BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:71 in_atomic(): 1, irqs_disabled(): 0, pid: 5044, name: syz-executor7 2 locks held by syz-executor7/5044: #0: (&vcpu->mutex){+.+.}, at: [] vcpu_load+0x1c/0x70 arch/x86/kvm/../../../virt/kvm/kvm_main.c:154 #1: (&kvm->srcu){....}, at: [] vcpu_enter_guest arch/x86/kvm/x86.c:7021 [inline] #1: (&kvm->srcu){....}, at: [] vcpu_run arch/x86/kvm/x86.c:7100 [inline] #1: (&kvm->srcu){....}, at: [] kvm_arch_vcpu_ioctl_run+0x1bdd/0x5a30 arch/x86/kvm/x86.c:7261 CPU: 1 PID: 5044 Comm: syz-executor7 Not tainted 4.13.0-mm1+ #6 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6012 __might_sleep+0x95/0x190 kernel/sched/core.c:5965 __might_fault+0xab/0x1d0 mm/memory.c:4499 __copy_from_user include/linux/uaccess.h:71 [inline] paging32_walk_addr_generic+0x427/0x1d80 arch/x86/kvm/paging_tmpl.h:369 paging32_walk_addr arch/x86/kvm/paging_tmpl.h:475 [inline] paging32_gva_to_gpa+0xa5/0x230 arch/x86/kvm/paging_tmpl.h:913 kvm_read_guest_virt_helper+0xd8/0x140 arch/x86/kvm/x86.c:4436 kvm_read_guest_virt_system+0x3c/0x50 arch/x86/kvm/x86.c:4503 segmented_read_std+0x10c/0x180 arch/x86/kvm/emulate.c:822 em_fxrstor+0x27b/0x410 arch/x86/kvm/emulate.c:4025 x86_emulate_insn+0x55d/0x3cf0 arch/x86/kvm/emulate.c:5483 x86_emulate_instruction+0x411/0x1ca0 arch/x86/kvm/x86.c:5735 kvm_mmu_page_fault+0x1b0/0x2f0 arch/x86/kvm/mmu.c:4956 handle_ept_violation+0x194/0x540 arch/x86/kvm/vmx.c:6502 vmx_handle_exit+0x24b/0x1a60 arch/x86/kvm/vmx.c:8823 vcpu_enter_guest arch/x86/kvm/x86.c:7038 [inline] vcpu_run arch/x86/kvm/x86.c:7100 [inline] kvm_arch_vcpu_ioctl_run+0x1d36/0x5a30 arch/x86/kvm/x86.c:7261 kvm_vcpu_ioctl+0x64c/0x1010 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2550 vfs_ioctl fs/ioctl.c:45 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685 SYSC_ioctl fs/ioctl.c:700 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x451e59 RSP: 002b:00007f6e8c656c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000718210 RCX: 0000000000451e59 RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000001d RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004be1b8 R13: 00000000ffffffff R14: 000000000000001a R15: 000000004020ae46 TCP: request_sock_TCP: Possible SYN flooding on port 20024. Sending cookies. Check SNMP counters. TCP: request_sock_TCP: Possible SYN flooding on port 20012. Sending cookies. Check SNMP counters. device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode capability: warning: `syz-executor5' uses deprecated v2 capabilities in a way that may be insecure device gre0 left promiscuous mode device lo entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 6245 Comm: syz-executor6 Tainted: G W 4.13.0-mm1+ #6 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:31 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3559 __build_skb+0x9d/0x450 net/core/skbuff.c:284 build_skb+0x6f/0x260 net/core/skbuff.c:316 tun_build_skb.isra.42+0x92f/0x1690 drivers/net/tun.c:1346 tun_get_user+0x1dad/0x2150 drivers/net/tun.c:1455 tun_chr_write_iter+0xde/0x190 drivers/net/tun.c:1579 call_write_iter include/linux/fs.h:1770 [inline] new_sync_write fs/read_write.c:468 [inline] __vfs_write+0x68a/0x970 fs/read_write.c:481 vfs_write+0x18f/0x510 fs/read_write.c:543 SYSC_write fs/read_write.c:588 [inline] SyS_write+0xef/0x220 fs/read_write.c:580 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x40c2c1 RSP: 002b:00007f54db623c10 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 000000000040c2c1 RDX: 0000000000000096 RSI: 00000000202cb000 RDI: 0000000000000015 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000000f4240 R11: 0000000000000293 R12: 00000000004b69f7 R13: 00007f54db623b48 R14: 00000000004b6a07 R15: 0000000000000000 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl sg_write: data in/out 110652/491 bytes for SCSI command 0x0-- guessing data in; program syz-executor4 not setting count and/or reply_len properly sg_write: data in/out 110652/491 bytes for SCSI command 0x0-- guessing data in; program syz-executor4 not setting count and/or reply_len properly FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 6910 Comm: syz-executor3 Tainted: G W 4.13.0-mm1+ #6 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:31 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3559 __build_skb+0x9d/0x450 net/core/skbuff.c:284 build_skb+0x6f/0x260 net/core/skbuff.c:316 tun_build_skb.isra.42+0x92f/0x1690 drivers/net/tun.c:1346 tun_get_user+0x1dad/0x2150 drivers/net/tun.c:1455 tun_chr_write_iter+0xde/0x190 drivers/net/tun.c:1579 call_write_iter include/linux/fs.h:1770 [inline] new_sync_write fs/read_write.c:468 [inline] __vfs_write+0x68a/0x970 fs/read_write.c:481 vfs_write+0x18f/0x510 fs/read_write.c:543 SYSC_write fs/read_write.c:588 [inline] SyS_write+0xef/0x220 fs/read_write.c:580 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x40c2c1 RSP: 002b:00007ff9ac34bc10 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00000000007180b0 RCX: 000000000040c2c1 RDX: 0000000000000096 RSI: 00000000202cb000 RDI: 0000000000000015 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000000f4240 R11: 0000000000000293 R12: 00000000004b69f7 R13: 00007ff9ac34bb48 R14: 00000000004b6a07 R15: 0000000000000000 QAT: Invalid ioctl QAT: Invalid ioctl raw_sendmsg: syz-executor7 forgot to set AF_INET. Fix it! netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. audit: type=1326 audit(1505181619.354:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7083 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000 sctp: [Deprecated]: syz-executor4 (pid 7102) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor4 (pid 7102) Use of int in maxseg socket option. Use struct sctp_assoc_value instead tmpfs: No value for mount option 'ñ,6#' tmpfs: No value for mount option 'ñ,6#' audit: type=1326 audit(1505181619.543:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7083 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000 tmpfs: No value for mount option 'ñ,6#' tmpfs: No value for mount option 'ñ,6#' audit: type=1326 audit(1505181619.758:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7182 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000 audit: type=1326 audit(1505181619.952:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7182 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000 netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'.