program: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x200000, &(0x7f0000000180)={[{@quota}, {@stripe}, {@nombcache}, {@errors_remount}, {@dioread_nolock}, {@data_err_abort}, {@nobarrier}]}, 0xfe, 0x56c, &(0x7f0000000740)="$eJzs3V9rU+cfAPDvSf9orb+fFUS2XYyCF3OIqW33x8Eu3OXYZMJ270IbizQ10qRiO2F6MW92M2QwxoSxF7D7XQ3ZG9ircGyCDCnbhTcdJz3R2CZpUlsbm88Hjp7nPE/yPE/O+T59Tp6EBNC3xtN/chGvRsQ3ScSRhrzByDLH18utProxk25JrK19+ncSSXasXj7J/h/NEq9ExG9fRZzKba63srwyXyiViotZeqK6cHWisrxy+vJCYa44V7wyNT199u3pqffefWfH+vrmhX+//+Teh2e/PrH63c8Pjt5J4lwczvIa+9HWgba5NxsT4zGevSZDcW5DwcluGv4SSPa6AWzLQBbnQ5GOAUdiIIt6YP/7MiLWuvd4G48Bek6ynfgH9oH6PKB+b9/xffA+8fCD9Rugzf1P1t8biYO1e6NDq8kzd0bp/e7YDtSf1vHLX3fvpFt08z4EwHO6eSsizgwOth7/tu9MB2U21mH8gxfnXjr/+XUkYlP8557Mf6LJ/Ge0Sexux9bxn3uwvgi1O9L53/tN579PqhwbyFL/q835hpJLl0vFdGz7f0ScjKEDabrdes7Z1ftrrfIa53/pltZfnwtm7XgwuGHNabZQLTxPnxs9vBXx2hbz36TJ+U9fjwsd1nG8ePf1Vnlb9393rf0U8UbT8/90RStpvz45UbseJupXxWb/3D7+e6v697r/6fk/1L7/Y0njem2l+zp+PPi42CpvPMkWTbu8/oeTz2oj03B27HqhWl2cjBhOPq6lnzk+9fSx9XS9fNr/kyeax3+7638kIj7vsP+3j91uWbQXzv9sV+e/+537H33xQ6v6Oxv/3qrtncyOdDL+ddrA53ntAAAAAAAAoNfkhiMOR5LLZ2v6hyOXy+fXP99xLA7lSuVK9dSl8tKV2ah9V3YshnL1le7Rhs9DTGafh62npzakpyPiaER8OzBSS+dnyqXZve48AAAAAAAAAAAAAAAAAAAA9IjRaP79/9SfA3vdOmDX+clv6F/PxP+BJgV24peegJ7k7z/0L/EP/Uv8Q/8S/9C/xD/0L/EP/Uv8Q/8S/wAAAAAAAAAAAAAAAAAAAAAAAAAAALCjLpw/n25rq49uzETEwbi2vDRfvnZ6tliZzy8szeRnyotX83Pl8lypmJ8pL2z1fKVy+erkVCxdn6gWK9WJyvLKxYXy0pXqxcsLhbnixeLQi+kWAAAAAAAAAAAAAAAAAAAAvFQqyyvzhVKpuNgfO3/0RjP2085gbzTDzmJlJHbwCfd6ZAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAp/4LAAD//4aJNJ8=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e25}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f0000000240)={0x0, 0xda0, &(0x7f0000000080)="142f91b1f9", 0x0, 0x5}) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200) socket$kcm(0x10, 0x2, 0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_KEY(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002abd5000fadbdf250900000008000300", @ANYRES32=r8], 0x24}, 0x1, 0x0, 0x0, 0x240400a1}, 0x40080) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0xa00, 0x0, 0x101, 0x300}}) r9 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$KDSKBLED(r9, 0x4b65, 0x392) [ 68.951977][ T48] Bluetooth: hci0: command tx timeout [ 69.043881][ T5323] loop0: detected capacity change from 0 to 1024 [ 69.088931][ T5323] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.549299][ T5328] [ 69.550611][ T5328] ============================= [ 69.553191][ T5328] WARNING: suspicious RCU usage [ 69.555453][ T5328] 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 Not tainted [ 69.558400][ T5328] ----------------------------- [ 69.560313][ T5328] ./include/linux/kvm_host.h:1059 suspicious rcu_dereference_check() usage! [ 69.563688][ T5328] [ 69.563688][ T5328] other info that might help us debug this: [ 69.563688][ T5328] [ 69.567848][ T5328] [ 69.567848][ T5328] rcu_scheduler_active = 2, debug_locks = 1 [ 69.571834][ T5328] no locks held by syz.0.0/5328. [ 69.574165][ T5328] [ 69.574165][ T5328] stack backtrace: [ 69.576678][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 [ 69.576697][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.576705][ T5328] Call Trace: [ 69.576714][ T5328] [ 69.576746][ T5328] dump_stack_lvl+0x241/0x360 [ 69.576857][ T5328] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.576871][ T5328] ? __pfx__printk+0x10/0x10 [ 69.576888][ T5328] lockdep_rcu_suspicious+0x226/0x340 [ 69.576902][ T5328] kvm_vcpu_gfn_to_memslot+0x429/0x4c0 [ 69.576931][ T5328] ? __might_fault+0xaa/0x120 [ 69.576946][ T5328] kvm_vcpu_write_guest+0x7c/0x130 [ 69.576963][ T5328] kvm_xen_write_hypercall_page+0x2ff/0x5f0 [ 69.576986][ T5328] ? __pfx_kvm_xen_write_hypercall_page+0x10/0x10 [ 69.577007][ T5328] kvm_set_msr_common+0x154/0x3b10 [ 69.577019][ T5328] ? kvm_clear_async_pf_completion_queue+0x3a7/0x3f0 [ 69.577034][ T5328] ? __pfx_lock_release+0x10/0x10 [ 69.577048][ T5328] ? __pfx_kvm_set_msr_common+0x10/0x10 [ 69.577061][ T5328] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.577075][ T5328] vmx_set_msr+0x151d/0x26f0 [ 69.577086][ T5328] ? _raw_spin_unlock+0x28/0x50 [ 69.577130][ T5328] ? kvm_clear_async_pf_completion_queue+0x3a7/0x3f0 [ 69.577144][ T5328] kvm_vcpu_reset+0xbea/0x1740 [ 69.577157][ T5328] ? __pfx_kvm_vcpu_reset+0x10/0x10 [ 69.577168][ T5328] ? __raw_spin_lock_init+0x45/0x100 [ 69.577184][ T5328] kvm_arch_vcpu_create+0x8f4/0xa80 [ 69.577201][ T5328] kvm_vm_ioctl_create_vcpu+0x3d8/0x8b0 [ 69.577221][ T5328] kvm_vm_ioctl+0x7be/0xd50 [ 69.577235][ T5328] ? mark_lock+0x9a/0x360 [ 69.577246][ T5328] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 69.577269][ T5328] ? tomoyo_path_number_perm+0x209/0x770 [ 69.577318][ T5328] ? __pfx_lock_release+0x10/0x10 [ 69.577335][ T5328] ? tomoyo_path_number_perm+0x5dd/0x770 [ 69.577352][ T5328] ? tomoyo_path_number_perm+0x5dd/0x770 [ 69.577368][ T5328] ? tomoyo_path_number_perm+0x65d/0x770 [ 69.577380][ T5328] ? __lock_acquire+0x1397/0x2100 [ 69.577396][ T5328] ? tomoyo_path_number_perm+0x209/0x770 [ 69.577411][ T5328] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 69.577440][ T5328] ? __fget_files+0x2a/0x410 [ 69.577457][ T5328] ? __fget_files+0x2a/0x410 [ 69.577474][ T5328] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 69.577490][ T5328] __se_sys_ioctl+0xf5/0x170 [ 69.577500][ T5328] do_syscall_64+0xf3/0x230 [ 69.577512][ T5328] ? clear_bhb_loop+0x35/0x90 [ 69.577521][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.577531][ T5328] RIP: 0033:0x7f419b38cde9 [ 69.577540][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.577547][ T5328] RSP: 002b:00007f419c1f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.577556][ T5328] RAX: ffffffffffffffda RBX: 00007f419b5a6160 RCX: 00007f419b38cde9 [ 69.577562][ T5328] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000009 [ 69.577568][ T5328] RBP: 00007f419b40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 69.577575][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.577580][ T5328] R13: 0000000000000000 R14: 00007f419b5a6160 R15: 00007fff90b2e198 [ 69.577595][ T5328] [ 69.823289][ T5329] EXT4-fs error (device loop0): ext4_empty_dir:3124: inode #11: block 623: comm syz.0.0: Attempting to read directory block (623) that is past i_size (638464) [ 69.838549][ T5328] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'. [ 69.859528][ T5329] EXT4-fs (loop0): Remounting filesystem read-only