program: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x200000, &(0x7f0000000180)={[{@quota}, {@stripe}, {@nombcache}, {@errors_remount}, {@dioread_nolock}, {@data_err_abort}, {@nobarrier}]}, 0xfe, 0x56c, &(0x7f0000000740)="$eJzs3V9rU+cfAPDvSf9orb+fFUS2XYyCF3OIqW33x8Eu3OXYZMJ270IbizQ10qRiO2F6MW92M2QwxoSxF7D7XQ3ZG9ircGyCDCnbhTcdJz3R2CZpUlsbm88Hjp7nPE/yPE/O+T59Tp6EBNC3xtN/chGvRsQ3ScSRhrzByDLH18utProxk25JrK19+ncSSXasXj7J/h/NEq9ExG9fRZzKba63srwyXyiViotZeqK6cHWisrxy+vJCYa44V7wyNT199u3pqffefWfH+vrmhX+//+Teh2e/PrH63c8Pjt5J4lwczvIa+9HWgba5NxsT4zGevSZDcW5DwcluGv4SSPa6AWzLQBbnQ5GOAUdiIIt6YP/7MiLWuvd4G48Bek6ynfgH9oH6PKB+b9/xffA+8fCD9Rugzf1P1t8biYO1e6NDq8kzd0bp/e7YDtSf1vHLX3fvpFt08z4EwHO6eSsizgwOth7/tu9MB2U21mH8gxfnXjr/+XUkYlP8557Mf6LJ/Ge0Sexux9bxn3uwvgi1O9L53/tN579PqhwbyFL/q835hpJLl0vFdGz7f0ScjKEDabrdes7Z1ftrrfIa53/pltZfnwtm7XgwuGHNabZQLTxPnxs9vBXx2hbz36TJ+U9fjwsd1nG8ePf1Vnlb9393rf0U8UbT8/90RStpvz45UbseJupXxWb/3D7+e6v697r/6fk/1L7/Y0njem2l+zp+PPi42CpvPMkWTbu8/oeTz2oj03B27HqhWl2cjBhOPq6lnzk+9fSx9XS9fNr/kyeax3+7638kIj7vsP+3j91uWbQXzv9sV+e/+537H33xQ6v6Oxv/3qrtncyOdDL+ddrA53ntAAAAAAAAoNfkhiMOR5LLZ2v6hyOXy+fXP99xLA7lSuVK9dSl8tKV2ah9V3YshnL1le7Rhs9DTGafh62npzakpyPiaER8OzBSS+dnyqXZve48AAAAAAAAAAAAAAAAAAAA9IjRaP79/9SfA3vdOmDX+clv6F/PxP+BJgV24peegJ7k7z/0L/EP/Uv8Q/8S/9C/xD/0L/EP/Uv8Q/8S/wAAAAAAAAAAAAAAAAAAAAAAAAAAALCjLpw/n25rq49uzETEwbi2vDRfvnZ6tliZzy8szeRnyotX83Pl8lypmJ8pL2z1fKVy+erkVCxdn6gWK9WJyvLKxYXy0pXqxcsLhbnixeLQi+kWAAAAAAAAAAAAAAAAAAAAvFQqyyvzhVKpuNgfO3/0RjP2085gbzTDzmJlJHbwCfd6ZAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAp/4LAAD//4aJNJ8=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e25}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f0000000240)={0x0, 0xda0, &(0x7f0000000080)="142f91b1f9", 0x0, 0x5}) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200) socket$kcm(0x10, 0x2, 0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_KEY(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002abd5000fadbdf250900000008000300", @ANYRES32=r8], 0x24}, 0x1, 0x0, 0x0, 0x240400a1}, 0x40080) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0xa00, 0x0, 0x101, 0x300}}) r9 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$KDSKBLED(r9, 0x4b65, 0x392) [ 81.843150][ T4669] Bluetooth: hci0: command tx timeout [ 81.847099][ T1309] ieee802154 phy0 wpan0: encryption failed: -22 [ 81.850618][ T1309] ieee802154 phy1 wpan1: encryption failed: -22 [ 81.940661][ T5331] loop0: detected capacity change from 0 to 1024 [ 81.980292][ T5331] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.222274][ T5336] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 440: padding at end of block bitmap is not set [ 82.252612][ T5336] EXT4-fs (loop0): Remounting filesystem read-only [ 82.425590][ T5337] [ 82.426625][ T5337] ============================= [ 82.428619][ T5337] WARNING: suspicious RCU usage [ 82.430512][ T5337] 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 Not tainted [ 82.433792][ T5337] ----------------------------- [ 82.436310][ T5337] ./include/linux/kvm_host.h:1059 suspicious rcu_dereference_check() usage! [ 82.441050][ T5337] [ 82.441050][ T5337] other info that might help us debug this: [ 82.441050][ T5337] [ 82.445317][ T5337] [ 82.445317][ T5337] rcu_scheduler_active = 2, debug_locks = 1 [ 82.448460][ T5337] no locks held by syz.0.0/5337. [ 82.450413][ T5337] [ 82.450413][ T5337] stack backtrace: [ 82.453560][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 [ 82.453581][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 82.453591][ T5337] Call Trace: [ 82.453599][ T5337] [ 82.453604][ T5337] dump_stack_lvl+0x241/0x360 [ 82.453737][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.453753][ T5337] ? __pfx__printk+0x10/0x10 [ 82.453776][ T5337] lockdep_rcu_suspicious+0x226/0x340 [ 82.453794][ T5337] kvm_vcpu_gfn_to_memslot+0x429/0x4c0 [ 82.453820][ T5337] ? __might_fault+0xaa/0x120 [ 82.453832][ T5337] kvm_vcpu_write_guest+0x7c/0x130 [ 82.453843][ T5337] kvm_xen_write_hypercall_page+0x2ff/0x5f0 [ 82.453856][ T5337] ? __pfx_kvm_xen_write_hypercall_page+0x10/0x10 [ 82.453872][ T5337] kvm_set_msr_common+0x154/0x3b10 [ 82.453883][ T5337] ? kvm_clear_async_pf_completion_queue+0x3a7/0x3f0 [ 82.453898][ T5337] ? __pfx_lock_release+0x10/0x10 [ 82.453909][ T5337] ? __pfx_kvm_set_msr_common+0x10/0x10 [ 82.453920][ T5337] ? do_raw_spin_unlock+0x58/0x8b0 [ 82.453930][ T5337] vmx_set_msr+0x151d/0x26f0 [ 82.453938][ T5337] ? _raw_spin_unlock+0x28/0x50 [ 82.453976][ T5337] ? kvm_clear_async_pf_completion_queue+0x3a7/0x3f0 [ 82.453989][ T5337] kvm_vcpu_reset+0xbea/0x1740 [ 82.454006][ T5337] ? __pfx_kvm_vcpu_reset+0x10/0x10 [ 82.454023][ T5337] ? preempt_schedule_thunk+0x1a/0x30 [ 82.454042][ T5337] ? vcpu_load+0x6c/0x90 [ 82.454057][ T5337] ? vcpu_load+0x81/0x90 [ 82.454069][ T5337] kvm_arch_vcpu_create+0x8f4/0xa80 [ 82.454082][ T5337] kvm_vm_ioctl_create_vcpu+0x3d8/0x8b0 [ 82.454097][ T5337] kvm_vm_ioctl+0x7be/0xd50 [ 82.454111][ T5337] ? mark_lock+0x9a/0x360 [ 82.454125][ T5337] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 82.454150][ T5337] ? tomoyo_path_number_perm+0x209/0x770 [ 82.454219][ T5337] ? __pfx_lock_release+0x10/0x10 [ 82.454234][ T5337] ? tomoyo_path_number_perm+0x5dd/0x770 [ 82.454248][ T5337] ? tomoyo_path_number_perm+0x5dd/0x770 [ 82.454262][ T5337] ? tomoyo_path_number_perm+0x65d/0x770 [ 82.454272][ T5337] ? __lock_acquire+0x1397/0x2100 [ 82.454287][ T5337] ? tomoyo_path_number_perm+0x209/0x770 [ 82.454307][ T5337] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 82.454359][ T5337] ? __fget_files+0x2a/0x410 [ 82.454372][ T5337] ? __fget_files+0x2a/0x410 [ 82.454384][ T5337] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 82.454396][ T5337] __se_sys_ioctl+0xf5/0x170 [ 82.454407][ T5337] do_syscall_64+0xf3/0x230 [ 82.454422][ T5337] ? clear_bhb_loop+0x35/0x90 [ 82.454437][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.454448][ T5337] RIP: 0033:0x7f3aa118cde9 [ 82.454459][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.454467][ T5337] RSP: 002b:00007f3aa1f74038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 82.454479][ T5337] RAX: ffffffffffffffda RBX: 00007f3aa13a6160 RCX: 00007f3aa118cde9 [ 82.454486][ T5337] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000009 [ 82.454493][ T5337] RBP: 00007f3aa120e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 82.454499][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 82.454507][ T5337] R13: 0000000000000000 R14: 00007f3aa13a6160 R15: 00007fff88c56e18 [ 82.454521][ T5337] [ 82.589850][ T5338] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'.