BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:71 in_atomic(): 1, irqs_disabled(): 0, pid: 5227, name: syz-executor1 2 locks held by syz-executor1/5227: #0: (&vcpu->mutex){+.+.}, at: [] vcpu_load+0x1c/0x70 arch/x86/kvm/../../../virt/kvm/kvm_main.c:154 #1: (&kvm->srcu){....}, at: [] vcpu_enter_guest arch/x86/kvm/x86.c:7021 [inline] #1: (&kvm->srcu){....}, at: [] vcpu_run arch/x86/kvm/x86.c:7100 [inline] #1: (&kvm->srcu){....}, at: [] kvm_arch_vcpu_ioctl_run+0x1bdd/0x5a30 arch/x86/kvm/x86.c:7261 CPU: 3 PID: 5227 Comm: syz-executor1 Not tainted 4.13.0-next-20170905+ #15 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6012 __might_sleep+0x95/0x190 kernel/sched/core.c:5965 __might_fault+0xab/0x1d0 mm/memory.c:4499 __copy_from_user include/linux/uaccess.h:71 [inline] paging32_walk_addr_generic+0x427/0x1d80 arch/x86/kvm/paging_tmpl.h:369 paging32_walk_addr arch/x86/kvm/paging_tmpl.h:475 [inline] paging32_gva_to_gpa+0xa5/0x230 arch/x86/kvm/paging_tmpl.h:913 kvm_read_guest_virt_helper+0xd8/0x140 arch/x86/kvm/x86.c:4436 kvm_read_guest_virt_system+0x3c/0x50 arch/x86/kvm/x86.c:4503 segmented_read_std+0x10c/0x180 arch/x86/kvm/emulate.c:822 em_fxrstor+0x27b/0x410 arch/x86/kvm/emulate.c:4025 x86_emulate_insn+0x55d/0x3cf0 arch/x86/kvm/emulate.c:5483 x86_emulate_instruction+0x411/0x1ca0 arch/x86/kvm/x86.c:5735 kvm_mmu_page_fault+0x1b0/0x2f0 arch/x86/kvm/mmu.c:4956 handle_ept_violation+0x194/0x540 arch/x86/kvm/vmx.c:6502 vmx_handle_exit+0x24b/0x1a60 arch/x86/kvm/vmx.c:8823 vcpu_enter_guest arch/x86/kvm/x86.c:7038 [inline] vcpu_run arch/x86/kvm/x86.c:7100 [inline] kvm_arch_vcpu_ioctl_run+0x1d36/0x5a30 arch/x86/kvm/x86.c:7261 kvm_vcpu_ioctl+0x64c/0x1010 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2550 vfs_ioctl fs/ioctl.c:45 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685 SYSC_ioctl fs/ioctl.c:700 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x447299 RSP: 002b:00007fe1d9a49c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000019 RCX: 0000000000447299 RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000019 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 000000000000001a R13: 0000000000005790 R14: 00000000006e8850 R15: 0000000000000019 audit: type=1326 audit(1504666641.291:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=5186 comm="syz-executor6" exe="/syz-executor6" sig=9 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0x0 device gre0 entered promiscuous mode audit: type=1326 audit(1504666641.524:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=5306 comm="syz-executor3" exe="/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0xffff0000 netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. audit: type=1326 audit(1504666641.628:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=5306 comm="syz-executor3" exe="/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0xffff0000 netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl sctp: [Deprecated]: syz-executor0 (pid 5466) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor0 (pid 5476) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead kvm: vcpu 0: requested 68374 ns lapic timer period limited to 500000 ns device gre0 entered promiscuous mode kvm: vcpu 0: requested 68374 ns lapic timer period limited to 500000 ns QAT: Invalid ioctl QAT: Invalid ioctl device syz7 entered promiscuous mode device syz7 left promiscuous mode device syz7 entered promiscuous mode audit: type=1326 audit(1504666643.019:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=5752 comm="syz-executor4" exe="/syz-executor4" sig=9 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0x0 audit: type=1326 audit(1504666643.101:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=5752 comm="syz-executor4" exe="/syz-executor4" sig=9 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0x0 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl device syz4 entered promiscuous mode device syz4 left promiscuous mode device syz4 entered promiscuous mode device syz6 entered promiscuous mode device syz6 left promiscuous mode device syz6 entered promiscuous mode netlink: 13 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor2'. kvm [6254]: vcpu0, guest rIP: 0x8005 ignored wrmsr: 0x11e data 0x61 kvm [6254]: vcpu0, guest rIP: 0x0 ignored wrmsr: 0x11e data 0x61 netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. print_req_error: I/O error, dev loop3, sector 0 Buffer I/O error on dev loop3, logical block 0, lost async page write print_req_error: I/O error, dev loop3, sector 8 Buffer I/O error on dev loop3, logical block 1, lost async page write print_req_error: I/O error, dev loop3, sector 16 Buffer I/O error on dev loop3, logical block 2, lost async page write print_req_error: I/O error, dev loop3, sector 24 Buffer I/O error on dev loop3, logical block 3, lost async page write print_req_error: I/O error, dev loop3, sector 32 netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. Buffer I/O error on dev loop3, logical block 4, lost async page write print_req_error: I/O error, dev loop3, sector 40 Buffer I/O error on dev loop3, logical block 5, lost async page write print_req_error: I/O error, dev loop3, sector 48 Buffer I/O error on dev loop3, logical block 6, lost async page write print_req_error: I/O error, dev loop3, sector 56 Buffer I/O error on dev loop3, logical block 7, lost async page write print_req_error: I/O error, dev loop3, sector 64 netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. Buffer I/O error on dev loop3, logical block 8, lost async page write print_req_error: I/O error, dev loop3, sector 72 Buffer I/O error on dev loop3, logical block 9, lost async page write netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. QAT: Invalid ioctl kvm [6380]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008f kvm [6380]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008e kvm [6380]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008d kvm [6380]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008c kvm [6380]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008b kvm [6380]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008a kvm [6380]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x40000089 kvm [6380]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x40000088 QAT: Invalid ioctl audit: type=1326 audit(1504666645.990:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=6475 comm="syz-executor4" exe="/syz-executor4" sig=9 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0x0 audit: type=1326 audit(1504666646.085:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=6475 comm="syz-executor4" exe="/syz-executor4" sig=9 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0x0 netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. kvm [6555]: vcpu0, guest rIP: 0x9130 disabled perfctr wrmsr: 0xc1 data 0xc1 kvm [6555]: vcpu0, guest rIP: 0x9130 disabled perfctr wrmsr: 0xc2 data 0xc2 kvm [6555]: vcpu0, guest rIP: 0x9130 ignored wrmsr: 0x11e data 0x11e kvm [6555]: vcpu0, guest rIP: 0x9130 disabled perfctr wrmsr: 0x186 data 0x186 kvm [6555]: vcpu0, guest rIP: 0x9130 disabled perfctr wrmsr: 0x187 data 0x187 netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. sg_write: data in/out 327773/19 bytes for SCSI command 0x4e-- guessing data in; program syz-executor0 not setting count and/or reply_len properly sg_write: data in/out 327773/19 bytes for SCSI command 0x4e-- guessing data in; program syz-executor0 not setting count and/or reply_len properly SELinux: unrecognized netlink message: protocol=4 nlmsg_type=770 sclass=netlink_tcpdiag_socket pig=6687 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=771 sclass=netlink_route_socket pig=6687 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=770 sclass=netlink_tcpdiag_socket pig=6687 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=771 sclass=netlink_route_socket pig=6697 comm=syz-executor6 QAT: Invalid ioctl netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. FAULT_FLAG_ALLOW_RETRY missing 31 CPU: 2 PID: 6807 Comm: syz-executor4 Tainted: G W 4.13.0-next-20170905+ #15 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 handle_userfault+0x11ec/0x2390 fs/userfaultfd.c:427 do_anonymous_page mm/memory.c:3135 [inline] handle_pte_fault mm/memory.c:3908 [inline] __handle_mm_fault+0x3823/0x39c0 mm/memory.c:4034 QAT: Invalid ioctl handle_mm_fault+0x3bb/0x860 mm/memory.c:4071 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1520 do_async_page_fault+0x72/0xc0 arch/x86/kernel/kvm.c:266 async_page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1069 RIP: 0010:copy_user_generic_string+0x2c/0x40 arch/x86/lib/copy_user_64.S:143 RSP: 0018:ffff88005d347e38 EFLAGS: 00010246 RAX: ffffed000ba68fd5 RBX: 0000000000000008 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffff88005d347ea0 RDI: 0000000020002000 RBP: ffff88005d347e68 R08: ffffed000ba68fd5 R09: ffffed000ba68fd5 R10: 0000000000000001 R11: ffffed000ba68fd4 R12: 0000000020002000 R13: ffff88005d347ea0 R14: 00007ffffffff000 R15: 0000000020002008 copy_to_user include/linux/uaccess.h:154 [inline] SYSC_pipe2 fs/pipe.c:846 [inline] SyS_pipe2 fs/pipe.c:838 [inline] SYSC_pipe fs/pipe.c:862 [inline] SyS_pipe+0xfd/0x2e0 fs/pipe.c:860 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x447299 RSP: 002b:00007f53c6a4cc08 EFLAGS: 00000296 ORIG_RAX: 0000000000000016 RAX: ffffffffffffffda RBX: 0000000020002000 RCX: 0000000000447299 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020002000 netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f53c6a4d9c0 R15: 00007f53c6a4d700 netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. [drm:cirrus_gem_create] *ERROR* failed to allocate GEM object netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. kvm [6845]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x186 data 0x8 [drm:cirrus_gem_create] *ERROR* failed to allocate GEM object kvm [6845]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x186 data 0x8 device lo entered promiscuous mode device lo entered promiscuous mode TCP: request_sock_TCP: Possible SYN flooding on port 20015. Sending cookies. Check SNMP counters. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6982 comm=syz-executor4 TCP: request_sock_TCP: Possible SYN flooding on port 20015. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20013. Sending cookies. Check SNMP counters. *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000000 RIP = 0x000000000000fff0 RFLAGS=0x00010100 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 QAT: Invalid ioctl TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811b8c6f RSP = 0xffff88005dcd74c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fe1d9a26700 GSBase=ffff88003ec00000 TRBase=ffff88003ec23100 GDTBase=ffffffffff577000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=000000003b3d7000 CR4=00000000000026f0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d41e80 EFER = 0x0000000000000d01 PAT = 0x0007040600070406 *** Control State *** PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 EntryControls=0001d1ff ExitControls=00afefff ExceptionBitmap=0006004a PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffda4fa10276 TPR Threshold = 0x00 EPT pointer = 0x000000003993c01e Virtual processor ID = 0x009a *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000000 RIP = 0x000000000000fff0 RFLAGS=0x00010100 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811b8c6f RSP = 0xffff88005dcd74c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fe1d9a26700 GSBase=ffff88006de00000 TRBase=ffff88006de23100 GDTBase=ffffffffff575000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=000000003b3d7000 CR4=00000000000026e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d41e80 EFER = 0x0000000000000d01 PAT = 0x0007040600070406 *** Control State *** PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 EntryControls=0001d1ff ExitControls=00afefff ExceptionBitmap=0006004a PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffda35a0cace EPT pointer = 0x000000005dfe201e Virtual processor ID = 0x0001 syz-executor7: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor7 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 7111 Comm: syz-executor7 Tainted: G W 4.13.0-next-20170905+ #15 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3257 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=21 sclass=netlink_audit_socket pig=7113 comm=syz-executor6 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:686 do_replace net/ipv4/netfilter/ip_tables.c:1129 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1663 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2799 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2960 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x447299 RSP: 002b:00007f86a7153c08 EFLAGS: 00000292 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000000447299 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000001a RBP: 0000000000000082 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000292 R12: 00000000ffffffff R13: 0000000000005e50 R14: 00000000006e8f10 R15: 0000000000000000 warn_alloc_show_mem: 1 callbacks suppressed Mem-Info: active_anon:119988 inactive_anon:48 isolated_anon:0 active_file:3464 inactive_file:4122 isolated_file:0 unevictable:0 dirty:104 writeback:0 unstable:0 slab_reclaimable:5698 slab_unreclaimable:36939 mapped:20594 shmem:56 pagetables:853 bounce:0 free:219716 free_pcp:903 free_cma:0 *** Guest State *** CR0: actual=0x0000000000000031, shadow=0x0000000060000011, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000020, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000000 RIP = 0x0000000000000000 RFLAGS=0x00041090 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810 CS: sel=0x0043, attr=0x040fb, limit=0x000fffff, base=0x0000000000000000 DS: sel=0x004b, attr=0x040f3, limit=0x000fffff, base=0x0000000000000000 SS: sel=0x004b, attr=0x040f3, limit=0x000fffff, base=0x0000000000000000 ES: sel=0x004b, attr=0x040f3, limit=0x000fffff, base=0x0000000000000000 FS: sel=0x004b, attr=0x040f3, limit=0x000fffff, base=0x0000000000000000 GS: sel=0x004b, attr=0x040f3, limit=0x000fffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x000001ff, base=0x0000000000003800 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000001 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811b8c6f RSP = 0xffff8800286974c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fd33e0d1700 GSBase=ffff88006de00000 TRBase=ffff88006de23100 GDTBase=ffffffffff575000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=000000003d5de000 CR4=00000000000026e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d41e80 EFER = 0x0000000000000d01 PAT = 0x0007040600070406 *** Control State *** PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 EntryControls=0001d1ff ExitControls=00afefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffda11baf5b8 TPR Threshold = 0x00 EPT pointer = 0x000000003d35801e Virtual processor ID = 0x0001 *** Guest State *** CR0: actual=0x0000000000000031, shadow=0x0000000060000011, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000020, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000102 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810 CS: sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000 DS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 SS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 ES: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 FS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x000001ff, base=0x0000000000003800 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000001 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811b8c6f RSP = 0xffff8800286974c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fd33e0d1700 GSBase=ffff88006de00000 TRBase=ffff88006de23100 GDTBase=ffffffffff575000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=000000003d5de000 CR4=00000000000026e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d41e80 EFER = 0x0000000000000d01 PAT = 0x0007040600070406 *** Control State *** PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 EntryControls=0001d1ff ExitControls=00afefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffda11baf5b8 TPR Threshold = 0x00 EPT pointer = 0x000000003d35801e Virtual processor ID = 0x0001 *** Guest State *** CR0: actual=0x0000000000000031, shadow=0x0000000060000011, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000020, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000102 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810 CS: sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000 DS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 SS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 ES: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 FS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x000001ff, base=0x0000000000003800 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000001 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811b8c6f RSP = 0xffff88005dd574c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fd33e08d700 GSBase=ffff88006de00000 TRBase=ffff88006de23100 GDTBase=ffffffffff575000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=000000003d5de000 CR4=00000000000026e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d41e80 EFER = 0x0000000000000d01 PAT = 0x0007040600070406 *** Control State *** PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 EntryControls=0001d1ff ExitControls=00afefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffda11baf5b8 TPR Threshold = 0x00 EPT pointer = 0x000000003d35801e Virtual processor ID = 0x0001 syz-executor7: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor7 cpuset=/ mems_allowed=0-1 CPU: 3 PID: 7094 Comm: syz-executor7 Tainted: G W 4.13.0-next-20170905+ #15 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3257 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:686 do_replace net/ipv4/netfilter/ip_tables.c:1129 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1663 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2799 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2960 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x447299 RSP: 002b:00007f86a7195c08 EFLAGS: 00000292 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000021 RCX: 0000000000447299 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000021 RBP: 0000000000000082 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000292 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f86a71969c0 R15: 00007f86a7196700 Node 0 active_anon:269684kB inactive_anon:136kB active_file:7468kB inactive_file:12308kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:42320kB dirty:224kB writeback:0kB shmem:140kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:173156kB inactive_anon:72kB active_file:6388kB inactive_file:4180kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:40052kB dirty:232kB writeback:0kB shmem:96kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 32768kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:640kB low:800kB high:960kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 886 886 886 Node 0 DMA32 free:461412kB min:36536kB low:45668kB high:54800kB active_anon:269660kB inactive_anon:136kB active_file:7468kB inactive_file:16908kB unevictable:0kB writepending:224kB present:1032192kB managed:909848kB mlocked:0kB kernel_stack:2272kB pagetables:1540kB bounce:0kB free_pcp:2024kB local_pcp:196kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 1 DMA32 free:429176kB min:30404kB low:38004kB high:45604kB active_anon:177352kB inactive_anon:68kB active_file:6388kB inactive_file:8936kB unevictable:0kB writepending:232kB present:1048560kB managed:755216kB mlocked:0kB kernel_stack:3104kB pagetables:1824kB bounce:0kB free_pcp:2212kB local_pcp:720kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 219*4kB (UM) 269*8kB (UME) 2061*16kB (UME) 1268*32kB (UME) 783*64kB (UME) 99*128kB (UM) 7*256kB (UME) 1*512kB (M) 6*1024kB (UME) 5*2048kB (UM) 74*4096kB (M) = 461156kB Node 1 DMA32: 134*4kB (UM) 376*8kB (UM) 349*16kB (UME) 116*32kB (UM) 120*64kB (UM) 34*128kB (UME) 12*256kB (UM) 16*512kB (UME) 4*1024kB (UE) 4*2048kB (UME) 92*4096kB (UM) = 425256kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 7781 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 524186 pages RAM 0 pages HighMem/MovableOnly 103943 pages reserved sctp: [Deprecated]: syz-executor1 (pid 7195) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead QAT: Invalid ioctl QAT: Invalid ioctl sctp: [Deprecated]: syz-executor1 (pid 7233) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead QAT: Invalid ioctl kvm [7398]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008f kvm [7398]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008e kvm [7398]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000023 data 0x66c900003b9a1043 kvm [7398]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000022 data 0x66c90000cb211043 kvm [7398]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000020 data 0x66c90000000a1043 *** Guest State *** CR0: actual=0x0000000000000031, shadow=0x0000000060000011, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x003cf702 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810 CS: sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000 DS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 SS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 ES: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 FS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x000001ff, base=0x0000000000003800 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000001 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811b8c6f RSP = 0xffff880033c2f4c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fe1d9a4a700 GSBase=ffff88003ed00000 TRBase=ffff88003ed23100 GDTBase=ffffffffff576000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=000000003c24b000 CR4=00000000000026e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d41e80 EFER = 0x0000000000000d01 PAT = 0x0007040600070406 *** Control State *** PinBased=0000007f CPUBased=b6a1edfa SecondaryExec=000000e3 EntryControls=0001d1ff ExitControls=00afefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=800000fc errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000004 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffd9021ff7a8 TPR Threshold = 0x00 EPT pointer = 0x000000003c59801e Virtual processor ID = 0x00b0 sg_write: data in/out 327773/154 bytes for SCSI command 0x50-- guessing data in; program syz-executor7 not setting count and/or reply_len properly SELinux: unrecognized netlink message: protocol=9 nlmsg_type=65535 sclass=netlink_audit_socket pig=7478 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=65535 sclass=netlink_audit_socket pig=7478 comm=syz-executor2 sg_write: data in/out 327773/154 bytes for SCSI command 0x50-- guessing data in; program syz-executor7 not setting count and/or reply_len properly TCP: tcp_parse_options: Illegal window scaling value 32 > 14 received TCP: tcp_parse_options: Illegal window scaling value 32 > 14 received audit: type=1326 audit(1504666650.315:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7585 comm="syz-executor5" exe="/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0xffff0000 audit: type=1326 audit(1504666650.390:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7620 comm="syz-executor3" exe="/syz-executor3" sig=9 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0x0 sctp: [Deprecated]: syz-executor1 (pid 7628) Use of int in maxseg socket option. Use struct sctp_assoc_value instead audit: type=1326 audit(1504666650.425:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7585 comm="syz-executor5" exe="/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0xffff0000 sctp: [Deprecated]: syz-executor1 (pid 7637) Use of int in maxseg socket option. Use struct sctp_assoc_value instead audit: type=1326 audit(1504666650.459:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7620 comm="syz-executor3" exe="/syz-executor3" sig=9 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0x0 kvm pmu: pin control bit is ignored kvm_pmu: event creation failed -2 audit: type=1326 audit(1504666650.881:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7677 comm="syz-executor7" exe="/syz-executor7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0xffff0000 kvm [7719]: vcpu0, guest rIP: 0x9112 disabled perfctr wrmsr: 0xc1 data 0xc9ca00000000005e audit: type=1326 audit(1504666650.978:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7677 comm="syz-executor7" exe="/syz-executor7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x447299 code=0xffff0000 nla_parse: 10 callbacks suppressed netlink: 6 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor5'. ptm ptm3: ldisc open failed (-12), clearing slot 3 ============================= WARNING: suspicious RCU usage 4.13.0-next-20170905+ #15 Tainted: G W ----------------------------- ./include/linux/kvm_host.h:481 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 no locks held by syz-executor5/7783. stack backtrace: CPU: 3 PID: 7783 Comm: syz-executor5 Tainted: G W 4.13.0-next-20170905+ #15 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4673 kvm_get_bus include/linux/kvm_host.h:479 [inline] kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:678 [inline] kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3155 [inline] kvm_dev_ioctl+0x877/0x1840 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3206 vfs_ioctl fs/ioctl.c:45 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685 SYSC_ioctl fs/ioctl.c:700 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x447299 RSP: 002b:00007fbd0f63cc08 EFLAGS: 00000296 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000025 RCX: 0000000000447299 RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000025 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 00000000ffffffff R13: 0000000000005f60 R14: 00000000006e9020 R15: 0000000020014000 ============================= WARNING: suspicious RCU usage 4.13.0-next-20170905+ #15 Tainted: G W ----------------------------- ./include/linux/kvm_host.h:575 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 no locks held by syz-executor5/7783. stack backtrace: CPU: 3 PID: 7783 Comm: syz-executor5 Tainted: G W 4.13.0-next-20170905+ #15 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4673 __kvm_memslots include/linux/kvm_host.h:573 [inline] kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:680 [inline] kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3155 [inline] kvm_dev_ioctl+0xd21/0x1840 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3206 vfs_ioctl fs/ioctl.c:45 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685 SYSC_ioctl fs/ioctl.c:700 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x447299 RSP: 002b:00007fbd0f63cc08 EFLAGS: 00000296 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000025 RCX: 0000000000447299 RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000025 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 00000000ffffffff R13: 0000000000005f60 R14: 00000000006e9020 R15: 0000000020014000