kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 10053 Comm: syz-executor5 Not tainted 4.13.0-rc7-next-20170831+ #12 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff880036f24240 task.stack: ffff88003a130000 RIP: 0010:__hlist_del include/linux/list.h:650 [inline] RIP: 0010:detach_timer kernel/time/timer.c:791 [inline] RIP: 0010:expire_timers kernel/time/timer.c:1309 [inline] RIP: 0010:__run_timers+0x619/0xb90 kernel/time/timer.c:1620 RSP: 0018:ffff88003ec07968 EFLAGS: 00010806 RAX: 1bd5a00000000041 RBX: ffff88002c7b38c0 RCX: 1ffff10007d80f77 RDX: ffff88003ec07bb8 RSI: 0000000000000008 RDI: dead000000000208 RBP: ffff88003ec07c58 R08: ffff88003ec072b8 R09: ffff88003ec072b0 R10: ffff88003ec07228 R11: 1ffff10006de4adb R12: ffff88002c7b38c8 R13: dffffc0000000000 R14: dead000000000200 R15: ffff88003ec07c30 FS: 00007f7fce8b4700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffaccb51000 CR3: 0000000067a48000 CR4: 00000000000026f0 DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000080 DR3: 0000000000000800 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: run_timer_softirq+0x4c/0xb0 kernel/time/timer.c:1646 __do_softirq+0x2bb/0xbd0 kernel/softirq.c:284 invoke_softirq kernel/softirq.c:364 [inline] irq_exit+0x1d3/0x210 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x177/0x710 arch/x86/kernel/apic/apic.c:1044 apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:577 RIP: 0010:rep_nop arch/x86/include/asm/processor.h:634 [inline] RIP: 0010:cpu_relax arch/x86/include/asm/processor.h:639 [inline] RIP: 0010:mutex_spin_on_owner+0x1e2/0x970 kernel/locking/mutex.c:453 RSP: 0018:ffff88003a136ec8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffed0006de4848 RDX: ffff88003a136fa8 RSI: ffff88003c588460 RDI: 0000000000000001 RBP: ffff88003a137010 R08: ffff880036f24240 R09: ffffffff81535a20 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff85b92be0 R13: ffff88003c588400 R14: ffff88003a136fe8 R15: 1ffff10007426de1 mutex_optimistic_spin kernel/locking/mutex.c:547 [inline] __mutex_lock_common kernel/locking/mutex.c:759 [inline] __mutex_lock+0x3b6/0x1870 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 jump_label_lock kernel/jump_label.c:27 [inline] static_key_slow_inc_cpuslocked kernel/jump_label.c:106 [inline] static_key_slow_inc+0x211/0x3c0 kernel/jump_label.c:124 kvm_arch_vcpu_init+0x33e/0x920 arch/x86/kvm/x86.c:8011 kvm_vcpu_init+0x2f9/0x400 arch/x86/kvm/../../../virt/kvm/kvm_main.c:294 vmx_create_vcpu+0x133/0x2ec0 arch/x86/kvm/vmx.c:9519 kvm_arch_vcpu_create+0x12c/0x1a0 arch/x86/kvm/x86.c:7718 kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2480 [inline] kvm_vm_ioctl+0x469/0x1c40 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2984 vfs_ioctl fs/ioctl.c:45 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685 SYSC_ioctl fs/ioctl.c:700 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x447299 RSP: 002b:00007f7fce8b3c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000019 RCX: 0000000000447299 RDX: 0000000000000002 RSI: 000000000000ae41 RDI: 0000000000000019 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 00000000ffffffff R13: 00000000000055d0 R14: 00000000006e7690 R15: ffffffffffffffff Code: 4d 85 f6 4c 89 32 48 89 95 58 fd ff ff 42 c6 04 28 f8 74 26 e8 39 36 10 00 49 8d 7e 08 48 8b 95 58 fd ff ff 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 b5 04 00 00 49 89 56 08 e8 13 36 10 00 4c RIP: __hlist_del include/linux/list.h:650 [inline] RSP: ffff88003ec07968 RIP: detach_timer kernel/time/timer.c:791 [inline] RSP: ffff88003ec07968 RIP: expire_timers kernel/time/timer.c:1309 [inline] RSP: ffff88003ec07968 RIP: __run_timers+0x619/0xb90 kernel/time/timer.c:1620 RSP: ffff88003ec07968 ---[ end trace 7e915839776b831e ]---