Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts.
executing program
[   35.317095] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   35.335999] FAULT_INJECTION: forcing a failure.
[   35.335999] name failslab, interval 1, probability 0, space 0, times 1
[   35.348186] CPU: 0 PID: 8113 Comm: syz-executor941 Not tainted 4.19.155-syzkaller #0
[   35.356077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.365410] Call Trace:
[   35.367981]  dump_stack+0x1fc/0x2fe
[   35.371593]  should_fail.cold+0xa/0x14
[   35.375463]  ? setup_fault_attr+0x200/0x200
[   35.379780]  ? lock_acquire+0x170/0x3c0
[   35.383740]  __should_failslab+0x115/0x180
[   35.387957]  should_failslab+0x5/0xf
[   35.391665]  __kmalloc+0x2ab/0x3c0
[   35.395186]  ? kvm_io_bus_unregister_dev+0x14a/0x3b0
[   35.400270]  kvm_io_bus_unregister_dev+0x14a/0x3b0
[   35.405184]  kvm_vm_ioctl_unregister_coalesced_mmio+0x1be/0x2c0
[   35.411228]  kvm_vm_ioctl+0x532/0x16e0
[   35.415096]  ? _kstrtoull+0x186/0x420
[   35.418875]  ? _parse_integer+0x180/0x180
[   35.423005]  ? kvm_vcpu_release+0xa0/0xa0
[   35.427133]  ? _copy_from_user+0xd2/0x130
[   35.431265]  ? get_pid_task+0xcd/0x190
[   35.435135]  ? check_preemption_disabled+0x41/0x280
[   35.440133]  ? lock_downgrade+0x720/0x720
[   35.444263]  ? check_preemption_disabled+0x41/0x280
[   35.449263]  ? get_pid_task+0xf4/0x190
[   35.453133]  ? proc_fail_nth_write+0x95/0x1d0
[   35.457609]  ? proc_tgid_io_accounting+0x7f0/0x7f0
[   35.462521]  ? debug_check_no_obj_freed+0x201/0x482
[   35.467519]  ? __vfs_write+0xff/0x770
[   35.471298]  ? proc_tgid_io_accounting+0x7f0/0x7f0
[   35.476208]  ? common_file_perm+0x4e5/0x850
[   35.480513]  ? kvm_vcpu_release+0xa0/0xa0
[   35.484644]  do_vfs_ioctl+0xcdb/0x12e0
[   35.488514]  ? vfs_write+0x3d7/0x540
[   35.492207]  ? ioctl_preallocate+0x200/0x200
[   35.496612]  ? lock_downgrade+0x720/0x720
[   35.500751]  ? check_preemption_disabled+0x41/0x280
[   35.505778]  ? vfs_write+0x393/0x540
[   35.509479]  ? ksys_write+0x1c8/0x2a0
[   35.513268]  ksys_ioctl+0x9b/0xc0
[   35.516709]  __x64_sys_ioctl+0x6f/0xb0
[   35.520580]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   35.525150]  do_syscall_64+0xf9/0x620
[   35.528943]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.534115] RIP: 0033:0x440879
[   35.537299] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   35.556196] RSP: 002b:00007ffc2f0024d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   35.563884] RAX: ffffffffffffffda RBX: 00007ffc2f0024e0 RCX: 0000000000440879
[   35.571146] RDX: 0000000020000180 RSI: 000000004010ae68 RDI: 0000000000000004
[   35.578410] RBP: 0000000000000005 R08: 0000000000000001 R09: 00007ffc2f000031
[   35.585680] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020e0
[   35.592931] R13: 0000000000402170 R14: 0000000000000000 R15: 0000000000000000
[   35.602110] kvm: failed to shrink bus, removing it completely
[   35.608250] ==================================================================
[   35.615732] BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0
[   35.624300] Read of size 8 at addr ffff88809858b200 by task syz-executor941/8113
[   35.631841] 
[   35.633453] CPU: 1 PID: 8113 Comm: syz-executor941 Not tainted 4.19.155-syzkaller #0
[   35.641353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.650684] Call Trace:
[   35.653256]  dump_stack+0x1fc/0x2fe
[   35.656871]  print_address_description.cold+0x54/0x219
[   35.662131]  kasan_report_error.cold+0x8a/0x1c7
[   35.666803]  ? kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0
[   35.673013]  __asan_report_load8_noabort+0x88/0x90
[   35.677927]  ? kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0
[   35.684140]  ? kvm_vm_create_worker_thread.cold+0x24/0x24
[   35.689660]  kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0
[   35.695704]  kvm_vm_ioctl+0x532/0x16e0
[   35.699572]  ? _kstrtoull+0x186/0x420
[   35.703372]  ? _parse_integer+0x180/0x180
[   35.707501]  ? kvm_vcpu_release+0xa0/0xa0
[   35.711631]  ? _copy_from_user+0xd2/0x130
[   35.715762]  ? get_pid_task+0xcd/0x190
[   35.719630]  ? check_preemption_disabled+0x41/0x280
[   35.724628]  ? lock_downgrade+0x720/0x720
[   35.728758]  ? check_preemption_disabled+0x41/0x280
[   35.733757]  ? get_pid_task+0xf4/0x190
[   35.737643]  ? proc_fail_nth_write+0x95/0x1d0
[   35.742119]  ? proc_tgid_io_accounting+0x7f0/0x7f0
[   35.747031]  ? debug_check_no_obj_freed+0x201/0x482
[   35.752032]  ? __vfs_write+0xff/0x770
[   35.755829]  ? proc_tgid_io_accounting+0x7f0/0x7f0
[   35.760747]  ? common_file_perm+0x4e5/0x850
[   35.765077]  ? kvm_vcpu_release+0xa0/0xa0
[   35.769227]  do_vfs_ioctl+0xcdb/0x12e0
[   35.773148]  ? vfs_write+0x3d7/0x540
[   35.776871]  ? ioctl_preallocate+0x200/0x200
[   35.781280]  ? lock_downgrade+0x720/0x720
[   35.785412]  ? check_preemption_disabled+0x41/0x280
[   35.790411]  ? vfs_write+0x393/0x540
[   35.794117]  ? ksys_write+0x1c8/0x2a0
[   35.797899]  ksys_ioctl+0x9b/0xc0
[   35.801367]  __x64_sys_ioctl+0x6f/0xb0
[   35.805243]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   35.809807]  do_syscall_64+0xf9/0x620
[   35.813593]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.818788] RIP: 0033:0x440879
[   35.821965] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   35.840846] RSP: 002b:00007ffc2f0024d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   35.848552] RAX: ffffffffffffffda RBX: 00007ffc2f0024e0 RCX: 0000000000440879
[   35.855803] RDX: 0000000020000180 RSI: 000000004010ae68 RDI: 0000000000000004
[   35.863054] RBP: 0000000000000005 R08: 0000000000000001 R09: 00007ffc2f000031
[   35.870320] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020e0
[   35.877571] R13: 0000000000402170 R14: 0000000000000000 R15: 0000000000000000
[   35.884846] 
[   35.886453] Allocated by task 8113:
[   35.890084]  kmem_cache_alloc_trace+0x12f/0x380
[   35.894750]  kvm_vm_ioctl_register_coalesced_mmio+0x51/0x350
[   35.900527]  kvm_vm_ioctl+0xc63/0x16e0
[   35.904409]  do_vfs_ioctl+0xcdb/0x12e0
[   35.908273]  ksys_ioctl+0x9b/0xc0
[   35.911707]  __x64_sys_ioctl+0x6f/0xb0
[   35.915573]  do_syscall_64+0xf9/0x620
[   35.919352]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.924536] 
[   35.926149] Freed by task 8113:
[   35.929431]  kfree+0xcc/0x210
[   35.932525]  kvm_io_bus_unregister_dev.cold+0xf0/0x110
[   35.937832]  kvm_vm_ioctl_unregister_coalesced_mmio+0x1be/0x2c0
[   35.943869]  kvm_vm_ioctl+0x532/0x16e0
[   35.947737]  do_vfs_ioctl+0xcdb/0x12e0
[   35.951606]  ksys_ioctl+0x9b/0xc0
[   35.955039]  __x64_sys_ioctl+0x6f/0xb0
[   35.958906]  do_syscall_64+0xf9/0x620
[   35.962703]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.967901] 
[   35.969510] The buggy address belongs to the object at ffff88809858b200
[   35.969510]  which belongs to the cache kmalloc-64 of size 64
[   35.981982] The buggy address is located 0 bytes inside of
[   35.981982]  64-byte region [ffff88809858b200, ffff88809858b240)
[   35.993575] The buggy address belongs to the page:
[   35.998503] page:ffffea00026162c0 count:1 mapcount:0 mapping:ffff88813bff0340 index:0xffff88809858bf80
[   36.007928] flags: 0xfff00000000100(slab)
[   36.012061] raw: 00fff00000000100 ffff88813bff1338 ffffea000261c508 ffff88813bff0340
[   36.020015] raw: ffff88809858bf80 ffff88809858b000 000000010000001e 0000000000000000
[   36.027883] page dumped because: kasan: bad access detected
[   36.033575] 
[   36.035182] Memory state around the buggy address:
[   36.040092]  ffff88809858b100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   36.047430]  ffff88809858b180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   36.054871] >ffff88809858b200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   36.062224]                    ^
[   36.065570]  ffff88809858b280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   36.072909]  ffff88809858b300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   36.080243] ==================================================================
[   36.087577] Disabling lock debugging due to kernel taint
[   36.095858] Kernel panic - not syncing: panic_on_warn set ...
[   36.095858] 
[   36.103239] CPU: 1 PID: 8113 Comm: syz-executor941 Tainted: G    B             4.19.155-syzkaller #0
[   36.112506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.121846] Call Trace:
[   36.124418]  dump_stack+0x1fc/0x2fe
[   36.128024]  panic+0x26a/0x50e
[   36.131195]  ? __warn_printk+0xf3/0xf3
[   36.135064]  ? preempt_schedule_common+0x45/0xc0
[   36.139799]  ? ___preempt_schedule+0x16/0x18
[   36.144186]  ? trace_hardirqs_on+0x55/0x210
[   36.148503]  kasan_end_report+0x43/0x49
[   36.152456]  kasan_report_error.cold+0xa7/0x1c7
[   36.157125]  ? kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0
[   36.163336]  __asan_report_load8_noabort+0x88/0x90
[   36.168246]  ? kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0
[   36.174455]  ? kvm_vm_create_worker_thread.cold+0x24/0x24
[   36.179984]  kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0
[   36.186022]  kvm_vm_ioctl+0x532/0x16e0
[   36.189887]  ? _kstrtoull+0x186/0x420
[   36.193669]  ? _parse_integer+0x180/0x180
[   36.197794]  ? kvm_vcpu_release+0xa0/0xa0
[   36.201920]  ? _copy_from_user+0xd2/0x130
[   36.206064]  ? get_pid_task+0xcd/0x190
[   36.209934]  ? check_preemption_disabled+0x41/0x280
[   36.214942]  ? lock_downgrade+0x720/0x720
[   36.219070]  ? check_preemption_disabled+0x41/0x280
[   36.224121]  ? get_pid_task+0xf4/0x190
[   36.227994]  ? proc_fail_nth_write+0x95/0x1d0
[   36.232514]  ? proc_tgid_io_accounting+0x7f0/0x7f0
[   36.237429]  ? debug_check_no_obj_freed+0x201/0x482
[   36.242435]  ? __vfs_write+0xff/0x770
[   36.246224]  ? proc_tgid_io_accounting+0x7f0/0x7f0
[   36.251430]  ? common_file_perm+0x4e5/0x850
[   36.255748]  ? kvm_vcpu_release+0xa0/0xa0
[   36.259876]  do_vfs_ioctl+0xcdb/0x12e0
[   36.263746]  ? vfs_write+0x3d7/0x540
[   36.267443]  ? ioctl_preallocate+0x200/0x200
[   36.271832]  ? lock_downgrade+0x720/0x720
[   36.275962]  ? check_preemption_disabled+0x41/0x280
[   36.280959]  ? vfs_write+0x393/0x540
[   36.284672]  ? ksys_write+0x1c8/0x2a0
[   36.288466]  ksys_ioctl+0x9b/0xc0
[   36.291901]  __x64_sys_ioctl+0x6f/0xb0
[   36.295781]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   36.300340]  do_syscall_64+0xf9/0x620
[   36.304134]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.309302] RIP: 0033:0x440879
[   36.312477] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   36.331357] RSP: 002b:00007ffc2f0024d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   36.339057] RAX: ffffffffffffffda RBX: 00007ffc2f0024e0 RCX: 0000000000440879
[   36.346321] RDX: 0000000020000180 RSI: 000000004010ae68 RDI: 0000000000000004
[   36.353584] RBP: 0000000000000005 R08: 0000000000000001 R09: 00007ffc2f000031
[   36.360832] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020e0
[   36.368092] R13: 0000000000402170 R14: 0000000000000000 R15: 0000000000000000
[   36.376032] Kernel Offset: disabled
[   36.379666] Rebooting in 86400 seconds..