executing program
syzkaller login: [  134.887298] device gre0 entered promiscuous mode
[  259.899012] INFO: rcu_sched self-detected stall on CPU
[  259.899422] 	3-....: (124993 ticks this GP) idle=d2e/1/4611686018427387906 softirq=3461/3461 fqs=29117 
[  259.900083] 	 (t=125001 jiffies g=1442 c=1441 q=520)
[  259.900175] INFO: rcu_sched detected stalls on CPUs/tasks:
[  259.900184] 	3-....: (124993 ticks this GP) idle=d2e/1/4611686018427387906 softirq=3461/3461 fqs=29117 
[  259.900186] 	(detected by 1, t=125002 jiffies, g=1442, c=1441, q=520)
[  259.900195] Sending NMI from CPU 1 to CPUs 3:
[  259.901227] NMI backtrace for cpu 3
[  259.901230] CPU: 3 PID: 2985 Comm: syzkaller007191 Not tainted 4.14.0-rc5-next-20171018+ #8
[  259.901233] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[  259.901235] task: ffff88003d98a680 task.stack: ffff880039e18000
[  259.901236] RIP: 0010:io_serial_in+0x6b/0x90
[  259.901238] RSP: 0018:ffff88006df06ff8 EFLAGS: 00000002
[  259.901242] RAX: dffffc0000000060 RBX: 00000000000003fd RCX: 0000000000000000
[  259.901245] RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8788b418
[  259.901247] RBP: ffff88006df07008 R08: ffffffff828744e6 R09: 000000000000000c
[  259.901249] R10: ffff88006df06f78 R11: 0000000000000040 R12: ffffffff8788b3e0
[  259.901252] R13: 0000000000000020 R14: fffffbfff0f116c2 R15: fffffbfff0f11685
[  259.901254] FS:  00000000016cc880(0000) GS:ffff88006df00000(0000) knlGS:0000000000000000
[  259.901256] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  259.901259] CR2: 0000000020101000 CR3: 000000006a50d000 CR4: 00000000000006e0
[  259.901261] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  259.901263] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  259.901265] Call Trace:
[  259.901266]  <IRQ>
[  259.901268]  wait_for_xmitr+0x93/0x1e0
[  259.901269]  ? wait_for_xmitr+0x1e0/0x1e0
[  259.901271]  serial8250_console_putchar+0x1f/0x60
[  259.901273]  uart_console_write+0xac/0xe0
[  259.901275]  serial8250_console_write+0x647/0xa20
[  259.901277]  ? serial8250_start_tx+0x970/0x970
[  259.901278]  ? do_raw_spin_trylock+0x190/0x190
[  259.901280]  ? memcpy+0x45/0x50
[  259.901282]  ? univ8250_console_setup+0x170/0x170
[  259.901284]  univ8250_console_write+0x64/0x80
[  259.901285]  console_unlock+0x788/0xd70
[  259.901287]  ? trace_hardirqs_off_caller+0x220/0x2c0
[  259.901289]  ? wake_up_klogd+0x100/0x100
[  259.901290]  ? vprintk_emit+0x49b/0x590
[  259.901292]  ? __down_trylock_console_sem+0x10d/0x1e0
[  259.901294]  vprintk_emit+0x4ad/0x590
[  259.901296]  vprintk_default+0x28/0x30
[  259.901297]  vprintk_func+0x57/0xc0
[  259.901299]  printk+0xaa/0xca
[  259.901300]  ? show_regs_print_info+0x65/0x65
[  259.901302]  check_cpu_stall.isra.65+0xba8/0x15b0
[  259.901304]  ? rcu_lockdep_current_cpu_online+0x190/0x190
[  259.901306]  ? __lock_acquire+0x6aa/0x3d50
[  259.901308]  ? check_noncircular+0x20/0x20
[  259.901309]  ? print_irqtrace_events+0x270/0x270
[  259.901311]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[  259.901313]  ? check_noncircular+0x20/0x20
[  259.901315]  ? __lock_acquire+0x6aa/0x3d50
[  259.901317]  ? rb_first_postorder+0xa0/0xa0
[  259.901318]  ? check_noncircular+0x20/0x20
[  259.901320]  ? lock_downgrade+0x990/0x990
[  259.901322]  ? find_held_lock+0x35/0x1d0
[  259.901324]  ? cpuacct_account_field+0x1e4/0x3b0
[  259.901325]  ? find_held_lock+0x35/0x1d0
[  259.901327]  ? __acct_update_integrals+0x339/0x4d0
[  259.901329]  ? rcu_pm_notify+0xc0/0xc0
[  259.901330]  rcu_check_callbacks+0x238/0xd20
[  259.901332]  ? rcu_cpu_stall_reset+0x260/0x260
[  259.901334]  ? trace_hardirqs_off+0xd/0x10
[  259.901336]  ? raise_softirq+0x325/0x490
[  259.901338]  ? __perf_event_task_sched_in+0xc20/0xc20
[  259.901340]  ? raise_softirq_irqoff+0x320/0x320
[  259.901341]  ? run_local_timers+0x18d/0x200
[  259.901343]  ? timer_clear_idle+0x50/0x50
[  259.901345]  ? account_process_tick+0xd4/0x3e0
[  259.901347]  ? thread_group_cputime+0xef0/0xef0
[  259.901348]  ? do_gettimeofday+0x190/0x190
[  259.901350]  update_process_times+0x30/0x60
[  259.901352]  tick_sched_handle+0x85/0x160
[  259.901354]  tick_sched_timer+0x42/0x120
[  259.901355]  __hrtimer_run_queues+0x349/0xe10
[  259.901357]  ? tick_sched_do_timer+0xe0/0xe0
[  259.901359]  ? hrtimer_cancel+0x40/0x40
[  259.901361]  ? pvclock_read_flags+0x160/0x160
[  259.901362]  ? kvm_clock_get_cycles+0x25/0x30
[  259.901364]  ? ktime_get_update_offsets_now+0x34a/0x520
[  259.901366]  ? do_timer+0x50/0x50
[  259.901368]  ? native_apic_msr_write+0x5c/0x80
[  259.901369]  hrtimer_interrupt+0x1c2/0x5e0
[  259.901371]  smp_apic_timer_interrupt+0x14a/0x700
[  259.901373]  ? smp_call_function_single_interrupt+0x124/0x640
[  259.901375]  ? smp_call_function_single_interrupt+0x640/0x640
[  259.901377]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  259.901379]  apic_timer_interrupt+0x9d/0xb0
[  259.901380]  </IRQ>
[  259.901382] RIP: 0010:_raw_spin_unlock_irqrestore+0x5e/0xba
[  259.901384] RSP: 0018:ffff880039e1f558 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff11
[  259.901388] RAX: dffffc0000000000 RBX: 0000000000000282 RCX: 0000000000000000
[  259.901391] RDX: 1ffffffff0b58f39 RSI: 0000000000000001 RDI: 0000000000000282
[  259.901393] RBP: ffff880039e1f568 R08: 0000000000000001 R09: 0000000000000000
[  259.901396] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88006cd33340
[  259.901398] R13: ffff88003d98a680 R14: 0000000000000001 R15: ffff88006cd33378
[  259.901400]  prepare_to_wait+0x192/0x4d0
[  259.901401]  ? wait_woken+0x280/0x280
[  259.901403]  ? remove_wait_queue+0x350/0x350
[  259.901405]  ? retint_kernel+0x10/0x10
[  259.901406]  ? sock_alloc_send_pskb+0x456/0x9b0
[  259.901408]  sock_alloc_send_pskb+0x4c5/0x9b0
[  259.901410]  ? sock_wmalloc+0x1d0/0x1d0
[  259.901412]  ? __thp_get_unmapped_area+0x130/0x130
[  259.901414]  ? iov_iter_copy_from_user_atomic+0xe30/0xe30
[  259.901415]  ? __might_sleep+0x95/0x190
[  259.901417]  ? kasan_check_write+0x14/0x20
[  259.901419]  ? iov_iter_advance+0x2a1/0x13f0
[  259.901421]  ? _copy_from_iter_full+0x22b/0xbb0
[  259.901422]  ? check_noncircular+0x20/0x20
[  259.901424]  ? finish_wait+0x490/0x490
[  259.901426]  tun_get_user+0x91a/0x36d0
[  259.901427]  ? find_held_lock+0x35/0x1d0
[  259.901429]  ? tun_build_skb.isra.48+0x16e0/0x16e0
[  259.901431]  ? __handle_mm_fault+0x587/0x39c0
[  259.901433]  ? __pmd_alloc+0x4e0/0x4e0
[  259.901434]  ? tun_get+0x1ab/0x2e0
[  259.901436]  ? lock_downgrade+0x990/0x990
[  259.901438]  ? handle_mm_fault+0x248/0x8d0
[  259.901439]  ? lock_release+0xa40/0xa40
[  259.901441]  ? __lock_is_held+0xb6/0x140
[  259.901443]  ? tun_get+0x1d4/0x2e0
[  259.901444]  ? tun_chr_close+0x60/0x60
[  259.901446]  tun_chr_write_iter+0xb9/0x160
[  259.901448]  __vfs_write+0x684/0x970
[  259.901449]  ? kernel_read+0x120/0x120
[  259.901451]  ? _cond_resched+0x14/0x30
[  259.901453]  ? avc_policy_seqno+0x9/0x20
[  259.901454]  ? selinux_file_permission+0x82/0x460
[  259.901456]  ? rw_verify_area+0xe5/0x2b0
[  259.901458]  ? __fdget_raw+0x20/0x20
[  259.901459]  vfs_write+0x189/0x510
[  259.901461]  SyS_write+0xef/0x220
[  259.901462]  ? SyS_read+0x220/0x220
[  259.901464]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  259.901466]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  259.901468]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[  259.901470] RIP: 0033:0x439359
[  259.901471] RSP: 002b:00007ffdf939ceb8 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  259.901475] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000439359
[  259.901478] RDX: 0000000000000046 RSI: 0000000020101000 RDI: 0000000000000005
[  259.901480] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
[  259.901482] R10: 0000000000000013 R11: 0000000000000293 R12: 0000000000000000
[  259.901485] R13: 0000000000401fb0 R14: 0000000000402040 R15: 0000000000000000
[  259.901486] Code: 24 d1 00 00 00 49 8d 7c 24 38 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 d3 e3 80 3c 02 00 75 17 41 03 5c 24 38 89 da ec <5b> 0f b6 c0 41 5c 5d c3 e8 e8 af 1d ff eb c2 e8 41 b0 1d ff eb 
[  259.960236] NMI backtrace for cpu 3
[  259.960542] CPU: 3 PID: 2985 Comm: syzkaller007191 Not tainted 4.14.0-rc5-next-20171018+ #8
[  259.961247] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[  259.961926] Call Trace:
[  259.962140]  <IRQ>
[  259.962307]  dump_stack+0x194/0x257
[  259.962579]  ? arch_local_irq_restore+0x53/0x53
[  259.962923]  ? lock_acquire+0x1d5/0x580
[  259.963221]  ? lock_acquire+0x1d5/0x580
[  259.963517]  ? nmi_cpu_backtrace+0x1fa/0x240
[  259.963843]  ? rcu_dump_cpu_stacks+0x9d/0x1da
[  259.964180]  nmi_cpu_backtrace+0x20e/0x240
[  259.964501]  ? lock_release+0xa40/0xa40
[  259.964814]  ? kobject_synth_uevent+0xad0/0xad0
[  259.965163]  ? _find_next_bit+0xee/0x120
[  259.965489]  ? lapic_can_unplug_cpu+0xa0/0xa0
[  259.965817]  nmi_trigger_cpumask_backtrace+0x122/0x180
[  259.966244]  arch_trigger_cpumask_backtrace+0x14/0x20
[  259.966618]  rcu_dump_cpu_stacks+0x186/0x1da
[  259.966945]  check_cpu_stall.isra.65+0xbb8/0x15b0
[  259.967304]  ? rcu_lockdep_current_cpu_online+0x190/0x190
[  259.967708]  ? __lock_acquire+0x6aa/0x3d50
[  259.968015]  ? check_noncircular+0x20/0x20
[  259.968337]  ? print_irqtrace_events+0x270/0x270
[  259.968685]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[  259.969104]  ? check_noncircular+0x20/0x20
[  259.969486]  ? __lock_acquire+0x6aa/0x3d50
[  259.969926]  ? rb_first_postorder+0xa0/0xa0
[  259.970403]  ? check_noncircular+0x20/0x20
[  259.970774]  ? lock_downgrade+0x990/0x990
[  259.971154]  ? find_held_lock+0x35/0x1d0
[  259.972836]  ? cpuacct_account_field+0x1e4/0x3b0
[  259.973197]  ? find_held_lock+0x35/0x1d0
[  259.973496]  ? __acct_update_integrals+0x339/0x4d0
[  259.973858]  ? rcu_pm_notify+0xc0/0xc0
[  259.974166]  rcu_check_callbacks+0x238/0xd20
[  259.974506]  ? rcu_cpu_stall_reset+0x260/0x260
[  259.974891]  ? trace_hardirqs_off+0xd/0x10
[  259.975280]  ? raise_softirq+0x325/0x490
[  259.975646]  ? __perf_event_task_sched_in+0xc20/0xc20
[  259.976119]  ? raise_softirq_irqoff+0x320/0x320
[  259.976565]  ? run_local_timers+0x18d/0x200
[  259.976946]  ? timer_clear_idle+0x50/0x50
[  259.977268]  ? account_process_tick+0xd4/0x3e0
[  259.977602]  ? thread_group_cputime+0xef0/0xef0
[  259.977937]  ? do_gettimeofday+0x190/0x190
[  259.978333]  update_process_times+0x30/0x60
[  259.978646]  tick_sched_handle+0x85/0x160
[  259.978947]  tick_sched_timer+0x42/0x120
[  259.979241]  __hrtimer_run_queues+0x349/0xe10
[  259.979582]  ? tick_sched_do_timer+0xe0/0xe0
[  259.979919]  ? hrtimer_cancel+0x40/0x40
[  259.980225]  ? pvclock_read_flags+0x160/0x160
[  259.980579]  ? kvm_clock_get_cycles+0x25/0x30
[  259.980915]  ? ktime_get_update_offsets_now+0x34a/0x520
[  259.981312]  ? do_timer+0x50/0x50
[  259.981570]  ? native_apic_msr_write+0x5c/0x80
[  259.982027]  hrtimer_interrupt+0x1c2/0x5e0
[  259.982524]  smp_apic_timer_interrupt+0x14a/0x700
[  259.983052]  ? smp_call_function_single_interrupt+0x124/0x640
[  259.983699]  ? smp_call_function_single_interrupt+0x640/0x640
[  259.984360]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  259.984889]  apic_timer_interrupt+0x9d/0xb0
[  259.985353]  </IRQ>
[  259.985600] RIP: 0010:_raw_spin_unlock_irqrestore+0x5e/0xba
[  259.986180] RSP: 0018:ffff880039e1f558 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff11
[  259.986756] RAX: dffffc0000000000 RBX: 0000000000000282 RCX: 0000000000000000
[  259.987275] RDX: 1ffffffff0b58f39 RSI: 0000000000000001 RDI: 0000000000000282
[  259.987823] RBP: ffff880039e1f568 R08: 0000000000000001 R09: 0000000000000000
[  259.988349] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88006cd33340
[  259.988871] R13: ffff88003d98a680 R14: 0000000000000001 R15: ffff88006cd33378
[  259.989423]  prepare_to_wait+0x192/0x4d0
[  259.989721]  ? wait_woken+0x280/0x280
[  259.990023]  ? remove_wait_queue+0x350/0x350
[  259.990368]  ? retint_kernel+0x10/0x10
[  259.990661]  ? sock_alloc_send_pskb+0x456/0x9b0
[  259.991018]  sock_alloc_send_pskb+0x4c5/0x9b0
[  259.991356]  ? sock_wmalloc+0x1d0/0x1d0
[  259.991644]  ? __thp_get_unmapped_area+0x130/0x130
[  259.992342]  ? iov_iter_copy_from_user_atomic+0xe30/0xe30
[  259.992821]  ? __might_sleep+0x95/0x190
[  259.993177]  ? kasan_check_write+0x14/0x20
[  259.993483]  ? iov_iter_advance+0x2a1/0x13f0
[  259.993801]  ? _copy_from_iter_full+0x22b/0xbb0
[  259.994149]  ? check_noncircular+0x20/0x20
[  259.994454]  ? finish_wait+0x490/0x490
[  259.994747]  tun_get_user+0x91a/0x36d0
[  259.995032]  ? find_held_lock+0x35/0x1d0
[  259.995343]  ? tun_build_skb.isra.48+0x16e0/0x16e0
[  259.995706]  ? __handle_mm_fault+0x587/0x39c0
[  259.996037]  ? __pmd_alloc+0x4e0/0x4e0
[  259.996423]  ? tun_get+0x1ab/0x2e0
[  259.996684]  ? lock_downgrade+0x990/0x990
[  259.996980]  ? handle_mm_fault+0x248/0x8d0
[  259.997286]  ? lock_release+0xa40/0xa40
[  259.997574]  ? __lock_is_held+0xb6/0x140
[  259.997878]  ? tun_get+0x1d4/0x2e0
[  259.998190]  ? tun_chr_close+0x60/0x60
[  259.998504]  tun_chr_write_iter+0xb9/0x160
[  259.998812]  __vfs_write+0x684/0x970
[  259.999083]  ? kernel_read+0x120/0x120
[  259.999367]  ? _cond_resched+0x14/0x30
[  259.999648]  ? avc_policy_seqno+0x9/0x20
[  259.999938]  ? selinux_file_permission+0x82/0x460
[  260.000293]  ? rw_verify_area+0xe5/0x2b0
[  260.000585]  ? __fdget_raw+0x20/0x20
[  260.000858]  vfs_write+0x189/0x510
[  260.001255]  SyS_write+0xef/0x220
[  260.001524]  ? SyS_read+0x220/0x220
[  260.001785]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  260.002198]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  260.002604]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[  260.002948] RIP: 0033:0x439359
[  260.003178] RSP: 002b:00007ffdf939ceb8 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  260.003724] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000439359
[  260.004236] RDX: 0000000000000046 RSI: 0000000020101000 RDI: 0000000000000005
[  260.004750] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
[  260.005265] R10: 0000000000000013 R11: 0000000000000293 R12: 0000000000000000
[  260.005779] R13: 0000000000401fb0 R14: 0000000000402040 R15: 0000000000000000