random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN CPU: 1 PID: 4554 Comm: syz-executor262 Not tainted 4.18.0-rc1+ #109 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:msr_write_intercepted arch/x86/kvm/vmx.c:2327 [inline] RIP: 0010:vmx_vcpu_run+0x1328/0x2600 arch/x86/kvm/vmx.c:10149 Code: 91 00 00 00 e8 19 64 5c 00 48 8b 54 24 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 8c 10 00 00 48 8b 04 24 <48> 8b 98 40 57 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 40 48 RSP: 0018:ffff8801d82ff370 EFLAGS: 00010046 ================================================================== BUG: KASAN: stack-out-of-bounds in __show_regs.cold.7+0x2b/0x54a arch/x86/kernel/process_64.c:79 Read of size 8 at addr ffff8801d82ff320 by task syz-executor262/4554 CPU: 1 PID: 4554 Comm: syz-executor262 Not tainted 4.18.0-rc1+ #109 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 __show_regs.cold.7+0x2b/0x54a arch/x86/kernel/process_64.c:79 show_regs+0x21/0x40 arch/x86/kernel/dumpstack.c:413 __die+0x65/0xb4 arch/x86/kernel/dumpstack.c:379 die+0x2a/0x46 arch/x86/kernel/dumpstack.c:399 do_general_protection+0x265/0x2f0 arch/x86/kernel/traps.c:561 general_protection+0x1e/0x30 arch/x86/entry/entry_64.S:1159 RIP: 0010:msr_write_intercepted arch/x86/kvm/vmx.c:2327 [inline] RIP: 0010:vmx_vcpu_run+0x1328/0x2600 arch/x86/kvm/vmx.c:10149 Code: 91 00 00 00 e8 19 64 5c 00 48 8b 54 24 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 8c 10 00 00 48 8b 04 24 <48> 8b 98 40 57 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 40 48 RSP: 0018:ffff8801d82ff370 EFLAGS: 00010046 RAX: 1ffff1003b05fead RBX: 0000000010000000 RCX: ffffffff811f467a RDX: 1ffff1003b05fe95 RSI: ffffffff811f4687 RDI: 0000000000000005 RBP: 1ffff1003b05fe74 R08: ffff8801ab934780 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 WARNING: kernel stack regs at (____ptrval____) in syz-executor262:4554 has bad 'bp' value (____ptrval____) unwind stack type:0 next_sp: (null) mask:0x2 graph_idx:0 (____ptrval____): ffff8801d82ff038 (0xffff8801d82ff038) (____ptrval____): ffffffff812a8b05 (show_trace_log_lvl+0x1f6/0x28c) (____ptrval____): ffffffff811f46a8 (vmx_vcpu_run+0x1328/0x2600) (____ptrval____): ffff8801d82ff348 (0xffff8801d82ff348) (____ptrval____): 0000000000000002 (0x2) (____ptrval____): 0000000000000001 (0x1) (____ptrval____): ffff8801d82f8000 (0xffff8801d82f8000) (____ptrval____): ffff8801d8300000 (0xffff8801d8300000) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82f8000 (0xffff8801d82f8000) (____ptrval____): ffff8801d8300000 (0xffff8801d8300000) (____ptrval____): 0000000000000000 ... (____ptrval____): 0000000000000002 (0x2) (____ptrval____): ffff8801ab934780 (0xffff8801ab934780) (____ptrval____): 0000010100000000 (0x10100000000) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82fef68 (0xffff8801d82fef68) (____ptrval____): ffffffff811f46a8 (vmx_vcpu_run+0x1328/0x2600) (____ptrval____): ffff8801d82ff2c8 (0xffff8801d82ff2c8) (____ptrval____): 6b3b928dd5400d00 (0x6b3b928dd5400d00) (____ptrval____): 0000000000000012 (0x12) (____ptrval____): 0000000000000000 ... (____ptrval____): ffffffff88f1afe0 (pv_cpu_ops+0x120/0x120) (____ptrval____): 00000000ffffffff (0xffffffff) (____ptrval____): ffff8801d82ff048 (0xffff8801d82ff048) (____ptrval____): ffffffff812a8bd3 (show_stack+0x38/0x3a) (____ptrval____): ffff8801d82ff0f8 (0xffff8801d82ff0f8) (____ptrval____): ffffffff878ab4e5 (dump_stack+0x1c9/0x2b4) (____ptrval____): fffffbfff11e35fc (0xfffffbfff11e35fc) (____ptrval____): dffffc0000000000 (0xdffffc0000000000) (____ptrval____): 1ffff1003b05fe0e (0x1ffff1003b05fe0e) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bd7724 (regoff.34018+0x367ea4/0x37a9c0) (____ptrval____): ffffffff878ab31c (dump_stack_print_info.cold.2+0x52/0x52) (____ptrval____): ffffffff8163040b (printk+0xa7/0xcf) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bed74c (K512_4+0x130c/0x120344) (____ptrval____): ffffffff81630364 (kmsg_dump_rewind_nolock+0xe4/0xe4) (____ptrval____): ffffffff89028180 (kmem_cache_boot+0x320/0x320) (____ptrval____): ffffffff00000008 (0xffffffff00000008) (____ptrval____): ffff8801d82ff140 (0xffff8801d82ff140) (____ptrval____): ffff8801d82ff0f0 (0xffff8801d82ff0f0) (____ptrval____): 6b3b928dd5400d00 (0x6b3b928dd5400d00) (____ptrval____): ffffea000760bfc0 (0xffffea000760bfc0) (____ptrval____): 0000000000000008 (0x8) (____ptrval____): ffff8801d82ff320 (0xffff8801d82ff320) (____ptrval____): ffffffff81296031 (__show_regs.cold.7+0x2b/0x54a) (____ptrval____): ffff8801d82ff320 (0xffff8801d82ff320) (____ptrval____): ffff8801d82ff130 (0xffff8801d82ff130) (____ptrval____): ffffffff81b97904 (print_address_description+0x6c/0x20b) (____ptrval____): ffff8801d82ff320 (0xffff8801d82ff320) (____ptrval____): 0000000000000008 (0x8) (____ptrval____): 0000000000000000 ... (____ptrval____): ffffffff81296031 (__show_regs.cold.7+0x2b/0x54a) (____ptrval____): ffff8801d82ff320 (0xffff8801d82ff320) (____ptrval____): ffff8801d82ff178 (0xffff8801d82ff178) (____ptrval____): ffffffff81b97ce5 (kasan_report.cold.7+0x242/0x2fe) (____ptrval____): 0000000000000082 (0x82) (____ptrval____): 6b3b928dd5400d00 (0x6b3b928dd5400d00) (____ptrval____): ffff8801d82ff2c8 (0xffff8801d82ff2c8) (____ptrval____): 0000000000000001 (0x1) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ff188 (0xffff8801d82ff188) (____ptrval____): ffffffff81b975c4 (__asan_report_load8_noabort+0x14/0x20) (____ptrval____): ffff8801d82ff1f0 (0xffff8801d82ff1f0) (____ptrval____): ffffffff81296031 (__show_regs.cold.7+0x2b/0x54a) (____ptrval____): ffff8801d82ff1d8 (0xffff8801d82ff1d8) (____ptrval____): ffffffff878ab30d (dump_stack_print_info.cold.2+0x43/0x52) (____ptrval____): ffff8801d82ff278 (0xffff8801d82ff278) (____ptrval____): ffffffff88be46f4 (regoff.34018+0x374e74/0x37a9c0) (____ptrval____): ffffffff87e4a420 (__func__.49405+0x5a0/0x740) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ff2c8 (0xffff8801d82ff2c8) (____ptrval____): ffffffff87e4a420 (__func__.49405+0x5a0/0x740) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ff208 (0xffff8801d82ff208) (____ptrval____): ffffffff812a8741 (show_regs+0x21/0x40) (____ptrval____): ffff8801d82ff2c8 (0xffff8801d82ff2c8) (____ptrval____): ffff8801d82ff248 (0xffff8801d82ff248) (____ptrval____): ffffffff812a8c91 (__die+0x65/0xb4) (____ptrval____): ffffffff88c08770 (K512_4+0x1c330/0x120344) (____ptrval____): ffffffff88be4775 (regoff.34018+0x374ef5/0x37a9c0) (____ptrval____): ffffffff88c08770 (K512_4+0x1c330/0x120344) (____ptrval____): ffff8801d82ff2c8 (0xffff8801d82ff2c8) (____ptrval____): 0000000000000082 (0x82) (____ptrval____): ffffffff87e4a420 (__func__.49405+0x5a0/0x740) (____ptrval____): ffff8801d82ff278 (0xffff8801d82ff278) (____ptrval____): ffffffff812a878a (die+0x2a/0x46) (____ptrval____): ffff8801d82ff2c8 (0xffff8801d82ff2c8) (____ptrval____): ffff8801ab934780 (0xffff8801ab934780) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ff2b8 (0xffff8801d82ff2b8) (____ptrval____): ffffffff8129c565 (do_general_protection+0x265/0x2f0) (____ptrval____): 0000000087a00a07 (0x87a00a07) (____ptrval____): 0000000000000001 (0x1) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ff2c9 (0xffff8801d82ff2c9) (____ptrval____): ffffffff87a00f9e (general_protection+0x1e/0x30) (____ptrval____): 0000000000000000 ... (____ptrval____): 1ffff1003b05fe74 (0x1ffff1003b05fe74) (____ptrval____): 0000000010000000 (0x10000000) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801ab934780 (0xffff8801ab934780) (____ptrval____): 1ffff1003b05fead (0x1ffff1003b05fead) (____ptrval____): ffffffff811f467a (vmx_vcpu_run+0x12fa/0x2600) (____ptrval____): 1ffff1003b05fe95 (0x1ffff1003b05fe95) (____ptrval____): ffffffff811f4687 (vmx_vcpu_run+0x1307/0x2600) (____ptrval____): 0000000000000005 (0x5) (____ptrval____): ffffffffffffffff (0xffffffffffffffff) (____ptrval____): ffffffff811f46a8 (vmx_vcpu_run+0x1328/0x2600) (____ptrval____): 0000000000000010 (0x10) (____ptrval____): 0000000000010046 (0x10046) (____ptrval____): ffff8801d82ff370 (0xffff8801d82ff370) (____ptrval____): 0000000000000018 (0x18) (____ptrval____): 1ffff1003b05fead (0x1ffff1003b05fead) (____ptrval____): ffff8801d82ff4a8 (0xffff8801d82ff4a8) (____ptrval____): ffffffff8790b12b (schedule+0xfb/0x450) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bf2c58 (K512_4+0x6818/0x120344) (____ptrval____): ffffffff815f0d60 (lock_downgrade+0x8f0/0x8f0) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bd7378 (regoff.34018+0x367af8/0x37a9c0) (____ptrval____): ffffffff8790b030 (__schedule+0x1ed0/0x1ed0) (____ptrval____): ffff8801ab934fb0 (0xffff8801ab934fb0) (____ptrval____): ffffc90000c7bec0 (0xffffc90000c7bec0) (____ptrval____): ffff8801ab934fb8 (0xffff8801ab934fb8) (____ptrval____): ffffc90000c7be88 (0xffffc90000c7be88) (____ptrval____): ffff8801d82ff7b0 (0xffff8801d82ff7b0) (____ptrval____): 1ffff1003b05fe81 (0x1ffff1003b05fe81) (____ptrval____): ffff8801d82ff3f8 (0xffff8801d82ff3f8) (____ptrval____): ffffffff81b96581 (kasan_check_read+0x11/0x20) (____ptrval____): ffff8801d82ff490 (0xffff8801d82ff490) (____ptrval____): ffffffff81601b87 (do_raw_spin_unlock+0xa7/0x2f0) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bd7724 (regoff.34018+0x367ea4/0x37a9c0) (____ptrval____): ffffffff81601ae0 (do_raw_spin_trylock+0x1c0/0x1c0) (____ptrval____): 0000000000000000 ... (____ptrval____): 0000000000000001 (0x1) (____ptrval____): ffffffff815f1974 (lock_acquire+0x1e4/0x540) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ff7b0 (0xffff8801d82ff7b0) (____ptrval____): 0000000000000000 ... (____ptrval____): 0000000000000282 (0x282) (____ptrval____): ffff8801d82ff4b0 (0xffff8801d82ff4b0) (____ptrval____): 6b3b928dd5400d00 (0x6b3b928dd5400d00) (____ptrval____): ffffc90000c7be88 (0xffffc90000c7be88) (____ptrval____): ffff8801d82ff7b0 (0xffff8801d82ff7b0) (____ptrval____): 6b3b928dd5400d00 (0x6b3b928dd5400d00) (____ptrval____): ffff8801d82ff628 (0xffff8801d82ff628) (____ptrval____): ffff8801ab934780 (0xffff8801ab934780) (____ptrval____): ffffc90000c7bec0 (0xffffc90000c7bec0) (____ptrval____): ffff8801d82ff798 (0xffff8801d82ff798) (____ptrval____): 1ffff1003b05fead (0x1ffff1003b05fead) (____ptrval____): ffff8801d82ff650 (0xffff8801d82ff650) (____ptrval____): ffffffff816e427a (futex_wait_queue_me+0x3ea/0x830) (____ptrval____): ffff8801b4980080 (0xffff8801b4980080) (____ptrval____): 1ffff1003b05fe99 (0x1ffff1003b05fe99) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bf7168 (K512_4+0xad28/0x120344) (____ptrval____): ffffffff816e3e90 (refill_pi_state_cache.part.8+0x320/0x320) (____ptrval____): 0000000000000000 ... (____ptrval____): ffffc90000c7be90 (0xffffc90000c7be90) (____ptrval____): ffffc90000c7be98 (0xffffc90000c7be98) (____ptrval____): ffff8801d82ff510 (0xffff8801d82ff510) (____ptrval____): ffffffff81b965a4 (kasan_check_write+0x14/0x20) (____ptrval____): ffff8801d82ff548 (0xffff8801d82ff548) (____ptrval____): ffffffff816017e1 (do_raw_spin_lock+0xc1/0x200) (____ptrval____): ffffc90000c7be88 (0xffffc90000c7be88) (____ptrval____): ffffc90000c7be88 (0xffffc90000c7be88) (____ptrval____): ffff8801d82ff540 (0xffff8801d82ff540) (____ptrval____): ffffffff817babc6 (__sanitizer_cov_trace_const_cmp4+0x16/0x20) (____ptrval____): ffff8801d82ff568 (0xffff8801d82ff568) (____ptrval____): ffffffff816e35bb (get_futex_value_locked+0xcb/0xf0) (____ptrval____): 00000000006dec74 (0x6dec74) (____ptrval____): ffff8801d82ff568 (0xffff8801d82ff568) (____ptrval____): ffffffff817bab46 (__sanitizer_cov_trace_cmp4+0x16/0x20) (____ptrval____): ffffc90000c7bec0 (0xffffc90000c7bec0) (____ptrval____): ffffffff816e9a81 (futex_wait_setup+0x281/0x410) (____ptrval____): ffff8801daf1d130 (0xffff8801daf1d130) (____ptrval____): ffff8801d82ff7c8 (0xffff8801d82ff7c8) (____ptrval____): 0000000000000000 ... (____ptrval____): 1ffff1003b05feb9 (0x1ffff1003b05feb9) (____ptrval____): dffffc0000000000 (0xdffffc0000000000) (____ptrval____): 0000000100000001 (0x100000001) (____ptrval____): ffff8801d82ff7a0 (0xffff8801d82ff7a0) (____ptrval____): ffffed003b05fef9 (0xffffed003b05fef9) (____ptrval____): ffff8801d82ff7d0 (0xffff8801d82ff7d0) (____ptrval____): ffff8801d82ff798 (0xffff8801d82ff798) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bf70ec (K512_4+0xacac/0x120344) (____ptrval____): ffffffff816e9800 (futex_wake+0x760/0x760) (____ptrval____): 1ffff1003b05fec8 (0x1ffff1003b05fec8) (____ptrval____): ffff8801d82ff7b0 (0xffff8801d82ff7b0) (____ptrval____): ffff8801b4980138 (0xffff8801b4980138) (____ptrval____): ffff8801ab934780 (0xffff8801ab934780) (____ptrval____): ffff8801d82ff660 (0xffff8801d82ff660) (____ptrval____): ffff8801d82ff748 (0xffff8801d82ff748) (____ptrval____): 0000000000000282 (0x282) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): 6b3b928dd5400d00 (0x6b3b928dd5400d00) (____ptrval____): ffff8801d82ff798 (0xffff8801d82ff798) (____ptrval____): ffffed003b05fedb (0xffffed003b05fedb) (____ptrval____): ffff8801d82ff878 (0xffff8801d82ff878) (____ptrval____): ffffed003b05ff07 (0xffffed003b05ff07) (____ptrval____): dffffc0000000000 (0xdffffc0000000000) (____ptrval____): ffff8801d82ff8a0 (0xffff8801d82ff8a0) (____ptrval____): ffffffff816ea06b (futex_wait+0x45b/0xa20) (____ptrval____): ffff8801d82ff838 (0xffff8801d82ff838) (____ptrval____): 1ffff1003b05fed7 (0x1ffff1003b05fed7) (____ptrval____): 0000000000000000 ... (____ptrval____): ffffffff815e1eb6 (find_held_lock+0x36/0x1c0) (____ptrval____): 00000000ffffffff (0xffffffff) (____ptrval____): 00000000006dec74 (0x6dec74) (____ptrval____): ffff8801d82ff6d8 (0xffff8801d82ff6d8) (____ptrval____): ffff8801d82ff718 (0xffff8801d82ff718) (____ptrval____): ffff8801d82ff730 (0xffff8801d82ff730) (____ptrval____): 0000000000000001 (0x1) (____ptrval____): 0000000000000000 ... (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bf7348 (K512_4+0xaf08/0x120344) (____ptrval____): ffffffff816e9c10 (futex_wait_setup+0x410/0x410) (____ptrval____): ffffea0006d6e848 (0xffffea0006d6e848) (____ptrval____): ffffc90000c7be80 (0xffffc90000c7be80) (____ptrval____): ffff8801d82ff718 (0xffff8801d82ff718) (____ptrval____): ffffffff817bac43 (__sanitizer_cov_trace_switch+0x53/0x90) (____ptrval____): 0000000000000002 (0x2) (____ptrval____): ffff8801d9094980 (0xffff8801d9094980) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ff718 (0xffff8801d82ff718) (____ptrval____): ffffffff817bab8a (__sanitizer_cov_trace_const_cmp1+0x1a/0x20) (____ptrval____): ffff8801d82ff738 (0xffff8801d82ff738) (____ptrval____): ffffffff816e38ed (drop_futex_key_refs.isra.14+0x6d/0xe0) (____ptrval____): dffffc0000000000 (0xdffffc0000000000) (____ptrval____): ffffc90000c7be80 (0xffffc90000c7be80) (____ptrval____): ffff8801d82ff8a0 (0xffff8801d82ff8a0) (____ptrval____): ffffffff816e93a4 (futex_wake+0x304/0x760) (____ptrval____): ffff8801d82ff8c8 (0xffff8801d82ff8c8) (____ptrval____): ffffffff87912057 (__mutex_unlock_slowpath+0x197/0x8c0) (____ptrval____): 1ffff1003b05fef3 (0x1ffff1003b05fef3) (____ptrval____): ffffffff004497c9 (0xffffffff004497c9) (____ptrval____): 00000000ffffffff (0xffffffff) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ff7b8 (0xffff8801d82ff7b8) (____ptrval____): ffff8801d82ff7f8 (0xffff8801d82ff7f8) (____ptrval____): ffffffff88bf25e0 (K512_4+0x61a0/0x120344) (____ptrval____): ffffffff87911ec0 (wait_for_completion+0x8d0/0x8d0) (____ptrval____): 0000000000000064 (0x64) (____ptrval____): ffff8801d82ff7a0 (0xffff8801d82ff7a0) (____ptrval____): ffff8801d82ff7a0 (0xffff8801d82ff7a0) (____ptrval____): ffffc90000c7bec0 (0xffffc90000c7bec0) (____ptrval____): ffffc90000c7bec0 (0xffffc90000c7bec0) (____ptrval____): ffff8801ab934780 (0xffff8801ab934780) (____ptrval____): ffffc90000c7be88 (0xffffc90000c7be88) (____ptrval____): 00000000006de000 (0x6de000) (____ptrval____): ffff8801d9094980 (0xffff8801d9094980) (____ptrval____): 0000000000000c76 (0xc76) (____ptrval____): 0000000000000000 ... (____ptrval____): 00000000ffffffff (0xffffffff) (____ptrval____): 0000000000000c76 (0xc76) (____ptrval____): ffffffff88bd747e (regoff.34018+0x367bfe/0x37a9c0) (____ptrval____): ffffffff8166b900 (rcu_pm_notify+0xc0/0xc0) (____ptrval____): ffffffffab934780 (0xffffffffab934780) (____ptrval____): ffff8801ab934fb0 (0xffff8801ab934fb0) (____ptrval____): ffffffff88f925a0 (rcu_callback_map+0x40/0x40) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801ab934780 (0xffff8801ab934780) (____ptrval____): ffffffff88f925a0 (rcu_callback_map+0x40/0x40) (____ptrval____): ffff8801b49800d8 (0xffff8801b49800d8) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ff890 (0xffff8801d82ff890) (____ptrval____): ffff8801d82ff8a0 (0xffff8801d82ff8a0) (____ptrval____): 6b3b928dd5400d00 (0x6b3b928dd5400d00) (____ptrval____): 00000000ffffffff (0xffffffff) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ffd10 (0xffff8801d82ffd10) (____ptrval____): ffffffff816f0f76 (do_futex+0x336/0x27d0) (____ptrval____): ffffffff81b94bd9 (kfree+0x1e9/0x260) (____ptrval____): 1ffff1003b05ff20 (0x1ffff1003b05ff20) (____ptrval____): 0000000000000001 (0x1) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801b49800d8 (0xffff8801b49800d8) (____ptrval____): ffff8801d82ffc08 (0xffff8801d82ffc08) (____ptrval____): ffffffff810711da (kvm_vcpu_ioctl+0x2ba/0x1300) (____ptrval____): 0000000000000000 ... (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bdbea8 (regoff.34018+0x36c628/0x37a9c0) (____ptrval____): ffffffff00000000 (0xffffffff00000000) (____ptrval____): 0000000000000000 ... (____ptrval____): 1ffff1003b05ff29 (0x1ffff1003b05ff29) (____ptrval____): 0000000000000001 (0x1) (____ptrval____): 00000000006dec74 (0x6dec74) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bf74f0 (K512_4+0xb0b0/0x120344) (____ptrval____): ffffffff816f0c40 (exit_robust_list+0x290/0x290) (____ptrval____): 1ffff1003b05ff41 (0x1ffff1003b05ff41) (____ptrval____): ffff8801ab934fb8 (0xffff8801ab934fb8) (____ptrval____): ffffffff88f92620 (rcu_bh_lock_map+0x40/0x40) (____ptrval____): ffffffff88f92620 (rcu_bh_lock_map+0x40/0x40) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ff9d0 (0xffff8801d82ff9d0) (____ptrval____): ffffffff815e1eb6 (find_held_lock+0x36/0x1c0) (____ptrval____): 0000000100000000 (0x100000000) (____ptrval____): ffff8801d82ffa28 (0xffff8801d82ffa28) (____ptrval____): 1ffff1003b05ff41 (0x1ffff1003b05ff41) (____ptrval____): ffff8801d82ffae8 (0xffff8801d82ffae8) (____ptrval____): ffffffff88f92620 (rcu_bh_lock_map+0x40/0x40) (____ptrval____): ffff8801ab934780 (0xffff8801ab934780) (____ptrval____): ffff8801d82ffa28 (0xffff8801d82ffa28) (____ptrval____): ffff8801d82ffb10 (0xffff8801d82ffb10) (____ptrval____): 0000000000000282 (0x282) (____ptrval____): ffff8801ac989f80 (0xffff8801ac989f80) (____ptrval____): ffff8801ffffffff (0xffff8801ffffffff) (____ptrval____): ffff8801ab934fb0 (0xffff8801ab934fb0) (____ptrval____): 0000000000000282 (0x282) (____ptrval____): ffffffff00000001 (0xffffffff00000001) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bf2c58 (K512_4+0x6818/0x120344) (____ptrval____): ffffffff815f0d60 (lock_downgrade+0x8f0/0x8f0) (____ptrval____): ffff8801ac989a80 (0xffff8801ac989a80) (____ptrval____): 0000000000000000 ... (____ptrval____): 00000000815ea850 (0x815ea850) (____ptrval____): ffff8801daf236a0 (0xffff8801daf236a0) (____ptrval____): 1ffff1003b05ff4f (0x1ffff1003b05ff4f) (____ptrval____): ffff8801daf236a0 (0xffff8801daf236a0) (____ptrval____): 1ffff1003b05ff51 (0x1ffff1003b05ff51) (____ptrval____): ffff8801daf236b0 (0xffff8801daf236b0) (____ptrval____): ffff8801d82ffa70 (0xffff8801d82ffa70) (____ptrval____): ffffffff81b96581 (kasan_check_read+0x11/0x20) (____ptrval____): ffff8801d82ffb10 (0xffff8801d82ffb10) (____ptrval____): ffffffff8166786c (rcu_is_watching+0x8c/0x150) (____ptrval____): ffff8801d82ffad0 (0xffff8801d82ffad0) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bd7724 (regoff.34018+0x367ea4/0x37a9c0) (____ptrval____): ffffffff816677e0 (rcu_report_qs_rnp+0x7a0/0x7a0) (____ptrval____): ffffffff88f92620 (rcu_bh_lock_map+0x40/0x40) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801ab934780 (0xffff8801ab934780) (____ptrval____): ffffffff88f92620 (rcu_bh_lock_map+0x40/0x40) (____ptrval____): ffff8801d82ffc48 (0xffff8801d82ffc48) (____ptrval____): ffff8801c6c7a040 (0xffff8801c6c7a040) (____ptrval____): ffff8801d82ffb00 (0xffff8801d82ffb00) (____ptrval____): 0000000000000282 (0x282) (____ptrval____): 0000000000000000 ... (____ptrval____): 0000000000000001 (0x1) (____ptrval____): ffff8801d90c5db0 (0xffff8801d90c5db0) (____ptrval____): dffffc0000000000 (0xdffffc0000000000) (____ptrval____): ffff8801d82ffc48 (0xffff8801d82ffc48) (____ptrval____): 0000000000000001 (0x1) (____ptrval____): ffff8801d82ffc70 (0xffff8801d82ffc70) (____ptrval____): ffffffff81cc1674 (__fget+0x414/0x670) (____ptrval____): ffff8801d82ffbc8 (0xffff8801d82ffbc8) (____ptrval____): 1ffff1003b05ff6d (0x1ffff1003b05ff6d) (____ptrval____): 0000000500004000 (0x500004000) (____ptrval____): ffff8801c6c7a090 (0xffff8801c6c7a090) (____ptrval____): ffff8801d90c5d40 (0xffff8801d90c5d40) (____ptrval____): ffff8801c6c7a040 (0xffff8801c6c7a040) (____ptrval____): 0000000000000001 (0x1) (____ptrval____): ffff8801d82ffc08 (0xffff8801d82ffc08) (____ptrval____): ffffed003b05ff79 (0xffffed003b05ff79) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bd7378 (regoff.34018+0x367af8/0x37a9c0) (____ptrval____): ffffffff81cc1260 (expand_files.part.8+0x9c0/0x9c0) (____ptrval____): 0000000000000000 ... (____ptrval____): 0000000000000001 (0x1) (____ptrval____): 0000000000000000 ... (____ptrval____): ffffffff89f16e68 (lock_chains+0x7a8/0x200020) (____ptrval____): 0000000000000000 ... (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffff8801c6c7a098 (0xffff8801c6c7a098) (____ptrval____): ffff8801d82ffc08 (0xffff8801d82ffc08) (____ptrval____): 6b3b928dd5400d00 (0x6b3b928dd5400d00) (____ptrval____): ffff8801d90c5d40 (0xffff8801d90c5d40) (____ptrval____): 1ffff1003b05ff8a (0x1ffff1003b05ff8a) (____ptrval____): ffffffff81070f20 (kvm_uevent_notify_change.part.31+0x440/0x440) (____ptrval____): ffff8801d82ffc08 (0xffff8801d82ffc08) (____ptrval____): ffffffff817babc6 (__sanitizer_cov_trace_const_cmp4+0x16/0x20) (____ptrval____): ffff8801d82ffdb8 (0xffff8801d82ffdb8) (____ptrval____): ffffffff81c8d141 (do_vfs_ioctl+0x201/0x1720) (____ptrval____): 0000000000000000 ... (____ptrval____): 6b3b928d00000000 (0x6b3b928d00000000) (____ptrval____): 0000000000000000 ... (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88c0b8f8 (K512_4+0x1f4b8/0x120344) (____ptrval____): ffffffff81c8cf40 (ioctl_preallocate+0x300/0x300) (____ptrval____): ffff8801c6c7a040 (0xffff8801c6c7a040) (____ptrval____): ffff8801d82ffda0 (0xffff8801d82ffda0) (____ptrval____): ffffffff81cc1c07 (__fget_light+0x2f7/0x440) (____ptrval____): 0000000000000000 ... (____ptrval____): 00004000d82ffcd0 (0x4000d82ffcd0) (____ptrval____): ffffffff00000004 (0xffffffff00000004) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bd90e0 (regoff.34018+0x369860/0x37a9c0) (____ptrval____): ffffffff81cc1910 (fget_raw+0x20/0x20) (____ptrval____): ffff8801d82ffde8 (0xffff8801d82ffde8) (____ptrval____): ffff880100000004 (0xffff880100000004) (____ptrval____): ffff8801ab934780 (0xffff8801ab934780) (____ptrval____): ffff8801d82ffd28 (0xffff8801d82ffd28) (____ptrval____): ffff8801d82ffe10 (0xffff8801d82ffe10) (____ptrval____): 0000000000000082 (0x82) (____ptrval____): 6b3b928dd5400d00 (0x6b3b928dd5400d00) (____ptrval____): 1ffff1003b05ffab (0x1ffff1003b05ffab) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ffe20 (0xffff8801d82ffe20) (____ptrval____): ffffffff816f3882 (__x64_sys_futex+0x472/0x6a0) (____ptrval____): 0000000000000000 ... (____ptrval____): 00000000006dec74 (0x6dec74) (____ptrval____): 0000000000000000 ... (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bf710a (K512_4+0xacca/0x120344) (____ptrval____): ffffffff816f3410 (do_futex+0x27d0/0x27d0) (____ptrval____): ffff8801d90c5d40 (0xffff8801d90c5d40) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82ffd90 (0xffff8801d82ffd90) (____ptrval____): ffffffff817bab8a (__sanitizer_cov_trace_const_cmp1+0x1a/0x20) (____ptrval____): ffff8801d82ffdb8 (0xffff8801d82ffdb8) (____ptrval____): ffffffff81c3b0d0 (fput+0x130/0x1a0) (____ptrval____): 0000000000000001 (0x1) (____ptrval____): ffff8801d90c5d40 (0xffff8801d90c5d40) (____ptrval____): ffff8801ab934fb0 (0xffff8801ab934fb0) (____ptrval____): ffff8801d82ffdf8 (0xffff8801d82ffdf8) (____ptrval____): ffffffff81c8e6e1 (ksys_ioctl+0x81/0xd0) (____ptrval____): ffff8801ab934780 (0xffff8801ab934780) (____ptrval____): ffffffff8100c3ba (do_syscall_64+0x9a/0x820) (____ptrval____): ffff8801d82fff20 (0xffff8801d82fff20) (____ptrval____): ffff8801d82fff58 (0xffff8801d82fff58) (____ptrval____): dffffc0000000000 (0xdffffc0000000000) (____ptrval____): 6b3b928dd5400d00 (0x6b3b928dd5400d00) (____ptrval____): 00000000000000ca (0xca) (____ptrval____): 1ffff1003b05ffc8 (0x1ffff1003b05ffc8) (____ptrval____): ffff8801d82fff20 (0xffff8801d82fff20) (____ptrval____): ffff8801d82fff58 (0xffff8801d82fff58) (____ptrval____): dffffc0000000000 (0xdffffc0000000000) (____ptrval____): ffff8801d82fff48 (0xffff8801d82fff48) (____ptrval____): ffffffff8100c4d9 (do_syscall_64+0x1b9/0x820) (____ptrval____): ffffffff8153a8a3 (finish_task_switch+0x1d3/0x890) (____ptrval____): 0000000000000000 ... (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bd7378 (regoff.34018+0x367af8/0x37a9c0) (____ptrval____): ffffffff8100c320 (syscall_return_slowpath+0x5e0/0x5e0) (____ptrval____): ffff8801d82ffe68 (0xffff8801d82ffe68) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82fff48 (0xffff8801d82fff48) (____ptrval____): ffffffff8100c05d (syscall_return_slowpath+0x31d/0x5e0) (____ptrval____): ffff8801d82fff58 (0xffff8801d82fff58) (____ptrval____): 0000000041b58ab3 (0x41b58ab3) (____ptrval____): ffffffff88bd6aa7 (regoff.34018+0x367227/0x37a9c0) (____ptrval____): ffff8801ab934fb0 (0xffff8801ab934fb0) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801ab934780 (0xffff8801ab934780) (____ptrval____): ffffffff87a0009d (entry_SYSCALL_64_after_hwframe+0x59/0xbe) (____ptrval____): 0000000000000000 ... (____ptrval____): 0000000000000082 (0x82) (____ptrval____): 0000000000000000 ... (____ptrval____): ffff8801d82fff48 (0xffff8801d82fff48) (____ptrval____): ffffffff81007d20 (trace_hardirqs_off_thunk+0x1a/0x1c) (____ptrval____): 0000000000000000 ... (____ptrval____): 6b3b928dd5400d00 (0x6b3b928dd5400d00) (____ptrval____): 0000000000000000 ... (____ptrval____): ffffffff87a0008d (entry_SYSCALL_64_after_hwframe+0x49/0xbe) (____ptrval____): 0000000000000007 (0x7) (____ptrval____): 00007f07a9ce19c0 (0x7f07a9ce19c0) (____ptrval____): 00007ffe716947ef (0x7ffe716947ef) (____ptrval____): 0000000000000000 ... (____ptrval____): 00000000006dec70 (0x6dec70) (____ptrval____): 00000000006dec74 (0x6dec74) (____ptrval____): 0000000000000246 (0x246) (____ptrval____): 0000000000000000 ... (____ptrval____): ffffffffffffffda (0xffffffffffffffda) (____ptrval____): 00000000004497c9 (0x4497c9) (____ptrval____): 0000000000000000 ... (____ptrval____): 00000000006dec74 (0x6dec74) (____ptrval____): 00000000000000ca (0xca) (____ptrval____): 00000000004497c9 (0x4497c9) (____ptrval____): 0000000000000033 (0x33) (____ptrval____): 0000000000000246 (0x246) (____ptrval____): 00007f07a9ce0cf8 (0x7f07a9ce0cf8) (____ptrval____): 000000000000002b (0x2b) The buggy address belongs to the page: page:ffffea000760bfc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x2fffc0000000000() raw: 02fffc0000000000 0000000000000000 ffffffff07600101 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801d82ff200: 00 00 00 00 00 00 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 ffff8801d82ff280: f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 >ffff8801d82ff300: f2 f2 f8 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 ^ ffff8801d82ff380: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 ffff8801d82ff400: 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 ==================================================================