MPI: mpi too large (16392 bits)
==================================================================
BUG: KASAN: out-of-bounds in check_canary_byte mm/kfence/core.c:211 [inline]
BUG: KASAN: out-of-bounds in for_each_canary mm/kfence/core.c:245 [inline]
BUG: KASAN: out-of-bounds in kfence_guarded_free+0x7f1/0x8f0 mm/kfence/core.c:374
Read of size 1 at addr ffff88823bdb4801 by task syz-executor.5/19224

CPU: 1 PID: 19224 Comm: syz-executor.5 Not tainted 5.10.0-next-20201223-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:230
 __kasan_report mm/kasan/report.c:396 [inline]
 kasan_report.cold+0x79/0xd5 mm/kasan/report.c:413
 check_canary_byte mm/kfence/core.c:211 [inline]
 for_each_canary mm/kfence/core.c:245 [inline]
 kfence_guarded_free+0x7f1/0x8f0 mm/kfence/core.c:374
 __kfence_free+0x70/0x150 mm/kfence/core.c:756
 do_slab_free mm/slub.c:3145 [inline]
 slab_free mm/slub.c:3158 [inline]
 kfree+0x368/0x3c0 mm/slub.c:4156
 dh_free_data security/keys/dh.c:62 [inline]
 __keyctl_dh_compute+0xe3b/0x1300 security/keys/dh.c:404
 keyctl_dh_compute+0xbf/0x120 security/keys/dh.c:422
 __do_sys_keyctl+0xb0/0x500 security/keys/keyctl.c:1973
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45e149
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ff50496ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e149
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000017
RBP: 000000000119bfd0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c
R13: 00007fff67ec780f R14: 00007ff50496b9c0 R15: 000000000119bf8c


============================================
WARNING: possible recursive locking detected
5.10.0-next-20201223-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.5/19224 is trying to acquire lock:
ffffffff8f90c990 (&meta->lock){..-.}-{2:2}, at: kfence_handle_page_fault+0x183/0x640 mm/kfence/core.c:796

but task is already holding lock:
ffffffff8f90c990 (&meta->lock){..-.}-{2:2}, at: kfence_guarded_free+0x2d/0x8f0 mm/kfence/core.c:349

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&meta->lock);
  lock(&meta->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

2 locks held by syz-executor.5/19224:
 #0: ffffffff8f90c990 (&meta->lock){..-.}-{2:2}, at: kfence_guarded_free+0x2d/0x8f0 mm/kfence/core.c:349
 #1: ffffffff8b8f1198 (report_lock){....}-{2:2}, at: start_report mm/kasan/report.c:83 [inline]
 #1: ffffffff8b8f1198 (report_lock){....}-{2:2}, at: __kasan_report mm/kasan/report.c:388 [inline]
 #1: ffffffff8b8f1198 (report_lock){....}-{2:2}, at: kasan_report+0x90/0x100 mm/kasan/report.c:413

stack backtrace:
CPU: 1 PID: 19224 Comm: syz-executor.5 Not tainted 5.10.0-next-20201223-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 print_deadlock_bug kernel/locking/lockdep.c:2761 [inline]
 check_deadlock kernel/locking/lockdep.c:2804 [inline]
 validate_chain kernel/locking/lockdep.c:3595 [inline]
 __lock_acquire.cold+0x115/0x3e6 kernel/locking/lockdep.c:4832
 lock_acquire kernel/locking/lockdep.c:5437 [inline]
 lock_acquire+0x29d/0x750 kernel/locking/lockdep.c:5402
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:159
 kfence_handle_page_fault+0x183/0x640 mm/kfence/core.c:796
 no_context+0x560/0xb10 arch/x86/mm/fault.c:737
 __bad_area_nosemaphore+0xa9/0x3e0 arch/x86/mm/fault.c:844
 do_kern_addr_fault+0x5b/0x70 arch/x86/mm/fault.c:1233
 handle_page_fault arch/x86/mm/fault.c:1453 [inline]
 exc_page_fault+0x155/0x180 arch/x86/mm/fault.c:1511
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:580
RIP: 0010:print_track+0x1/0x29 mm/kasan/report.c:120
Code: 48 c7 c7 18 e8 f2 8a e8 58 dd fd ff e9 15 72 e8 f8 50 48 89 e6 e8 62 79 0b fb 48 8b 3c 24 31 d2 89 c6 e8 35 9b 93 f8 5a c3 53 <8b> 17 48 89 fb 48 c7 c7 4f ed f2 8a e8 29 dd fd ff 8b 7b 04 85 ff
RSP: 0018:ffffc90010c47a78 EFLAGS: 00010086
RAX: ffff88823bdb5000 RBX: ffff888010842140 RCX: ffff88823bdb4000
RDX: 0000000000000801 RSI: ffffffff8af14a3c RDI: ffff88823bdb5000
RBP: ffffea0008ef6d00 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815b7a4b R11: 0000000000000000 R12: ffff88823bdb4801
R13: ffff88823bdb4000 R14: ffff88823bdb5000 R15: ffff888020ea8400
 describe_object_stacks mm/kasan/report.c:176 [inline]
 describe_object mm/kasan/report.c:206 [inline]
 print_address_description.constprop.0.cold+0x21a/0x2f8 mm/kasan/report.c:237
 __kasan_report mm/kasan/report.c:396 [inline]
 kasan_report.cold+0x79/0xd5 mm/kasan/report.c:413
 check_canary_byte mm/kfence/core.c:211 [inline]
 for_each_canary mm/kfence/core.c:245 [inline]
 kfence_guarded_free+0x7f1/0x8f0 mm/kfence/core.c:374
 __kfence_free+0x70/0x150 mm/kfence/core.c:756
 do_slab_free mm/slub.c:3145 [inline]
 slab_free mm/slub.c:3158 [inline]
 kfree+0x368/0x3c0 mm/slub.c:4156
 dh_free_data security/keys/dh.c:62 [inline]
 __keyctl_dh_compute+0xe3b/0x1300 security/keys/dh.c:404
 keyctl_dh_compute+0xbf/0x120 security/keys/dh.c:422
 __do_sys_keyctl+0xb0/0x500 security/keys/keyctl.c:1973
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45e149
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ff50496ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e149
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000017
RBP: 000000000119bfd0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c
R13: 00007fff67ec780f R14: 00007ff50496b9c0 R15: 000000000119bf8c