program: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x121801, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000240)={0x2, 0xda0, 0x0, 0x0}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r3) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff07000700263a3a0914000600626f6e64300000000000020000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r6) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)={0x24, r7, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 72.812975][ T4669] Bluetooth: hci0: command tx timeout [ 72.954027][ T5320] netlink: 12 bytes leftover after parsing attributes in process `syz.0.0'. [ 72.971370][ T5320] [ 72.972736][ T5320] ============================= [ 72.974780][ T5320] WARNING: suspicious RCU usage [ 72.977006][ T5320] 6.14.0-rc7-syzkaller-00202-g183601b78a9b #0 Not tainted [ 72.979830][ T5320] ----------------------------- [ 72.981785][ T5320] ./include/linux/kvm_host.h:1059 suspicious rcu_dereference_check() usage! [ 72.985445][ T5320] [ 72.985445][ T5320] other info that might help us debug this: [ 72.985445][ T5320] [ 72.989381][ T5320] [ 72.989381][ T5320] rcu_scheduler_active = 2, debug_locks = 1 [ 72.993280][ T5320] no locks held by syz.0.0/5320. [ 72.995160][ T5320] [ 72.995160][ T5320] stack backtrace: [ 72.997444][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00202-g183601b78a9b #0 [ 72.997458][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.997465][ T5320] Call Trace: [ 72.997472][ T5320] [ 72.997477][ T5320] dump_stack_lvl+0x241/0x360 [ 72.997585][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.997593][ T5320] ? __pfx__printk+0x10/0x10 [ 72.997603][ T5320] lockdep_rcu_suspicious+0x226/0x340 [ 72.997614][ T5320] kvm_vcpu_gfn_to_memslot+0x429/0x4c0 [ 72.997633][ T5320] kvm_vcpu_write_guest+0x7c/0x130 [ 72.997649][ T5320] kvm_xen_write_hypercall_page+0x50a/0x5f0 [ 72.997666][ T5320] ? __pfx_kvm_xen_write_hypercall_page+0x10/0x10 [ 72.997686][ T5320] kvm_set_msr_common+0x154/0x3b10 [ 72.997698][ T5320] ? kvm_clear_async_pf_completion_queue+0x3a7/0x3f0 [ 72.997714][ T5320] ? __pfx_lock_release+0x10/0x10 [ 72.997728][ T5320] ? __pfx_kvm_set_msr_common+0x10/0x10 [ 72.997742][ T5320] ? do_raw_spin_unlock+0x58/0x8b0 [ 72.997756][ T5320] vmx_set_msr+0x151d/0x26f0 [ 72.997766][ T5320] ? _raw_spin_unlock+0x28/0x50 [ 72.997810][ T5320] ? kvm_clear_async_pf_completion_queue+0x3a7/0x3f0 [ 72.997828][ T5320] kvm_vcpu_reset+0xbea/0x1740 [ 72.997844][ T5320] ? __pfx_kvm_vcpu_reset+0x10/0x10 [ 72.997855][ T5320] ? __raw_spin_lock_init+0x45/0x100 [ 72.997874][ T5320] kvm_arch_vcpu_create+0x8f4/0xa80 [ 72.997889][ T5320] kvm_vm_ioctl_create_vcpu+0x3d8/0x8b0 [ 72.997906][ T5320] kvm_vm_ioctl+0x7be/0xd50 [ 72.997920][ T5320] ? mark_lock+0x9a/0x360 [ 72.997932][ T5320] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 72.997950][ T5320] ? tomoyo_path_number_perm+0x209/0x770 [ 72.998000][ T5320] ? __pfx_lock_release+0x10/0x10 [ 72.998017][ T5320] ? tomoyo_path_number_perm+0x5dd/0x770 [ 72.998032][ T5320] ? tomoyo_path_number_perm+0x5dd/0x770 [ 72.998049][ T5320] ? tomoyo_path_number_perm+0x65d/0x770 [ 72.998060][ T5320] ? __lock_acquire+0x1397/0x2100 [ 72.998075][ T5320] ? tomoyo_path_number_perm+0x209/0x770 [ 72.998089][ T5320] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 72.998122][ T5320] ? __fget_files+0x2a/0x410 [ 72.998139][ T5320] ? __fget_files+0x2a/0x410 [ 72.998155][ T5320] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 72.998170][ T5320] __se_sys_ioctl+0xf5/0x170 [ 72.998183][ T5320] do_syscall_64+0xf3/0x230 [ 72.998193][ T5320] ? clear_bhb_loop+0x35/0x90 [ 72.998209][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.998222][ T5320] RIP: 0033:0x7f0aca18d169 [ 72.998234][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.998243][ T5320] RSP: 002b:00007f0acb0b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.998255][ T5320] RAX: ffffffffffffffda RBX: 00007f0aca3a5fa0 RCX: 00007f0aca18d169 [ 72.998262][ T5320] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 72.998269][ T5320] RBP: 00007f0aca20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 72.998275][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 72.998281][ T5320] R13: 0000000000000000 R14: 00007f0aca3a5fa0 R15: 00007fff17f38938 [ 72.998294][ T5320]