Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts.
executing program
[   37.201531] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[   37.223302] ==================================================================
[   37.230773] BUG: KASAN: use-after-free in kvm_put_kvm+0xd7c/0xff0
[   37.236992] Read of size 8 at addr ffff8801cd479910 by task syz-executor822/5583
[   37.244617] 
[   37.246232] CPU: 0 PID: 5583 Comm: syz-executor822 Not tainted 4.19.0-rc8-next-20181019+ #98
[   37.254801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.264138] Call Trace:
[   37.266716]  dump_stack+0x244/0x39d
[   37.270326]  ? dump_stack_print_info.cold.1+0x20/0x20
[   37.275498]  ? printk+0xa7/0xcf
[   37.278760]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   37.283505]  print_address_description.cold.7+0x9/0x1ff
[   37.288856]  kasan_report.cold.8+0x242/0x309
[   37.293292]  ? kvm_put_kvm+0xd7c/0xff0
[   37.297375]  __asan_report_load8_noabort+0x14/0x20
[   37.302501]  kvm_put_kvm+0xd7c/0xff0
[   37.306207]  ? kvm_vcpu_block+0x1020/0x1020
[   37.310592]  ? kvm_irqfd_release+0xd1/0x120
[   37.314917]  ? _raw_spin_unlock_irq+0x27/0x80
[   37.319397]  ? _raw_spin_unlock_irq+0x27/0x80
[   37.323888]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   37.328472]  ? ima_file_check+0x130/0x130
[   37.332608]  ? kvm_irqfd_release+0xdd/0x120
[   37.336919]  ? kvm_irqfd_release+0xdd/0x120
[   37.341263]  kvm_vm_release+0x42/0x50
[   37.345056]  __fput+0x3bc/0xa70
[   37.348320]  ? kvm_put_kvm+0xff0/0xff0
[   37.352191]  ? get_max_files+0x20/0x20
[   37.356065]  ? trace_hardirqs_on+0xbd/0x310
[   37.360376]  ? kasan_check_read+0x11/0x20
[   37.364507]  ? task_work_run+0x1af/0x2a0
[   37.368552]  ? trace_hardirqs_off_caller+0x300/0x300
[   37.373651]  ____fput+0x15/0x20
[   37.376925]  task_work_run+0x1e8/0x2a0
[   37.380797]  ? task_work_cancel+0x240/0x240
[   37.385121]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   37.390650]  ? switch_task_namespaces+0x9d/0xd0
[   37.395318]  do_exit+0x1ad1/0x26d0
[   37.398848]  ? mm_update_next_owner+0x990/0x990
[   37.403505]  ? kvm_dev_ioctl+0x18a/0x1ae0
[   37.407642]  ? is_bpf_text_address+0xac/0x170
[   37.412139]  ? kvm_debugfs_release+0x90/0x90
[   37.416541]  ? kasan_check_read+0x11/0x20
[   37.420677]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   37.425939]  ? rcu_softirq_qs+0x20/0x20
[   37.429905]  ? rcu_softirq_qs+0x20/0x20
[   37.433877]  ? unwind_dump+0x190/0x190
[   37.437754]  ? is_bpf_text_address+0xd3/0x170
[   37.442235]  ? kernel_text_address+0x79/0xf0
[   37.446634]  ? __kernel_text_address+0xd/0x40
[   37.451219]  ? unwind_get_return_address+0x61/0xa0
[   37.456139]  ? __save_stack_trace+0x8d/0xf0
[   37.460451]  ? save_stack+0xa9/0xd0
[   37.464061]  ? save_stack+0x43/0xd0
[   37.467671]  ? __kasan_slab_free+0x102/0x150
[   37.472061]  ? kasan_slab_free+0xe/0x10
[   37.476016]  ? putname+0xf2/0x130
[   37.479456]  ? __x64_sys_openat+0x9d/0x100
[   37.483904]  ? do_syscall_64+0x1b9/0x820
[   37.487962]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.493314]  ? trace_hardirqs_off+0xb8/0x310
[   37.497718]  ? kasan_check_read+0x11/0x20
[   37.501850]  ? do_raw_spin_unlock+0xa7/0x330
[   37.506242]  ? trace_hardirqs_on+0x310/0x310
[   37.510635]  ? trace_hardirqs_off+0xb8/0x310
[   37.515031]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.520555]  ? kvm_set_memory_region+0x50/0x50
[   37.525123]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.530758]  ? do_vfs_ioctl+0x201/0x1720
[   37.534810]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   37.540330]  ? ioctl_preallocate+0x300/0x300
[   37.544721]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.550241]  ? __fget_light+0x2e9/0x430
[   37.554199]  ? fget_raw+0x20/0x20
[   37.557634]  ? putname+0xf2/0x130
[   37.561072]  ? rcu_read_lock_sched_held+0x14f/0x180
[   37.566075]  ? kmem_cache_free+0x24f/0x290
[   37.570290]  ? putname+0xf7/0x130
[   37.573735]  do_group_exit+0x177/0x440
[   37.577610]  ? trace_hardirqs_on+0xbd/0x310
[   37.581918]  ? __ia32_sys_exit+0x50/0x50
[   37.585965]  ? trace_hardirqs_off_caller+0x300/0x300
[   37.591050]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.596570]  ? ksys_ioctl+0x81/0xd0
[   37.600184]  __x64_sys_exit_group+0x3e/0x50
[   37.604493]  do_syscall_64+0x1b9/0x820
[   37.608364]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   37.613829]  ? syscall_return_slowpath+0x5e0/0x5e0
[   37.618747]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.623577]  ? trace_hardirqs_on_caller+0x310/0x310
[   37.628576]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   37.633580]  ? prepare_exit_to_usermode+0x291/0x3b0
[   37.638581]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.643416]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.648591] RIP: 0033:0x43ecf8
[   37.651771] Code: Bad RIP value.
[   37.655120] RSP: 002b:00007ffdc564f908 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   37.662811] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8
[   37.670249] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   37.677501] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0
[   37.684754] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[   37.692123] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[   37.699387] 
[   37.700998] Allocated by task 5583:
[   37.704618]  save_stack+0x43/0xd0
[   37.708051]  kasan_kmalloc+0xc7/0xe0
[   37.711973]  kmem_cache_alloc_trace+0x152/0x750
[   37.716633]  kvm_vm_ioctl_register_coalesced_mmio+0xe8/0x4f0
[   37.722415]  kvm_vm_ioctl+0x594/0x1d60
[   37.726288]  do_vfs_ioctl+0x1de/0x1720
[   37.730415]  ksys_ioctl+0xa9/0xd0
[   37.733853]  __x64_sys_ioctl+0x73/0xb0
[   37.737721]  do_syscall_64+0x1b9/0x820
[   37.741596]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.746767] 
[   37.748375] Freed by task 5583:
[   37.751640]  save_stack+0x43/0xd0
[   37.755079]  __kasan_slab_free+0x102/0x150
[   37.759299]  kasan_slab_free+0xe/0x10
[   37.763088]  kfree+0xcf/0x230
[   37.766183]  coalesced_mmio_destructor+0x1ad/0x2a0
[   37.771095]  kvm_vm_ioctl_unregister_coalesced_mmio+0x263/0x330
[   37.777251]  kvm_vm_ioctl+0x6bc/0x1d60
[   37.781190]  do_vfs_ioctl+0x1de/0x1720
[   37.785067]  ksys_ioctl+0xa9/0xd0
[   37.788505]  __x64_sys_ioctl+0x73/0xb0
[   37.792376]  do_syscall_64+0x1b9/0x820
[   37.796247]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.801411] 
[   37.803022] The buggy address belongs to the object at ffff8801cd479900
[   37.803022]  which belongs to the cache kmalloc-64 of size 64
[   37.815487] The buggy address is located 16 bytes inside of
[   37.815487]  64-byte region [ffff8801cd479900, ffff8801cd479940)
[   37.827203] The buggy address belongs to the page:
[   37.832118] page:ffffea0007351e40 count:1 mapcount:0 mapping:ffff8801da800340 index:0x0
[   37.840242] flags: 0x2fffc0000000200(slab)
[   37.844560] raw: 02fffc0000000200 ffffea000736b488 ffffea000736d808 ffff8801da800340
[   37.852533] raw: 0000000000000000 ffff8801cd479000 0000000100000020 0000000000000000
[   37.860393] page dumped because: kasan: bad access detected
[   37.866081] 
[   37.867684] Memory state around the buggy address:
[   37.872592]  ffff8801cd479800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   37.879951]  ffff8801cd479880: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   37.887335] >ffff8801cd479900: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   37.894683]                          ^
[   37.898549]  ffff8801cd479980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   37.905892]  ffff8801cd479a00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   37.913242] ==================================================================
[   37.920651] Disabling lock debugging due to kernel taint
[   37.926821] Kernel panic - not syncing: panic_on_warn set ...
[   37.932708] CPU: 0 PID: 5583 Comm: syz-executor822 Tainted: G    B             4.19.0-rc8-next-20181019+ #98
[   37.942651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.951985] Call Trace:
[   37.954563]  dump_stack+0x244/0x39d
[   37.958175]  ? dump_stack_print_info.cold.1+0x20/0x20
[   37.963369]  panic+0x2ad/0x55c
[   37.966556]  ? add_taint.cold.5+0x16/0x16
[   37.970691]  ? preempt_schedule+0x4d/0x60
[   37.974822]  ? ___preempt_schedule+0x16/0x18
[   37.979212]  ? trace_hardirqs_on+0xb4/0x310
[   37.983519]  kasan_end_report+0x47/0x4f
[   37.987473]  kasan_report.cold.8+0x76/0x309
[   37.991776]  ? kvm_put_kvm+0xd7c/0xff0
[   37.995648]  __asan_report_load8_noabort+0x14/0x20
[   38.000557]  kvm_put_kvm+0xd7c/0xff0
[   38.004259]  ? kvm_vcpu_block+0x1020/0x1020
[   38.008565]  ? kvm_irqfd_release+0xd1/0x120
[   38.012870]  ? _raw_spin_unlock_irq+0x27/0x80
[   38.017346]  ? _raw_spin_unlock_irq+0x27/0x80
[   38.021825]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   38.026394]  ? ima_file_check+0x130/0x130
[   38.030525]  ? kvm_irqfd_release+0xdd/0x120
[   38.034981]  ? kvm_irqfd_release+0xdd/0x120
[   38.039297]  kvm_vm_release+0x42/0x50
[   38.043083]  __fput+0x3bc/0xa70
[   38.046347]  ? kvm_put_kvm+0xff0/0xff0
[   38.050267]  ? get_max_files+0x20/0x20
[   38.054148]  ? trace_hardirqs_on+0xbd/0x310
[   38.058460]  ? kasan_check_read+0x11/0x20
[   38.062594]  ? task_work_run+0x1af/0x2a0
[   38.066638]  ? trace_hardirqs_off_caller+0x300/0x300
[   38.071727]  ____fput+0x15/0x20
[   38.074992]  task_work_run+0x1e8/0x2a0
[   38.078859]  ? task_work_cancel+0x240/0x240
[   38.083162]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   38.088683]  ? switch_task_namespaces+0x9d/0xd0
[   38.093346]  do_exit+0x1ad1/0x26d0
[   38.096884]  ? mm_update_next_owner+0x990/0x990
[   38.101549]  ? kvm_dev_ioctl+0x18a/0x1ae0
[   38.105678]  ? is_bpf_text_address+0xac/0x170
[   38.110156]  ? kvm_debugfs_release+0x90/0x90
[   38.114550]  ? kasan_check_read+0x11/0x20
[   38.118682]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   38.123939]  ? rcu_softirq_qs+0x20/0x20
[   38.127950]  ? rcu_softirq_qs+0x20/0x20
[   38.131920]  ? unwind_dump+0x190/0x190
[   38.135793]  ? is_bpf_text_address+0xd3/0x170
[   38.140269]  ? kernel_text_address+0x79/0xf0
[   38.144662]  ? __kernel_text_address+0xd/0x40
[   38.149138]  ? unwind_get_return_address+0x61/0xa0
[   38.154051]  ? __save_stack_trace+0x8d/0xf0
[   38.158367]  ? save_stack+0xa9/0xd0
[   38.161981]  ? save_stack+0x43/0xd0
[   38.165598]  ? __kasan_slab_free+0x102/0x150
[   38.169991]  ? kasan_slab_free+0xe/0x10
[   38.173947]  ? putname+0xf2/0x130
[   38.177384]  ? __x64_sys_openat+0x9d/0x100
[   38.181603]  ? do_syscall_64+0x1b9/0x820
[   38.185655]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   38.191005]  ? trace_hardirqs_off+0xb8/0x310
[   38.195395]  ? kasan_check_read+0x11/0x20
[   38.199526]  ? do_raw_spin_unlock+0xa7/0x330
[   38.204080]  ? trace_hardirqs_on+0x310/0x310
[   38.208482]  ? trace_hardirqs_off+0xb8/0x310
[   38.212877]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.218401]  ? kvm_set_memory_region+0x50/0x50
[   38.222966]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.228492]  ? do_vfs_ioctl+0x201/0x1720
[   38.232537]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   38.238059]  ? ioctl_preallocate+0x300/0x300
[   38.242450]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.247979]  ? __fget_light+0x2e9/0x430
[   38.251942]  ? fget_raw+0x20/0x20
[   38.255386]  ? putname+0xf2/0x130
[   38.258822]  ? rcu_read_lock_sched_held+0x14f/0x180
[   38.263904]  ? kmem_cache_free+0x24f/0x290
[   38.268139]  ? putname+0xf7/0x130
[   38.271579]  do_group_exit+0x177/0x440
[   38.275453]  ? trace_hardirqs_on+0xbd/0x310
[   38.279753]  ? __ia32_sys_exit+0x50/0x50
[   38.283796]  ? trace_hardirqs_off_caller+0x300/0x300
[   38.288879]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.294397]  ? ksys_ioctl+0x81/0xd0
[   38.298007]  __x64_sys_exit_group+0x3e/0x50
[   38.302309]  do_syscall_64+0x1b9/0x820
[   38.306179]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   38.311533]  ? syscall_return_slowpath+0x5e0/0x5e0
[   38.316520]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   38.321353]  ? trace_hardirqs_on_caller+0x310/0x310
[   38.326354]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   38.331355]  ? prepare_exit_to_usermode+0x291/0x3b0
[   38.336355]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   38.341185]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   38.346355] RIP: 0033:0x43ecf8
[   38.349532] Code: Bad RIP value.
[   38.352872] RSP: 002b:00007ffdc564f908 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   38.360623] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8
[   38.367880] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   38.375132] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0
[   38.382382] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[   38.389630] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[   38.397769] Kernel Offset: disabled
[   38.401389] Rebooting in 86400 seconds..