BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1342 in_atomic(): 0, irqs_disabled(): 1, pid: 10993, name: syz-executor5 3 locks held by syz-executor5/10993: #0: 00000000f4412caf (&kvm->slots_lock){+.+.}, at: kvm_set_memory_region+0x23/0x50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1059 #1: 0000000083c4fd15 (remove_cache_srcu){....}, at: quarantine_reduce+0x3f/0x170 mm/kasan/quarantine.c:261 #2: 00000000c41b3dc0 (&mm->mmap_sem){++++}, at: __do_page_fault+0x381/0xe40 arch/x86/mm/fault.c:1328 irq event stamp: 15110 hardirqs last enabled at (15109): [] qlink_free mm/kasan/quarantine.c:150 [inline] hardirqs last enabled at (15109): [] qlist_free_all+0xe9/0x160 mm/kasan/quarantine.c:166 hardirqs last disabled at (15110): [] error_entry+0x72/0xd0 arch/x86/entry/entry_64.S:1261 softirqs last enabled at (13402): [] __do_softirq+0x778/0xaf5 kernel/softirq.c:311 softirqs last disabled at (13385): [] invoke_softirq kernel/softirq.c:365 [inline] softirqs last disabled at (13385): [] irq_exit+0x1d1/0x200 kernel/softirq.c:405 CPU: 0 PID: 10993 Comm: syz-executor5 Not tainted 4.16.0+ #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 ___might_sleep.cold.87+0x11f/0x13a kernel/sched/core.c:6188 __might_sleep+0x95/0x190 kernel/sched/core.c:6141 __do_page_fault+0x3ae/0xe40 arch/x86/mm/fault.c:1342 do_page_fault+0xee/0x8a7 arch/x86/mm/fault.c:1474 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1159 RIP: 0010:vmx_vcpu_run+0x95f/0x25f0 arch/x86/kvm/vmx.c:9746 RSP: 0018:ffff88018ff37368 EFLAGS: 00010002 RAX: ffff8801c8b7fe40 RBX: 0000000000000282 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffea0006c62b1f RDI: 0000000000000282 RBP: ffff88018ff370f0 R08: ffff8801cfe029b8 R09: 0000000000000006 R10: ffff8801cfe02180 R11: 0000000000000000 R12: 0000000000000000 R13: ffff8801d9fdb6c0 R14: ffff8801c8b7fe40 R15: ffffffff88b18760 WARNING: kernel stack regs at 00000000c4112670 in syz-executor5:10993 has bad 'bp' value 00000000bae9cd82 unwind stack type:1 next_sp: (null) mask:0x2 graph_idx:0 000000002e6a8616: ffff88018ff36ec8 (0xffff88018ff36ec8) 000000005e340aca: ffffffff8129e081 (show_trace_log_lvl+0x1dd/0x25c) 000000008725c225: ffffffff811f622f (vmx_vcpu_run+0x95f/0x25f0) 00000000159299ab: ffff88018ff37338 (0xffff88018ff37338) 00000000e58b3ba4: 0000000000000002 (0x2) 00000000018b88bd: 0000000000000001 (0x1) 000000006c7e5d4c: ffff88018ff30000 (0xffff88018ff30000) 0000000032dc2daf: ffff88018ff38000 (0xffff88018ff38000) 00000000542fd7ae: 0000000000000000 ... 0000000003116cd9: 0000000000000001 (0x1) 00000000692b98ce: ffff88018ff30000 (0xffff88018ff30000) 000000003e169468: ffff88018ff38000 (0xffff88018ff38000) 00000000e2bab03c: 0000000000000000 ... 00000000cc935ca2: 0000000000000002 (0x2) 000000007d1571f5: ffff8801cfe02180 (0xffff8801cfe02180) 000000004bdbff25: 0000010100000000 (0x10100000000) 000000007c058c62: 0000000000000000 ... 00000000ec2a192d: ffff88018ff36e00 (0xffff88018ff36e00) 00000000447e81ad: ffffffff811f622f (vmx_vcpu_run+0x95f/0x25f0) 00000000a2be87c8: ffff88018ff372b8 (0xffff88018ff372b8) 00000000af818036: 0000000000000012 (0x12) 000000004f016d0a: 0000000000000000 ... 00000000254e91bc: ffffffff88b18760 (pv_cpu_ops+0x120/0x120) 000000001aaad696: 00000000ffffffff (0xffffffff) 00000000253984c7: ffff88018ff36ed8 (0xffff88018ff36ed8) 000000008cc9cbb8: ffffffff8129e138 (show_stack+0x38/0x3a) 000000007e6254ff: ffff88018ff36f88 (0xffff88018ff36f88) 00000000a757b838: ffffffff87486415 (dump_stack+0x1b9/0x294) 000000000cc67863: fffffbfff11630ec (0xfffffbfff11630ec) 000000007b5fde9e: dffffc0000000000 (0xdffffc0000000000) 000000002aeab9c1: 1ffff10031fe6de0 (0x1ffff10031fe6de0) 000000004874a7cc: 0000000041b58ab3 (0x41b58ab3) 00000000fb04cf47: ffffffff8877f594 (regoff.33569+0x34ffb4/0x362750) 000000005f49e60d: ffffffff8748625c (dump_stack_print_info.cold.2+0x52/0x52) 00000000ff389c8c: ffff8801cfe02a08 (0xffff8801cfe02a08) 0000000032a28c0e: ffff88018ff36f40 (0xffff88018ff36f40) 00000000d2acbf55: ffffffff815be6b4 (print_lock+0xd1/0xd6) 000000000586efe5: 0000000000003449 (0x3449) 00000000839cc6fe: ffffffff8146fd61 (irq_exit+0x1d1/0x200) 00000000add0338c: ffffffff8146fd61 (irq_exit+0x1d1/0x200) 000000007795c62e: ffff8801cfe02180 (0xffff8801cfe02180) 00000000cb52496a: ffffed003b603eb2 (0xffffed003b603eb2) 0000000007355eee: ffff8801cfe02180 (0xffff8801cfe02180) 00000000715ba405: 1ffff10031fe6df3 (0x1ffff10031fe6df3) 00000000dbbc9868: ffff8801cfe02180 (0xffff8801cfe02180) 000000003c3ae51c: 0000000000002af1 (0x2af1) 000000005f1e94eb: 000000000000053e (0x53e) 00000000e4e5206d: 0000000000000002 (0x2) 000000005b98b38f: ffff88018ff37018 (0xffff88018ff37018) 00000000e8d84b08: ffffffff81528f31 (___might_sleep.cold.87+0x11f/0x13a) 0000000068ccff56: 0000000041b58ab3 (0x41b58ab3) 0000000062a55fcb: ffffffff8878f8d7 (regoff.33569+0x3602f7/0x362750) 00000000cb89b988: ffffffff81510c30 (check_same_owner+0x320/0x320) 000000005019b6b7: 0000000000000001 (0x1) 000000009b42b1d4: 0000000000000000 ... 00000000bb8bdb25: ffff8801ce384380 (0xffff8801ce384380) 000000003ec4357c: ffff8801b8265e80 (0xffff8801b8265e80) 00000000546f2580: ffff8801ce384380 (0xffff8801ce384380) 000000001d12bcbe: ffff88018ff37050 (0xffff88018ff37050) 00000000cad2f946: dead000000000100 (0xdead000000000100) 00000000a94c40fa: ffff88018ff37008 (0xffff88018ff37008) 00000000f26cbc0e: ffffffff81b28af4 (slab_destroy+0x24/0x60) 0000000067e2febe: ffff8801cfe02180 (0xffff8801cfe02180) 00000000b5fbbab9: ffffffff87a79420 (__func__.46234+0x1e0/0x960) 00000000c12991cf: 000000000000053e (0x53e) 000000007cbc521f: 0000000000000000 ... 00000000940fd517: ffff88018ff37058 (0xffff88018ff37058) 0000000084139639: ffffffff81510fe5 (__might_sleep+0x95/0x190) 00000000ac693134: ffffffff815b3d99 (mark_held_locks+0xc9/0x160) 000000004eb67d0c: 0000000000005689 (0x5689) 000000007fd30552: 0000000000005689 (0x5689) 000000001fa63bc7: ffff88018ff372b8 (0xffff88018ff372b8) 000000003c39910b: 0000000000000001 (0x1) 0000000076be7a29: 0000000000000000 ... 0000000092a9022d: ffff88018ff37140 (0xffff88018ff37140) 00000000cc136e3d: ffffffff8135264e (__do_page_fault+0x3ae/0xe40) 000000005a178831: ffff8801c8b7fe40 (0xffff8801c8b7fe40) 000000003efadc4c: ffffffff88b18760 (pv_cpu_ops+0x120/0x120) 00000000a5626d8e: 0000000000000002 (0x2) 000000001e2b669c: 0000000000000000 ... 00000000be95a2e2: 0000001500000000 (0x1500000000) 0000000044d2b8ed: 1ffff10031fe6e17 (0x1ffff10031fe6e17) 0000000073c84e98: ffff8801ab7e8d28 (0xffff8801ab7e8d28) 00000000f0ebc647: ffff8801ab7e8c80 (0xffff8801ab7e8c80) 000000005438e168: ffff8801cfe02180 (0xffff8801cfe02180) 00000000935aae38: 0000000041b58ab3 (0x41b58ab3) 000000006afa9949: ffffffff88790e03 (regoff.33569+0x361823/0x362750) 00000000583b9a96: ffffffff813522a0 (mm_fault_error+0x380/0x380) 00000000d0dfd2ec: ffff88018ff37100 (0xffff88018ff37100) 00000000deb628c8: ffff8801dac001c0 (0xffff8801dac001c0) 00000000701b3e94: ffff8801d952ee80 (0xffff8801d952ee80) 0000000072d32f21: 00000000ffffffff (0xffffffff) 00000000bae9cd82: ffff88018ff37128 (0xffff88018ff37128) 0000000081409463: ffffffff81b2cf81 (quarantine_reduce+0x141/0x170) 000000000295aaa7: ffff8801891ada00 (0xffff8801891ada00) 0000000043db2413: ffff8801cf496080 (0xffff8801cf496080) 00000000ab1133bf: 0000000000100020 (0x100020) 000000009985aa44: 1ffff10031fe6e2c (0x1ffff10031fe6e2c) 0000000020ede05f: ffff88018ff372b8 (0xffff88018ff372b8) 0000000013e399f0: 0000000000000002 (0x2) 00000000ced540fb: 0000000000005689 (0x5689) 000000002d8c6cd4: ffff88018ff37280 (0xffff88018ff37280) 00000000fb69717c: ffff88018ff372a8 (0xffff88018ff372a8) 00000000d15a26dc: ffffffff813531fe (do_page_fault+0xee/0x8a7) 00000000040207c1: ffff8801dac001c0 (0xffff8801dac001c0) 00000000b66a2e04: ffff8801dac001c0 (0xffff8801dac001c0) 000000002bb3d71b: 0000000041b58ab3 (0x41b58ab3) 000000005fcc19e9: ffffffff8877f220 (regoff.33569+0x34fc40/0x362750) 00000000cfcb34e6: ffffffff81353110 (vmalloc_sync_all+0x30/0x30) 00000000c677304c: ffffffff81b2b972 (kasan_slab_alloc+0x12/0x20) 00000000e6d86e6f: ffff88018ff37210 (0xffff88018ff37210) 0000000072e31768: ffffffff81b27c69 (kmem_cache_alloc_node_trace+0x139/0x770) 0000000045ec4337: 0000000000000000 ... 000000000aed1b82: ffff88018ff372b8 (0xffff88018ff372b8) 0000000021bd5b2d: 0000000041b58ab3 (0x41b58ab3) 00000000f5d3af12: ffffffff8877e927 (regoff.33569+0x34f347/0x362750) 000000006bcab777: ffffffff815abee0 (graph_lock+0x170/0x170) 0000000020998fd7: 0000000000000000 ... 00000000cb6d29f6: 0000000000000282 (0x282) 00000000c6b70709: 0000000000000282 (0x282) 000000000764bdf7: 0000000000000282 (0x282) 00000000f50b4463: 0000000000000008 (0x8) 000000004adb219f: 014080c000000000 (0x14080c000000000) 0000000020de8d0e: ffff8801dac001c0 (0xffff8801dac001c0) 0000000004231ef3: 0000000000000008 (0x8) 00000000779fb397: 00000000014080c0 (0x14080c0) 000000002f10a660: 00000000ffffffff (0xffffffff) 0000000058ed7bea: ffff88018ff37620 (0xffff88018ff37620) 00000000ddb6d128: ffff88018ff37240 (0xffff88018ff37240) 000000009ef46cbc: ffffffff81b28343 (__kmalloc_node+0x33/0x70) 00000000901456e4: 0000000000000008 (0x8) 000000003caea729: 0000000000000082 (0x82) 000000009b6a9733: 0000000000000001 (0x1) 00000000459895e1: 0000000000000000 ... 000000009ec5daa8: ffff88018ff372a0 (0xffff88018ff372a0) 00000000199010d6: ffffffff81007c50 (trace_hardirqs_off_thunk+0x1a/0x1c) 00000000ed74bffc: 0000000000000000 ... 0000000087bfebdf: 0000000087600a07 (0x87600a07) 00000000cf3e9902: 0000000000000001 (0x1) 00000000c4d5645e: 0000000000000000 ... 00000000ba0a5ba0: ffff88018ff372b9 (0xffff88018ff372b9) 0000000064d8ad0f: ffffffff87601235 (page_fault+0x25/0x50) 00000000c4112670: ffffffff88b18760 (pv_cpu_ops+0x120/0x120) 00000000abef90f2: ffff8801c8b7fe40 (0xffff8801c8b7fe40) 000000003b2d42ee: ffff8801d9fdb6c0 (0xffff8801d9fdb6c0) 000000000251f041: 0000000000000000 ... 0000000095c05330: ffff88018ff370f0 (0xffff88018ff370f0) 0000000006e50135: 0000000000000282 (0x282) 0000000006844f2e: 0000000000000000 ... 00000000b7fe90f2: ffff8801cfe02180 (0xffff8801cfe02180) 00000000363f90c7: 0000000000000006 (0x6) 00000000aac963cc: ffff8801cfe029b8 (0xffff8801cfe029b8) 00000000392b63e1: ffff8801c8b7fe40 (0xffff8801c8b7fe40) 000000005959fbde: 0000000000000001 (0x1) 00000000d32a9ad6: 0000000000000000 ... 00000000620d560d: ffffea0006c62b1f (0xffffea0006c62b1f) 00000000edf430d9: 0000000000000282 (0x282) 0000000056742f61: ffffffffffffffff (0xffffffffffffffff) 000000000a0653bc: ffffffff811f622f (vmx_vcpu_run+0x95f/0x25f0) 000000006e14b6a0: 0000000000000010 (0x10) 00000000729abc3a: 0000000000010002 (0x10002) 00000000d154a714: ffff88018ff37368 (0xffff88018ff37368) 00000000545a1e13: 0000000000000018 (0x18) 000000007b01bcc4: 0000000000000001 (0x1) 000000006e8963ca: 0000000000000000 ... 00000000d010fc3e: 1ffff10031fe6e70 (0x1ffff10031fe6e70) 000000001ab483d1: ffff88018ff375a0 (0xffff88018ff375a0) 0000000055a551ed: 0000000041b58ab3 (0x41b58ab3) 000000005ac59524: ffffffff88783ce8 (regoff.33569+0x354708/0x362750) 00000000d187dbfc: ffffffff8107fe20 (kvm_vcpu_block+0x1050/0x1050) 0000000089a894a9: ffff880187d83d98 (0xffff880187d83d98) 000000007647392c: ffff880187d83d98 (0xffff880187d83d98) 0000000081d10c55: 0000000000000000 ... 0000000071ce2cc0: ffff88018ff373f8 (0xffff88018ff373f8) 0000000047cb8830: ffffffff815ac7c6 (find_held_lock+0x36/0x1c0) 000000007b08b5d1: 0000000100000282 (0x100000282) 000000009870d98f: ffff88018ff37450 (0xffff88018ff37450) 00000000a28093c2: 1ffff10031fe6e86 (0x1ffff10031fe6e86) 00000000121dc561: ffff88018ff37510 (0xffff88018ff37510) 0000000065c7ce19: ffff880187d83d98 (0xffff880187d83d98) 00000000a2885274: ffff8801cfe02180 (0xffff8801cfe02180) 00000000631147fd: ffff88018ff37450 (0xffff88018ff37450) 00000000605b2382: ffff88018ff37538 (0xffff88018ff37538) 000000008b67a079: 0000000000000282 (0x282) 00000000d90a621d: ffffffff8163a440 (rcu_note_context_switch+0x710/0x710) 00000000bbb3553d: ffffffff00000001 (0xffffffff00000001) 000000007ea68c7c: ffff8801cfe029b0 (0xffff8801cfe029b0) 0000000085538280: 0000000000000000 ... 00000000878bc7b1: ffffffff00000001 (0xffffffff00000001) 00000000e3c3319c: 0000000041b58ab3 (0x41b58ab3) 0000000032912a27: 0000000041b58ab3 (0x41b58ab3) 000000005e242ec9: ffffffff8877e927 (regoff.33569+0x34f347/0x362750) 000000002b98921c: ffffffff815abee0 (graph_lock+0x170/0x170) 000000004c8ee588: ffffffff00000000 (0xffffffff00000000) 0000000078d8892e: ffff88018ff377b8 (0xffff88018ff377b8) 00000000e6185b3a: ffff88018ff377b8 (0xffff88018ff377b8) 00000000e35e23b5: ffff88018ff37608 (0xffff88018ff37608) 00000000cb181c7e: ffff88018ff374c8 (0xffff88018ff374c8) 00000000398bf07d: ffff88018ff37488 (0xffff88018ff37488) 0000000050451fdb: ffffffff817732b6 (__sanitizer_cov_trace_const_cmp4+0x16/0x20) 000000000038a5b7: ffff88018ff37630 (0xffff88018ff37630) 00000000f86705be: ffffffff816a4ad0 (futex_wait_queue_me+0x550/0x820) 00000000141b2c3b: ffffffff81344c71 (unwind_get_return_address+0x61/0xa0) 0000000041bc32ec: ffff880175944080 (0xffff880175944080) 00000000a5119adc: 0000000041b58ab3 (0x41b58ab3) 00000000b9128304: ffffffff8879e808 (K512_4+0xac88/0x114ebc) 00000000f663cc64: ffffffff816a4580 (refill_pi_state_cache.part.7+0x300/0x300) 00000000a6c0565d: ffff8801b018ee90 (0xffff8801b018ee90) 00000000fc92643f: ffffc90000000000 (0xffffc90000000000) 0000000046f0feac: 0000000000000000 ... 00000000824023cd: 1ffff10031fe6eb0 (0x1ffff10031fe6eb0) 00000000d07622d7: ffff880175944080 (0xffff880175944080) 00000000f8c60cf6: ffff8801ab7e8d88 (0xffff8801ab7e8d88) 0000000014ca8c41: ffff8801ab7e8d88 (0xffff8801ab7e8d88) 00000000ec65e451: 0000000000000000 ... 00000000cec963c8: ffff88018ff37548 (0xffff88018ff37548) 0000000067fa57da: ffffffff815ac7c6 (find_held_lock+0x36/0x1c0) 00000000b49f2b08: 00000001cfe02180 (0x1cfe02180) 00000000944d4ed8: ffff88018ff375a0 (0xffff88018ff375a0) 00000000d70a73ba: ffff880175944080 (0xffff880175944080) 000000004b503cc2: ffff88018ff37660 (0xffff88018ff37660) 000000003d141bda: ffff8801ab7e8d88 (0xffff8801ab7e8d88) 000000006549347f: ffff8801cfe02180 (0xffff8801cfe02180) 000000004452ffda: ffff88018ff375a0 (0xffff88018ff375a0) 000000002fa00617: ffff88018ff37688 (0xffff88018ff37688) 0000000041a15b41: 0000000000000282 (0x282) 00000000171d870e: 0000000000000000 ... 0000000023569f36: ffff880100000001 (0xffff880100000001) 000000006a0cf825: ffff8801cfe029b0 (0xffff8801cfe029b0) 0000000031423274: 0000000000000282 (0x282) 00000000652f7b4f: ffffffff00000001 (0xffffffff00000001) 000000008a6782b2: 0000000041b58ab3 (0x41b58ab3) 000000001e11ad4a: ffffffff8879a298 (K512_4+0x6718/0x114ebc) 000000000c71bfd9: ffffffff815bb470 (lock_downgrade+0x8e0/0x8e0) 000000002193d592: ffff88018ff377f0 (0xffff88018ff377f0) 00000000c2a12e51: 0000000000000000 ... 00000000f8a92b2b: 0000000900000000 (0x900000000) 000000008ca5f493: ffff88018ff37858 (0xffff88018ff37858) 0000000011316b30: ffff88018ff37610 (0xffff88018ff37610) 00000000882c5b00: 000000000000002c (0x2c) 000000006b9d39f2: 0000000000000000 ... 00000000ab07de56: 0000000000000009 (0x9) 000000009afcb16d: 0000000000000001 (0x1) 00000000d2688f5a: 0000000000000000 ... 0000000033601206: 0000000020009000 (0x20009000) 00000000f7e84c63: 0000000900000000 (0x900000000) 00000000a48e7aa4: ffff88018ff37a20 (0xffff88018ff37a20) 00000000d0bd92df: ffff880187d83d38 (0xffff880187d83d38) 00000000eb387788: ffff88018ff376c8 (0xffff88018ff376c8) 00000000bb0fa428: ffff880187d83d00 (0xffff880187d83d00) 0000000011cfee11: ffff88018ff37a20 (0xffff88018ff37a20) 0000000017cd1d86: ffff880187d83d38 (0xffff880187d83d38) 00000000f79fdb27: ffff880187d83d00 (0xffff880187d83d00) 000000002d258507: ffff88018ff37a20 (0xffff88018ff37a20) 000000004b98f53d: 000000004020ae46 (0x4020ae46) 00000000b36b397b: ffff880187d83d00 (0xffff880187d83d00) 0000000050d8fcfb: ffff88018ff376f0 (0xffff88018ff376f0) 00000000654e4997: ffffffff81082c9e (kvm_set_memory_region+0x2e/0x50) 00000000b48553a5: 0000000000000009 (0x9) 00000000d3805b11: ffff88018ff37a20 (0xffff88018ff37a20) 00000000ac13de2a: ffff8801cfe02180 (0xffff8801cfe02180) 0000000087099ae7: ffff88018ff37c08 (0xffff88018ff37c08) 00000000bcd97451: ffffffff81083328 (kvm_vm_ioctl+0x668/0x1d90) 00000000370333c1: ffffffff816a3ffd (drop_futex_key_refs.isra.13+0x6d/0xe0) 00000000bdad8555: dffffc0000000000 (0xdffffc0000000000) 00000000c24a636d: ffffc90000c7a500 (0xffffc90000c7a500) 000000004a13131e: ffff88018ff37880 (0xffff88018ff37880) 000000001fcaacfc: ffffffff816a9986 (futex_wake+0x2f6/0x750) 000000007d0c8160: ffff88018ff37738 (0xffff88018ff37738) 00000000557060c3: ffffffff815ab8dd (trace_hardirqs_off+0xd/0x10) 00000000fd844fb0: 1ffff10031fe6ee8 (0x1ffff10031fe6ee8) 0000000017492bc0: 0000000041b58ab3 (0x41b58ab3) 000000007f3b64fa: ffffffff88783d68 (regoff.33569+0x354788/0x362750) 00000000f2b5bd13: ffffffff81082cc0 (kvm_set_memory_region+0x50/0x50) 00000000ca442c1a: ffff88018ff377d8 (0xffff88018ff377d8) 00000000e82cb928: ffff88018ff37818 (0xffff88018ff37818) 0000000049e9bfe1: ffffffff81b29571 (kfree+0x111/0x260) 0000000011a83863: ffff8801dac00dc0 (0xffff8801dac00dc0) 000000002c4e4d52: 0000000041b58ab3 (0x41b58ab3) 000000006cbd43d4: ffffffff8879e9b8 (K512_4+0xae38/0x114ebc) 00000000ec945707: ffffffff816a9690 (get_futex_key+0x1e90/0x1e90) 00000000a263bfdb: ffff8801b8202cc0 (0xffff8801b8202cc0) 00000000731ca531: ffff880100000000 (0xffff880100000000) 0000000032ec464c: 0000000000000282 (0x282) 00000000f5365fcd: ffff88018ff377b8 (0xffff88018ff377b8) 0000000074356c05: ffffffff815b43fd (trace_hardirqs_on+0xd/0x10) 000000004dc8e68a: 0000000000000064 (0x64) 00000000d6621786: ffff88018ff377c0 (0xffff88018ff377c0) 00000000e878d48c: ffff88018ff377c0 (0xffff88018ff377c0) 00000000e51be8e9: ffff88018ff377d0 (0xffff88018ff377d0) 00000000e29f4fa5: ffff88018ff377d0 (0xffff88018ff377d0) 000000002827e5d6: ffff8801cfe02180 (0xffff8801cfe02180) 00000000d94a2718: 0000000000000000 ... 000000009f0bdcf3: 000000000072b000 (0x72b000) 0000000027e0db03: ffff8801ab7e8c80 (0xffff8801ab7e8c80) 00000000ab074bd4: 0000000000000eca (0xeca) 00000000c0d1dc30: 0000000000000000 ... 000000002219a14c: 00000000ffffffff (0xffffffff) 0000000070eee893: 0000000000000ece (0xece) 00000000f23ea3c8: ffffffff815bb470 (lock_downgrade+0x8e0/0x8e0) 0000000091cb47e5: ffff88018ff37a28 (0xffff88018ff37a28) 00000000f049655b: ffff8801b8202cc0 (0xffff8801b8202cc0) 00000000e37f38c8: ffff88018ff37880 (0xffff88018ff37880) 000000003313bddf: ffffffff81773333 (__sanitizer_cov_trace_switch+0x53/0x90) 000000001e1ee28d: 00000000ffffffff (0xffffffff) 0000000018745f6b: 0000000000000000 ... 00000000c607ac44: ffff88018ff37cf0 (0xffff88018ff37cf0) 00000000a6b92d60: ffffffff816b0d29 (do_futex+0x249/0x27d0) 00000000f6c2e516: ffffffff8107cb80 (kvm_debugfs_release+0x90/0x90) 00000000b33a47d1: ffff88018ff378a8 (0xffff88018ff378a8) 00000000a1b45c68: 0000000041b58ab3 (0x41b58ab3) 000000009cd4d462: ffffffff8877e927 (regoff.33569+0x34f347/0x362750) 000000007ad3798e: ffffffff815abee0 (graph_lock+0x170/0x170) 00000000e60d5a0e: 0000000000000000 ... 00000000f0dfe7d4: ffffffff8877f594 (regoff.33569+0x34ffb4/0x362750) 000000007d0f147c: ffffffff8162f020 (rcu_bh_force_quiescent_state+0x20/0x20) 0000000047ebd053: ffff88018ff37978 (0xffff88018ff37978) 0000000081197576: ffff880100000001 (0xffff880100000001) 00000000a055feb8: 0000000000000000 ... 00000000698b5346: ffff880100000000 (0xffff880100000000) 0000000000a4e005: 0000000000000000 ... 00000000ae7e4bfd: 1ffff10031fe6f25 (0x1ffff10031fe6f25) 000000007e8b8b35: ffff880100000001 (0xffff880100000001) 00000000647be292: 000000000072bec8 (0x72bec8) 0000000052f751aa: 0000000041b58ab3 (0x41b58ab3) 00000000bea34136: ffffffff8879eb90 (K512_4+0xb010/0x114ebc) 00000000df48b816: ffffffff816b0ae0 (exit_robust_list+0x290/0x290) 000000006e0e10d2: 1ffff10031fe6f3d (0x1ffff10031fe6f3d) 000000006b4b1d06: ffff8801cfe029b8 (0xffff8801cfe029b8) 00000000a91c02b7: ffffffff88b8df60 (rcu_bh_lock_map+0x40/0x40) 0000000086cb301c: ffffffff88b8df60 (rcu_bh_lock_map+0x40/0x40) 00000000211955f9: 0000000000000000 ... 00000000167410b5: ffff88018ff379b0 (0xffff88018ff379b0) 00000000269eeade: ffffffff815ac7c6 (find_held_lock+0x36/0x1c0) 0000000069c21b91: 000000018ff379b0 (0x18ff379b0) 000000004158bebc: ffff88018ff37a08 (0xffff88018ff37a08) 00000000ce908a16: 1ffff10031fe6f3d (0x1ffff10031fe6f3d) 000000001e57372b: ffff88018ff37ac8 (0xffff88018ff37ac8) 00000000372d4d50: ffffffff88b8df60 (rcu_bh_lock_map+0x40/0x40) 00000000840f4d2b: ffff8801cfe02180 (0xffff8801cfe02180) 0000000051e00a72: ffff88018ff37a08 (0xffff88018ff37a08) 00000000454b2824: ffff88018ff37af0 (0xffff88018ff37af0) 00000000ed9848d1: 0000000000000282 (0x282) 00000000952c148b: 0000000000000000 ... 000000008ffc0a0d: ffff880100000001 (0xffff880100000001) 00000000310352e7: ffff8801cfe029b0 (0xffff8801cfe029b0) 000000005be5d5b5: 0000000000000282 (0x282) 000000005d9e664d: ffffffff00000001 (0xffffffff00000001) 000000002cd4cddd: 0000000041b58ab3 (0x41b58ab3) 00000000c8b51e28: ffffffff8879a298 (K512_4+0x6718/0x114ebc) 0000000081b3a20c: ffffffff815bb470 (lock_downgrade+0x8e0/0x8e0) 00000000fbc39cc8: ffff88018ff37f58 (0xffff88018ff37f58) 000000000a7f42cd: 0000000000000000 ... 00000000b63521ce: 0000000001000000 (0x1000000) 00000000035b8a19: 1ffff10031fe6f4b (0x1ffff10031fe6f4b) 000000000aa9d16e: 0000000000000009 (0x9) 00000000fcc4b58e: 0000000000009000 (0x9000) 000000004037c5ae: 0000000000001000 (0x1000) 00000000b98d2a92: 0000000020009000 (0x20009000) 00000000b2a7d69a: ffff88018ff37a50 (0xffff88018ff37a50) 0000000030c31451: ffffffff81b2af61 (kasan_check_read+0x11/0x20) 000000001d603317: ffff88018ff37af0 (0xffff88018ff37af0) 0000000041406ccd: ffffffff8162f0a5 (rcu_is_watching+0x85/0x140) 000000009cbf46b0: ffff88018ff37ab0 (0xffff88018ff37ab0) 00000000799aacd5: 0000000041b58ab3 (0x41b58ab3) 00000000de3177dc: ffffffff8877f594 (regoff.33569+0x34ffb4/0x362750) 000000003947a563: ffffffff8162f020 (rcu_bh_force_quiescent_state+0x20/0x20) 00000000f65e82f4: ffffffff88b8df60 (rcu_bh_lock_map+0x40/0x40) 0000000023fbfa81: 0000000000000000 ... 0000000066d2eaa6: ffff8801cfe02180 (0xffff8801cfe02180) 0000000041350724: ffffffff88b8df60 (rcu_bh_lock_map+0x40/0x40) 00000000c0307110: ffff88018ff37c28 (0xffff88018ff37c28) 000000006239426f: ffff8801d07d1040 (0xffff8801d07d1040) 0000000089e6072e: ffff88018ff37ae0 (0xffff88018ff37ae0) 000000000bd76c28: 0000000000000282 (0x282) 00000000d81ddc2f: dffffc0000000000 (0xdffffc0000000000) 00000000352ad573: 0000000000000001 (0x1) 000000001a766576: ffff8801b8202d30 (0xffff8801b8202d30) 00000000adb06960: dffffc0000000000 (0xdffffc0000000000) 00000000d38baaa0: ffff88018ff37c28 (0xffff88018ff37c28) 00000000c84b784e: 0000000000000001 (0x1) 000000001479381b: ffff88018ff37c50 (0xffff88018ff37c50) 00000000e4ca855f: ffffffff81c4173c (__fget+0x40c/0x650) 00000000f5548dad: ffff88018ff37ba8 (0xffff88018ff37ba8) 00000000cd5d978a: 1ffff10031fe6f69 (0x1ffff10031fe6f69) 00000000568838c1: 0000001700004000 (0x1700004000) 0000000078a9b6cb: ffff8801d07d1090 (0xffff8801d07d1090) 00000000164d41bc: ffff8801b8202cc0 (0xffff8801b8202cc0) 0000000068398b69: ffff8801d07d1040 (0xffff8801d07d1040) 00000000f1d4ce0a: ffff88018ff37b01 (0xffff88018ff37b01) 000000009e368998: ffff88018ff37be8 (0xffff88018ff37be8) 000000008a5db812: ffffed0031fe6f75 (0xffffed0031fe6f75) 00000000f2dd3627: 0000000041b58ab3 (0x41b58ab3) 00000000a98dfb0c: ffffffff8877f1f8 (regoff.33569+0x34fc18/0x362750) 00000000e959a8a4: ffffffff81c41330 (expand_files.part.8+0x9a0/0x9a0) 000000000ce05708: ffffffff8a5d3d68 (obj_hash+0x625c8/0x100020) 0000000071b0fd24: 0000000000000001 (0x1) 000000005e9c014b: ffff88018ff37b80 (0xffff88018ff37b80) 00000000a48fde2c: ffffffff815ab8dd (trace_hardirqs_off+0xd/0x10) 000000005bd3509b: ffff88018ff37ba0 (0xffff88018ff37ba0) 0000000062919e64: ffffffff874fb793 (_raw_spin_unlock_irqrestore+0x63/0xc0) 000000006de47752: ffffffff8a5d3d68 (obj_hash+0x625c8/0x100020) 0000000072e0405b: 0000000000000000 ... 00000000b04ad594: 33322d3339393031 (0x33322d3339393031) 00000000d75cf684: ffff8801b1230b00 (0xffff8801b1230b00) 00000000d4680966: 00007fffdfffee40 (0x7fffdfffee40) 00000000a1608c42: ffff880100000001 (0xffff880100000001) 0000000036ff93b5: ffffffff8a5d3d60 (obj_hash+0x625c0/0x100020) 000000005c94538f: 1ffff10031fe6f81 (0x1ffff10031fe6f81) 000000009b849593: ffff88018ff37c08 (0xffff88018ff37c08) 00000000a1a1ed66: 34c4efd11141b300 (0x34c4efd11141b300) 000000004fd2f505: ffff8801b8202cc0 (0xffff8801b8202cc0) 0000000018ba8eac: 1ffff10031fe6f8a (0x1ffff10031fe6f8a) 0000000070feeddc: ffffffff81082cc0 (kvm_set_memory_region+0x50/0x50) 000000007e9c1ca1: ffff8801d523f000 (0xffff8801d523f000) 00000000b714ca79: 000000004020ae46 (0x4020ae46) 00000000940dce5f: ffff88018ff37d98 (0xffff88018ff37d98) 000000004ffb9bf2: ffffffff81c10dff (do_vfs_ioctl+0x1cf/0x16a0) 000000005fa8be6f: ffffffff816327b0 (rcu_pm_notify+0xc0/0xc0) 00000000ac8b6898: ffffffff815ab8dd (trace_hardirqs_off+0xd/0x10) 00000000dc47e4e8: 1ffff10031fe6f8f (0x1ffff10031fe6f8f) 0000000052711a82: ffff88018ff37d58 (0xffff88018ff37d58) 000000007e3fd858: 0000000000000017 (0x17) 00000000298030ad: dffffc0000000000 (0xdffffc0000000000) 0000000093e7ecdc: 00007f795aded510 (0x7f795aded510) 00000000c72a8636: 0000000041b58ab3 (0x41b58ab3) 00000000f3673b3a: ffffffff887b2eb8 (K512_4+0x1f338/0x114ebc) 00000000df6d23c4: ffffffff81c10c30 (ioctl_preallocate+0x2e0/0x2e0) 0000000038ee2dbd: 0000400000000282 (0x400000000282) 0000000026b7048b: ffff880100000004 (0xffff880100000004) 000000007e5c3889: 0000000041b58ab3 (0x41b58ab3) 00000000d48cb1cd: ffffffff88780f50 (regoff.33569+0x351970/0x362750) 000000003afc657a: ffffffff81c419c0 (fget_raw+0x20/0x20) 00000000c044beb7: ffff88018ff37ca8 (0xffff88018ff37ca8) 00000000006794c8: ffffffff00000004 (0xffffffff00000004) 00000000039cc6f9: ffff8801ca2881c0 (0xffff8801ca2881c0) 000000006da7d243: ffff88018ff37cd8 (0xffff88018ff37cd8) 0000000038b14411: ffffffff81b28a5c (kmem_cache_free+0x25c/0x2d0) 00000000c180e4d7: ffff8801ca2881e0 (0xffff8801ca2881e0) 000000002cd975f3: 34c4efd11141b300 (0x34c4efd11141b300) 00000000a87ac02a: 1ffff10031fe6fa7 (0x1ffff10031fe6fa7) 0000000022c15bf9: 0000000000000000 ... 000000002daf8645: ffff88018ff37e00 (0xffff88018ff37e00) 00000000ee8a0bc6: ffff88018ff37e00 (0xffff88018ff37e00) 00000000b290a9d3: ffffffff816b3654 (SyS_futex+0x3a4/0x56d) 00000000121f975d: ffff88018ff37dd0 (0xffff88018ff37dd0) 00000000a0096585: 000000000072bea0 (0x72bea0) 000000005a165080: 0000000000000000 ... 00000000ac23e416: 000000000072bec8 (0x72bec8) 000000009716c935: 0000000000000000 ... 0000000062f3fe5f: 0000000041b58ab3 (0x41b58ab3) 00000000e6c55e05: ffffffff8879e7aa (K512_4+0xac2a/0x114ebc) 000000006a976f03: ffff8801b8202cc0 (0xffff8801b8202cc0) 0000000062b4334b: ffff8801b8202cc0 (0xffff8801b8202cc0) 000000006b032699: ffff88018ff37d98 (0xffff88018ff37d98) 0000000074e2aaaa: ffffffff82f33ab4 (security_file_ioctl+0x94/0xc0) 000000008fe063ab: ffff8801b8202cc0 (0xffff8801b8202cc0) 0000000036719877: ffff8801b8202cc1 (0xffff8801b8202cc1) 0000000093f90b0c: ffff8801b8202cc0 (0xffff8801b8202cc0) 00000000c058b8b7: 0000000000000000 ... 00000000f844508f: 0000000000000017 (0x17) 00000000bede59d2: 00007f795aded510 (0x7f795aded510) 00000000f70860c7: ffff88018ff37dd8 (0xffff88018ff37dd8) 000000006e315869: ffffffff81c12379 (ksys_ioctl+0xa9/0xd0) 0000000093cb4eef: 4020ae46cfe02180 (0x4020ae46cfe02180) 00000000d0c2e0fb: 0000000000000017 (0x17) 00000000c269d19f: 000000004020ae46 (0x4020ae46) 0000000037ae4557: 00007f795aded510 (0x7f795aded510) 0000000040072c45: ffff88018ff37f20 (0xffff88018ff37f20) 00000000030e6535: 0000000000000000 ... 000000004941ae12: ffff88018ff37e00 (0xffff88018ff37e00) 0000000009c50591: ffffffff81c123c4 (SyS_ioctl+0x24/0x30) 00000000e0cc62e5: ffff88018ff37f58 (0xffff88018ff37f58) 000000002ec461c6: ffffffff81c123a0 (ksys_ioctl+0xd0/0xd0) 000000006ebe368f: 1ffff10031fe6fc8 (0x1ffff10031fe6fc8) 00000000df68dd1d: ffff88018ff37f48 (0xffff88018ff37f48) 000000003d242d2a: ffffffff8100c37e (do_syscall_64+0x29e/0x9d0) 00000000da55bc11: ffffffff81353110 (vmalloc_sync_all+0x30/0x30) 00000000aed25aca: ffffffff874fb307 (_raw_spin_unlock_irq+0x27/0x70) 000000001d0c6a26: ffff8801db02c580 (0xffff8801db02c580) 00000000c03ece35: ffff88018ff37f28 (0xffff88018ff37f28) 00000000a5588da9: ffffffff8150960a (finish_task_switch+0x1ca/0x810) 00000000ccfe355d: ffff88018ff37fd0 (0xffff88018ff37fd0) 00000000011e656d: 0000000041b58ab3 (0x41b58ab3) 00000000bbd13024: ffffffff8877f1f8 (regoff.33569+0x34fc18/0x362750) 0000000051d961fa: ffffffff8100c0e0 (syscall_return_slowpath+0x5c0/0x5c0) 0000000044147688: ffff88018ff37e68 (0xffff88018ff37e68) 000000008949cb86: 0000000000000000 ... 00000000d8b80cd0: ffff88018ff37f48 (0xffff88018ff37f48) 000000002f677cc1: ffffffff8100be2f (syscall_return_slowpath+0x30f/0x5c0) 0000000048287a5d: ffff88018ff37f58 (0xffff88018ff37f58) 000000008c6e00de: 0000000041b58ab3 (0x41b58ab3) 00000000b799b9ac: ffffffff8877e927 (regoff.33569+0x34f347/0x362750) 00000000b362d854: ffff8801cfe029b0 (0xffff8801cfe029b0) 00000000213ff931: ffff88018ff37ea8 (0xffff88018ff37ea8) 000000008faeda47: 0000000000000000 ... 0000000007a389bb: ffff8801cfe02180 (0xffff8801cfe02180) 00000000765d65c2: ffffffff87600096 (entry_SYSCALL_64_after_hwframe+0x52/0xb7) 000000002ac66914: 0000000000000000 ... 00000000398da8ca: 0000000000000082 (0x82) 0000000056299b41: 0000000000000000 ... 00000000496dc5a2: ffff88018ff37f48 (0xffff88018ff37f48) 000000008a785ed8: ffffffff81007c50 (trace_hardirqs_off_thunk+0x1a/0x1c) 0000000024340a39: 0000000000000000 ... 00000000869006a2: ffffffff87600086 (entry_SYSCALL_64_after_hwframe+0x42/0xb7) 0000000070d38f50: 0000000000000000 ... 00000000b8ec0a50: 00000000006fca48 (0x6fca48) 0000000017e3c49e: 0000000000000017 (0x17) 00000000a70424cf: 00000000fec00000 (0xfec00000) 000000002389c710: 0000000020009000 (0x20009000) 00000000b64f7fca: 000000000000000a (0xa) 0000000071906e6e: 0000000000000246 (0x246) 0000000026a6c5c7: 0000000000000017 (0x17) 000000002d8cf205: 0000000000000000 ... 0000000054055e71: 0000000000000001 (0x1) 00000000169d3548: ffffffffffffffda (0xffffffffffffffda) 000000005000687c: 0000000000455187 (0x455187) 00000000daaba588: 00007f795aded510 (0x7f795aded510) 0000000070a88bee: 000000004020ae46 (0x4020ae46) 000000007315208e: 0000000000000017 (0x17) 0000000057142d37: 0000000000000010 (0x10) 000000001792398c: 0000000000455187 (0x455187) 00000000ed641e13: 0000000000000033 (0x33) 00000000e551c651: 0000000000000246 (0x246) 000000004dc20ec7: 00007f795aded098 (0x7f795aded098) 000000008a41ba4d: 000000000000002b (0x2b) BUG: unable to handle kernel paging request at 0000000000005689 PGD 18b4ae067 P4D 18b4ae067 PUD 1d04b5067 PMD 0 Oops: 0002 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 10993 Comm: syz-executor5 Tainted: G W 4.16.0+ #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:vmx_vcpu_run+0x95f/0x25f0 arch/x86/kvm/vmx.c:9746 RSP: 0018:ffff88018ff37368 EFLAGS: 00010002 RAX: ffff8801c8b7fe40 RBX: 0000000000000282 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffea0006c62b1f RDI: 0000000000000282 RBP: ffff88018ff370f0 R08: ffff8801cfe029b8 R09: 0000000000000006 R10: ffff8801cfe02180 R11: 0000000000000000 R12: 0000000000000000 R13: ffff8801d9fdb6c0 R14: ffff8801c8b7fe40 R15: ffffffff88b18760 FS: 00007f795adef700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000005689 CR3: 00000001cb861000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ================================================================== BUG: KASAN: stack-out-of-bounds in __read_once_size include/linux/compiler.h:188 [inline] BUG: KASAN: stack-out-of-bounds in update_stack_state+0x5d9/0x670 arch/x86/kernel/unwind_frame.c:270 Read of size 8 at addr ffff88018ff370f8 by task syz-executor5/10993 CPU: 0 PID: 10993 Comm: syz-executor5 Tainted: G W 4.16.0+ #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 __read_once_size include/linux/compiler.h:188 [inline] update_stack_state+0x5d9/0x670 arch/x86/kernel/unwind_frame.c:270 __unwind_start+0xf9/0x330 arch/x86/kernel/unwind_frame.c:404 unwind_start arch/x86/include/asm/unwind.h:54 [inline] show_trace_log_lvl+0x88/0x25c arch/x86/kernel/dumpstack.c:116 show_regs.cold.11+0x84/0x10a arch/x86/kernel/dumpstack.c:401 __die+0x90/0xc4 arch/x86/kernel/dumpstack.c:326 no_context+0x3ab/0x960 arch/x86/mm/fault.c:814 __bad_area_nosemaphore+0x2d3/0x370 arch/x86/mm/fault.c:905 __bad_area arch/x86/mm/fault.c:931 [inline] bad_area+0x69/0x80 arch/x86/mm/fault.c:938 __do_page_fault+0xa97/0xe40 arch/x86/mm/fault.c:1369 do_page_fault+0xee/0x8a7 arch/x86/mm/fault.c:1474 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1159 RIP: 0010:vmx_vcpu_run+0x95f/0x25f0 arch/x86/kvm/vmx.c:9746 RSP: 0018:ffff88018ff37368 EFLAGS: 00010002 RAX: ffff8801c8b7fe40 RBX: 0000000000000282 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffea0006c62b1f RDI: 0000000000000282 RBP: ffff88018ff370f0 R08: ffff8801cfe029b8 R09: 0000000000000006 R10: ffff8801cfe02180 R11: 0000000000000000 R12: 0000000000000000 R13: ffff8801d9fdb6c0 R14: ffff8801c8b7fe40 R15: ffffffff88b18760 The buggy address belongs to the page: page:ffffea00063fcdc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x2fffc0000000000() raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff raw: 0000000000000000 ffffea00063f0101 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88018ff36f80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 ffff88018ff37000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88018ff37080: 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 f3 ^ ffff88018ff37100: f3 f3 f3 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 ffff88018ff37180: 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 ==================================================================