[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 43.860383] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 43.888842] FAULT_INJECTION: forcing a failure. [ 43.888842] name failslab, interval 1, probability 0, space 0, times 1 [ 43.888933] FAULT_INJECTION: forcing a failure. [ 43.888933] name failslab, interval 1, probability 0, space 0, times 1 [ 43.900352] FAULT_INJECTION: forcing a failure. [ 43.900352] name failslab, interval 1, probability 0, space 0, times 1 [ 43.917344] FAULT_INJECTION: forcing a failure. [ 43.917344] name failslab, interval 1, probability 0, space 0, times 1 [ 43.929238] CPU: 0 PID: 8010 Comm: syz-executor156 Not tainted 4.14.202-syzkaller #0 [ 43.941716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.951139] Call Trace: [ 43.953723] dump_stack+0x1b2/0x283 [ 43.957331] should_fail.cold+0x10a/0x154 [ 43.961459] should_failslab+0xd6/0x130 [ 43.965413] __kmalloc+0x2c1/0x400 [ 43.968935] ? kvm_io_bus_unregister_dev+0x116/0x320 [ 43.974022] kvm_io_bus_unregister_dev+0x116/0x320 [ 43.978932] ? lock_downgrade+0x740/0x740 [ 43.983060] kvm_vm_ioctl_unregister_coalesced_mmio+0x17d/0x280 [ 43.989097] kvm_vm_ioctl+0x601/0x13e0 [ 43.992967] ? kvm_vcpu_release+0xa0/0xa0 [ 43.997093] ? get_pid_task+0xb8/0x130 [ 44.000958] ? proc_fail_nth_write+0x7b/0x180 [ 44.005430] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 44.010334] ? trace_hardirqs_on+0x10/0x10 [ 44.014548] ? fsnotify+0x974/0x11b0 [ 44.018243] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 44.023155] ? debug_check_no_obj_freed+0x2c0/0x674 [ 44.028154] ? SyS_write+0x1b7/0x210 [ 44.031849] ? kvm_vcpu_release+0xa0/0xa0 [ 44.035990] do_vfs_ioctl+0x75a/0xff0 [ 44.039772] ? ioctl_preallocate+0x1a0/0x1a0 [ 44.044187] ? lock_downgrade+0x740/0x740 [ 44.048319] ? __fget+0x225/0x360 [ 44.051764] ? do_vfs_ioctl+0xff0/0xff0 [ 44.055727] ? security_file_ioctl+0x83/0xb0 [ 44.060116] SyS_ioctl+0x7f/0xb0 [ 44.063458] ? do_vfs_ioctl+0xff0/0xff0 [ 44.067408] do_syscall_64+0x1d5/0x640 [ 44.071286] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 44.076475] RIP: 0033:0x446b99 [ 44.079643] RSP: 002b:00007f8e565a2d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.087329] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 0000000000446b99 [ 44.094698] RDX: 0000000020000180 RSI: 000000004010ae68 RDI: 0000000000000004 [ 44.101952] RBP: 00000000006dbc40 R08: 0000000000000001 R09: 0000000000000031 [ 44.109211] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c [ 44.116458] R13: 00007f8e565a2d90 R14: 0000000000000007 R15: 0000000000000000 [ 44.123720] CPU: 1 PID: 8011 Comm: syz-executor156 Not tainted 4.14.202-syzkaller #0 [ 44.131601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.140945] Call Trace: [ 44.143518] dump_stack+0x1b2/0x283 [ 44.147128] should_fail.cold+0x10a/0x154 [ 44.151257] should_failslab+0xd6/0x130 [ 44.155217] __kmalloc+0x2c1/0x400 [ 44.158737] ? kvm_io_bus_unregister_dev+0x116/0x320 [ 44.163821] kvm_io_bus_unregister_dev+0x116/0x320 [ 44.168729] ? lock_downgrade+0x740/0x740 [ 44.172860] kvm_vm_ioctl_unregister_coalesced_mmio+0x17d/0x280 [ 44.173649] FAULT_INJECTION: forcing a failure. [ 44.173649] name failslab, interval 1, probability 0, space 0, times 1 [ 44.178905] kvm_vm_ioctl+0x601/0x13e0 [ 44.178917] ? kvm_vcpu_release+0xa0/0xa0 [ 44.178931] ? get_pid_task+0xb8/0x130 [ 44.178938] ? proc_fail_nth_write+0x7b/0x180 [ 44.178948] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 44.198507] FAULT_INJECTION: forcing a failure. [ 44.198507] name fail_futex, interval 1, probability 0, space 0, times 1 [ 44.202013] ? trace_hardirqs_on+0x10/0x10 [ 44.202024] ? fsnotify+0x974/0x11b0 [ 44.202032] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 44.202042] ? debug_check_no_obj_freed+0x2c0/0x674 [ 44.240532] ? SyS_write+0x1b7/0x210 [ 44.244233] ? kvm_vcpu_release+0xa0/0xa0 [ 44.248359] do_vfs_ioctl+0x75a/0xff0 [ 44.252137] ? ioctl_preallocate+0x1a0/0x1a0 [ 44.256536] ? lock_downgrade+0x740/0x740 [ 44.260682] ? __fget+0x225/0x360 [ 44.264124] ? do_vfs_ioctl+0xff0/0xff0 [ 44.268077] ? security_file_ioctl+0x83/0xb0 [ 44.272465] SyS_ioctl+0x7f/0xb0 [ 44.275816] ? do_vfs_ioctl+0xff0/0xff0 [ 44.279771] do_syscall_64+0x1d5/0x640 [ 44.283646] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 44.288821] RIP: 0033:0x446b99 [ 44.291997] RSP: 002b:00007f8e565a2d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.299685] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 0000000000446b99 [ 44.306940] RDX: 0000000020000180 RSI: 000000004010ae68 RDI: 0000000000000004 [ 44.314187] RBP: 00000000006dbc40 R08: 0000000000000001 R09: 0000000000000031 [ 44.321441] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c [ 44.328698] R13: 00007f8e565a2d90 R14: 0000000000000007 R15: 0000000000000000 [ 44.335966] CPU: 0 PID: 8007 Comm: syz-executor156 Not tainted 4.14.202-syzkaller #0 [ 44.343842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.353174] Call Trace: [ 44.355741] dump_stack+0x1b2/0x283 [ 44.359354] should_fail.cold+0x10a/0x154 [ 44.363488] should_failslab+0xd6/0x130 [ 44.367439] __kmalloc+0x2c1/0x400 [ 44.370957] ? kvm_io_bus_unregister_dev+0x116/0x320 [ 44.376039] kvm_io_bus_unregister_dev+0x116/0x320 [ 44.380945] ? lock_downgrade+0x740/0x740 [ 44.385072] kvm_vm_ioctl_unregister_coalesced_mmio+0x17d/0x280 [ 44.391111] kvm_vm_ioctl+0x601/0x13e0 [ 44.394980] ? kvm_vcpu_release+0xa0/0xa0 [ 44.399123] ? get_pid_task+0xb8/0x130 [ 44.402988] ? proc_fail_nth_write+0x7b/0x180 [ 44.407465] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 44.412387] ? trace_hardirqs_on+0x10/0x10 [ 44.416598] ? fsnotify+0x974/0x11b0 [ 44.420328] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 44.425236] ? SyS_write+0x1b7/0x210 [ 44.428929] ? kvm_vcpu_release+0xa0/0xa0 [ 44.433057] do_vfs_ioctl+0x75a/0xff0 [ 44.436835] ? ioctl_preallocate+0x1a0/0x1a0 [ 44.441226] ? lock_downgrade+0x740/0x740 [ 44.445362] ? __fget+0x225/0x360 [ 44.448791] ? do_vfs_ioctl+0xff0/0xff0 [ 44.452758] ? security_file_ioctl+0x83/0xb0 [ 44.457142] SyS_ioctl+0x7f/0xb0 [ 44.460495] ? do_vfs_ioctl+0xff0/0xff0 [ 44.464446] do_syscall_64+0x1d5/0x640 [ 44.468315] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 44.473483] RIP: 0033:0x446b99 [ 44.476663] RSP: 002b:00007f8e565a2d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.484350] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 0000000000446b99 [ 44.491596] RDX: 0000000020000180 RSI: 000000004010ae68 RDI: 0000000000000004 [ 44.498844] RBP: 00000000006dbc40 R08: 0000000000000001 R09: 0000000000000031 [ 44.506090] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c [ 44.513350] R13: 00007f8e565a2d90 R14: 0000000000000007 R15: 0000000000000000 [ 44.520609] CPU: 1 PID: 8006 Comm: syz-executor156 Not tainted 4.14.202-syzkaller #0 [ 44.528486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.537826] Call Trace: [ 44.540402] dump_stack+0x1b2/0x283 [ 44.544013] should_fail.cold+0x10a/0x154 [ 44.548145] should_failslab+0xd6/0x130 [ 44.552107] __kmalloc+0x2c1/0x400 [ 44.555642] ? kvm_io_bus_unregister_dev+0x116/0x320 [ 44.560735] kvm_io_bus_unregister_dev+0x116/0x320 [ 44.565652] ? lock_downgrade+0x740/0x740 [ 44.569790] kvm_vm_ioctl_unregister_coalesced_mmio+0x17d/0x280 [ 44.575840] kvm_vm_ioctl+0x601/0x13e0 [ 44.579713] ? kvm_vcpu_release+0xa0/0xa0 [ 44.583846] ? get_pid_task+0xb8/0x130 [ 44.587712] ? proc_fail_nth_write+0x7b/0x180 [ 44.592208] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 44.597114] ? trace_hardirqs_on+0x10/0x10 [ 44.601331] ? fsnotify+0x974/0x11b0 [ 44.605024] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 44.609932] ? debug_check_no_obj_freed+0x2c0/0x674 [ 44.614928] ? SyS_write+0x1b7/0x210 [ 44.618622] ? kvm_vcpu_release+0xa0/0xa0 [ 44.622752] do_vfs_ioctl+0x75a/0xff0 [ 44.626539] ? ioctl_preallocate+0x1a0/0x1a0 [ 44.630924] ? lock_downgrade+0x740/0x740 [ 44.635053] ? __fget+0x225/0x360 [ 44.638486] ? do_vfs_ioctl+0xff0/0xff0 [ 44.642444] ? security_file_ioctl+0x83/0xb0 [ 44.646838] SyS_ioctl+0x7f/0xb0 [ 44.650181] ? do_vfs_ioctl+0xff0/0xff0 [ 44.654137] do_syscall_64+0x1d5/0x640 [ 44.658017] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 44.663183] RIP: 0033:0x446b99 [ 44.666349] RSP: 002b:00007f8e565a2d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.674039] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 0000000000446b99 [ 44.681295] RDX: 0000000020000180 RSI: 000000004010ae68 RDI: 0000000000000004 [ 44.688549] RBP: 00000000006dbc40 R08: 0000000000000001 R09: 0000000000000031 [ 44.695797] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c [ 44.703063] R13: 00007f8e565a2d90 R14: 0000000000000007 R15: 0000000000000000 [ 44.710321] CPU: 0 PID: 8025 Comm: syz-executor156 Not tainted 4.14.202-syzkaller #0 [ 44.717138] kvm: failed to shrink bus, removing it completely [ 44.718194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.718198] Call Trace: [ 44.718209] dump_stack+0x1b2/0x283 [ 44.718222] should_fail.cold+0x10a/0x154 [ 44.718232] should_failslab+0xd6/0x130 [ 44.724383] ================================================================== [ 44.733439] __kmalloc+0x2c1/0x400 [ 44.733450] ? kvm_io_bus_unregister_dev+0x116/0x320 [ 44.736064] BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0x217/0x280 [ 44.739664] kvm_io_bus_unregister_dev+0x116/0x320 [ 44.743781] Read of size 8 at addr ffff8880b401ad00 by task syz-executor156/8011 [ 44.747728] ? lock_downgrade+0x740/0x740 [ 44.755057] [ 44.758576] kvm_vm_ioctl_unregister_coalesced_mmio+0x17d/0x280 [ 44.796362] kvm_vm_ioctl+0x601/0x13e0 [ 44.800229] ? kvm_vcpu_release+0xa0/0xa0 [ 44.804357] ? get_pid_task+0xb8/0x130 [ 44.808221] ? proc_fail_nth_write+0x7b/0x180 [ 44.812690] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 44.817594] ? trace_hardirqs_on+0x10/0x10 [ 44.821806] ? fsnotify+0x974/0x11b0 [ 44.825495] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 44.830401] ? debug_check_no_obj_freed+0x2c0/0x674 [ 44.835404] ? SyS_write+0x1b7/0x210 [ 44.839095] ? kvm_vcpu_release+0xa0/0xa0 [ 44.843224] do_vfs_ioctl+0x75a/0xff0 [ 44.847000] ? ioctl_preallocate+0x1a0/0x1a0 [ 44.851382] ? lock_downgrade+0x740/0x740 [ 44.855508] ? __fget+0x225/0x360 [ 44.858935] ? do_vfs_ioctl+0xff0/0xff0 [ 44.862885] ? security_file_ioctl+0x83/0xb0 [ 44.867270] SyS_ioctl+0x7f/0xb0 [ 44.870610] ? do_vfs_ioctl+0xff0/0xff0 [ 44.874561] do_syscall_64+0x1d5/0x640 [ 44.878431] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 44.883599] RIP: 0033:0x446b99 [ 44.886765] RSP: 002b:00007f8e56581d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.894448] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 0000000000446b99 [ 44.901698] RDX: 0000000020000180 RSI: 000000004010ae68 RDI: 0000000000000004 [ 44.908942] RBP: 00000000006dbc50 R08: 0000000000000001 R09: 0000000000000031 [ 44.916188] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc5c [ 44.923445] R13: 00007f8e56581d90 R14: 0000000000000006 R15: 0000000000000004 [ 44.930703] CPU: 1 PID: 8011 Comm: syz-executor156 Not tainted 4.14.202-syzkaller #0 [ 44.938576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.947916] Call Trace: [ 44.950488] dump_stack+0x1b2/0x283 [ 44.954104] print_address_description.cold+0x54/0x1d3 [ 44.959394] kasan_report_error.cold+0x8a/0x194 [ 44.964047] ? kvm_vm_ioctl_unregister_coalesced_mmio+0x217/0x280 [ 44.970261] __asan_report_load8_noabort+0x68/0x70 [ 44.975177] ? kvm_vm_ioctl_unregister_coalesced_mmio+0x217/0x280 [ 44.981389] ? kvm_io_bus_unregister_dev.cold+0x101/0x101 [ 44.985410] kvm: failed to shrink bus, removing it completely [ 44.986903] kvm_vm_ioctl_unregister_coalesced_mmio+0x217/0x280 [ 44.986918] kvm_vm_ioctl+0x601/0x13e0 [ 44.986928] ? kvm_vcpu_release+0xa0/0xa0 [ 44.986940] ? get_pid_task+0xb8/0x130 [ 45.000581] list_del corruption, ffff888099414780->prev is LIST_POISON2 (dead000000000200) [ 45.002698] ? proc_fail_nth_write+0x7b/0x180 [ 45.002706] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 45.002715] ? trace_hardirqs_on+0x10/0x10 [ 45.002724] ? fsnotify+0x974/0x11b0 [ 45.002730] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 45.002739] ? debug_check_no_obj_freed+0x2c0/0x674 [ 45.002747] ? SyS_write+0x1b7/0x210 [ 45.002757] ? kvm_vcpu_release+0xa0/0xa0 [ 45.002766] do_vfs_ioctl+0x75a/0xff0 [ 45.015338] ------------[ cut here ]------------ [ 45.019168] ? ioctl_preallocate+0x1a0/0x1a0 [ 45.023751] kernel BUG at lib/list_debug.c:48! [ 45.028669] ? lock_downgrade+0x740/0x740 [ 45.052742] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 45.054256] ? __fget+0x225/0x360 [ 45.058036] Modules linked in: [ 45.062781] ? do_vfs_ioctl+0xff0/0xff0 [ 45.071712] ? security_file_ioctl+0x83/0xb0 [ 45.075832] CPU: 0 PID: 8010 Comm: syz-executor156 Not tainted 4.14.202-syzkaller #0 [ 45.081171] SyS_ioctl+0x7f/0xb0 [ 45.084593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.087763] ? do_vfs_ioctl+0xff0/0xff0 [ 45.091766] task: ffff8880b3188040 task.stack: ffff888096650000 [ 45.096171] do_syscall_64+0x1d5/0x640 [ 45.104025] RIP: 0010:__list_del_entry_valid.cold+0x37/0x55 [ 45.107371] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.116693] RSP: 0018:ffff888096657b20 EFLAGS: 00010286 [ 45.120645] RIP: 0033:0x446b99 [ 45.130533] RSP: 002b:00007f8e565a2d88 EFLAGS: 00000246 [ 45.136221] RAX: 000000000000004e RBX: ffff888099414790 RCX: 0000000000000000 [ 45.141380] ORIG_RAX: 0000000000000010 [ 45.146714] RDX: 0000000000000000 RSI: ffffffff878bb8c0 RDI: ffffed1012ccaf5a [ 45.149879] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 0000000000446b99 [ 45.155212] RBP: ffff888099414780 R08: 000000000000004e R09: 0000000000000000 [ 45.162455] RDX: 0000000020000180 RSI: 000000004010ae68 RDI: 0000000000000004 [ 45.162460] RBP: 00000000006dbc40 R08: 0000000000000001 R09: 0000000000000031 [ 45.166406] R10: 0000000000000000 R11: 0000000000000000 R12: dead000000000200 [ 45.173652] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c [ 45.180896] R13: ffff888099414800 R14: ffff888096657c70 R15: 0000000000000000 [ 45.188144] R13: 00007f8e565a2d90 R14: 0000000000000007 R15: 0000000000000000 [ 45.195403] FS: 00007f8e565a3700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 45.202651] [ 45.209907] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.217152] Allocated by task 8011: [ 45.224398] CR2: 00007f8719647000 CR3: 00000000a4d85000 CR4: 00000000001426f0 [ 45.231649] kasan_kmalloc+0xeb/0x160 [ 45.239845] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.241448] kmem_cache_alloc_trace+0x131/0x3d0 [ 45.247423] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.251036] kvm_vm_ioctl_register_coalesced_mmio+0x51/0x330 [ 45.258276] Call Trace: [ 45.258291] coalesced_mmio_destructor+0x20/0x160 [ 45.262081] kvm_vm_ioctl+0xa81/0x13e0 [ 45.269338] ? kvm_io_bus_unregister_dev.cold+0x101/0x101 [ 45.273970] do_vfs_ioctl+0x75a/0xff0 [ 45.281216] kvm_vm_ioctl_unregister_coalesced_mmio+0x1bc/0x280 [ 45.287000] SyS_ioctl+0x7f/0xb0 [ 45.289559] kvm_vm_ioctl+0x601/0x13e0 [ 45.294370] do_syscall_64+0x1d5/0x640 [ 45.298329] ? kvm_vcpu_release+0xa0/0xa0 [ 45.303839] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.307729] ? get_pid_task+0xb8/0x130 [ 45.313757] [ 45.317098] ? proc_fail_nth_write+0x7b/0x180 [ 45.320955] Freed by task 8011: [ 45.324817] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 45.328949] kasan_slab_free+0xc3/0x1a0 [ 45.334116] ? trace_hardirqs_on+0x10/0x10 [ 45.337975] kfree+0xc9/0x250 [ 45.339578] ? fsnotify+0x974/0x11b0 [ 45.344053] kvm_io_bus_unregister_dev.cold+0xd8/0x101 [ 45.347316] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 45.352220] kvm_vm_ioctl_unregister_coalesced_mmio+0x17d/0x280 [ 45.356171] ? debug_check_no_obj_freed+0x2c0/0x674 [ 45.360377] kvm_vm_ioctl+0x601/0x13e0 [ 45.363455] ? SyS_write+0x1b7/0x210 [ 45.367145] do_vfs_ioctl+0x75a/0xff0 [ 45.372393] ? kvm_vcpu_release+0xa0/0xa0 [ 45.377303] SyS_ioctl+0x7f/0xb0 [ 45.383335] do_vfs_ioctl+0x75a/0xff0 [ 45.388331] do_syscall_64+0x1d5/0x640 [ 45.392218] ? ioctl_preallocate+0x1a0/0x1a0 [ 45.395903] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.399681] ? lock_downgrade+0x740/0x740 [ 45.403796] [ 45.407140] ? __fget+0x225/0x360 [ 45.410922] The buggy address belongs to the object at ffff8880b401ad00 [ 45.410922] which belongs to the cache kmalloc-64 of size 64 [ 45.414782] ? do_vfs_ioctl+0xff0/0xff0 [ 45.419168] The buggy address is located 0 bytes inside of [ 45.419168] 64-byte region [ffff8880b401ad00, ffff8880b401ad40) [ 45.424331] ? security_file_ioctl+0x83/0xb0 [ 45.428444] The buggy address belongs to the page: [ 45.430067] SyS_ioctl+0x7f/0xb0 [ 45.433493] page:ffffea0002d00680 count:1 mapcount:0 mapping:ffff8880b401a000 index:0x0 [ 45.445948] ? do_vfs_ioctl+0xff0/0xff0 [ 45.461481] do_syscall_64+0x1d5/0x640 [ 45.465859] flags: 0xfff00000000100(slab) [ 45.470779] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.474119] raw: 00fff00000000100 ffff8880b401a000 0000000000000000 0000000100000020 [ 45.482232] RIP: 0033:0x446b99 [ 45.486177] raw: ffffea0002cd6fe0 ffffea0002c0bd20 ffff88813fe80340 0000000000000000 [ 45.490046] RSP: 002b:00007f8e565a2d88 EFLAGS: 00000246 [ 45.494168] page dumped because: kasan: bad access detected [ 45.499341] ORIG_RAX: 0000000000000010 [ 45.507190] [ 45.510359] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 0000000000446b99 [ 45.518209] Memory state around the buggy address: [ 45.523545] RDX: 0000000020000180 RSI: 000000004010ae68 RDI: 0000000000000004 [ 45.529250] ffff8880b401ac00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 45.533197] RBP: 00000000006dbc40 R08: 0000000000000001 R09: 0000000000000031 [ 45.534799] ffff8880b401ac80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 45.542042] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c [ 45.546942] >ffff8880b401ad00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 45.554186] R13: 00007f8e565a2d90 R14: 0000000000000007 R15: 0000000000000000 [ 45.561515] ^ [ 45.568761] Code: [ 45.576092] ffff8880b401ad80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 45.583338] 19 [ 45.590693] ffff8880b401ae00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 45.597950] 24 [ 45.601287] ================================================================== [ 45.603408] fe [ 45.615876] kvm: failed to shrink bus, removing it completely [ 45.619949] 0f 0b 4c 89 ea 48 89 ee 48 c7 c7 [ 45.621926] list_del corruption, ffff888098dddf00->prev is LIST_POISON2 (dead000000000200) [ 45.629175] 40 cd cc 87 e8 83 19 24 fe 0f 0b 4c 89 e2 48 89 ee 48 c7 c7 a0 cd cc 87 e8 6f 19 24 fe <0f> 0b 48 89 ee 48 c7 c7 60 ce cc 87 e8 5e 19 24 fe 0f 0b 90 90 [ 45.629274] RIP: __list_del_entry_valid.cold+0x37/0x55 RSP: ffff888096657b20 [ 45.637038] CPU: 0 PID: 8026 Comm: syz-executor156 Tainted: G B D 4.14.202-syzkaller #0 [ 45.637675] ------------[ cut here ]------------ [ 45.641533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.649930] kernel BUG at lib/list_debug.c:48! [ 45.664729] Call Trace: [ 45.672411] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 45.680969] dump_stack+0x1b2/0x283 [ 45.685692] Modules linked in: [ 45.695042] should_fail.cold+0x10a/0x154 [ 45.702166] get_futex_key+0x82a/0x1160 [ 45.707514] CPU: 1 PID: 8006 Comm: syz-executor156 Tainted: G B D 4.14.202-syzkaller #0 [ 45.711114] ? futex_lock_pi_atomic+0x2e0/0x2e0 [ 45.714276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.718397] ? _parse_integer+0xe4/0x130 [ 45.722340] task: ffff8880b2fa8640 task.stack: ffff8880961f0000 [ 45.731421] futex_wake+0xc6/0x3c0 [ 45.736086] RIP: 0010:__list_del_entry_valid.cold+0x37/0x55 [ 45.745416] ? get_futex_key+0x1160/0x1160 [ 45.749447] RSP: 0018:ffff8880961f7b20 EFLAGS: 00010286 [ 45.755482] do_futex+0x287/0x1930 [ 45.764714] ? get_pid_task+0xb8/0x130 [ 45.768915] RAX: 000000000000004e RBX: ffff888098dddf10 RCX: 0000000000000000 [ 45.768921] RDX: 0000000000000000 RSI: ffffffff878bb8c0 RDI: ffffed1012c3ef5a [ 45.774258] ? proc_fail_nth_write+0x7b/0x180 [ 45.777767] RBP: ffff888098dddf00 R08: 000000000000004e R09: 0000000000000000 [ 45.781626] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 45.788868] R10: 0000000000000000 R11: ffff8880b2fa8640 R12: dead000000000200 [ 45.796114] ? trace_hardirqs_on+0x10/0x10 [ 45.800579] R13: ffff888098dddf80 R14: ffff8880961f7c70 R15: 0000000000000000 [ 45.807824] ? futex_exit_release+0x220/0x220 [ 45.812724] FS: 00007f8e565a3700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 45.819971] ? fsnotify+0x974/0x11b0 [ 45.824177] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.831424] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 45.835889] CR2: 000055c533c26160 CR3: 00000000b1b08000 CR4: 00000000001426e0 [ 45.844090] ? debug_check_no_obj_freed+0x2c0/0x674 [ 45.847772] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.853635] ? lock_downgrade+0x740/0x740 [ 45.858530] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.865784] ? __fget+0x1fe/0x360 [ 45.870768] Call Trace: [ 45.878013] ? lock_acquire+0x170/0x3f0 [ 45.882225] coalesced_mmio_destructor+0x20/0x160 [ 45.889466] ? lock_downgrade+0x740/0x740 [ 45.892893] ? kvm_io_bus_unregister_dev.cold+0x101/0x101 [ 45.895460] SyS_futex+0x1da/0x290 [ 45.899407] kvm_vm_ioctl_unregister_coalesced_mmio+0x1bc/0x280 [ 45.904221] ? do_futex+0x1930/0x1930 [ 45.908344] kvm_vm_ioctl+0x601/0x13e0 [ 45.913849] ? __fdget+0x167/0x1f0 [ 45.917362] ? kvm_vcpu_release+0xa0/0xa0 [ 45.923496] ? do_vfs_ioctl+0xff0/0xff0 [ 45.927268] ? get_pid_task+0xb8/0x130 [ 45.931131] ? do_syscall_64+0x4c/0x640 [ 45.934640] ? proc_fail_nth_write+0x7b/0x180 [ 45.938757] ? do_futex+0x1930/0x1930 [ 45.942704] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 45.946561] do_syscall_64+0x1d5/0x640 [ 45.950508] ? trace_hardirqs_on+0x10/0x10 [ 45.954980] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.958761] ? fsnotify+0x974/0x11b0 [ 45.963673] RIP: 0033:0x446b99 [ 45.967546] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 45.971749] RSP: 002b:00007f8e56560d88 EFLAGS: 00000246 [ 45.976914] ? debug_check_no_obj_freed+0x2c0/0x674 [ 45.980595] ORIG_RAX: 00000000000000ca [ 45.983762] ? SyS_write+0x1b7/0x210 [ 45.988660] RAX: ffffffffffffffda RBX: 00000000006dbc68 RCX: 0000000000446b99 [ 45.993997] ? kvm_vcpu_release+0xa0/0xa0 [ 45.998979] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00000000006dbc6c [ 46.002927] do_vfs_ioctl+0x75a/0xff0 [ 46.006611] RBP: 00000000006dbc60 R08: 0000000000000031 R09: 0000000000000031 [ 46.013870] ? ioctl_preallocate+0x1a0/0x1a0 [ 46.017985] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000006dbc6c [ 46.025231] ? lock_downgrade+0x740/0x740 [ 46.029001] R13: 00007f8e56560d90 R14: 0000000000000004 R15: 0000000000000003 [ 46.036247] ? __fget+0x225/0x360 [ 46.062702] ? do_vfs_ioctl+0xff0/0xff0 [ 46.066805] ? security_file_ioctl+0x83/0xb0 [ 46.071211] SyS_ioctl+0x7f/0xb0 [ 46.074569] ? do_vfs_ioctl+0xff0/0xff0 [ 46.078544] do_syscall_64+0x1d5/0x640 [ 46.082425] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.087017] kvm: failed to shrink bus, removing it completely [ 46.087601] RIP: 0033:0x446b99 [ 46.087605] RSP: 002b:00007f8e565a2d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 46.087612] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 0000000000446b99 [ 46.087618] RDX: 0000000020000180 RSI: 000000004010ae68 RDI: 0000000000000004 [ 46.093766] list_del corruption, ffff888099414600->prev is LIST_POISON2 (dead000000000200) [ 46.096777] RBP: 00000000006dbc40 R08: 0000000000000001 R09: 0000000000000031 [ 46.096781] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c [ 46.096785] R13: 00007f8e565a2d90 R14: 0000000000000007 R15: 0000000000000000 [ 46.096795] Code: [ 46.107581] ------------[ cut here ]------------ [ 46.111728] 19 [ 46.118977] kernel BUG at lib/list_debug.c:48! [ 46.127350] 24 fe 0f 0b 4c 89 ea 48 89 ee 48 c7 c7 40 cd cc 87 e8 83 19 24 fe 0f 0b 4c 89 e2 48 89 ee 48 c7 c7 a0 cd cc 87 e8 6f 19 24 fe <0f> 0b 48 89 ee 48 c7 c7 60 ce cc 87 e8 5e 19 24 fe 0f 0b 90 90 [ 46.180634] RIP: __list_del_entry_valid.cold+0x37/0x55 RSP: ffff8880961f7b20 [ 46.187822] invalid opcode: 0000 [#3] PREEMPT SMP KASAN [ 46.190185] ---[ end trace a9ae020bfe53dbc5 ]--- [ 46.193189] Modules linked in: [ 46.193200] CPU: 0 PID: 8007 Comm: syz-executor156 Tainted: G B D 4.14.202-syzkaller #0 [ 46.193204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.193208] task: ffff8880b3d1c680 task.stack: ffff8880a1d28000 [ 46.193217] RIP: 0010:__list_del_entry_valid.cold+0x37/0x55 [ 46.193220] RSP: 0018:ffff8880a1d2fb20 EFLAGS: 00010286 [ 46.193226] RAX: 000000000000004e RBX: ffff888099414610 RCX: 0000000000000000 [ 46.193229] RDX: 0000000000000000 RSI: ffffffff878bb8c0 RDI: ffffed10143a5f5a [ 46.193233] RBP: ffff888099414600 R08: 000000000000004e R09: 0000000000000000 [ 46.193236] R10: 0000000000000000 R11: ffff8880b3d1c680 R12: dead000000000200 [ 46.193240] R13: ffff888099414680 R14: ffff8880a1d2fc70 R15: 0000000000000000 [ 46.193246] FS: 00007f8e565a3700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 46.193250] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.193254] CR2: 00007f87196f7028 CR3: 000000009326b000 CR4: 00000000001426f0 [ 46.193261] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.193264] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.193266] Call Trace: [ 46.193277] coalesced_mmio_destructor+0x20/0x160 [ 46.193285] ? kvm_io_bus_unregister_dev.cold+0x101/0x101 [ 46.198075] Kernel panic - not syncing: Fatal exception [ 46.201202] kvm_vm_ioctl_unregister_coalesced_mmio+0x1bc/0x280 [ 46.333142] kvm_vm_ioctl+0x601/0x13e0 [ 46.337011] ? kvm_vcpu_release+0xa0/0xa0 [ 46.341142] ? get_pid_task+0xb8/0x130 [ 46.345019] ? proc_fail_nth_write+0x7b/0x180 [ 46.349496] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 46.354411] ? trace_hardirqs_on+0x10/0x10 [ 46.358623] ? fsnotify+0x974/0x11b0 [ 46.362317] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 46.367225] ? SyS_write+0x1b7/0x210 [ 46.371005] ? kvm_vcpu_release+0xa0/0xa0 [ 46.375132] do_vfs_ioctl+0x75a/0xff0 [ 46.378915] ? ioctl_preallocate+0x1a0/0x1a0 [ 46.383315] ? lock_downgrade+0x740/0x740 [ 46.387441] ? __fget+0x225/0x360 [ 46.390872] ? do_vfs_ioctl+0xff0/0xff0 [ 46.394824] ? security_file_ioctl+0x83/0xb0 [ 46.399233] SyS_ioctl+0x7f/0xb0 [ 46.402587] ? do_vfs_ioctl+0xff0/0xff0 [ 46.406541] do_syscall_64+0x1d5/0x640 [ 46.410424] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.415591] RIP: 0033:0x446b99 [ 46.418759] RSP: 002b:00007f8e565a2d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 46.426446] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 0000000000446b99 [ 46.433692] RDX: 0000000020000180 RSI: 000000004010ae68 RDI: 0000000000000004 [ 46.440958] RBP: 00000000006dbc40 R08: 0000000000000001 R09: 0000000000000031 [ 46.448207] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c [ 46.455456] R13: 00007f8e565a2d90 R14: 0000000000000007 R15: 0000000000000000 [ 46.462707] Code: 19 24 fe 0f 0b 4c 89 ea 48 89 ee 48 c7 c7 40 cd cc 87 e8 83 19 24 fe 0f 0b 4c 89 e2 48 89 ee 48 c7 c7 a0 cd cc 87 e8 6f 19 24 fe <0f> 0b 48 89 ee 48 c7 c7 60 ce cc 87 e8 5e 19 24 fe 0f 0b 90 90 [ 46.481827] RIP: __list_del_entry_valid.cold+0x37/0x55 RSP: ffff8880a1d2fb20 [ 46.489556] Kernel Offset: disabled [ 46.493177] Rebooting in 86400 seconds..