program: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000c00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000200)='cq_process\x00', r0}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r1, 0x58, &(0x7f0000000100)}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000240)={0x2, 0xda0, 0x0, 0x0}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xf, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0xbb}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000dc0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18}}}]}, 0x48}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r9 = signalfd4(r2, &(0x7f0000000000)={[0x3]}, 0x8, 0xc0800) ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0xc0010062}]}) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) [ 73.579278][ T4669] Bluetooth: hci0: command tx timeout [ 73.795813][ T5324] [ 73.796909][ T5324] ============================= [ 73.799628][ T5324] WARNING: suspicious RCU usage [ 73.801615][ T5324] 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0 Not tainted [ 73.804713][ T5324] ----------------------------- [ 73.806815][ T5324] ./include/linux/kvm_host.h:1059 suspicious rcu_dereference_check() usage! [ 73.810739][ T5324] [ 73.810739][ T5324] other info that might help us debug this: [ 73.810739][ T5324] [ 73.815373][ T5324] [ 73.815373][ T5324] rcu_scheduler_active = 2, debug_locks = 1 [ 73.819541][ T5324] no locks held by syz.0.0/5324. [ 73.821538][ T5324] [ 73.821538][ T5324] stack backtrace: [ 73.823905][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0 [ 73.823927][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.823936][ T5324] Call Trace: [ 73.823944][ T5324] [ 73.823953][ T5324] dump_stack_lvl+0x241/0x360 [ 73.824082][ T5324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.824095][ T5324] ? __pfx__printk+0x10/0x10 [ 73.824114][ T5324] lockdep_rcu_suspicious+0x226/0x340 [ 73.824137][ T5324] kvm_vcpu_gfn_to_memslot+0x429/0x4c0 [ 73.824162][ T5324] kvm_vcpu_write_guest+0x7c/0x130 [ 73.824178][ T5324] kvm_xen_write_hypercall_page+0x50a/0x5f0 [ 73.824199][ T5324] ? __pfx_kvm_xen_write_hypercall_page+0x10/0x10 [ 73.824221][ T5324] kvm_set_msr_common+0x154/0x3b10 [ 73.824235][ T5324] ? kvm_clear_async_pf_completion_queue+0x3a7/0x3f0 [ 73.824251][ T5324] ? __pfx_lock_release+0x10/0x10 [ 73.824265][ T5324] ? __pfx_kvm_set_msr_common+0x10/0x10 [ 73.824280][ T5324] ? do_raw_spin_unlock+0x58/0x8b0 [ 73.824295][ T5324] vmx_set_msr+0x151d/0x26f0 [ 73.824306][ T5324] ? _raw_spin_unlock+0x28/0x50 [ 73.824346][ T5324] ? kvm_clear_async_pf_completion_queue+0x3a7/0x3f0 [ 73.824369][ T5324] kvm_vcpu_reset+0xbea/0x1740 [ 73.824390][ T5324] ? __pfx_kvm_vcpu_reset+0x10/0x10 [ 73.824403][ T5324] ? __raw_spin_lock_init+0x45/0x100 [ 73.824422][ T5324] kvm_arch_vcpu_create+0x8f4/0xa80 [ 73.824440][ T5324] kvm_vm_ioctl_create_vcpu+0x3d8/0x8b0 [ 73.824462][ T5324] kvm_vm_ioctl+0x7be/0xd50 [ 73.824477][ T5324] ? mark_lock+0x9a/0x360 [ 73.824489][ T5324] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 73.824507][ T5324] ? tomoyo_path_number_perm+0x209/0x770 [ 73.824555][ T5324] ? __pfx_lock_release+0x10/0x10 [ 73.824575][ T5324] ? tomoyo_path_number_perm+0x5dd/0x770 [ 73.824590][ T5324] ? tomoyo_path_number_perm+0x5dd/0x770 [ 73.824603][ T5324] ? tomoyo_path_number_perm+0x65d/0x770 [ 73.824614][ T5324] ? __lock_acquire+0x1397/0x2100 [ 73.824629][ T5324] ? tomoyo_path_number_perm+0x209/0x770 [ 73.824641][ T5324] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 73.824681][ T5324] ? __fget_files+0x2a/0x410 [ 73.824703][ T5324] ? __fget_files+0x2a/0x410 [ 73.824723][ T5324] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 73.824738][ T5324] __se_sys_ioctl+0xf5/0x170 [ 73.824751][ T5324] do_syscall_64+0xf3/0x230 [ 73.824764][ T5324] ? clear_bhb_loop+0x35/0x90 [ 73.824785][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.824804][ T5324] RIP: 0033:0x7fcc99d8cde9 [ 73.824816][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.824825][ T5324] RSP: 002b:00007fcc9ac57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.824839][ T5324] RAX: ffffffffffffffda RBX: 00007fcc99fa5fa0 RCX: 00007fcc99d8cde9 [ 73.824850][ T5324] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 73.824857][ T5324] RBP: 00007fcc99e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 73.824866][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 73.824875][ T5324] R13: 0000000000000000 R14: 00007fcc99fa5fa0 R15: 00007fff16046168 [ 73.824892][ T5324]