Warning: Permanently added 'ci-upstream-kasan-gce-3,10.128.0.49' (ECDSA) to the list of known hosts.
serialport: Connected to syzkaller.us-central1-c.ci-upstream-kasan-gce-3 port 1 (session ID: e2a3fea0ad5f560a618e972696aec0f60e412bf4575698b72e578bdbac5a642a, active connections: 1).
INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

2017/07/30 13:46:03 parsed 1 programs
2017/07/30 13:46:03 executed programs: 0
syzkaller login: [   54.704799] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu
2017/07/30 13:46:08 executed programs: 382
[   60.722631] pte_list_remove: ffff8801d3627078 0->BUG
[   60.728118] ------------[ cut here ]------------
[   60.732934] kernel BUG at arch/x86/kvm/mmu.c:1192!
[   60.737883] invalid opcode: 0000 [#1] SMP KASAN
[   60.742535] Dumping ftrace buffer:
[   60.746053]    (ftrace buffer empty)
[   60.749743] Modules linked in:
[   60.752915] CPU: 0 PID: 4296 Comm: syz-executor5 Not tainted 4.13.0-rc2+ #10
[   60.760080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.769419] task: ffff8801d5264740 task.stack: ffff8801cf150000
[   60.775464] RIP: 0010:pte_list_remove+0x3ae/0x3c0
[   60.780297] RSP: 0018:ffff8801cf156920 EFLAGS: 00010286
[   60.785644] RAX: 0000000000000028 RBX: ffff8801c5dd9ac0 RCX: 0000000000000000
[   60.792897] RDX: 0000000000000028 RSI: 1ffff10039e2ace4 RDI: ffffed0039e2ad18
[   60.800155] RBP: ffff8801cf156960 R08: 0000000000000001 R09: 0000000000000000
[   60.800159] R10: ffff8801cf156cc8 R11: 0000000000000000 R12: 000000000000000f
[   60.800163] R13: 0000000000000000 R14: ffff8801c685dcf0 R15: ffff8801c685dd18
[   60.800168] FS:  0000000000000000(0000) GS:ffff8801dc000000(0000) knlGS:0000000000000000
[   60.800172] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   60.800176] CR2: 0000000000b211f8 CR3: 00000001d360a000 CR4: 00000000001426f0
[   60.800182] Call Trace:
[   60.800199]  drop_spte+0x16c/0x270
[   60.800211]  mmu_page_zap_pte+0x224/0x350
[   60.800220]  ? kvm_mmu_zap_collapsible_spte+0x400/0x400
[   60.800231]  ? __lock_is_held+0xb6/0x140
[   60.800249]  kvm_mmu_prepare_zap_page+0x1b7/0x1260
[   60.800255]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   60.800268]  ? mmio_info_in_cache+0x4b0/0x4b0
[   60.800275]  ? print_usage_bug+0x480/0x480
[   60.800283]  ? print_usage_bug+0x480/0x480
[   60.800290]  ? check_noncircular+0x20/0x20
[   60.800298]  ? find_held_lock+0x35/0x1d0
[   60.800314]  ? __is_insn_slot_addr+0x1fc/0x330
[   60.800321]  ? lock_downgrade+0x990/0x990
[   60.800335]  ? check_noncircular+0x20/0x20
[   60.800346]  ? kvm_make_all_cpus_request+0x444/0x580
[   60.800360]  ? gfn_to_pfn_atomic+0x5a0/0x5a0
[   60.800369]  ? lock_release+0xa40/0xa40
[   60.800380]  ? __lock_is_held+0xb6/0x140
[   60.800390]  ? kvm_vcpu_on_spin+0x6d0/0x6d0
[   60.800403]  kvm_mmu_invalidate_zap_all_pages+0x4a0/0x680
[   60.800416]  ? kvm_mmu_zap_collapsible_sptes+0xb0/0xb0
[   60.800422]  ? lock_acquire+0x1d5/0x580
[   60.800427]  ? lock_acquire+0x1d5/0x580
[   60.800435]  ? lock_release+0xa40/0xa40
[   60.800444]  ? lock_release+0xa40/0xa40
[   60.800453]  ? __khugepaged_exit+0x410/0x650
[   60.800461]  ? do_exit+0x981/0x1b10
[   60.800469]  ? kvm_vcpu_on_spin+0x6d0/0x6d0
[   60.800478]  kvm_arch_flush_shadow_all+0x15/0x20
[   60.800485]  kvm_mmu_notifier_release+0x59/0x90
[   60.800490]  ? kvm_vcpu_on_spin+0x6d0/0x6d0
[   60.800502]  __mmu_notifier_release+0x1d5/0x690
[   60.800509]  ? find_held_lock+0x35/0x1d0
[   60.800521]  ? __mmu_notifier_invalidate_range_end+0x350/0x350
[   60.800529]  ? lock_downgrade+0x990/0x990
[   60.800543]  ? rcu_pm_notify+0xc0/0xc0
[   60.800552]  ? __khugepaged_exit+0x410/0x650
[   60.800561]  ? __khugepaged_exit+0x410/0x650
[   60.800567]  ? rcu_read_lock_sched_held+0x108/0x120
[   60.800579]  exit_mmap+0x3a3/0x470
[   60.800584]  ? __khugepaged_exit+0x43d/0x650
[   60.800591]  ? SyS_munmap+0x30/0x30
[   60.800598]  ? hugepage_madvise+0xf0/0xf0
[   60.800606]  ? check_same_owner+0x320/0x320
[   60.800621]  ? __might_sleep+0x95/0x190
[   60.800632]  mmput+0x223/0x6e0
[   60.800641]  ? get_task_exe_file+0xc0/0xc0
[   60.800651]  ? do_exit+0x979/0x1b10
[   60.800658]  ? lock_downgrade+0x990/0x990
[   60.800668]  ? do_raw_spin_trylock+0x190/0x190
[   60.800680]  ? down_read+0x96/0x150
[   60.800685]  ? do_exit+0x49c/0x1b10
[   60.800692]  ? __down_interruptible+0x6a0/0x6a0
[   60.800698]  ? trace_hardirqs_on+0xd/0x10
[   60.800704]  ? _raw_spin_unlock_irq+0x27/0x70
[   60.800716]  do_exit+0x981/0x1b10
[   60.800723]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   60.800729]  ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[   60.800740]  ? check_noncircular+0x20/0x20
[   60.800749]  ? exit_notify+0xb10/0xb10
[   60.800755]  ? __lock_is_held+0xb6/0x140
[   60.800770]  ? kvfree+0x36/0x60
[   60.800776]  ? rcu_read_lock_sched_held+0x108/0x120
[   60.800789]  ? find_held_lock+0x35/0x1d0
[   60.800802]  ? kvm_set_memory_region+0x39/0x50
[   60.800808]  ? lock_downgrade+0x990/0x990
[   60.800819]  ? __kvm_set_memory_region+0x16d/0x2360
[   60.800828]  ? check_noncircular+0x20/0x20
[   60.800845]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   60.800859]  ? find_held_lock+0x35/0x1d0
[   60.800871]  ? get_signal+0x855/0x17e0
[   60.800878]  ? lock_downgrade+0x990/0x990
[   60.800891]  do_group_exit+0x149/0x400
[   60.800898]  ? __lock_is_held+0xb6/0x140
[   60.800904]  ? SyS_exit+0x30/0x30
[   60.800910]  ? _raw_spin_unlock_irq+0x27/0x70
[   60.800918]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   60.800928]  get_signal+0x7e8/0x17e0
[   60.800956]  ? ptrace_notify+0x130/0x130
[   60.800968]  ? __schedule+0x8f0/0x2070
[   60.800979]  ? find_held_lock+0x35/0x1d0
[   60.800991]  ? __fget+0x333/0x570
[   60.801006]  do_signal+0x94/0x1ee0
[   60.801012]  ? lock_release+0xa40/0xa40
[   60.801021]  ? __lock_is_held+0xb6/0x140
[   60.801032]  ? setup_sigcontext+0x7d0/0x7d0
[   60.801042]  ? __fget+0x35c/0x570
[   60.801072]  ? lock_acquire+0x1d5/0x580
[   60.801082]  ? find_held_lock+0x35/0x1d0
[   60.801093]  ? exit_to_usermode_loop+0x98/0x2d0
[   60.801104]  exit_to_usermode_loop+0x21c/0x2d0
[   60.801114]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   60.801122]  ? selinux_capable+0x40/0x40
[   60.801131]  ? vmalloc_fault+0x56/0xce0
[   60.801143]  syscall_return_slowpath+0x3a7/0x450
[   60.801150]  ? prepare_exit_to_usermode+0x220/0x220
[   60.801158]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   60.801165]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   60.801173]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   60.801184]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   60.801189] RIP: 0033:0x4511b7
[   60.801193] RSP: 002b:00007fb394c19038 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
[   60.801199] RAX: 0000000000000000 RBX: 0000000000000017 RCX: 00000000004511b7
[   60.801202] RDX: 00007fb394c194b0 RSI: 000000004020ae46 RDI: 0000000000000005
[   60.801206] RBP: 00000000201c9000 R08: 0000000000000001 R09: 0000000000000041
[   60.801210] R10: 00000000000f4247 R11: 0000000000000206 R12: 00000000fec00000
[   60.801213] R13: 0000000000000005 R14: 0000000000000005 R15: 0000000020000000
[   60.801227] Code: c9 4e 5e 00 48 8b 75 d0 48 c7 c7 a0 57 62 84 e8 be c3 49 00 0f 0b e8 b2 4e 5e 00 48 8b 75 d0 48 c7 c7 60 57 62 84 e8 a7 c3 49 00 <0f> 0b 4c 89 ef e8 28 99 8f 00 e9 01 fe ff ff 0f 1f 00 55 48 89 
[   60.801345] RIP: pte_list_remove+0x3ae/0x3c0 RSP: ffff8801cf156920
[   60.801460] ---[ end trace 7a4db6a8a909f7fa ]---
[   60.801465] Kernel panic - not syncing: Fatal exception
[   60.801768] Dumping ftrace buffer:
[   60.801771]    (ftrace buffer empty)
[   60.801773] Kernel Offset: disabled
[   61.365927] Rebooting in 86400 seconds..