BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:71 in_atomic(): 1, irqs_disabled(): 0, pid: 16149, name: syz-executor4 2 locks held by syz-executor4/16149: #0: (&vcpu->mutex){+.+.}, at: [] vcpu_load+0x1c/0x70 arch/x86/kvm/../../../virt/kvm/kvm_main.c:154 #1: (&kvm->srcu){....}, at: [] vcpu_enter_guest arch/x86/kvm/x86.c:7021 [inline] #1: (&kvm->srcu){....}, at: [] vcpu_run arch/x86/kvm/x86.c:7100 [inline] #1: (&kvm->srcu){....}, at: [] kvm_arch_vcpu_ioctl_run+0x1bdd/0x5a30 arch/x86/kvm/x86.c:7261 kvm [16124]: vcpu0, guest rIP: 0xfff0 Hyper-V uhandled wrmsr: 0x40000076 data 0xba2 CPU: 0 PID: 16149 Comm: syz-executor4 Not tainted 4.13.0-mm1+ #7 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6015 kvm [16124]: vcpu0, guest rIP: 0xfff0 Hyper-V uhandled wrmsr: 0x40000076 data 0xba2 __might_sleep+0x95/0x190 kernel/sched/core.c:5968 __might_fault+0xab/0x1d0 mm/memory.c:4499 __copy_from_user include/linux/uaccess.h:71 [inline] paging32_walk_addr_generic+0x427/0x1d80 arch/x86/kvm/paging_tmpl.h:369 paging32_walk_addr arch/x86/kvm/paging_tmpl.h:475 [inline] paging32_gva_to_gpa+0xa5/0x230 arch/x86/kvm/paging_tmpl.h:913 kvm_read_guest_virt_helper+0xd8/0x140 arch/x86/kvm/x86.c:4436 kvm_read_guest_virt_system+0x3c/0x50 arch/x86/kvm/x86.c:4503 segmented_read_std+0x10c/0x180 arch/x86/kvm/emulate.c:822 em_fxrstor+0x27b/0x410 arch/x86/kvm/emulate.c:4025 x86_emulate_insn+0x55d/0x3cf0 arch/x86/kvm/emulate.c:5483 x86_emulate_instruction+0x411/0x1ca0 arch/x86/kvm/x86.c:5735 kvm_mmu_page_fault+0x1b0/0x2f0 arch/x86/kvm/mmu.c:4956 handle_ept_violation+0x194/0x540 arch/x86/kvm/vmx.c:6502 vmx_handle_exit+0x24b/0x1a60 arch/x86/kvm/vmx.c:8823 vcpu_enter_guest arch/x86/kvm/x86.c:7038 [inline] vcpu_run arch/x86/kvm/x86.c:7100 [inline] kvm_arch_vcpu_ioctl_run+0x1d36/0x5a30 arch/x86/kvm/x86.c:7261 kvm_vcpu_ioctl+0x64c/0x1010 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2550 vfs_ioctl fs/ioctl.c:45 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685 SYSC_ioctl fs/ioctl.c:700 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x451e59 RSP: 002b:00007f4fd8dcdc08 EFLAGS: 00000216 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59 RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000018 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004bb940 R13: 00000000ffffffff R14: 0000000000000006 R15: 0000000000000018 netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. audit: type=1326 audit(1505601823.148:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=16244 comm="syz-executor6" exe="/root/syz-executor6" sig=9 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0x0 RDS: rds_bind could not find a transport for 172.20.5.187, load rds_tcp or rds_rdma? audit: type=1326 audit(1505601823.342:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=16244 comm="syz-executor6" exe="/root/syz-executor6" sig=9 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0x0 RDS: rds_bind could not find a transport for 172.20.5.187, load rds_tcp or rds_rdma? netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode loop_reread_partitions: partition scan of loop0 (t?`JzP[ p>TK6C="L l!V #F-') failed (rc=-13) device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=16675 comm=syz-executor2 FAULT_FLAG_ALLOW_RETRY missing 31 CPU: 1 PID: 16687 Comm: syz-executor6 Tainted: G W 4.13.0-mm1+ #7 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 handle_userfault+0x11ec/0x2390 fs/userfaultfd.c:427 do_anonymous_page mm/memory.c:3135 [inline] handle_pte_fault mm/memory.c:3908 [inline] __handle_mm_fault+0x3823/0x39c0 mm/memory.c:4034 handle_mm_fault+0x334/0x8d0 mm/memory.c:4071 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1520 page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1066 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:66 RSP: 0018:ffff8801d8e47e38 EFLAGS: 00010202 RAX: ffffed003b1c8fd5 RBX: 0000000000000008 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffff8801d8e47ea0 RDI: 0000000020002000 RBP: ffff8801d8e47e68 R08: 0000001800000017 R09: ffffed003b1c8fd5 R10: 0000000000000001 R11: ffffed003b1c8fd4 R12: 0000000020002000 R13: ffff8801d8e47ea0 R14: 00007ffffffff000 R15: 0000000020002008 copy_to_user include/linux/uaccess.h:154 [inline] SYSC_pipe2 fs/pipe.c:846 [inline] SyS_pipe2 fs/pipe.c:838 [inline] SYSC_pipe fs/pipe.c:862 [inline] SyS_pipe+0xfd/0x2e0 fs/pipe.c:860 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x451e59 RSP: 002b:00007f784c99fc08 EFLAGS: 00000216 ORIG_RAX: 0000000000000016 RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020002000 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004b9955 R13: 00000000ffffffff R14: 0000000000000016 R15: 00000000c018aa3f QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. sctp: [Deprecated]: syz-executor1 (pid 16963) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. nla_parse: 1 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pig=17191 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pig=17198 comm=syz-executor3 netlink: 21 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 21 bytes leftover after parsing attributes in process `syz-executor1'. PF_BRIDGE: RTM_SETLINK with unknown ifindex PF_BRIDGE: RTM_SETLINK with unknown ifindex netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. audit: type=1326 audit(1505601830.108:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=17366 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000 RDS: rds_bind could not find a transport for 172.20.3.187, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 172.20.3.187, load rds_tcp or rds_rdma? audit: type=1326 audit(1505601830.188:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=17366 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000 netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. device gre0 entered promiscuous mode netlink: 109 bytes leftover after parsing attributes in process `syz-executor4'. device lo left promiscuous mode