ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cf], 0x10000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) panic: inconsistent poll.fdMutex goroutine 36 [running]: internal/poll.(*fdMutex).rwunlock(0xc435088aa0, 0x1, 0xc4203773f0) /syzkaller/go/src/internal/poll/fd_mutex.go:177 +0x10d internal/poll.(*FD).readUnlock(0xc435088aa0) /syzkaller/go/src/internal/poll/fd_mutex.go:229 +0x32 internal/poll.(*FD).Read(0xc435088aa0, 0xc434802cd0, 0xc, 0xc, 0x0, 0x0, 0x0) /syzkaller/go/src/internal/poll/fd_unix.go:169 +0x1af os.(*File).read(0xc435428dc8, 0xc434802cd0, 0xc, 0xc, 0x0, 0x0, 0x0) /syzkaller/go/src/os/file_unix.go:226 +0x4e os.(*File).Read(0xc435428dc8, 0xc434802cd0, 0xc, 0xc, 0xc, 0xc434802cd0, 0x0) /syzkaller/go/src/os/file.go:107 +0x6a io.ReadAtLeast(0xa22ac0, 0xc435428dc8, 0xc434802cd0, 0xc, 0xc, 0xc, 0x8507e0, 0x1, 0xc434802cd0) /syzkaller/go/src/io/io.go:309 +0x86 io.ReadFull(0xa22ac0, 0xc435428dc8, 0xc434802cd0, 0xc, 0xc, 0x0, 0x0, 0xceca70) /syzkaller/go/src/io/io.go:327 +0x58 github.com/google/syzkaller/pkg/ipc.(*command).exec(0xc435e37960, 0xc4200964a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xc4386a2988, 0x409e90, ...) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:757 +0x281 github.com/google/syzkaller/pkg/ipc.(*Env).Exec(0xc4305fb560, 0xc4200964a0, 0xc4386a2940, 0xa, 0x7a950b, 0xc42016ff50, 0xc4386a2940, 0xc44da300d8, 0xffffffffffffffff, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:282 +0x10b main.(*Proc).executeRaw(0xc438db4500, 0xc4200964a0, 0xc4386a2940, 0x6, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:288 +0x1ec main.(*Proc).execute(0xc438db4500, 0xc4200964a0, 0xc4386a2940, 0x0, 0x6, 0x1) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:251 +0x67 main.(*Proc).executeHintSeed.func1(0xc4386a2940) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:246 +0xd2 github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func1() /syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:76 +0x7e github.com/google/syzkaller/prog.checkConstArg(0xc44c0c2520, 0xc427a617d0, 0xc420377dc0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:129 +0x99 github.com/google/syzkaller/prog.generateHints(0xc427a617d0, 0xa266e0, 0xc44c0c2520, 0xc420377dc0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:117 +0x158 github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func2(0xa266e0, 0xc44c0c2520, 0xc44c0c26c0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:79 +0x47 github.com/google/syzkaller/prog.foreachArgImpl(0xa266e0, 0xc44c0c2520, 0xc4386a2988, 0x0, 0x0, 0x0, 0xc420377da8) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:125 +0xbf github.com/google/syzkaller/prog.ForeachArg(0xc4386a2980, 0xc420377da8) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:120 +0x88 github.com/google/syzkaller/prog.(*Prog).MutateWithHints(0xc4366f63c0, 0x0, 0xc427a617d0, 0xc420377e20) /syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:78 +0x9d main.(*Proc).executeHintSeed(0xc438db4500, 0xc4366f63c0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:244 +0x12a main.(*Proc).smashInput(0xc438db4500, 0xc43073a520) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:208 +0x21a main.(*Proc).loop(0xc438db4500) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0x194 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x1071 SeaBIOS (version 1.8.2-20200402_173431-google) Total RAM Size = 0x00000001e0000000 = 7680 MiB CPUs found: 2 Max CPUs supported: 2 Comparing RSDP and RSDP Comparing RSDT and RSDT Comparing FACP and FACP Comparing FACS and FACS return 0 for FACS vs FACS: SUCCESS Comparing DSDT and DSDT return 0 for DSDT vs DSDT: SUCCESS return 0 for FACP vs FACP: SUCCESS Comparing SRAT and SRAT return 0 for SRAT vs SRAT: SUCCESS Comparing APIC and APIC return 0 for APIC vs APIC: SUCCESS Comparing SSDT and SSDT return 0 for SSDT vs SSDT: SUCCESS Comparing WAET and WAET return 0 for WAET vs WAET: SUCCESS return 0 for RSDT vs RSDT: SUCCESS return 0 for RSDP vs RSDP: SUCCESS found virtio-scsi at 0:3 virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0 virtio-scsi blksize=512 sectors=4194304 = 2048 MiB drive 0x000f2120: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304 Sending Seabios boot VM event. Booting from Hard Disk 0... early console in extract_kernel input_data: 0x000000000926e2e9 input_len: 0x000000000339364a output: 0x0000000001000000 output_len: 0x000000000a0d0b28 kernel_total_size: 0x000000000b626000 trampoline_32bit: 0x000000000009d000 Decompressing Linux... Parsing ELF... done. Booting the kernel.