BUG: unable to handle kernel paging request at ffffed12303586b3
IP: coalesced_mmio_write+0x240/0x440 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:83
CPU: 0 PID: 12321 Comm: syz-executor.3 Not tainted 4.14.129 #23
PGD 21ffef067 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
P4D 21ffef067 PUD 0 
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x19c lib/dump_stack.c:53
Oops: 0000 [#1] PREEMPT SMP KASAN
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
Modules linked in:
 should_failslab+0xdb/0x130 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3376 [inline]
 kmem_cache_alloc+0x2d7/0x780 mm/slab.c:3550
CPU: 1 PID: 12324 Comm: syz-executor.2 Not tainted 4.14.129 #23
 kmem_cache_zalloc include/linux/slab.h:651 [inline]
 mmu_topup_memory_cache arch/x86/kvm/mmu.c:914 [inline]
 mmu_topup_memory_cache arch/x86/kvm/mmu.c:906 [inline]
 mmu_topup_memory_caches+0x86/0x320 arch/x86/kvm/mmu.c:960
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88805aa96600 task.stack: ffff88808b828000
 kvm_mmu_load+0x21/0xd40 arch/x86/kvm/mmu.c:4689
RIP: 0010:coalesced_mmio_write+0x240/0x440 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:83
RSP: 0018:ffff88808b82f428 EFLAGS: 00010a02
 kvm_mmu_reload arch/x86/kvm/mmu.h:86 [inline]
 vcpu_enter_guest+0x2e78/0x5220 arch/x86/kvm/x86.c:7105
RAX: 00000000b52b40e6 RBX: 0000000000000000 RCX: ffff8880859e2000
RDX: dffffc0000000000 RSI: 1ffff112303586b3 RDI: ffff889181ac3598
RBP: ffff88808b82f478 R08: 0000000000000007 R09: 0000000000000000
R10: ffff88805aa96ed0 R11: ffff88805aa96600 R12: ffff88808256fc90
R13: 0000000000000001 R14: ffff88805ddfca20 R15: 0000000000000001
FS:  00007eff0f0ab700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 vcpu_run arch/x86/kvm/x86.c:7302 [inline]
 kvm_arch_vcpu_ioctl_run+0x318/0x1000 arch/x86/kvm/x86.c:7469
CR2: ffffed12303586b3 CR3: 000000009fdb8000 CR4: 00000000001426e0
Call Trace:
 kvm_iodevice_write include/kvm/iodev.h:66 [inline]
 __kvm_io_bus_write+0x241/0x340 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3485
 kvm_vcpu_ioctl+0x401/0xd10 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2588
 kvm_io_bus_write+0x115/0x200 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3510
 vcpu_mmio_write arch/x86/kvm/x86.c:4486 [inline]
 write_mmio+0x148/0x480 arch/x86/kvm/x86.c:4824
 emulator_read_write_onepage+0x36a/0xbb0 arch/x86/kvm/x86.c:4893
 emulator_read_write+0x174/0x540 arch/x86/kvm/x86.c:4942
 emulator_write_emulated+0x3c/0x50 arch/x86/kvm/x86.c:4979
 segmented_write+0xd3/0x120 arch/x86/kvm/emulate.c:1459
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
 writeback+0x425/0x760 arch/x86/kvm/emulate.c:1821
 x86_emulate_insn+0x15f2/0x4120 arch/x86/kvm/emulate.c:5616
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 x86_emulate_instruction+0x423/0x1700 arch/x86/kvm/x86.c:5917
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4592c9
RSP: 002b:00007fc324029c78 EFLAGS: 00000246
 kvm_mmu_page_fault+0x1c5/0x300 arch/x86/kvm/mmu.c:4998
 ORIG_RAX: 0000000000000010
 handle_ept_violation+0x149/0x420 arch/x86/kvm/vmx.c:6930
RAX: ffffffffffffffda RBX: 00007fc324029c90 RCX: 00000000004592c9
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
 vmx_handle_exit+0x20d/0x12a0 arch/x86/kvm/vmx.c:9194
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc32402a6d4
R13: 00000000004c25fb R14: 00000000004d55b8 R15: 0000000000000007
 vcpu_enter_guest+0xec8/0x5220 arch/x86/kvm/x86.c:7239
kobject: 'kvm' (ffff888219fb0d90): kobject_uevent_env
 vcpu_run arch/x86/kvm/x86.c:7302 [inline]
 kvm_arch_vcpu_ioctl_run+0x318/0x1000 arch/x86/kvm/x86.c:7469
 kvm_vcpu_ioctl+0x401/0xd10 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2588
kobject: 'kvm' (ffff888219fb0d90): kobject_uevent_env
kobject: 'kvm' (ffff888219fb0d90): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219fb0d90): fill_kobj_path: path = '/devices/virtual/misc/kvm'
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
kobject: 'kvm' (ffff888219fb0d90): kobject_uevent_env
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
kobject: 'kvm' (ffff888219fb0d90): fill_kobj_path: path = '/devices/virtual/misc/kvm'
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4592c9
RSP: 002b:00007eff0f0aac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004592c9
kobject: 'kvm' (ffff888219fb0d90): kobject_uevent_env
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff0f0ab6d4
R13: 00000000004c25fb R14: 00000000004d55b8 R15: 00000000ffffffff
Code: 
kobject: 'kvm' (ffff888219fb0d90): fill_kobj_path: path = '/devices/virtual/misc/kvm'
c0 03 38 d0 7c 08 84 d2 
kobject: 'loop1' (ffff8880a49ff220): kobject_uevent_env
0f 85 00 02 00 00 8b 41 04 48 8d 14 40 48 8d 7c d1 08 48 ba 00 00 00 00 00 fc ff df 48 89 fe 48 c1 ee 03 <80> 3c 16 00 0f 85 bf 01 00 00 48 8d 14 40 48 
kobject: 'loop1' (ffff8880a49ff220): fill_kobj_path: path = '/devices/virtual/block/loop1'
be 00 00 00 00 00 
RIP: coalesced_mmio_write+0x240/0x440 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:83 RSP: ffff88808b82f428
CR2: ffffed12303586b3
---[ end trace e606ce32d19e0368 ]---