Hello,

Starting linux-next20240827 build, running QEMU KVM instance with option 
to freeze the CPU at the very beginning and then continue results in 
below guest crash. Disabling CONFIG_KSM will make this issue go away. 
Same issue exists with todays linux-next as well.

/SecCoreStartupWithStack(0xFFFCC000, 0x820000)
error: kvm run failed Bad address
RAX=0000000000232000 RBX=00000000fffdb101 RCX=000000000081fab0 
RDX=00000000fffd7b03
RSI=0000000000807000 RDI=00000000fffd262b RBP=000000000081fc00 
RSP=000000000081faa0
R8 =00000000fffd7af7 R9 =0000000000000071 R10=0000000000400000 
R11=0000000000000000
R12=00000000fffcc094 R13=00000000fffcc000 R14=00000000ffdce000 
R15=0000000000000600
RIP=00000000fffd1cb5 RFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
CS =0038 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
FS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
GS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
LDT=0000 0000000000000000 0000ffff 00008200 DPL=0 LDT
TR =0000 0000000000000000 0000ffff 00008b00 DPL=0 TSS64-busy
GDT=     00000000fffffed0 0000003f
IDT=     000000000081fd70 0000021f
CR0=80000033 CR2=0000000000000000 CR3=0000000000800000 CR4=00000660
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 
DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000500
Code=05 00 10 00 00 49 81 ee 00 10 00 00 48 3d 00 00 00 02 77 12 <41> 81 
7e 28 5f 46 56 48 75 e1 49 3b 46 20 73 05 eb d9 4d 89 ee 48 8d 8d 10 ff 
ff ff ba 02
/

_Host dmesg throws:_

/[  232.158038] BUG: Bad page state in process ksmd pfn:404740a
[  232.164393] page: refcount:0 mapcount:1 mapping:0000000000000000 
index:0x7f8687c0a pfn:0x404740a
[  232.164401] flags: 
0x17ffffc0020819(locked|uptodate|dirty|owner_2|swapbacked|node=0|zone=2|lastcpupid=0x1fffff)
[  232.164412] raw: 0017ffffc0020819 dead000000000100 dead000000000122 
0000000000000000
[  232.164417] raw: 00000007f8687c0a 0000000000000000 0000000000000000 
0000000000000000
[  232.164420] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  232.164423] Modules linked in: xt_CHECKSUM ipt_REJECT amd_atl 
intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd 
ipmi_ssif nls_iso8859_1 wmi_bmof rapl joydev input_leds ccp acpi_ipmi 
k10temp ipmi_si wmi mac_hid sch_fq_codel dm_multipath scsi_dh_rdac 
scsi_dh_emc scsi_dh_alua ipmi_devintf ipmi_msghandler msr drm efi_pstore 
autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov 
async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 
crct10dif_pclmul ahci crc32_pclmul tg3 ghash_clmulni_intel libahci 
i2c_piix4 i2c_smbus hid_generic usbhid hid aesni_intel crypto_simd cryptd
[  232.164556] CPU: 114 UID: 0 PID: 1594 Comm: ksmd Not tainted 
6.11.0-rc5-next-20240829 #1
[  232.164564] Hardware name: AMD Corporation RUBY/RUBY, BIOS TRR100BD 
12/11/2023
[  232.164568] Call Trace:
[  232.164572]  <TASK>
[  232.164580]  dump_stack_lvl+0x70/0x90
[  232.164593]  dump_stack+0x14/0x20
[  232.164601]  bad_page+0x71/0x100
[  232.164611]  free_page_is_bad_report+0x86/0x90
[  232.164618]  free_unref_page+0x3e4/0x5b0
[  232.164624]  ? srso_alias_return_thunk+0x5/0xfbef5
[  232.164632]  ? __mem_cgroup_uncharge+0x64/0x80
[  232.164641]  __folio_put+0xc4/0xf0
[  232.164649]  ksm_scan_thread+0x1279/0x23d0
[  232.164662]  ? try_to_wake_up+0x244/0x740
[  232.164675]  ? __pfx_ksm_scan_thread+0x10/0x10
[  232.164681]  kthread+0xe8/0x120
[  232.164687]  ? __pfx_kthread+0x10/0x10
[  232.164694]  ret_from_fork+0x40/0x60
[  232.164702]  ? __pfx_kthread+0x10/0x10
[  232.164707]  ret_from_fork_asm+0x1a/0x30
[  232.164721]  </TASK>
[  232.164724] Disabling lock debugging due to kernel taint
[  234.206074] BUG: Bad page state in process ksmd  pfn:18854a
[  234.212327] page: refcount:0 mapcount:1 mapping:0000000000000000 
index:0x7f869274a pfn:0x18854a
[  234.212334] flags: 
0x17ffffc0020819(locked|uptodate|dirty|owner_2|swapbacked|node=0|zone=2|lastcpupid=0x1fffff)
[  234.212345] raw: 0017ffffc0020819 dead000000000100 dead000000000122 
0000000000000000
[  234.212350] raw: 00000007f869274a 0000000000000000 0000000000000000 
0000000000000000
[  234.212353] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  234.212356] Modules linked in: xt_CHECKSUM ipt_REJECT amd_atl 
intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd 
ipmi_ssif nls_iso8859_1 wmi_bmof rapl joydev input_leds ccp acpi_ipmi 
k10temp ipmi_si wmi mac_hid sch_fq_codel dm_multipath scsi_dh_rdac 
scsi_dh_emc scsi_dh_alua ipmi_devintf ipmi_msghandler msr drm efi_pstore 
autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov 
async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 
crct10dif_pclmul ahci crc32_pclmul tg3 ghash_clmulni_intel libahci 
i2c_piix4 i2c_smbus hid_generic usbhid hid aesni_intel crypto_simd cryptd
[  234.212490] CPU: 114 UID: 0 PID: 1594 Comm: ksmd Tainted: G    
B              6.11.0-rc5-next-20240829 #1
[  234.212498] Tainted: [B]=BAD_PAGE
[  234.212502] Hardware name: AMD Corporation RUBY/RUBY, BIOS TRR100BD 
12/11/2023
[  234.212505] Call Trace:
[  234.212510]  <TASK>
[  234.212517]  dump_stack_lvl+0x70/0x90
[  234.212531]  dump_stack+0x14/0x20
[  234.212538]  bad_page+0x71/0x100
[  234.212548]  free_page_is_bad_report+0x86/0x90
[  234.212556]  free_unref_page+0x3e4/0x5b0
[  234.212562]  ? srso_alias_return_thunk+0x5/0xfbef5
[  234.212569]  ? __mem_cgroup_uncharge+0x64/0x80
[  234.212579]  __folio_put+0xc4/0xf0
[  234.212587]  ksm_scan_thread+0x1279/0x23d0
[  234.212599]  ? try_to_wake_up+0x244/0x740
[  234.212612]  ? __pfx_ksm_scan_thread+0x10/0x10
[  234.212618]  kthread+0xe8/0x120
[  234.212625]  ? __pfx_kthread+0x10/0x10
[  234.212631]  ret_from_fork+0x40/0x60
[  234.212639]  ? __pfx_kthread+0x10/0x10
[  234.212645]  ret_from_fork_asm+0x1a/0x30
[  234.212658]  </TASK>
[  305.071553] ------------[ cut here ]------------
[  305.071561] WARNING: CPU: 191 PID: 3957 at mm/gup.c:144 
try_grab_folio+0x7d/0xa0
[  305.071577] Modules linked in: xt_CHECKSUM ipt_REJECT amd_atl 
intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd 
ipmi_ssif nls_iso8859_1 wmi_bmof rapl joydev input_leds ccp acpi_ipmi 
k10temp ipmi_si wmi mac_hid sch_fq_codel dm_multipath scsi_dh_rdac 
scsi_dh_emc scsi_dh_alua ipmi_devintf ipmi_msghandler msr drm efi_pstore 
autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov 
async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 
crct10dif_pclmul ahci crc32_pclmul tg3 ghash_clmulni_intel libahci 
i2c_piix4 i2c_smbus hid_generic usbhid hid aesni_intel crypto_simd cryptd
[  305.071714] CPU: 191 UID: 0 PID: 3957 Comm: CPU 0/KVM Tainted: G    
B              6.11.0-rc5-next-20240829 #1
[  305.071723] Tainted: [B]=BAD_PAGE
[  305.071726] Hardware name: AMD Corporation RUBY/RUBY, BIOS TRR100BD 
12/11/2023
[  305.071730] RIP: 0010:try_grab_folio+0x7d/0xa0
[  305.071737] Code: 00 48 c1 e8 36 48 8b 3c c5 40 db 54 8e e8 bb 4e fe 
ff 31 c0 5d e9 3e b5 0b 01 f0 01 77 34 31 c0 e9 33 b5 0b 01 e9 2e b5 0b 
01 <0f> 0b b8 f4 ff ff ff e9 22 b5 0b 01 89 f0 c1 e0 0a f0 01 47 34 eb
[  305.071742] RSP: 0018:ff57d354086837e0 EFLAGS: 00010246
[  305.071748] RAX: 0000000000000000 RBX: 00007f869274a000 RCX: 
dead000000000100
[  305.071753] RDX: 0000000000211052 RSI: 0000000000000001 RDI: 
ffe7c16546215280
[  305.071756] RBP: ff57d35408683838 R08: ffe7c16546215280 R09: 
0000000000000000
[  305.071760] R10: 00007f8692220000 R11: 00007f8698020fff R12: 
0000000000211052
[  305.071763] R13: ffe7c16546215280 R14: ff1ce69c31cadd78 R15: 
800800018854a867
[  305.071767] FS:  00007fb48aa00640(0000) GS:ff1ce6da44380000(0000) 
knlGS:0000000000000000
[  305.071772] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  305.071775] CR2: 0000000000000000 CR3: 000800011a14c006 CR4: 
0000000000771ef0
[  305.071780] PKRU: 00000000
[  305.071783] Call Trace:
[  305.071786]  <TASK>
[  305.071793]  ? show_regs+0x6d/0x80
[  305.071804]  ? __warn+0x91/0x140
[  305.071810]  ? try_grab_folio+0x7d/0xa0
[  305.071817]  ? report_bug+0x193/0x1a0
[  305.071828]  ? handle_bug+0x63/0xa0
[  305.071837]  ? exc_invalid_op+0x1d/0x80
[  305.071842]  ? asm_exc_invalid_op+0x1f/0x30
[  305.071856]  ? try_grab_folio+0x7d/0xa0
[  305.071863]  ? follow_page_pte+0x11d/0x650
[  305.071872]  __get_user_pages+0x463/0x15b0
[  305.071879]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.071884]  ? write_mmio+0x68/0x110
[  305.071899]  get_user_pages_unlocked+0xf0/0x360
[  305.071909]  hva_to_pfn+0x10f/0x4f0
[  305.071918]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.071923]  ? xas_load+0x1b/0x100
[  305.071933]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.071940]  __gfn_to_pfn_memslot+0x9e/0x100
[  305.071946]  kvm_faultin_pfn+0x11d/0x690
[  305.071958]  kvm_tdp_page_fault+0x9b/0xf0
[  305.071966]  kvm_mmu_do_page_fault+0x22d/0x270
[  305.071978]  kvm_mmu_page_fault+0x8b/0x7a0
[  305.071984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.071991]  ? svm_interrupt_blocked+0xa0/0x110 [kvm_amd]
[  305.072011]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.072016]  ? kvm_arch_vcpu_put+0x37/0x200
[  305.072024]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.072028]  ? vcpu_put+0x26/0x60
[  305.072035]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.072039]  ? kvm_arch_vcpu_ioctl_run+0x614/0x1760
[  305.072050]  npf_interception+0x99/0x180 [kvm_amd]
[  305.072061]  ? __pfx_npf_interception+0x10/0x10 [kvm_amd]
[  305.072073]  svm_invoke_exit_handler+0x17b/0x1b0 [kvm_amd]
[  305.072086]  svm_handle_exit+0xa5/0x1e0 [kvm_amd]
[  305.072097]  ? svm_vcpu_run+0x2cd/0x850 [kvm_amd]
[  305.072109]  kvm_arch_vcpu_ioctl_run+0xd65/0x1760
[  305.072118]  ? fire_user_return_notifiers+0x46/0x70
[  305.072127]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.072132]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.072137]  ? kvm_on_user_return+0x8e/0x100
[  305.072146]  kvm_vcpu_ioctl+0x321/0x950
[  305.072153]  ? do_syscall_64+0x7b/0x110
[  305.072161]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.072166]  ? kvm_vcpu_ioctl+0x172/0x950
[  305.072171]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.072175]  ? kvm_on_user_return+0x8e/0x100
[  305.072184]  __x64_sys_ioctl+0x99/0xd0
[  305.072194]  x64_sys_call+0x1227/0x2140
[  305.072201]  do_syscall_64+0x6f/0x110
[  305.072208]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.072213]  ? do_syscall_64+0x7b/0x110
[  305.072219]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.072224]  ? do_syscall_64+0x7b/0x110
[  305.072229]  ? syscall_exit_to_user_mode+0x57/0x1b0
[  305.072237]  ? srso_alias_return_thunk+0x5/0xfbef5
[  305.072242]  ? do_syscall_64+0x7b/0x110
[  305.072248]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  305.072255] RIP: 0033:0x7fb49171a94f
[  305.072261] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 
00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 
05 <41> 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00
[  305.072265] RSP: 002b:00007fb48a9ff6f0 EFLAGS: 00000246 ORIG_RAX: 
0000000000000010
[  305.072272] RAX: ffffffffffffffda RBX: 000000000000ae80 RCX: 
00007fb49171a94f
[  305.072275] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 
000000000000000f
[  305.072279] RBP: 00005592558079e0 R08: 0000000000000000 R09: 
0000000000000000
[  305.072282] R10: 0000000000000000 R11: 0000000000000246 R12: 
0000000000000000
[  305.072285] R13: 0000000000000001 R14: 0000000000000071 R15: 
0000000000000000
[  305.072296]  </TASK>
[  305.072299] ---[ end trace 0000000000000000 ]---
[  312.173980] BUG: Bad page state in process ksmd  pfn:4047c06
[  312.180332] page: refcount:0 mapcount:1 mapping:0000000000000000 
index:0x7f88c4606 pfn:0x4047c06
[  312.180339] flags: 
0x17ffffc0020819(locked|uptodate|dirty|owner_2|swapbacked|node=0|zone=2|lastcpupid=0x1fffff)
[  312.180350] raw: 0017ffffc0020819 dead000000000100 dead000000000122 
0000000000000000
[  312.180355] raw: 00000007f88c4606 0000000000000000 0000000000000000 
0000000000000000
[  312.180358] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  312.180361] Modules linked in: xt_CHECKSUM ipt_REJECT amd_atl 
intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd 
ipmi_ssif nls_iso8859_1 wmi_bmof rapl joydev input_leds ccp acpi_ipmi 
k10temp ipmi_si wmi mac_hid sch_fq_codel dm_multipath scsi_dh_rdac 
scsi_dh_emc scsi_dh_alua ipmi_devintf ipmi_msghandler msr drm efi_pstore 
autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov 
async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 
crct10dif_pclmul ahci crc32_pclmul tg3 ghash_clmulni_intel libahci 
i2c_piix4 i2c_smbus hid_generic usbhid hid aesni_intel crypto_simd cryptd
[  312.180494] CPU: 114 UID: 0 PID: 1594 Comm: ksmd Tainted: G    B   
W          6.11.0-rc5-next-20240829 #1
[  312.180503] Tainted: [B]=BAD_PAGE, [W]=WARN
[  312.180507] Hardware name: AMD Corporation RUBY/RUBY, BIOS TRR100BD 
12/11/2023
[  312.180510] Call Trace:
[  312.180515]  <TASK>
[  312.180522]  dump_stack_lvl+0x70/0x90
[  312.180536]  dump_stack+0x14/0x20
[  312.180544]  bad_page+0x71/0x100
[  312.180554]  free_page_is_bad_report+0x86/0x90
[  312.180561]  free_unref_page+0x3e4/0x5b0
[  312.180567]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.180575]  ? __mem_cgroup_uncharge+0x64/0x80
[  312.180584]  __folio_put+0xc4/0xf0
[  312.180593]  ksm_scan_thread+0x1279/0x23d0
[  312.180605]  ? try_to_wake_up+0x244/0x740
[  312.180618]  ? __pfx_ksm_scan_thread+0x10/0x10
[  312.180624]  kthread+0xe8/0x120
[  312.180631]  ? __pfx_kthread+0x10/0x10
[  312.180637]  ret_from_fork+0x40/0x60
[  312.180645]  ? __pfx_kthread+0x10/0x10
[  312.180651]  ret_from_fork_asm+0x1a/0x30
[  312.180664]  </TASK>
/

_Steps to recreate:_

1. Start a QEMU KVM instance with -S option, sample below:

qemu-system-x86_64 \
*-S \*
-name guest=vm,debug-threads=on \
-blockdev 
node-name=file_ovmf_code,driver=file,filename=OVMF_CODE.fd,auto-read-only=on,discard=unmap 
\
-blockdev 
node-name=drive_ovmf_code,driver=raw,read-only=on,file=file_ovmf_code \
-blockdev 
node-name=file_ovmf_vars,driver=file,filename=vm1_22_04-server_qcow2_filesystem_VARS.raw,auto-read-only=on,discard=unmap 
\
-blockdev 
node-name=drive_ovmf_vars,driver=raw,read-only=off,file=file_ovmf_vars \
-machine 
q35,kernel_irqchip=split,pflash0=drive_ovmf_code,pflash1=drive_ovmf_vars,memory-backend=mem-machine_mem 
\
-cpu EPYC-Genoa,+svm,+x2apic \
-m 2048 \
-object memory-backend-ram,size=2048M,id=mem-machine_mem  \
-smp 1,maxcpus=1,cores=1,threads=1,dies=1,sockets=1  \
-kernel bzImage \
-append "root=/dev/sda rw console=ttyS0 net.ifnames=0 biosdevname=0 
movable_node swiotlb=65536 " \
-drive id=disk0,file=22.04-server.qcow2,format=qcow2,if=none \
-device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=true \
-device scsi-hd,drive=disk0 \
--enable-kvm \
--nographic \
-nic user,model=virtio-net-pci \
-vga none \
-monitor unix:qemu-monitor-socket,server,nowait
2. Now get onto qemu monitor and issue continue command, then the qemu 
instance crashes with above mentioned traces.

I have attached the dmesg and kconfig used.


Thanks,

Srikanth Aithal <sraithal@amd.com>