From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: general protection fault in finish_task_switch (2)
Date: Wed, 22 Aug 2018 11:22:06 +0200
Message-ID: <2c4f99d0-0ac0-59f4-8793-2eeb47e975e8@redhat.com>
References: <00000000000035c2ed057315bf85@google.com>
 <0000000000006e87360573f8b328@google.com>
 <20180822090823.GT24124@hirez.programming.kicks-ass.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: dvhart@infradead.org, hpa@zytor.com, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, mingo@redhat.com, rkrcmar@redhat.com,
        syzkaller-bugs@googlegroups.com, tglx@linutronix.de, x86@kernel.org
To: Peter Zijlstra <peterz@infradead.org>,
        syzbot <syzbot+1f56df64bfb3c29dde6f@syzkaller.appspotmail.com>
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <20180822090823.GT24124@hirez.programming.kicks-ass.net>
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
List-Id: kvm.vger.kernel.org

On 22/08/2018 11:08, Peter Zijlstra wrote:
>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10023961400000
> 
>> RIP: 0010:__fire_sched_in_preempt_notifiers kernel/sched/core.c:2481
> That repro thing does something dodgy with KVM, which then corrupts the
> premption notifier thing. I'm sufficiently KVM clueless to not really
> know where to start looking though..

It seems to be a reference counting issue, or something like that.  I'm
looking at it...

Paolo