Warning: Permanently added 'ci-upstream-kasan-gce-2,10.128.0.48' (ECDSA) to the list of known hosts. serialport: Connected to syzkaller.us-central1-c.ci-upstream-kasan-gce-2 port 1 (session ID: f09aa02b68c7955f12a0a5c6f1bab63cc935b181e4e712f53e26b05f7733f4f7, active connections: 1). executing program executing program executing program executing program executing program executing program executing program executing program INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 55.071172] irq bypass consumer (token ffff8801ceee2500) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 56.257165] irq bypass consumer (token ffff8801d5cbda00) registration fails: -16 executing program executing program executing program executing program executing program [ 56.328544] irq bypass consumer (token ffff8801d95d8080) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 56.648433] irq bypass consumer (token ffff8801cff7a080) registration fails: -16 executing program executing program executing program executing program executing program [ 56.799897] irq bypass consumer (token ffff8801cb042100) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 58.251548] irq bypass consumer (token ffff8801d52ce500) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 59.348096] irq bypass consumer (token ffff8801d59e9a00) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 59.571071] irq bypass consumer (token ffff8801c8750980) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 60.023682] irq bypass consumer (token ffff8801d14db400) registration fails: -16 executing program executing program executing program executing program [ 60.142997] irq bypass consumer (token ffff8801cef3ac80) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 60.574319] irq bypass consumer (token ffff8801d1528980) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 60.852987] irq bypass consumer (token ffff8801ca5e3380) registration fails: -16 executing program executing program executing program executing program executing program [ 60.896004] irq bypass consumer (token ffff8801cf080e80) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 61.326008] irq bypass consumer (token ffff8801cff7af80) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 61.652736] irq bypass consumer (token ffff8801ceee2880) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 62.124338] irq bypass consumer (token ffff8801d4186d00) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 62.735558] irq bypass consumer (token ffff8801c4bcce80) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 63.583893] irq bypass consumer (token ffff8801c90a3000) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 64.342239] irq bypass consumer (token ffff8801d1ab5680) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 64.715480] irq bypass consumer (token ffff8801dbd56b00) registration fails: -16 executing program executing program executing program executing program [ 64.737539] irq bypass consumer (token ffff8801dbdb7080) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 64.978564] irq bypass consumer (token ffff8801d4f9b080) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 65.401604] irq bypass consumer (token ffff8801c90a3400) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 66.070722] irq bypass consumer (token ffff8801cd3dd400) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 67.097885] irq bypass consumer (token ffff8801d6971680) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 67.830703] irq bypass consumer (token ffff8801cf255e80) registration fails: -16 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 68.495989] ================================================================== [ 68.503464] BUG: KASAN: use-after-free in irq_bypass_register_consumer+0x4f0/0x500 [ 68.511178] Read of size 8 at addr ffff8801c6691e38 by task syzkaller392634/19623 [ 68.518788] [ 68.520411] CPU: 0 PID: 19623 Comm: syzkaller392634 Not tainted 4.13.0-rc2+ #8 [ 68.527761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.537111] Call Trace: [ 68.539696] dump_stack+0x194/0x257 [ 68.543329] ? arch_local_irq_restore+0x53/0x53 [ 68.547996] ? show_regs_print_info+0x65/0x65 [ 68.552499] ? irq_bypass_register_consumer+0x4f0/0x500 [ 68.557869] print_address_description+0x7f/0x260 [ 68.562737] ? irq_bypass_register_consumer+0x4f0/0x500 [ 68.568106] kasan_report+0x24e/0x340 [ 68.571924] __asan_report_load8_noabort+0x14/0x20 [ 68.576858] irq_bypass_register_consumer+0x4f0/0x500 [ 68.582055] ? __disconnect+0x1a0/0x1a0 [ 68.586048] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 68.591069] ? trace_hardirqs_on+0xd/0x10 [ 68.595222] ? queue_work_on+0x106/0x1c0 [ 68.599296] kvm_irqfd+0x137a/0x1d50 [ 68.603046] ? kvm_eventfd_init+0x2a0/0x2a0 [ 68.607385] ? __lock_acquire+0x6ef/0x3dc0 [ 68.611629] ? find_held_lock+0x35/0x1d0 [ 68.615706] ? __might_fault+0x110/0x1d0 [ 68.619772] ? lock_downgrade+0x990/0x990 [ 68.623927] ? lock_release+0xa40/0xa40 [ 68.627901] ? check_same_owner+0x320/0x320 [ 68.632226] ? check_noncircular+0x20/0x20 [ 68.636473] ? __might_sleep+0x95/0x190 [ 68.640455] ? kasan_check_write+0x14/0x20 [ 68.644701] ? _copy_from_user+0x99/0x110 [ 68.648858] kvm_vm_ioctl+0x1079/0x1c40 [ 68.652850] ? kvm_set_memory_region+0x50/0x50 [ 68.657445] ? __lock_is_held+0xb6/0x140 [ 68.661511] ? check_noncircular+0x20/0x20 [ 68.665741] ? lru_cache_add+0x1c7/0x3a0 [ 68.669801] ? check_noncircular+0x20/0x20 [ 68.674031] ? lru_cache_add_file+0x20/0x20 [ 68.678363] ? __alloc_pages_nodemask+0x9b0/0xc00 [ 68.683216] ? page_add_new_anon_rmap+0x36c/0x750 [ 68.688081] ? find_held_lock+0x35/0x1d0 [ 68.692155] ? __fget+0x333/0x570 [ 68.695607] ? lock_downgrade+0x990/0x990 [ 68.699760] ? lock_release+0xa40/0xa40 [ 68.703741] ? __lock_is_held+0xb6/0x140 [ 68.707827] ? __fget+0x35c/0x570 [ 68.711298] ? iterate_fd+0x3f0/0x3f0 [ 68.715113] ? lock_acquire+0x1d5/0x580 [ 68.719102] ? find_held_lock+0x35/0x1d0 [ 68.723181] ? kvm_set_memory_region+0x50/0x50 [ 68.727766] do_vfs_ioctl+0x1b1/0x1520 [ 68.731658] ? __do_page_fault+0x51b/0xb60 [ 68.735907] ? ioctl_preallocate+0x2b0/0x2b0 [ 68.740334] ? selinux_capable+0x40/0x40 [ 68.744404] ? vmalloc_fault+0x86/0xce0 [ 68.748386] ? downgrade_write+0x150/0x150 [ 68.752621] ? vmacache_find+0x61/0x270 [ 68.756621] ? security_file_ioctl+0x7d/0xb0 [ 68.761034] ? security_file_ioctl+0x89/0xb0 [ 68.765457] SyS_ioctl+0x8f/0xc0 [ 68.768838] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 68.773592] RIP: 0033:0x449f59 [ 68.776776] RSP: 002b:00007f5b37367dc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 68.784484] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000449f59 [ 68.791759] RDX: 0000000020ae9000 RSI: 000000004020ae76 RDI: 0000000000000004 [ 68.799027] RBP: 0000000000000086 R08: 00007f5b37368700 R09: 00007f5b37368700 [ 68.806338] R10: 00007f5b37368700 R11: 0000000000000202 R12: 0000000000000000 [ 68.813616] R13: 00007ffc2950438f R14: 00007f5b373689c0 R15: 0000000000000000 [ 68.820915] [ 68.822539] Allocated by task 19623: [ 68.826255] save_stack_trace+0x16/0x20 [ 68.830231] save_stack+0x43/0xd0 [ 68.833684] kasan_kmalloc+0xaa/0xd0 [ 68.837404] kmem_cache_alloc_trace+0x101/0x6f0 [ 68.842075] kvm_irqfd+0x16c/0x1d50 [ 68.845710] kvm_vm_ioctl+0x1079/0x1c40 [ 68.849689] do_vfs_ioctl+0x1b1/0x1520 [ 68.853577] SyS_ioctl+0x8f/0xc0 [ 68.856946] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 68.861698] [ 68.863324] Freed by task 24: [ 68.866432] save_stack_trace+0x16/0x20 [ 68.870415] save_stack+0x43/0xd0 [ 68.873885] kasan_slab_free+0x6e/0xc0 [ 68.877776] kfree+0xd3/0x260 [ 68.880881] irqfd_shutdown+0x13c/0x1a0 [ 68.884858] process_one_work+0xbf3/0x1bc0 [ 68.889094] worker_thread+0x223/0x1860 [ 68.893074] kthread+0x35e/0x430 [ 68.896443] ret_from_fork+0x2a/0x40 [ 68.900146] [ 68.901764] The buggy address belongs to the object at ffff8801c6691cc0 [ 68.901764] which belongs to the cache kmalloc-512 of size 512 [ 68.914419] The buggy address is located 376 bytes inside of [ 68.914419] 512-byte region [ffff8801c6691cc0, ffff8801c6691ec0) [ 68.926290] The buggy address belongs to the page: [ 68.931225] page:ffffea0006366fb8 count:1 mapcount:0 mapping:ffff8801c6691040 index:0x0 [ 68.939375] flags: 0x200000000000100(slab) [ 68.943614] raw: 0200000000000100 ffff8801c6691040 0000000000000000 0000000100000006 [ 68.951497] raw: ffffea0006391e48 ffffea00063ad940 ffff8801dbc00600 [ 68.957901] page dumped because: kasan: bad access detected [ 68.963605] [ 68.965224] Memory state around the buggy address: [ 68.970156] ffff8801c6691d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.977515] ffff8801c6691d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.984879] >ffff8801c6691e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.992237] ^ [ 68.997427] ffff8801c6691e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 69.004787] ffff8801c6691f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.012143] ================================================================== [ 69.019500] Disabling lock debugging due to kernel taint [ 69.025137] Kernel panic - not syncing: panic_on_warn set ... [ 69.025137] [ 69.032508] CPU: 0 PID: 19623 Comm: syzkaller392634 Tainted: G B 4.13.0-rc2+ #8 [ 69.041073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.050428] Call Trace: [ 69.053025] dump_stack+0x194/0x257 [ 69.056665] ? arch_local_irq_restore+0x53/0x53 [ 69.061336] ? kasan_end_report+0x32/0x50 [ 69.065489] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.070251] ? irq_bypass_register_consumer+0x480/0x500 [ 69.075623] panic+0x1e4/0x417 [ 69.078819] ? __warn+0x1d9/0x1d9 [ 69.082284] ? irq_bypass_register_consumer+0x4f0/0x500 [ 69.087655] kasan_end_report+0x50/0x50 [ 69.091626] kasan_report+0x137/0x340 [ 69.095432] __asan_report_load8_noabort+0x14/0x20 [ 69.100365] irq_bypass_register_consumer+0x4f0/0x500 [ 69.105559] ? __disconnect+0x1a0/0x1a0 [ 69.109534] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 69.114551] ? trace_hardirqs_on+0xd/0x10 [ 69.118697] ? queue_work_on+0x106/0x1c0 [ 69.122757] kvm_irqfd+0x137a/0x1d50 [ 69.126475] ? kvm_eventfd_init+0x2a0/0x2a0 [ 69.130789] ? __lock_acquire+0x6ef/0x3dc0 [ 69.135010] ? find_held_lock+0x35/0x1d0 [ 69.139062] ? __might_fault+0x110/0x1d0 [ 69.143105] ? lock_downgrade+0x990/0x990 [ 69.147240] ? lock_release+0xa40/0xa40 [ 69.151197] ? check_same_owner+0x320/0x320 [ 69.155496] ? check_noncircular+0x20/0x20 [ 69.159715] ? __might_sleep+0x95/0x190 [ 69.163675] ? kasan_check_write+0x14/0x20 [ 69.167893] ? _copy_from_user+0x99/0x110 [ 69.172029] kvm_vm_ioctl+0x1079/0x1c40 [ 69.175991] ? kvm_set_memory_region+0x50/0x50 [ 69.180569] ? __lock_is_held+0xb6/0x140 [ 69.184618] ? check_noncircular+0x20/0x20 [ 69.188840] ? lru_cache_add+0x1c7/0x3a0 [ 69.192888] ? check_noncircular+0x20/0x20 [ 69.197114] ? lru_cache_add_file+0x20/0x20 [ 69.201433] ? __alloc_pages_nodemask+0x9b0/0xc00 [ 69.206274] ? page_add_new_anon_rmap+0x36c/0x750 [ 69.211132] ? find_held_lock+0x35/0x1d0 [ 69.215183] ? __fget+0x333/0x570 [ 69.218618] ? lock_downgrade+0x990/0x990 [ 69.222750] ? lock_release+0xa40/0xa40 [ 69.226715] ? __lock_is_held+0xb6/0x140 [ 69.230768] ? __fget+0x35c/0x570 [ 69.234209] ? iterate_fd+0x3f0/0x3f0 [ 69.237992] ? lock_acquire+0x1d5/0x580 [ 69.241956] ? find_held_lock+0x35/0x1d0 [ 69.246708] ? kvm_set_memory_region+0x50/0x50 [ 69.251276] do_vfs_ioctl+0x1b1/0x1520 [ 69.255146] ? __do_page_fault+0x51b/0xb60 [ 69.259372] ? ioctl_preallocate+0x2b0/0x2b0 [ 69.263773] ? selinux_capable+0x40/0x40 [ 69.267821] ? vmalloc_fault+0x86/0xce0 [ 69.271784] ? downgrade_write+0x150/0x150 [ 69.276002] ? vmacache_find+0x61/0x270 [ 69.279977] ? security_file_ioctl+0x7d/0xb0 [ 69.284374] ? security_file_ioctl+0x89/0xb0 [ 69.288775] SyS_ioctl+0x8f/0xc0 [ 69.292143] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 69.296884] RIP: 0033:0x449f59 [ 69.300054] RSP: 002b:00007f5b37367dc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 69.307748] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000449f59 [ 69.315008] RDX: 0000000020ae9000 RSI: 000000004020ae76 RDI: 0000000000000004 [ 69.322270] RBP: 0000000000000086 R08: 00007f5b37368700 R09: 00007f5b37368700 [ 69.329528] R10: 00007f5b37368700 R11: 0000000000000202 R12: 0000000000000000 [ 69.336784] R13: 00007ffc2950438f R14: 00007f5b373689c0 R15: 0000000000000000 [ 69.344424] Dumping ftrace buffer: [ 69.347946] (f