
Debian GNU/Linux 7 syzkaller ttyS0

executing program
syzkaller login: [   23.019121] pte_list_remove: ffff88003cab9000 0->BUG
[   23.019848] ------------[ cut here ]------------
[   23.020533] kernel BUG at arch/x86/kvm/mmu.c:1194!
[   23.021289] invalid opcode: 0000 [#1] SMP KASAN
[   23.022037] Dumping ftrace buffer:
[   23.022506]    (ftrace buffer empty)
[   23.022931] Modules linked in:
[   23.023980] CPU: 0 PID: 2997 Comm: syzkaller760858 Not tainted 4.13.0-rc5-next-20170817+ #5
[   23.025380] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[   23.026429] task: ffff88006ce641c0 task.stack: ffff880069448000
[   23.027174] RIP: 0010:pte_list_remove+0x3ae/0x3c0
[   23.027750] RSP: 0018:ffff88006944eee8 EFLAGS: 00010286
[   23.028350] RAX: 0000000000000028 RBX: ffff88003debd700 RCX: 0000000000000000
[   23.029212] RDX: 0000000000000028 RSI: 1ffff1000d289d9d RDI: ffffed000d289dd1
[   23.030065] RBP: ffff88006944ef28 R08: 0000000000000000 R09: 1ffff1000d289d6f
[   23.030904] R10: ffff88006944f2d0 R11: ffffffff85b2cbf8 R12: ffff88003cab9000
[   23.031734] R13: 0000000000000000 R14: ffff88003d4d5cf0 R15: ffff88003d4d5d18
[   23.032589] FS:  0000000000000000(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000
[   23.033540] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.034304] CR2: 00000000202ecfa3 CR3: 000000003976d000 CR4: 00000000000026f0
[   23.035327] Call Trace:
[   23.035586]  drop_spte+0x15a/0x250
[   23.035935]  mmu_page_zap_pte+0x224/0x340
[   23.036356]  ? kvm_mmu_zap_collapsible_spte+0x3f0/0x3f0
[   23.036889]  ? percpu_counter_add_batch+0xce/0x130
[   23.037377]  kvm_mmu_prepare_zap_page+0x1c5/0x1310
[   23.037862]  ? lock_acquire+0x1d5/0x580
[   23.038237]  ? mmio_info_in_cache+0x670/0x670
[   23.038690]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.039204]  ? trace_hardirqs_off+0xd/0x10
[   23.039633]  ? quarantine_put+0xeb/0x190
[   23.040032]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.040529]  ? msr_io+0x29f/0x3b0
[   23.040892]  ? lock_acquire+0x1d5/0x580
[   23.041274]  ? lock_acquire+0x1d5/0x580
[   23.041672]  ? __is_insn_slot_addr+0x1fc/0x330
[   23.042110]  ? lock_downgrade+0x990/0x990
[   23.042504]  ? lock_release+0xa40/0xa40
[   23.042925]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   23.043501]  ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[   23.044426]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   23.044838]  ? kvm_make_all_cpus_request+0x444/0x580
[   23.045292]  ? gfn_to_pfn_atomic+0x650/0x650
[   23.045705]  ? lock_release+0xa40/0xa40
[   23.046063]  ? lock_acquire+0x1d5/0x580
[   23.046391]  ? lock_acquire+0x1d5/0x580
[   23.046730]  ? depot_save_stack+0x3b5/0x490
[   23.047107]  ? lock_downgrade+0x990/0x990
[   23.047448]  ? unwind_dump+0x4c0/0x4c0
[   23.047769]  ? do_raw_spin_trylock+0x190/0x190
[   23.048164]  kvm_mmu_invalidate_zap_all_pages+0x4a0/0x680
[   23.048639]  ? kvm_mmu_zap_collapsible_sptes+0xb0/0xb0
[   23.049079]  ? lock_acquire+0x1d5/0x580
[   23.049417]  ? lock_release+0xa40/0xa40
[   23.049753]  ? lock_release+0xa40/0xa40
[   23.050088]  ? kasan_slab_free+0x71/0xc0
[   23.050436]  ? __khugepaged_exit+0x410/0x650
[   23.050817]  ? kvm_vcpu_on_spin+0x710/0x710
[   23.051211]  kvm_arch_flush_shadow_all+0x15/0x20
[   23.051611]  kvm_mmu_notifier_release+0x59/0x90
[   23.051997]  ? kvm_vcpu_on_spin+0x710/0x710
[   23.052358]  __mmu_notifier_release+0x1d5/0x690
[   23.052761]  ? is_bpf_text_address+0x7b/0x120
[   23.053124]  ? __mmu_notifier_invalidate_range_end+0x350/0x350
[   23.053562]  ? lock_acquire+0x1d5/0x580
[   23.053857]  ? __khugepaged_exit+0x3f7/0x650
[   23.054191]  ? lock_downgrade+0x990/0x990
[   23.054598]  ? do_raw_spin_trylock+0x190/0x190
[   23.054961]  ? trace_hardirqs_off+0xd/0x10
[   23.055310]  ? quarantine_put+0xeb/0x190
[   23.055635]  exit_mmap+0x479/0x560
[   23.055929]  ? __khugepaged_exit+0x43d/0x650
[   23.056284]  ? SyS_munmap+0x30/0x30
[   23.056635]  ? hugepage_madvise+0xf0/0xf0
[   23.056978]  ? check_same_owner+0x320/0x320
[   23.057408]  ? hrtimer_forward+0x2d0/0x2d0
[   23.057819]  ? rcu_note_context_switch+0x710/0x710
[   23.058322]  ? __might_sleep+0x95/0x190
[   23.058723]  mmput+0x223/0x6e0
[   23.059007]  ? get_task_exe_file+0xc0/0xc0
[   23.059355]  ? is_current_pgrp_orphaned+0xa0/0xa0
[   23.059706]  ? do_exit+0x991/0x1b30
[   23.059974]  ? lock_downgrade+0x990/0x990
[   23.060279]  ? do_raw_spin_trylock+0x190/0x190
[   23.060619]  ? down_read+0x96/0x150
[   23.060883]  ? do_exit+0x4ad/0x1b30
[   23.061153]  ? __down_interruptible+0x6a0/0x6a0
[   23.061493]  ? trace_hardirqs_on+0xd/0x10
[   23.061803]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.062154]  do_exit+0x9a1/0x1b30
[   23.062403]  ? kfree+0x1c5/0x250
[   23.062649]  ? kvm_vcpu_ioctl+0x2c3/0x1010
[   23.062955]  ? dput.part.24+0x147/0x740
[   23.063243]  ? mm_update_next_owner+0x930/0x930
[   23.063556]  ? mntput_no_expire+0x15e/0xa90
[   23.063835]  ? free_modinfo_version+0x70/0x70
[   23.064142]  ? mnt_get_count+0x160/0x160
[   23.064417]  ? quarantine_put+0xeb/0x190
[   23.064700]  ? dput.part.24+0x2a/0x740
[   23.064965]  ? lock_acquire+0x1d5/0x580
[   23.065575]  ? lock_acquire+0x1d5/0x580
[   23.065928]  ? task_work_run+0x16c/0x270
[   23.066294]  ? lock_downgrade+0x990/0x990
[   23.066657]  ? mntput+0x66/0x90
[   23.066883]  ? do_raw_spin_trylock+0x190/0x190
[   23.067226]  ? check_same_owner+0x320/0x320
[   23.067562]  ? __might_sleep+0x95/0x190
[   23.067937]  ? trace_hardirqs_on+0xd/0x10
[   23.068337]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.068794]  ? task_work_run+0x1f4/0x270
[   23.069121]  ? task_work_cancel+0x210/0x210
[   23.069411]  ? __kvm_gfn_to_hva_cache_init+0xb80/0xb80
[   23.069778]  ? do_vfs_ioctl+0x486/0x1520
[   23.070192]  ? trace_hardirqs_off+0xd/0x10
[   23.070643]  ? exit_to_usermode_loop+0x1a8/0x300
[   23.071114]  ? ioctl_preallocate+0x2b0/0x2b0
[   23.071545]  ? selinux_capable+0x40/0x40
[   23.071945]  ? __close_fd+0x269/0x3d0
[   23.072225]  do_group_exit+0x149/0x400
[   23.072574]  ? SyS_exit+0x30/0x30
[   23.072828]  ? security_file_ioctl+0x89/0xb0
[   23.073116]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.073426]  SyS_exit_group+0x1d/0x20
[   23.073694]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   23.074012] RIP: 0033:0x436c49
[   23.074225] RSP: 002b:00007ffdd78a9b88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   23.074747] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000436c49
[   23.075227] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   23.075714] RBP: 0000000000000006 R08: 000000000000003c R09: 00000000000000e7
[   23.076193] R10: ffffffffffffffc0 R11: 0000000000000246 R12: 0000000000000000
[   23.076687] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020cde000
[   23.077172] Code: f9 59 5e 00 48 8b 75 d0 48 c7 c7 40 4d e2 84 e8 7e 3a 49 00 0f 0b e8 e2 59 5e 00 48 8b 75 d0 48 c7 c7 00 4d e2 84 e8 67 3a 49 00 <0f> 0b 4c 89 ef e8 18 c4 92 00 e9 01 fe ff ff 0f 1f 00 55 48 89 
[   23.078474] RIP: pte_list_remove+0x3ae/0x3c0 RSP: ffff88006944eee8
[   23.078927] ---[ end trace 0ef225aa830b2789 ]---
[   23.079253] Kernel panic - not syncing: Fatal exception
[   23.079716] Dumping ftrace buffer:
[   23.079957]    (ftrace buffer empty)
[   23.080203] Kernel Offset: disabled
[   23.080445] Rebooting in 86400 seconds..