KASAN: use-after-scope Read in vmx_vcpu_run

From: syzbot
Date: Thu Apr 12 2018 - 05:45:19 EST


Hello,

syzbot hit the following crash on upstream commit
c18bb396d3d261ebbb4efbc05129c5d354c541e4 (Tue Apr 10 00:04:10 2018 +0000)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
syzbot dashboard link: https://syzkaller.appspot.com/bug?extid=0553a14d42423600fe7f

Unfortunately, I don't have any reproducer for this crash yet.
Raw console output: https://syzkaller.appspot.com/x/log.txt?id=4626416826056704
Kernel config: https://syzkaller.appspot.com/x/.config?id=-1223000601505858474
compiler: gcc (GCC) 8.0.1 20180301 (experimental)

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0553a14d42423600fe7f@xxxxxxxxxxxxxxxxxxxxxxxxx
It will help syzbot understand when the bug is fixed. See footer for details.
If you forward the report, please keep this part and the footer.

==================================================================
BUG: KASAN: use-after-scope in msr_write_intercepted arch/x86/kvm/vmx.c:2126 [inline]
BUG: KASAN: use-after-scope in vmx_vcpu_run+0x2379/0x25f0 arch/x86/kvm/vmx.c:9884
Read of size 8 at addr ffff8801b8dbf7b8 by task syz-executor6/18891

CPU: 1 PID: 18891 Comm: syz-executor6 Not tainted 4.16.0+ #18
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1b9/0x294 lib/dump_stack.c:113
print_address_description+0x6c/0x20b mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
msr_write_intercepted arch/x86/kvm/vmx.c:2126 [inline]
vmx_vcpu_run+0x2379/0x25f0 arch/x86/kvm/vmx.c:9884
WARNING: kernel stack frame pointer at 0000000057b50f01 in syz-executor6:18891 has bad value 000000006efd0fe3
unwind stack type:0 next_sp: (null) mask:0x2 graph_idx:0
0000000090a6e9a9: ffff8801b8dbf228 (0xffff8801b8dbf228)
000000006f844740: ffffffff8129bc91 (show_trace_log_lvl+0x1dd/0x25c)
000000009733cfd3: ffffffff811f5629 (vmx_vcpu_run+0x2379/0x25f0)
000000009e9e0400: ffff8801b8dbf378 (0xffff8801b8dbf378)
00000000bbbea85e: 0000000000000002 (0x2)
000000007d1df841: 0000000000000001 (0x1)
0000000036b4ef96: ffff8801b8db8000 (0xffff8801b8db8000)
000000003e91f4e0: ffff8801b8dc0000 (0xffff8801b8dc0000)
0000000013d7ce4d: 0000000000000000 ...
0000000023d6e04e: ffff8801b8db8000 (0xffff8801b8db8000)
0000000014ae6dad: ffff8801b8dc0000 (0xffff8801b8dc0000)
00000000390c0e9d: 0000000000000000 ...
00000000e329f6c7: 0000000000000002 (0x2)
000000002a2e8d4f: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
0000000062d372eb: 0000000100000000 (0x100000000)
00000000d13af120: ffff8801b8dbf370 (0xffff8801b8dbf370)
000000008ac8c92c: ffff8801b8dbf160 (0xffff8801b8dbf160)
00000000b23de389: ffffffff811f5629 (vmx_vcpu_run+0x2379/0x25f0)
00000000821c24e6: 0000000000000000 ...
00000000778f1efb: 0000000000000093 (0x93)
000000006ff9ef9d: 0000000000000000 ...
00000000eb26cdd0: ffffffff88b17be0 (pv_cpu_ops+0x120/0x120)
0000000084a54737: 00000000ffffffff (0xffffffff)
0000000012a1a954: ffff8801b8dbf238 (0xffff8801b8dbf238)
00000000122c0636: ffffffff8129bd48 (show_stack+0x38/0x3a)
00000000469fedf3: ffff8801b8dbf2e8 (0xffff8801b8dbf2e8)
00000000a17c6065: ffffffff874779a5 (dump_stack+0x1b9/0x294)
0000000013e2598b: fffffbfff1162f7c (0xfffffbfff1162f7c)
000000009504cc11: dffffc0000000000 (0xdffffc0000000000)
0000000048dabde0: 1ffff100371b7e4c (0x1ffff100371b7e4c)
0000000048912c73: 0000000041b58ab3 (0x41b58ab3)
0000000014fd490f: ffffffff8877792c (regoff.33532+0x34e16c/0x3608f0)
000000003003ebab: ffffffff874777ec (dump_stack_print_info.cold.2+0x52/0x52)
00000000d7d782ed: ffffffff815f7c32 (printk+0x9e/0xba)
0000000049723edb: 0000000041b58ab3 (0x41b58ab3)
00000000143dfdb8: ffffffff8878d15c (K512_4+0x125c/0x114d54)
00000000250d0cf7: ffffffff815f7b94 (kmsg_dump_rewind_nolock+0xe4/0xe4)
0000000001715438: ffffffff88c21520 (kmem_cache_boot+0x320/0x320)
0000000098b98a8b: ffffffff00000008 (0xffffffff00000008)
00000000f6e79fe0: ffff8801b8dbf330 (0xffff8801b8dbf330)
0000000048d95dec: ffff8801b8dbf2e0 (0xffff8801b8dbf2e0)
0000000010b4b305: ffffffff81b2a914 (kasan_check_write+0x14/0x20)
00000000e40012f6: ffffea0006e36fc0 (0xffffea0006e36fc0)
00000000b1d1ad8b: 0000000000000000 ...
000000008d493298: ffff8801b8dbf7b8 (0xffff8801b8dbf7b8)
0000000087815ac3: 0000000000000008 (0x8)
00000000b5a76838: ffff8801b8dbf7b8 (0xffff8801b8dbf7b8)
00000000bc2d3b57: ffff8801b8dbf320 (0xffff8801b8dbf320)
00000000f17eef50: ffffffff81b2bbf1 (print_address_description+0x6c/0x20b)
000000004fc9569a: ffff8801b8dbf7b8 (0xffff8801b8dbf7b8)
0000000087e3bd14: 0000000000000000 ...
00000000bd149c14: ffffffff811f5629 (vmx_vcpu_run+0x2379/0x25f0)
00000000b5aec812: 0000000000000008 (0x8)
00000000ec15333d: ffff8801b8dbf7b8 (0xffff8801b8dbf7b8)
00000000aaf96716: ffff8801b8dbf360 (0xffff8801b8dbf360)
00000000a809e01a: ffffffff81b2be3c (kasan_report.cold.7+0xac/0x2f5)
00000000c8747791: 0000000000000082 (0x82)
00000000528ad0e9: 0000000010000000 (0x10000000)
000000006365fcca: 0000000000000000 ...
00000000391b47ca: ffff8801b8dbf370 (0xffff8801b8dbf370)
00000000a52709df: ffffffff81b2b8d4 (__asan_report_load8_noabort+0x14/0x20)
0000000057b50f01: ffff8801bc0d09f0 (0xffff8801bc0d09f0)
0000000016d55dfe: ffffffff811f5629 (vmx_vcpu_run+0x2379/0x25f0)
0000000017809533: ffff8801b8dbf878 (0xffff8801b8dbf878)
00000000d6529ae9: ffff8801b8dbf7b8 (0xffff8801b8dbf7b8)
000000004ed657b7: ffffed00371b7ed7 (0xffffed00371b7ed7)
00000000194c23ae: 0000000041b58ab3 (0x41b58ab3)
000000004d1ef307: ffffffff8878d808 (K512_4+0x1908/0x114d54)
00000000379bd5df: ffffffff81466100 (mm_update_next_owner+0x980/0x980)
0000000080797c58: ffffffff88779790 (regoff.33532+0x34ffd0/0x3608f0)
000000005a6e24d7: ffffffff815b0a90 (print_usage_bug+0xc0/0xc0)
000000005f2b77f3: 0000000000000282 (0x282)
000000003c39e5aa: 0000000041b58ab3 (0x41b58ab3)
0000000083e17661: ffffffff887773a1 (regoff.33532+0x34dbe1/0x3608f0)
00000000291d51a6: ffffffff815aa680 (graph_lock+0x170/0x170)
00000000502283d5: ffffffff815ca2de (do_raw_spin_unlock+0x9e/0x2e0)
0000000076cb0676: 0000000041b58ab3 (0x41b58ab3)
0000000080212064: ffffffff8877792c (regoff.33532+0x34e16c/0x3608f0)
000000001d0c313c: 0000000041b58ab3 (0x41b58ab3)
00000000a58f80d2: ffffffff88783be0 (regoff.33532+0x35a420/0x3608f0)
00000000222160f6: ffffffff81638650 (rcu_note_context_switch+0x710/0x710)
000000005494e8f0: ffffffff815ba7ec (lock_acquire+0x1dc/0x520)
000000006cf1466a: 0000000000000000 ...
000000000305ee23: ffff8801b8dbf7d0 (0xffff8801b8dbf7d0)
0000000038fa1476: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
00000000391a72bb: ffffffff87ac7100 (tk_debug_sleep_time_fops+0x2c0/0x940)
00000000ba133343: 0000000000000039 (0x39)
0000000040e60c97: 0000000000000000 ...
000000004cae5251: ffff8801b8dbf488 (0xffff8801b8dbf488)
0000000084ce227e: ffffffff8150f375 (__might_sleep+0x95/0x190)
0000000086d484b9: 0000000000000000 ...
0000000013237a33: ffff8801b8dbf7b8 (0xffff8801b8dbf7b8)
000000002b982304: 1ffff100371b7ea2 (0x1ffff100371b7ea2)
000000009d707a33: ffff8801bc0d0d38 (0xffff8801bc0d0d38)
000000004fef6272: ffffc90000c80920 (0xffffc90000c80920)
000000002d759e5e: ffffc90000c80920 (0xffffc90000c80920)
000000001e0cc113: 000000000000008f (0x8f)
00000000d3d2847a: ffff8801bc0d0d5a (0xffff8801bc0d0d5a)
00000000f2aeaf9d: 0000000000000000 ...
000000008fa83be4: 000000000000000c (0xc)
0000000088170f0f: ffff8801bc0d0d24 (0xffff8801bc0d0d24)
00000000099ce9bc: ffff8801b8dbf850 (0xffff8801b8dbf850)
00000000da0d2676: ffffffff815b3e05 (__lock_acquire+0x7f5/0x5130)
000000001d1c612b: ffffc90000c80920 (0xffffc90000c80920)
000000008ba24a24: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
0000000005277673: ffff8801b8dbf530 (0xffff8801b8dbf530)
000000009c173089: ffff8801b8dbf618 (0xffff8801b8dbf618)
00000000c6630756: 0000000000000282 (0x282)
0000000066fc4a73: 0000000000000000 ...
0000000023380c60: ffff880100000001 (0xffff880100000001)
00000000866161f7: ffff8801bc0d0d30 (0xffff8801bc0d0d30)
000000001d8f896b: 0000000000000282 (0x282)
000000004245f086: ffffffff00000001 (0xffffffff00000001)
00000000fd837cb6: 0000000041b58ab3 (0x41b58ab3)
00000000cd1f24cd: ffffffff88792688 (K512_4+0x6788/0x114d54)
00000000d69ecc8e: ffff8801bc0d0d50 (0xffff8801bc0d0d50)
000000009cec4693: ffffc90000000000 (0xffffc90000000000)
00000000409d1f5f: ffffffff89fa4cc8 (chainhash_table+0x7608/0x40020)
000000008e48c014: ffff8801bc0d0d28 (0xffff8801bc0d0d28)
000000004eb9c4d4: ffff8801bc0d0d58 (0xffff8801bc0d0d58)
0000000070aad16f: ffff8801bc0d0d30 (0xffff8801bc0d0d30)
000000003c6906ce: ffff8801bc0d0d38 (0xffff8801bc0d0d38)
0000000047ec4d31: 1ffff100371b7eac (0x1ffff100371b7eac)
00000000022e5e0e: 0000000041b58ab3 (0x41b58ab3)
00000000af2f1ff8: ffffffff887925f8 (K512_4+0x66f8/0x114d54)
00000000420a30bd: ffffffff815b3610 (debug_check_no_locks_freed+0x310/0x310)
000000000fb22202: ffffffff81b2a8f1 (kasan_check_read+0x11/0x20)
00000000ed19b566: ffff8801b8dbf618 (0xffff8801b8dbf618)
00000000544a2c28: ffffffff815ca2de (do_raw_spin_unlock+0x9e/0x2e0)
00000000724b6d3f: 0000000041b58ab3 (0x41b58ab3)
0000000011fd1ce4: ffffffff8877792c (regoff.33532+0x34e16c/0x3608f0)
000000006d1140b9: ffffffff815ca240 (do_raw_spin_trylock+0x1b0/0x1b0)
00000000cf2266b7: ffff8801cb31fc90 (0xffff8801cb31fc90)
00000000b724fa90: 0000000000000001 (0x1)
00000000269dd053: ffffc90000c80910 (0xffffc90000c80910)
00000000eab72f77: ffffc90000c80918 (0xffffc90000c80918)
00000000c27045ab: ffffc90000c80940 (0xffffc90000c80940)
00000000aa25a0e1: ffffffff81b2a914 (kasan_check_write+0x14/0x20)
0000000074d56a52: ffff8801b8dbf610 (0xffff8801b8dbf610)
00000000b203f66e: ffffffff81770ef3 (__sanitizer_cov_trace_switch+0x53/0x90)
000000003d3ee2e6: 0000000000000002 (0x2)
00000000f4288350: ffff8801d71fe680 (0xffff8801d71fe680)
000000001116e3b5: ffff8801b8dbf858 (0xffff8801b8dbf858)
0000000046be82f7: ffffffff89997e08 (lock_chains+0x29c8/0x200020)
000000008b56da0c: ffffffff81770e3a (__sanitizer_cov_trace_const_cmp1+0x1a/0x20)
00000000b85db8b5: ffff8801b8dbf630 (0xffff8801b8dbf630)
000000009176c7fe: ffffffff816a1b5d (drop_futex_key_refs.isra.13+0x6d/0xe0)
000000004008729d: ffff8801b8dbf630 (0xffff8801b8dbf630)
000000001dfaa85f: ffffffff81770e98 (__sanitizer_cov_trace_const_cmp8+0x18/0x20)
00000000659f533f: ffff8801b8dbf880 (0xffff8801b8dbf880)
00000000ec827d58: ffffffff816a8301 (futex_wait+0x5c1/0x9f0)
000000009e3c3e30: ffff8801b8dbf6f8 (0xffff8801b8dbf6f8)
00000000d82ee3ee: 1ffff100371b7ed3 (0x1ffff100371b7ed3)
0000000005be5a19: 0000000000000000 ...
00000000876f1413: ffff8801b8dbf7e8 (0xffff8801b8dbf7e8)
00000000d39e5ae1: 00000000ffffffff (0xffffffff)
000000002fb167cd: 1ffff100371b7edb (0x1ffff100371b7edb)
0000000059b57145: ffff8801b8dbf838 (0xffff8801b8dbf838)
00000000493e19a3: 0000000000000000 ...
0000000074b7f83b: ffffffff815a8ec3 (perf_trace_lock_acquire+0xe3/0x980)
00000000cbb09f3e: fffffe0000000001 (0xfffffe0000000001)
000000000541fbf9: 0000000000000000 ...
00000000a904a83d: 0000000041b58ab3 (0x41b58ab3)
0000000061adcc85: ffffffff88796de8 (K512_4+0xaee8/0x114d54)
00000000a0efbdc0: ffffffff816a7d40 (futex_wait_setup+0x400/0x400)
0000000094295b2a: 0000000041b58ab3 (0x41b58ab3)
0000000006b1722a: ffff8801bc0d09e8 (0xffff8801bc0d09e8)
00000000a402516b: ffffffff00000000 (0xffffffff00000000)
000000000ac4c1e8: ffff880100000000 (0xffff880100000000)
00000000e1acd078: ffff8801913f32b8 (0xffff8801913f32b8)
00000000c65522e1: 0000000041b58ab3 (0x41b58ab3)
0000000057d5b669: ffffffff8878d998 (K512_4+0x1a98/0x114d54)
0000000059ab1e35: ffffffff815a8de0 (perf_trace_lock+0x900/0x900)
00000000bf8a4c03: ffffffff815aa680 (graph_lock+0x170/0x170)
00000000d2c49231: ffffc900001c0018 (0xffffc900001c0018)
000000003ee74809: dffffc0000000000 (0xdffffc0000000000)
00000000e93ff0ce: ffff8801b8dbf928 (0xffff8801b8dbf928)
000000001dba9a71: 0000000000000002 (0x2)
00000000177c2bd0: ffff8801b8dbf728 (0xffff8801b8dbf728)
0000000067778b74: ffffffff81770e76 (__sanitizer_cov_trace_const_cmp4+0x16/0x20)
00000000677d7f14: 0000000041b58ab3 (0x41b58ab3)
000000005a73a63d: ffffffff887773a1 (regoff.33532+0x34dbe1/0x3608f0)
00000000ea6b5985: ffffffff815aa680 (graph_lock+0x170/0x170)
000000009d69394e: 0000000041b58ab3 (0x41b58ab3)
000000000664cf5e: ffffffff8879e388 (K512_4+0x12488/0x114d54)
00000000858ed99e: ffffffff818ea820 (perf_event_sync_stat+0x5f0/0x5f0)
0000000047f3896a: ffff8801b8dbf7d8 (0xffff8801b8dbf7d8)
000000006e9280f4: ffff8801b8dbf8a8 (0xffff8801b8dbf8a8)
00000000d6a71908: ffffed00371b7f15 (0xffffed00371b7f15)
000000001eecec72: 1ffff100371b7ef1 (0x1ffff100371b7ef1)
00000000a7654b74: ffff8801bc0d09e8 (0xffff8801bc0d09e8)
00000000fc4fc98c: 1ffff100371b7f05 (0x1ffff100371b7f05)
000000008043f743: ffff8801b8dbfc7c (0xffff8801b8dbfc7c)
000000000e9b94b5: 0000000000000074 (0x74)
000000008e2ad657: 0000000000000000 ...
00000000590fc29e: ffff8801b8dbf7c8 (0xffff8801b8dbf7c8)
000000008ee1d34a: ffffffff81b2af71 (memset+0x31/0x40)
0000000028fe5209: 1ffff100371b7f01 (0x1ffff100371b7f01)
000000003817bebc: ffff8801b8dbf878 (0xffff8801b8dbf878)
00000000831eba87: 0000000000000000 ...
000000003cc7a740: 1ffff100371b7f0e (0x1ffff100371b7f0e)
00000000a6570b5c: ffff8801bc0d0d38 (0xffff8801bc0d0d38)
00000000574675d5: ffff8801913f32a0 (0xffff8801913f32a0)
00000000be9dc757: ffff8801913f32a0 (0xffff8801913f32a0)
0000000099c881d7: 0000000000000000 ...
000000003badd55a: ffff8801b8dbf838 (0xffff8801b8dbf838)
00000000bc1e9047: ffffffff815aaf66 (find_held_lock+0x36/0x1c0)
000000003a42483d: 00000001b8dbf810 (0x1b8dbf810)
00000000c58d7ba9: ffff8801b8dbf890 (0xffff8801b8dbf890)
0000000076fcc5e2: 1ffff100371b7f0e (0x1ffff100371b7f0e)
000000000f10515a: ffff8801b8dbf950 (0xffff8801b8dbf950)
0000000040c0166d: ffff8801913f32a0 (0xffff8801913f32a0)
00000000261e7be2: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
00000000d8941285: ffff8801b8dbf890 (0xffff8801b8dbf890)
0000000034534e9d: ffff8801b8dbf978 (0xffff8801b8dbf978)
0000000072293943: 0000000000000082 (0x82)
000000005507b95a: 0000000041b58ab3 (0x41b58ab3)
0000000042bf438d: ffffffff00000001 (0xffffffff00000001)
00000000151795d3: ffff8801bc0d0d30 (0xffff8801bc0d0d30)
000000005cf95053: 0000000000000082 (0x82)
00000000b4ad79c5: ffffffff00000001 (0xffffffff00000001)
00000000597a5ef5: 0000000041b58ab3 (0x41b58ab3)
0000000098676075: ffff8801b8dbf878 (0xffff8801b8dbf878)
00000000463f7835: ffff8801b8dbf878 (0xffff8801b8dbf878)
000000005e6ed1db: 1ffff100371b7f15 (0x1ffff100371b7f15)
000000003634d112: 0000000000000000 ...
000000001498b69e: 0000000000000282 (0x282)
00000000e7dc8634: ffff8801913f32a0 (0xffff8801913f32a0)
0000000075a5b3fa: 1ffff100371b7f21 (0x1ffff100371b7f21)
000000007fc7c8c5: 1ffff100371b7f1e (0x1ffff100371b7f1e)
0000000025be8683: 0000000000000000 ...
00000000fa53ef6a: ffff8801b8dbf968 (0xffff8801b8dbf968)
00000000486775ae: ffff8801b040ee00 (0xffff8801b040ee00)
000000009a1a322a: 0000000000000004 (0x4)
000000006408b0f4: ffff8801b040ee9c (0xffff8801b040ee9c)
00000000678dcfac: ffff8801b8dbf990 (0xffff8801b8dbf990)
00000000d4d48f22: ffffffff81468a0f (do_group_exit+0x16f/0x430)
0000000001d18577: 0000000041b58ab3 (0x41b58ab3)
00000000121fe73c: ffffffff8877792c (regoff.33532+0x34e16c/0x3608f0)
000000008fbce53c: ffffffff815ca240 (do_raw_spin_trylock+0x1b0/0x1b0)
000000009a6bbb59: 0000000041b58ab3 (0x41b58ab3)
000000004135a524: ffffffff88777671 (regoff.33532+0x34deb1/0x3608f0)
00000000789c328e: ffffffff814688a0 (SyS_exit+0x30/0x30)
00000000463ebcbc: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
00000000635f2556: ffffffff874ec857 (_raw_spin_unlock_irq+0x27/0x70)
0000000014ac1f04: 0000000000000000 ...
000000007c728ccf: 0000000000000009 (0x9)
00000000f152b8b4: 0000000000000000 ...
00000000408695b4: ffff8801b8dbf968 (0xffff8801b8dbf968)
000000008d644073: ffffffff815b29f1 (trace_hardirqs_on_caller+0x421/0x5c0)
00000000eaf47a6c: ffff8801913f3288 (0xffff8801913f3288)
0000000046f3f9c0: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
000000008eb64b0a: dffffc0000000000 (0xdffffc0000000000)
000000002f63e649: 0000000000000000 ...
000000005c9302aa: 0000000000000009 (0x9)
00000000764cb19b: 0000000000000000 ...
00000000eba8ee72: ffff8801b8dbfb40 (0xffff8801b8dbfb40)
000000008b299261: ffffffff8149c796 (get_signal+0x886/0x1960)
00000000e958139c: 1ffff100371b7f3f (0x1ffff100371b7f3f)
00000000dc9cb10f: ffffed00371b7f5b (0xffffed00371b7f5b)
000000006ca0106d: ffff8801b8dbfc50 (0xffff8801b8dbfc50)
0000000045d1af96: 0000000000000108 (0x108)
00000000f2cfe34a: ffff8801b040ee9c (0xffff8801b040ee9c)
0000000092d402f4: ffff8801913f3288 (0xffff8801913f3288)
000000005eb90f46: ffff8801b040ee00 (0xffff8801b040ee00)
0000000031fd2c76: ffffffff00000004 (0xffffffff00000004)
00000000dfb3684a: 0000000800000000 (0x800000000)
00000000509f0e6e: ffff8801913f2a80 (0xffff8801913f2a80)
00000000f81de09f: ffff8801b8dbfc70 (0xffff8801b8dbfc70)
000000006929e014: 0000000041b58ab3 (0x41b58ab3)
0000000009224612: ffffffff8877c780 (regoff.33532+0x352fc0/0x3608f0)
000000003c1e0566: ffffffff8149bf10 (ptrace_notify+0x130/0x130)
000000002615c720: ffff88018beda5c0 (0xffff88018beda5c0)
000000004540ea27: ffff880100000000 (0xffff880100000000)
0000000070d8aecd: ffff8801db12c500 (0xffff8801db12c500)
0000000061c0d0db: ffff88018beda5c0 (0xffff88018beda5c0)
000000000d0b0877: ffff8801d71fe680 (0xffff8801d71fe680)
00000000f3544f3b: ffff8801db12c518 (0xffff8801db12c518)
000000006966aaf5: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
0000000019085cbf: ffff8801b8dbfc28 (0xffff8801b8dbfc28)
00000000dd831e0b: ffffffff874d53cf (__schedule+0x80f/0x1e40)
000000009295649d: ffffffff8162d2b5 (rcu_is_watching+0x85/0x140)
0000000020ce73ca: ffff8801b8dbfab0 (0xffff8801b8dbfab0)
00000000f0f9ceb4: 0000000041b58ab3 (0x41b58ab3)
00000000e00c8aea: ffff8801db12c518 (0xffff8801db12c518)
00000000731f8a08: ffff8801db12cf48 (0xffff8801db12cf48)
0000000000cc489d: ffff8801db12cf20 (0xffff8801db12cf20)
00000000f18b6018: 1ffff100371b7f54 (0x1ffff100371b7f54)
00000000b4a50af6: ffff8801b8dbfbc0 (0xffff8801b8dbfbc0)
00000000147d4980: ffff8801db12c500 (0xffff8801db12c500)
00000000536e84e2: 0000000041b58ab3 (0x41b58ab3)
000000009e981efd: ffffffff887909b0 (K512_4+0x4ab0/0x114d54)
000000000c1c5bbd: ffffffff874d4bc0 (__sched_text_start+0x8/0x8)
000000002a27f0d1: 0000000000000282 (0x282)
0000000029959b12: dffffc0000000000 (0xdffffc0000000000)
00000000c5ddcdc5: 0000000000000001 (0x1)
00000000788b736c: ffff88018aa72830 (0xffff88018aa72830)
00000000ae78983c: 0000000000000000 ...
000000009cc90ba3: 0000000000000001 (0x1)
000000001010771a: ffff8801b8dbfc50 (0xffff8801b8dbfc50)
0000000022854738: ffffffff81c4116c (__fget+0x40c/0x650)
0000000078c39455: ffff8801b8dbfba8 (0xffff8801b8dbfba8)
0000000085ab7af6: 1ffff100371b7f69 (0x1ffff100371b7f69)
0000000063ae366d: 0000001500004000 (0x1500004000)
00000000027c65bc: 1ffff100371b7f76 (0x1ffff100371b7f76)
00000000b1e6adc3: ffff8801b8dbff58 (0xffff8801b8dbff58)
00000000b2e0b5e1: ffff8801b8dbfc50 (0xffff8801b8dbfc50)
00000000f9e7b216: fffffbfff1162f7e (0xfffffbfff1162f7e)
00000000da921a9f: dffffc0000000000 (0xdffffc0000000000)
0000000038e10bb7: ffff8801b8dbfd58 (0xffff8801b8dbfd58)
000000000936da5b: ffffffff8128bd38 (do_signal+0x98/0x2040)
000000005b8922a2: ffffffff88777560 (regoff.33532+0x34dda0/0x3608f0)
00000000da9d9c36: ffffffff81c40d60 (expand_files.part.8+0x9a0/0x9a0)
00000000626de6e5: ffff880100000001 (0xffff880100000001)
000000005d0e9eab: 0000000000000001 (0x1)
000000003e005e37: 0000000000000082 (0x82)
000000004add1333: ffffffff00000001 (0xffffffff00000001)
00000000c1c1d984: 0000000000000000 ...
0000000020db399f: ffffffff88792688 (K512_4+0x6788/0x114d54)
00000000e6fffdad: ffffffff815b9c00 (lock_downgrade+0x8e0/0x8e0)
000000006268b130: 1ffff100371b7f77 (0x1ffff100371b7f77)
00000000dcd3527e: 0000000000000000 ...
00000000e8459f26: ffff8801b7dd2700 (0xffff8801b7dd2700)
00000000967dda6f: 0000000041b58ab3 (0x41b58ab3)
00000000b1ae9497: ffffffff88783d38 (regoff.33532+0x35a578/0x3608f0)
00000000eb4ea2c1: ffffffff8128bca0 (setup_sigcontext+0x7d0/0x7d0)
000000001ef9cf79: ffff880100009ffb (0xffff880100009ffb)
000000005028acba: ffff8801b8dbfc08 (0xffff8801b8dbfc08)
00000000984cd29d: ffffffff81770ef3 (__sanitizer_cov_trace_switch+0x53/0x90)
000000005a5ab374: ffff88018aa727c0 (0xffff88018aa727c0)
0000000063be94cd: 1ffff100371b7f8a (0x1ffff100371b7f8a)
0000000011a8c867: ffffffff8106dc90 (kvm_uevent_notify_change.part.29+0x440/0x440)
000000008a23f703: ffff8801b8dbfc08 (0xffff8801b8dbfc08)
000000006d2eae93: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
00000000525ea8cc: dffffc0000000000 (0xdffffc0000000000)
00000000d32f6733: 1ffff100371b7f8a (0x1ffff100371b7f8a)
0000000044219dde: fffffbfff1162f7e (0xfffffbfff1162f7e)
000000002ff3bf80: 0000000000000008 (0x8)
00000000785a9e74: ffff8801b8dbfd58 (0xffff8801b8dbfd58)
0000000082ff71a5: ffffffff874d6aef (schedule+0xef/0x430)
000000003389b1e8: 0000000000000015 (0x15)
000000003d25dd95: dffffc0000000000 (0xdffffc0000000000)
000000000784c0d5: 0000000000000000 ...
000000002d505cb7: 0000000041b58ab3 (0x41b58ab3)
0000000055415574: ffffffff88777560 (regoff.33532+0x34dda0/0x3608f0)
00000000df53f5af: ffffffff874d6a00 (__schedule+0x1e40/0x1e40)
000000003e0b607e: 00004000bc0d0c78 (0x4000bc0d0c78)
000000002c704835: 0000000000000009 (0x9)
000000000acf5646: 0000000000000000 ...
00000000587bc2d7: ffff8801b8dbfe00 (0xffff8801b8dbfe00)
00000000b70926b3: ffff8801b8dbfe00 (0xffff8801b8dbfe00)
00000000a6faf9f5: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
000000002d53e40a: ffffffff81008247 (exit_to_usermode_loop+0x87/0x310)
00000000eada6287: ffff8801b8dbfdd8 (0xffff8801b8dbfdd8)
00000000b4853a58: fffffbfff1162f7e (0xfffffbfff1162f7e)
00000000a7a1d1f7: 1ffff100371b7fdc (0x1ffff100371b7fdc)
00000000609cda9f: 6f15f4b581622100 (0x6f15f4b581622100)
00000000a7aa04f0: 0000000000000004 (0x4)
00000000b381f8dc: dffffc0000000000 (0xdffffc0000000000)
000000009949bdbe: ffff8801b8dbfdd8 (0xffff8801b8dbfdd8)
0000000076e2c1cd: fffffbfff1162f7e (0xfffffbfff1162f7e)
00000000d728b5ff: 0000000000000004 (0x4)
00000000b0697cfa: ffff8801b8dbfe00 (0xffff8801b8dbfe00)
00000000dbd8bc16: ffffffff8100844a (exit_to_usermode_loop+0x28a/0x310)
00000000d4223343: 1ffff100371b7faf (0x1ffff100371b7faf)
00000000d7d5b747: ffff8801b8dbff58 (0xffff8801b8dbff58)
000000001797bd34: 0000000041b58ab3 (0x41b58ab3)
0000000026cee3de: ffffffff88777671 (regoff.33532+0x34deb1/0x3608f0)
0000000016679854: ffffffff810081c0 (syscall_slow_exit_work+0x4f0/0x4f0)
000000007529677e: ffff8801bc0d0d30 (0xffff8801bc0d0d30)
0000000048a0c37c: 0000000000000000 ...
00000000fa1f6323: ffffffff81c11fa1 (ksys_ioctl+0x81/0xd0)
00000000166576fa: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
00000000d4f18d59: ffffffff810099c7 (do_syscall_64+0xb7/0x9d0)
00000000e0ae2922: 1ffff100371b7fc8 (0x1ffff100371b7fc8)
0000000083076cc6: ffff8801b8dbff20 (0xffff8801b8dbff20)
00000000b609124b: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
00000000e1e2e78d: 0000000000000082 (0x82)
0000000061468c23: ffff8801b8dbff58 (0xffff8801b8dbff58)
00000000fcde0261: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
0000000047086be0: 1ffff100371b7fc8 (0x1ffff100371b7fc8)
000000008bca6662: 0000000000000004 (0x4)
0000000059d72448: 1ffff100371b7fdc (0x1ffff100371b7fdc)
00000000fe3f9113: ffff8801b8dbff48 (0xffff8801b8dbff48)
00000000fed7acff: ffffffff8100a0a2 (do_syscall_64+0x792/0x9d0)
0000000010461e87: ffffffff81351120 (vmalloc_sync_all+0x30/0x30)
00000000b82a65cc: ffffffff874ec857 (_raw_spin_unlock_irq+0x27/0x70)
0000000034e73089: ffff8801db12c500 (0xffff8801db12c500)
0000000021c4e4de: ffff8801b8dbff28 (0xffff8801b8dbff28)
00000000bc0ba361: ffffffff815079aa (finish_task_switch+0x1ca/0x820)
000000008eaa95f4: 0000000000000004 (0x4)
00000000397af006: 0000000041b58ab3 (0x41b58ab3)
00000000e02f8576: ffffffff88777560 (regoff.33532+0x34dda0/0x3608f0)
00000000a6497759: ffffffff81009910 (syscall_return_slowpath+0x5c0/0x5c0)
0000000051ca64cc: ffff8801b8dbfe68 (0xffff8801b8dbfe68)
00000000b60485a1: 0000000000000000 ...
00000000d4b625f1: ffff8801b8dbff48 (0xffff8801b8dbff48)
000000001fa1fa15: ffffffff8100965f (syscall_return_slowpath+0x30f/0x5c0)
000000006aa0577a: ffff8801b8dbff58 (0xffff8801b8dbff58)
00000000270cda2e: 0000000041b58ab3 (0x41b58ab3)
000000007c6b8c58: ffffffff887773a1 (regoff.33532+0x34dbe1/0x3608f0)
000000000b6c7c3f: ffff8801bc0d0d30 (0xffff8801bc0d0d30)
00000000eac83096: ffff8801b8dbfea8 (0xffff8801b8dbfea8)
0000000070bd8b29: 0000000000000004 (0x4)
0000000086619d10: ffff8801bc0d04c0 (0xffff8801bc0d04c0)
00000000e215a50c: ffffffff87600096 (entry_SYSCALL_64_after_hwframe+0x52/0xb7)
00000000e60b84ac: 0000000000000000 ...
0000000079af1d7e: 0000000000000082 (0x82)
000000005e3c835f: 0000000000000000 ...
000000000adf29d9: 0000000000000004 (0x4)
00000000a9916fe4: 0000000000000000 ...
000000004fb1d8ba: ffff8801b8dbff48 (0xffff8801b8dbff48)
00000000fc1e97e3: ffffffff81005485 (trace_hardirqs_off_thunk+0x1a/0x1c)
00000000232c0960: 0000000000000000 ...
000000003c413a08: ffffffff87600086 (entry_SYSCALL_64_after_hwframe+0x42/0xb7)
0000000091471806: 0000000000000001 (0x1)
00000000016377ec: 00007f48e48a29c0 (0x7f48e48a29c0)
000000004115c334: 0000000000a3e81f (0xa3e81f)
0000000070dcff90: 0000000000000000 ...
00000000eae9c81b: 000000000072bf80 (0x72bf80)
00000000ca2f63d9: 000000000072bf80 (0x72bf80)
0000000085bf4fe4: 0000000000000246 (0x246)
00000000b76a0151: 0000000000000000 ...
00000000183aa1ad: 000000000072bf58 (0x72bf58)
000000000c023d36: 0000000000000000 ...
00000000936c0186: fffffffffffffe00 (0xfffffffffffffe00)
00000000bc1e97c1: 0000000000455259 (0x455259)
00000000f65fe9ef: 0000000000000000 ...
00000000a5d48b0b: 000000000072bf80 (0x72bf80)
0000000088052e2e: 00000000000000ca (0xca)
0000000074a1671d: 0000000000455259 (0x455259)
000000004a4bcb5d: 0000000000000033 (0x33)
00000000dba58251: 0000000000000246 (0x246)
00000000c8b1c50f: 00007f48e48a1ce8 (0x7f48e48a1ce8)
00000000ea687243: 000000000000002b (0x2b)

The buggy address belongs to the page:
page:ffffea0006e36fc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x2fffc0000000000()
raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
raw: 0000000000000000 ffffea0006e30101 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
ffff8801b8dbf680: f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00
ffff8801b8dbf700: f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 f8
ffff8801b8dbf780: f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00
^
ffff8801b8dbf800: f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 f8
ffff8801b8dbf880: f8 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00
==================================================================


---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzkaller@xxxxxxxxxxxxxxxxx

syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug report.
Note: all commands must start from beginning of the line in the email body.