Warning: Permanently added 'ci-upstream-kasan-gce-3,10.128.0.49' (ECDSA) to the list of known hosts.
serialport: Connected to syzkaller.us-central1-c.ci-upstream-kasan-gce-3 port 1 (session ID: e2a3fea0ad5f560a618e972696aec0f60e412bf4575698b72e578bdbac5a642a, active connections: 1).
INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
2017/07/30 13:46:03 parsed 1 programs
2017/07/30 13:46:03 executed programs: 0
syzkaller login: [ 54.704799] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu
2017/07/30 13:46:08 executed programs: 382
[ 60.722631] pte_list_remove: ffff8801d3627078 0->BUG
[ 60.728118] ------------[ cut here ]------------
[ 60.732934] kernel BUG at arch/x86/kvm/mmu.c:1192!
[ 60.737883] invalid opcode: 0000 [#1] SMP KASAN
[ 60.742535] Dumping ftrace buffer:
[ 60.746053] (ftrace buffer empty)
[ 60.749743] Modules linked in:
[ 60.752915] CPU: 0 PID: 4296 Comm: syz-executor5 Not tainted 4.13.0-rc2+ #10
[ 60.760080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 60.769419] task: ffff8801d5264740 task.stack: ffff8801cf150000
[ 60.775464] RIP: 0010:pte_list_remove+0x3ae/0x3c0
[ 60.780297] RSP: 0018:ffff8801cf156920 EFLAGS: 00010286
[ 60.785644] RAX: 0000000000000028 RBX: ffff8801c5dd9ac0 RCX: 0000000000000000
[ 60.792897] RDX: 0000000000000028 RSI: 1ffff10039e2ace4 RDI: ffffed0039e2ad18
[ 60.800155] RBP: ffff8801cf156960 R08: 0000000000000001 R09: 0000000000000000
[ 60.800159] R10: ffff8801cf156cc8 R11: 0000000000000000 R12: 000000000000000f
[ 60.800163] R13: 0000000000000000 R14: ffff8801c685dcf0 R15: ffff8801c685dd18
[ 60.800168] FS: 0000000000000000(0000) GS:ffff8801dc000000(0000) knlGS:0000000000000000
[ 60.800172] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 60.800176] CR2: 0000000000b211f8 CR3: 00000001d360a000 CR4: 00000000001426f0
[ 60.800182] Call Trace:
[ 60.800199] drop_spte+0x16c/0x270
[ 60.800211] mmu_page_zap_pte+0x224/0x350
[ 60.800220] ? kvm_mmu_zap_collapsible_spte+0x400/0x400
[ 60.800231] ? __lock_is_held+0xb6/0x140
[ 60.800249] kvm_mmu_prepare_zap_page+0x1b7/0x1260
[ 60.800255] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 60.800268] ? mmio_info_in_cache+0x4b0/0x4b0
[ 60.800275] ? print_usage_bug+0x480/0x480
[ 60.800283] ? print_usage_bug+0x480/0x480
[ 60.800290] ? check_noncircular+0x20/0x20
[ 60.800298] ? find_held_lock+0x35/0x1d0
[ 60.800314] ? __is_insn_slot_addr+0x1fc/0x330
[ 60.800321] ? lock_downgrade+0x990/0x990
[ 60.800335] ? check_noncircular+0x20/0x20
[ 60.800346] ? kvm_make_all_cpus_request+0x444/0x580
[ 60.800360] ? gfn_to_pfn_atomic+0x5a0/0x5a0
[ 60.800369] ? lock_release+0xa40/0xa40
[ 60.800380] ? __lock_is_held+0xb6/0x140
[ 60.800390] ? kvm_vcpu_on_spin+0x6d0/0x6d0
[ 60.800403] kvm_mmu_invalidate_zap_all_pages+0x4a0/0x680
[ 60.800416] ? kvm_mmu_zap_collapsible_sptes+0xb0/0xb0
[ 60.800422] ? lock_acquire+0x1d5/0x580
[ 60.800427] ? lock_acquire+0x1d5/0x580
[ 60.800435] ? lock_release+0xa40/0xa40
[ 60.800444] ? lock_release+0xa40/0xa40
[ 60.800453] ? __khugepaged_exit+0x410/0x650
[ 60.800461] ? do_exit+0x981/0x1b10
[ 60.800469] ? kvm_vcpu_on_spin+0x6d0/0x6d0
[ 60.800478] kvm_arch_flush_shadow_all+0x15/0x20
[ 60.800485] kvm_mmu_notifier_release+0x59/0x90
[ 60.800490] ? kvm_vcpu_on_spin+0x6d0/0x6d0
[ 60.800502] __mmu_notifier_release+0x1d5/0x690
[ 60.800509] ? find_held_lock+0x35/0x1d0
[ 60.800521] ? __mmu_notifier_invalidate_range_end+0x350/0x350
[ 60.800529] ? lock_downgrade+0x990/0x990
[ 60.800543] ? rcu_pm_notify+0xc0/0xc0
[ 60.800552] ? __khugepaged_exit+0x410/0x650
[ 60.800561] ? __khugepaged_exit+0x410/0x650
[ 60.800567] ? rcu_read_lock_sched_held+0x108/0x120
[ 60.800579] exit_mmap+0x3a3/0x470
[ 60.800584] ? __khugepaged_exit+0x43d/0x650
[ 60.800591] ? SyS_munmap+0x30/0x30
[ 60.800598] ? hugepage_madvise+0xf0/0xf0
[ 60.800606] ? check_same_owner+0x320/0x320
[ 60.800621] ? __might_sleep+0x95/0x190
[ 60.800632] mmput+0x223/0x6e0
[ 60.800641] ? get_task_exe_file+0xc0/0xc0
[ 60.800651] ? do_exit+0x979/0x1b10
[ 60.800658] ? lock_downgrade+0x990/0x990
[ 60.800668] ? do_raw_spin_trylock+0x190/0x190
[ 60.800680] ? down_read+0x96/0x150
[ 60.800685] ? do_exit+0x49c/0x1b10
[ 60.800692] ? __down_interruptible+0x6a0/0x6a0
[ 60.800698] ? trace_hardirqs_on+0xd/0x10
[ 60.800704] ? _raw_spin_unlock_irq+0x27/0x70
[ 60.800716] do_exit+0x981/0x1b10
[ 60.800723] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 60.800729] ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 60.800740] ? check_noncircular+0x20/0x20
[ 60.800749] ? exit_notify+0xb10/0xb10
[ 60.800755] ? __lock_is_held+0xb6/0x140
[ 60.800770] ? kvfree+0x36/0x60
[ 60.800776] ? rcu_read_lock_sched_held+0x108/0x120
[ 60.800789] ? find_held_lock+0x35/0x1d0
[ 60.800802] ? kvm_set_memory_region+0x39/0x50
[ 60.800808] ? lock_downgrade+0x990/0x990
[ 60.800819] ? __kvm_set_memory_region+0x16d/0x2360
[ 60.800828] ? check_noncircular+0x20/0x20
[ 60.800845] ? __mutex_unlock_slowpath+0xe9/0xac0
[ 60.800859] ? find_held_lock+0x35/0x1d0
[ 60.800871] ? get_signal+0x855/0x17e0
[ 60.800878] ? lock_downgrade+0x990/0x990
[ 60.800891] do_group_exit+0x149/0x400
[ 60.800898] ? __lock_is_held+0xb6/0x140
[ 60.800904] ? SyS_exit+0x30/0x30
[ 60.800910] ? _raw_spin_unlock_irq+0x27/0x70
[ 60.800918] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 60.800928] get_signal+0x7e8/0x17e0
[ 60.800956] ? ptrace_notify+0x130/0x130
[ 60.800968] ? __schedule+0x8f0/0x2070
[ 60.800979] ? find_held_lock+0x35/0x1d0
[ 60.800991] ? __fget+0x333/0x570
[ 60.801006] do_signal+0x94/0x1ee0
[ 60.801012] ? lock_release+0xa40/0xa40
[ 60.801021] ? __lock_is_held+0xb6/0x140
[ 60.801032] ? setup_sigcontext+0x7d0/0x7d0
[ 60.801042] ? __fget+0x35c/0x570
[ 60.801072] ? lock_acquire+0x1d5/0x580
[ 60.801082] ? find_held_lock+0x35/0x1d0
[ 60.801093] ? exit_to_usermode_loop+0x98/0x2d0
[ 60.801104] exit_to_usermode_loop+0x21c/0x2d0
[ 60.801114] ? trace_event_raw_event_sys_exit+0x260/0x260
[ 60.801122] ? selinux_capable+0x40/0x40
[ 60.801131] ? vmalloc_fault+0x56/0xce0
[ 60.801143] syscall_return_slowpath+0x3a7/0x450
[ 60.801150] ? prepare_exit_to_usermode+0x220/0x220
[ 60.801158] ? entry_SYSCALL_64_fastpath+0x91/0xbe
[ 60.801165] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 60.801173] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 60.801184] entry_SYSCALL_64_fastpath+0xbc/0xbe
[ 60.801189] RIP: 0033:0x4511b7
[ 60.801193] RSP: 002b:00007fb394c19038 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
[ 60.801199] RAX: 0000000000000000 RBX: 0000000000000017 RCX: 00000000004511b7
[ 60.801202] RDX: 00007fb394c194b0 RSI: 000000004020ae46 RDI: 0000000000000005
[ 60.801206] RBP: 00000000201c9000 R08: 0000000000000001 R09: 0000000000000041
[ 60.801210] R10: 00000000000f4247 R11: 0000000000000206 R12: 00000000fec00000
[ 60.801213] R13: 0000000000000005 R14: 0000000000000005 R15: 0000000020000000
[ 60.801227] Code: c9 4e 5e 00 48 8b 75 d0 48 c7 c7 a0 57 62 84 e8 be c3 49 00 0f 0b e8 b2 4e 5e 00 48 8b 75 d0 48 c7 c7 60 57 62 84 e8 a7 c3 49 00 <0f> 0b 4c 89 ef e8 28 99 8f 00 e9 01 fe ff ff 0f 1f 00 55 48 89
[ 60.801345] RIP: pte_list_remove+0x3ae/0x3c0 RSP: ffff8801cf156920
[ 60.801460] ---[ end trace 7a4db6a8a909f7fa ]---
[ 60.801465] Kernel panic - not syncing: Fatal exception
[ 60.801768] Dumping ftrace buffer:
[ 60.801771] (ftrace buffer empty)
[ 60.801773] Kernel Offset: disabled
[ 61.365927] Rebooting in 86400 seconds..