[   45.696003][   T23] audit: type=1800 audit(1575456177.434:26): pid=8080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   45.720716][   T23] audit: type=1800 audit(1575456177.434:27): pid=8080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   45.762093][   T23] audit: type=1800 audit(1575456177.434:28): pid=8080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   46.523652][   T23] audit: type=1800 audit(1575456178.284:29): pid=8080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts.
2019/12/04 10:43:06 fuzzer started
2019/12/04 10:43:07 dialing manager at 10.128.0.26:36481
2019/12/04 10:43:07 syscalls: 2691
2019/12/04 10:43:07 code coverage: enabled
2019/12/04 10:43:07 comparison tracing: enabled
2019/12/04 10:43:07 extra coverage: extra coverage is not supported by the kernel
2019/12/04 10:43:07 setuid sandbox: enabled
2019/12/04 10:43:07 namespace sandbox: enabled
2019/12/04 10:43:07 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/04 10:43:07 fault injection: enabled
2019/12/04 10:43:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/04 10:43:07 net packet injection: enabled
2019/12/04 10:43:07 net device setup: enabled
2019/12/04 10:43:07 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/12/04 10:43:07 devlink PCI setup: PCI device 0000:00:10.0 is not available
10:43:08 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x6b)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071")
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10)

10:43:08 executing program 1:
r0 = open(&(0x7f0000000080)='./file1\x00', 0x20041, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
fcntl$setlease(r0, 0x400, 0x0)
rename(&(0x7f0000fdbff8)='./file0\x00', &(0x7f0000000000)='./file1\x00')

syzkaller login: [   57.198323][ T8246] IPVS: ftp: loaded support on port[0] = 21
[   57.283788][ T8248] IPVS: ftp: loaded support on port[0] = 21
10:43:09 executing program 2:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x2002, 0x0)
ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000))
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f0000000180)={0x4, 0x8}, 0x5d1)
ioctl$int_in(r0, 0x80000000005001, 0x0)

[   57.382371][ T8246] chnl_net:caif_netlink_parms(): no params data found
[   57.523476][ T8246] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.530578][ T8246] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.552959][ T8246] device bridge_slave_0 entered promiscuous mode
[   57.566904][ T8248] chnl_net:caif_netlink_parms(): no params data found
[   57.583695][ T8246] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.593478][ T8246] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.601820][ T8246] device bridge_slave_1 entered promiscuous mode
[   57.615317][ T8252] IPVS: ftp: loaded support on port[0] = 21
[   57.670172][ T8246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.695832][ T8246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
10:43:09 executing program 3:
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x444, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000))
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0)
memfd_create(0x0, 0x0)
pipe(0x0)
r0 = syz_open_dev$loop(0x0, 0x0, 0x0)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)
fcntl$dupfd(r0, 0x406, 0xffffffffffffffff)
io_setup(0x0, 0x0)

[   57.715265][ T8248] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.722876][ T8248] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.730783][ T8248] device bridge_slave_0 entered promiscuous mode
[   57.761643][ T8246] team0: Port device team_slave_0 added
[   57.767719][ T8248] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.791887][ T8248] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.801175][ T8248] device bridge_slave_1 entered promiscuous mode
[   57.814726][ T8246] team0: Port device team_slave_1 added
[   57.864468][ T8248] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.935356][ T8246] device hsr_slave_0 entered promiscuous mode
10:43:09 executing program 4:
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)

[   57.991071][ T8246] device hsr_slave_1 entered promiscuous mode
[   58.044638][ T8248] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.082190][ T8254] IPVS: ftp: loaded support on port[0] = 21
[   58.116935][ T8248] team0: Port device team_slave_0 added
[   58.143009][ T8248] team0: Port device team_slave_1 added
10:43:10 executing program 5:
kexec_load(0x0, 0x0, 0x0, 0x0)

[   58.243532][ T8248] device hsr_slave_0 entered promiscuous mode
[   58.301512][ T8248] device hsr_slave_1 entered promiscuous mode
[   58.342291][ T8248] debugfs: Directory 'hsr0' with parent '/' already present!
[   58.374767][ T8246] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.387225][ T8256] IPVS: ftp: loaded support on port[0] = 21
[   58.443580][ T8246] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.484189][ T8246] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.550380][ T8246] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.627268][ T8258] IPVS: ftp: loaded support on port[0] = 21
[   58.639959][ T8252] chnl_net:caif_netlink_parms(): no params data found
[   58.692763][ T8248] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   58.724984][ T8248] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   58.763561][ T8248] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   58.834447][ T8248] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   58.950507][ T8252] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.958655][ T8252] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.966432][ T8252] device bridge_slave_0 entered promiscuous mode
[   58.985983][ T8252] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.994109][ T8252] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.002131][ T8252] device bridge_slave_1 entered promiscuous mode
[   59.035940][ T8252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.049123][ T8252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.110746][ T8254] chnl_net:caif_netlink_parms(): no params data found
[   59.157237][ T8252] team0: Port device team_slave_0 added
[   59.180851][ T8258] chnl_net:caif_netlink_parms(): no params data found
[   59.193844][ T8256] chnl_net:caif_netlink_parms(): no params data found
[   59.209465][ T8252] team0: Port device team_slave_1 added
[   59.258254][ T8254] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.266203][ T8254] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.274325][ T8254] device bridge_slave_0 entered promiscuous mode
[   59.288450][ T8258] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.296611][ T8258] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.304974][ T8258] device bridge_slave_0 entered promiscuous mode
[   59.313168][ T8258] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.320237][ T8258] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.328196][ T8258] device bridge_slave_1 entered promiscuous mode
[   59.351485][ T8254] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.359574][ T8254] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.368539][ T8254] device bridge_slave_1 entered promiscuous mode
[   59.432553][ T8252] device hsr_slave_0 entered promiscuous mode
[   59.471159][ T8252] device hsr_slave_1 entered promiscuous mode
[   59.521037][ T8252] debugfs: Directory 'hsr0' with parent '/' already present!
[   59.530380][ T8254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.542395][ T8254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.557947][ T8256] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.566768][ T8256] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.575006][ T8256] device bridge_slave_0 entered promiscuous mode
[   59.592073][ T8258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.604218][ T8258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.617720][ T8246] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.629189][ T8256] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.638238][ T8256] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.646599][ T8256] device bridge_slave_1 entered promiscuous mode
[   59.676000][ T8248] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.694823][ T8254] team0: Port device team_slave_0 added
[   59.706210][ T8254] team0: Port device team_slave_1 added
[   59.718319][ T8256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.729749][ T8256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.747262][ T8258] team0: Port device team_slave_0 added
[   59.758557][ T8258] team0: Port device team_slave_1 added
[   59.794134][ T8248] 8021q: adding VLAN 0 to HW filter on device team0
[   59.843876][ T8258] device hsr_slave_0 entered promiscuous mode
[   59.901554][ T8258] device hsr_slave_1 entered promiscuous mode
[   59.961010][ T8258] debugfs: Directory 'hsr0' with parent '/' already present!
[   59.975602][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.986236][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.994658][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   60.003832][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.053694][ T8254] device hsr_slave_0 entered promiscuous mode
[   60.091433][ T8254] device hsr_slave_1 entered promiscuous mode
[   60.130873][ T8254] debugfs: Directory 'hsr0' with parent '/' already present!
[   60.162343][ T8256] team0: Port device team_slave_0 added
[   60.169815][ T8246] 8021q: adding VLAN 0 to HW filter on device team0
[   60.179788][ T8256] team0: Port device team_slave_1 added
[   60.186592][ T8252] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   60.243866][ T8260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.252964][ T8260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.261894][ T8260] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.271007][ T8260] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.280883][ T8260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   60.289770][ T8260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.303677][ T8260] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.311245][ T8260] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.320125][ T8260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   60.349476][ T8252] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   60.406861][ T8252] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   60.467691][ T8252] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   60.523771][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.535654][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.544513][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.552864][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.562756][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   60.574081][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   60.632641][ T8256] device hsr_slave_0 entered promiscuous mode
[   60.671256][ T8256] device hsr_slave_1 entered promiscuous mode
[   60.711705][ T8256] debugfs: Directory 'hsr0' with parent '/' already present!
[   60.728594][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   60.739571][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   60.749333][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.759937][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.768646][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.777664][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   60.817482][ T8258] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   60.868741][ T8258] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   60.923975][ T8254] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   60.975044][ T8254] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   61.022434][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   61.031110][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   61.039430][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   61.050903][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   61.059243][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   61.068136][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.076556][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   61.085560][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   61.094288][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   61.102587][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   61.111143][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   61.120902][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   61.128597][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   61.136282][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   61.145449][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.165153][ T8258] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   61.206436][ T8254] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   61.265428][ T8248] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   61.275704][ T8260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   61.285542][ T8260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.295100][ T8260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   61.303765][ T8260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.314514][ T8246] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   61.324300][ T8258] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   61.376406][ T8254] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   61.466382][ T8256] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   61.504325][ T8256] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   61.562721][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   61.570579][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   61.593911][ T8256] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   61.634581][ T8256] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   61.683107][ T8260] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   61.693262][ T8260] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   61.715412][ T8246] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.733894][ T8248] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.801835][ T8252] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.846252][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   61.871323][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.890523][ T8252] 8021q: adding VLAN 0 to HW filter on device team0
[   61.944562][ T8256] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.975430][ T8254] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.002564][ T8254] 8021q: adding VLAN 0 to HW filter on device team0
[  166.960663][    C0] rcu: INFO: rcu_preempt self-detected stall on CPU
[  166.970827][    C0] rcu: 	0-...!: (1 GPs behind) idle=e7a/1/0x4000000000000002 softirq=11855/11858 fqs=2 
[  166.981143][    C0] 	(t=10500 jiffies g=6457 q=414)
[  166.986418][    C0] rcu: rcu_preempt kthread starved for 10495 jiffies! g6457 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  167.001952][    C0] rcu: RCU grace-period kthread stack dump:
[  167.007842][    C0] rcu_preempt     R  running task    29032    10      2 0x80004000
[  167.015837][    C0] Call Trace:
[  167.019138][    C0]  __schedule+0x9a0/0xcc0
[  167.023790][    C0]  schedule+0x181/0x210
[  167.029913][    C0]  schedule_timeout+0x14f/0x240
[  167.035914][    C0]  ? run_local_timers+0x120/0x120
[  167.041265][    C0]  rcu_gp_kthread+0xed8/0x1770
[  167.046150][    C0]  kthread+0x332/0x350
[  167.050307][    C0]  ? rcu_report_qs_rsp+0x140/0x140
[  167.055551][    C0]  ? kthread_blkcg+0xe0/0xe0
[  167.060162][    C0]  ret_from_fork+0x24/0x30
[  167.065569][    C0] NMI backtrace for cpu 0
[  167.071055][    C0] CPU: 0 PID: 8266 Comm: blkid Not tainted 5.4.0-syzkaller #0
[  167.083784][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  167.098172][    C0] Call Trace:
[  167.101706][    C0]  <IRQ>
[  167.104728][    C0]  dump_stack+0x1fb/0x318
[  167.109398][    C0]  nmi_cpu_backtrace+0xaf/0x1a0
[  167.114236][    C0]  ? nmi_trigger_cpumask_backtrace+0x16d/0x290
[  167.120380][    C0]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  167.126435][    C0]  nmi_trigger_cpumask_backtrace+0x174/0x290
[  167.132407][    C0]  arch_trigger_cpumask_backtrace+0x10/0x20
[  167.138287][    C0]  rcu_dump_cpu_stacks+0x15a/0x220
[  167.143405][    C0]  rcu_sched_clock_irq+0xe25/0x1ad0
[  167.148597][    C0]  ? trace_hardirqs_off+0x74/0x80
[  167.153628][    C0]  update_process_times+0x12d/0x180
[  167.158818][    C0]  tick_sched_timer+0x263/0x420
[  167.163656][    C0]  ? tick_setup_sched_timer+0x3d0/0x3d0
[  167.169456][    C0]  __hrtimer_run_queues+0x403/0x840
[  167.176487][    C0]  hrtimer_interrupt+0x38c/0xda0
[  167.181459][    C0]  ? debug_smp_processor_id+0x9/0x20
[  167.186754][    C0]  smp_apic_timer_interrupt+0x109/0x280
[  167.192724][    C0]  apic_timer_interrupt+0xf/0x20
[  167.197737][    C0]  </IRQ>
[  167.200851][    C0] RIP: 0010:free_thread_stack+0x195/0x590
[  167.207563][    C0] Code: 2e 00 74 08 4c 89 e7 e8 09 a0 69 00 49 8b 1c 24 48 83 c3 08 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 eb 9f 69 00 <48> 8b 1b e9 82 ff ff ff e8 5e 2a 2e 00 43 80 3c 2e 00 75 18 eb 1e
[  167.227657][    C0] RSP: 0018:ffffc900023879f0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  167.241516][    C0] RAX: 1ffff11015235151 RBX: ffff8880a91a8a88 RCX: ffff888094d82540
[  167.250317][    C0] RDX: 0000000000000000 RSI: 00000000fffffffc RDI: ffffea00028c1040
[  167.259947][    C0] RBP: ffffc90002387a28 R08: 000000000003a728 R09: ffffed101329d2af
[  167.275557][    C0] R10: ffffed101329d2af R11: 0000000000000000 R12: ffff888093d049a0
[  167.290087][    C0] R13: dffffc0000000000 R14: 1ffff110127a0934 R15: ffff8880994e9568
[  167.303192][    C0]  put_task_stack+0xa3/0x130
[  167.307825][    C0]  finish_task_switch+0x3f1/0x550
[  167.312857][    C0]  __schedule+0x9a8/0xcc0
[  167.317196][    C0]  ? ___preempt_schedule+0x16/0x18
[  167.322412][    C0]  preempt_schedule+0xdb/0x120
[  167.327972][    C0]  ___preempt_schedule+0x16/0x18
[  167.339370][    C0]  _raw_spin_unlock_irqrestore+0xcc/0xe0
[  167.346572][    C0]  __wake_up_sync_key+0xe2/0x150
[  167.353245][    C0]  pipe_release+0x17b/0x330
[  167.357750][    C0]  ? fifo_open+0xc70/0xc70
[  167.363042][    C0]  __fput+0x2e4/0x740
[  167.367837][    C0]  ____fput+0x15/0x20
[  167.371853][    C0]  task_work_run+0x17e/0x1b0
[  167.377470][    C0]  do_exit+0x5c4/0x2020
[  167.382607][    C0]  ? check_preemption_disabled+0xb4/0x260
[  167.388339][    C0]  do_group_exit+0x15c/0x2b0
[  167.392931][    C0]  __do_sys_exit_group+0x17/0x20
[  167.397864][    C0]  __se_sys_exit_group+0x14/0x20
[  167.402790][    C0]  __x64_sys_exit_group+0x3b/0x40
[  167.407805][    C0]  do_syscall_64+0xf7/0x1c0
[  167.412305][    C0]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  167.418203][    C0] RIP: 0033:0x7f17b5d241e8
[  167.422624][    C0] Code: Bad RIP value.
[  167.426677][    C0] RSP: 002b:00007fff237bf838 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  167.435074][    C0] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f17b5d241e8
[  167.443076][    C0] RDX: 0000000000000002 RSI: 000000000000003c RDI: 0000000000000002
[  167.451207][    C0] RBP: 00007f17b5ff9840 R08: 00000000000000e7 R09: ffffffffffffffa8
[  167.460316][    C0] R10: 00007f17b5fff740 R11: 0000000000000246 R12: 00007f17b5ff9840
[  167.468832][    C0] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000