task_work_run+0x19f/0x240 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:192 [inline] exit_to_usermode_loop+0x269/0x300 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x587/0x700 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8801c46c8040 which belongs to the cache kvm_vcpu of size 23616 preempt_schedule_common+0x1f/0xd0 kernel/sched/core.c:3625 The buggy address is located 24 bytes inside of 23616-byte region [ffff8801c46c8040, ffff8801c46cdc80) The buggy address belongs to the page: preempt_schedule+0x4d/0x60 kernel/sched/core.c:3651 page:ffffea000711b200 count:1 mapcount:0 mapping:ffff8801d57a0a80 index:0x0 ___preempt_schedule+0x16/0x18 compound_mapcount: 0 vprintk_emit+0x3df/0xad0 kernel/printk/printk.c:1908 flags: 0x2fffc0000008100(slab|head) raw: 02fffc0000008100 ffff8801d579e648 ffffea0007022c08 ffff8801d57a0a80 raw: 0000000000000000 ffff8801c46c8040 0000000100000001 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801c46c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801c46c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8801c46c8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb vprintk_default+0x1a/0x20 kernel/printk/printk.c:1948 ^ ffff8801c46c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb vprintk_func+0x2c/0xf2 kernel/printk/printk_safe.c:382 ffff8801c46c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb printk+0x9a/0xc0 kernel/printk/printk.c:1981 ================================================================== __dynamic_pr_debug+0x149/0x1c0 lib/dynamic_debug.c:565