[ 44.944985][ T23] audit: type=1800 audit(1575396067.991:26): pid=8061 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 45.004535][ T23] audit: type=1800 audit(1575396067.991:27): pid=8061 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 45.042130][ T23] audit: type=1800 audit(1575396067.991:28): pid=8061 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 45.893443][ T23] audit: type=1800 audit(1575396068.961:29): pid=8061 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. 2019/12/03 18:01:16 fuzzer started 2019/12/03 18:01:18 dialing manager at 10.128.0.26:42111 2019/12/03 18:01:18 syscalls: 2689 2019/12/03 18:01:18 code coverage: enabled 2019/12/03 18:01:18 comparison tracing: enabled 2019/12/03 18:01:18 extra coverage: extra coverage is not supported by the kernel 2019/12/03 18:01:18 setuid sandbox: enabled 2019/12/03 18:01:18 namespace sandbox: enabled 2019/12/03 18:01:18 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/03 18:01:18 fault injection: enabled 2019/12/03 18:01:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/03 18:01:18 net packet injection: enabled 2019/12/03 18:01:18 net device setup: enabled 2019/12/03 18:01:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/03 18:01:18 devlink PCI setup: PCI device 0000:00:10.0 is not available 18:01:19 executing program 0: r0 = socket$inet(0x10, 0x2, 0x0) write(r0, &(0x7f0000000040)="240000001e005f0214fffffffff80700000000000000000000000800030008000c000000", 0x52) 18:01:19 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) poll(&(0x7f0000000300)=[{r2}, {r3}], 0x2, 0x0) syzkaller login: [ 56.707287][ T8226] IPVS: ftp: loaded support on port[0] = 21 [ 56.828631][ T8228] IPVS: ftp: loaded support on port[0] = 21 18:01:19 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_GET_SREGS(r0, 0x8138ae83, 0x0) ioctl$KVM_SET_XCRS(0xffffffffffffffff, 0x4188aea7, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x440}, 0xc, &(0x7f0000000440)={&(0x7f00000006c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0c0002000200f1ffdc34050008000b000000000008000b000600000008000b000700000008000b000300"], 0x2}, 0x1, 0x0, 0x0, 0x2400d080}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000005c0)={0x0, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182) r2 = memfd_create(&(0x7f0000000240)='.^\xc5', 0x0) semget$private(0x0, 0x0, 0xc) semctl$GETVAL(0x0, 0x2, 0xc, &(0x7f0000000780)=""/141) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000140)='!', 0x1}], 0x1, 0x81805) r3 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) close(r3) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r1, 0x0, 0x24000000) ioctl$LOOP_CLR_FD(r1, 0x4c01) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) socket(0x9, 0x3, 0x4) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r4) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000003cc0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r4, &(0x7f0000000200)={0x2, 0x28, 0xfa00, {0x0, {0x2, 0x0, 0x0, @remote}, r6}}, 0x30) write$RDMA_USER_CM_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4, 0xfa00, {r6}}, 0xc) socket$inet(0x2, 0x0, 0xd) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) [ 56.878389][ T8226] chnl_net:caif_netlink_parms(): no params data found [ 56.972539][ T8226] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.981992][ T8226] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.991808][ T8226] device bridge_slave_0 entered promiscuous mode [ 57.032481][ T8226] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.042897][ T8226] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.051247][ T8226] device bridge_slave_1 entered promiscuous mode [ 57.088921][ T8228] chnl_net:caif_netlink_parms(): no params data found [ 57.109693][ T8226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.126962][ T8226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.164258][ T8233] IPVS: ftp: loaded support on port[0] = 21 [ 57.176044][ T8228] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.183260][ T8228] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.208055][ T8228] device bridge_slave_0 entered promiscuous mode 18:01:20 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10006, 0x80011, r0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000006180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002ec0)=""/181, 0xb5}}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r1) sendmsg$netlink(r4, &(0x7f0000028fc8)={0x0, 0x0, &(0x7f0000019000)=[{&(0x7f00000008c0)=ANY=[@ANYPTR], 0x1}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r1], 0x14}, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$inet(0x2, 0x2, 0x0) r7 = fcntl$dupfd(r5, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) recvmmsg(r2, &(0x7f00000038c0), 0x3fffffffffffdf5, 0x62, 0x0) [ 57.228871][ T8226] team0: Port device team_slave_0 added [ 57.237971][ T8228] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.247664][ T8228] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.256009][ T8228] device bridge_slave_1 entered promiscuous mode [ 57.266623][ T8226] team0: Port device team_slave_1 added [ 57.296811][ T8228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.327662][ T8228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.389211][ T8226] device hsr_slave_0 entered promiscuous mode 18:01:20 executing program 4: r0 = socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = dup3(r0, r1, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r2, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r1, &(0x7f00003cef9f)='7', 0xff0b, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x6c, &(0x7f000059aff8)={r3}, &(0x7f000034f000)=0x8) [ 57.444972][ T8226] device hsr_slave_1 entered promiscuous mode [ 57.540344][ T8235] IPVS: ftp: loaded support on port[0] = 21 [ 57.589321][ T8228] team0: Port device team_slave_0 added [ 57.609437][ T8228] team0: Port device team_slave_1 added [ 57.639815][ T8226] netdevsim netdevsim0 netdevsim0: renamed from eth0 18:01:20 executing program 5: ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x500000000}) clone(0x4000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r0, r1, 0x13, &(0x7f0000000180)) ptrace(0x10, r0) ptrace$poke(0x4209, r0, &(0x7f00000000c0), 0x7fffffffefff) [ 57.718453][ T8226] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.794312][ T8237] IPVS: ftp: loaded support on port[0] = 21 [ 57.812141][ T8226] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.871746][ T8226] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 57.987788][ T8228] device hsr_slave_0 entered promiscuous mode [ 58.044885][ T8228] device hsr_slave_1 entered promiscuous mode [ 58.104621][ T8228] debugfs: Directory 'hsr0' with parent '/' already present! [ 58.166266][ T8233] chnl_net:caif_netlink_parms(): no params data found [ 58.191131][ T8239] IPVS: ftp: loaded support on port[0] = 21 [ 58.263553][ T8233] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.273826][ T8233] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.281956][ T8233] device bridge_slave_0 entered promiscuous mode [ 58.290680][ T8233] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.298056][ T8233] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.306600][ T8233] device bridge_slave_1 entered promiscuous mode [ 58.349333][ T8235] chnl_net:caif_netlink_parms(): no params data found [ 58.406014][ T8228] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 58.457369][ T8228] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 58.524817][ T8233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.569813][ T8228] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 58.636508][ T8235] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.644121][ T8235] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.654133][ T8235] device bridge_slave_0 entered promiscuous mode [ 58.663234][ T8233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.681398][ T8228] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 58.725791][ T8235] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.732873][ T8235] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.740651][ T8235] device bridge_slave_1 entered promiscuous mode [ 58.759853][ T8237] chnl_net:caif_netlink_parms(): no params data found [ 58.773025][ T8226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.817788][ T8233] team0: Port device team_slave_0 added [ 58.825695][ T8235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.840715][ T8235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.857498][ T8233] team0: Port device team_slave_1 added [ 58.868680][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.877518][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.889213][ T8226] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.902019][ T8239] chnl_net:caif_netlink_parms(): no params data found [ 58.915431][ T8235] team0: Port device team_slave_0 added [ 58.947046][ T8235] team0: Port device team_slave_1 added [ 58.958354][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.968046][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.979747][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.987274][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.086181][ T8233] device hsr_slave_0 entered promiscuous mode [ 59.134892][ T8233] device hsr_slave_1 entered promiscuous mode [ 59.174608][ T8233] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.184594][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.193006][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.201945][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.210403][ T8245] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.217479][ T8245] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.226734][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.235494][ T8237] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.242570][ T8237] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.251306][ T8237] device bridge_slave_0 entered promiscuous mode [ 59.259463][ T8237] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.266776][ T8237] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.274609][ T8237] device bridge_slave_1 entered promiscuous mode [ 59.281430][ T8239] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.288675][ T8239] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.299306][ T8239] device bridge_slave_0 entered promiscuous mode [ 59.310520][ T8239] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.317681][ T8239] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.325701][ T8239] device bridge_slave_1 entered promiscuous mode [ 59.355344][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.364072][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.373162][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.383302][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.392084][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.400447][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.433300][ T8239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.444031][ T8239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.486350][ T8235] device hsr_slave_0 entered promiscuous mode [ 59.534994][ T8235] device hsr_slave_1 entered promiscuous mode [ 59.595327][ T8235] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.607859][ T8226] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 59.619461][ T8226] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.638036][ T8237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.648058][ T8240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.656992][ T8240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.666048][ T8240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.674237][ T8240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.682601][ T8240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.690258][ T8233] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 59.756218][ T8233] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 59.821615][ T8233] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 59.882573][ T8237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.909538][ T8239] team0: Port device team_slave_0 added [ 59.916681][ T8233] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 59.953993][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.961538][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.971036][ T8237] team0: Port device team_slave_0 added [ 59.981839][ T8237] team0: Port device team_slave_1 added [ 59.988808][ T8239] team0: Port device team_slave_1 added [ 59.999806][ T8226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.021270][ T8228] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.073793][ T8235] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 60.130698][ T8235] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 60.226288][ T8239] device hsr_slave_0 entered promiscuous mode [ 60.264810][ T8239] device hsr_slave_1 entered promiscuous mode [ 60.314595][ T8239] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.357179][ T8237] device hsr_slave_0 entered promiscuous mode [ 60.394970][ T8237] device hsr_slave_1 entered promiscuous mode [ 60.455020][ T8237] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.478424][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.505950][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.519420][ T8235] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 165.524390][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 165.531169][ C1] rcu: 1-...!: (10499 ticks this GP) idle=7b2/1/0x4000000000000002 softirq=11907/11907 fqs=146 [ 165.541836][ C1] (t=10500 jiffies g=6397 q=56) [ 165.546764][ C1] rcu: rcu_preempt kthread starved for 10205 jiffies! g6397 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 165.557847][ C1] rcu: RCU grace-period kthread stack dump: [ 165.563720][ C1] rcu_preempt R running task 29104 10 2 0x80004000 [ 165.571607][ C1] Call Trace: [ 165.574891][ C1] __schedule+0x9a0/0xcc0 [ 165.579216][ C1] schedule+0x181/0x210 [ 165.583360][ C1] schedule_timeout+0x14f/0x240 [ 165.588196][ C1] ? run_local_timers+0x120/0x120 [ 165.593211][ C1] rcu_gp_kthread+0xed8/0x1770 [ 165.597972][ C1] kthread+0x332/0x350 [ 165.602027][ C1] ? rcu_report_qs_rsp+0x140/0x140 [ 165.607126][ C1] ? kthread_blkcg+0xe0/0xe0 [ 165.611703][ C1] ret_from_fork+0x24/0x30 [ 165.616122][ C1] NMI backtrace for cpu 1 [ 165.620444][ C1] CPU: 1 PID: 8248 Comm: syz-executor.0 Not tainted 5.4.0-syzkaller #0 [ 165.628660][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 165.638703][ C1] Call Trace: [ 165.641972][ C1] [ 165.644812][ C1] dump_stack+0x1fb/0x318 [ 165.649136][ C1] nmi_cpu_backtrace+0xaf/0x1a0 [ 165.653974][ C1] ? nmi_trigger_cpumask_backtrace+0x16d/0x290 [ 165.660117][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 165.666174][ C1] nmi_trigger_cpumask_backtrace+0x174/0x290 [ 165.672165][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 165.678044][ C1] rcu_dump_cpu_stacks+0x15a/0x220 [ 165.683147][ C1] rcu_sched_clock_irq+0xe25/0x1ad0 [ 165.688342][ C1] ? trace_hardirqs_off+0x74/0x80 [ 165.693360][ C1] update_process_times+0x12d/0x180 [ 165.698549][ C1] tick_sched_timer+0x263/0x420 [ 165.704618][ C1] ? tick_setup_sched_timer+0x3d0/0x3d0 [ 165.710154][ C1] __hrtimer_run_queues+0x403/0x840 [ 165.715357][ C1] hrtimer_interrupt+0x38c/0xda0 [ 165.720297][ C1] ? debug_smp_processor_id+0x9/0x20 [ 165.725573][ C1] smp_apic_timer_interrupt+0x109/0x280 [ 165.731107][ C1] apic_timer_interrupt+0xf/0x20 [ 165.736028][ C1] [ 165.738970][ C1] RIP: 0010:__memcg_kmem_uncharge+0xd/0x2e0 [ 165.744851][ C1] Code: 81 c3 08 02 00 00 48 89 df 4c 89 f6 e8 dc 7d ff ff 5b 41 5e 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 <50> 89 f3 49 89 fc 48 b8 00 00 00 00 00 fc ff df 4c 8d 77 38 4d 89 [ 165.773921][ C1] RSP: 0018:ffffc90002987850 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 165.782339][ C1] RAX: ffffffff81486ea4 RBX: ffffea000260f6c0 RCX: ffff888091614080 [ 165.790305][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea000260f6c0 [ 165.798266][ C1] RBP: ffffc90002987878 R08: dffffc0000000000 R09: fffffbfff120248a [ 165.806226][ C1] R10: fffffbfff120248a R11: 0000000000000000 R12: ffff88808c37ed20 [ 165.814188][ C1] R13: dffffc0000000000 R14: 1ffff1101186fda4 R15: ffff888097afd928 [ 165.822174][ C1] ? free_thread_stack+0x124/0x590 [ 165.827280][ C1] free_thread_stack+0x12e/0x590 [ 165.832210][ C1] put_task_stack+0xa3/0x130 [ 165.836817][ C1] finish_task_switch+0x3f1/0x550 [ 165.841857][ C1] __schedule+0x9a8/0xcc0 [ 165.846184][ C1] ? ___preempt_schedule+0x16/0x18 [ 165.851281][ C1] preempt_schedule+0xdb/0x120 [ 165.856152][ C1] ___preempt_schedule+0x16/0x18 [ 165.861168][ C1] ? page_poisoning_enabled+0x1c/0x30 [ 165.866529][ C1] prep_new_page+0x161/0x2e0 [ 165.871111][ C1] get_page_from_freelist+0x850/0xaa0 [ 165.876483][ C1] __alloc_pages_nodemask+0x264/0x5d0 [ 165.881848][ C1] alloc_pages_vma+0x94a/0xd50 [ 165.886604][ C1] do_huge_pmd_anonymous_page+0x883/0xe50 [ 165.892317][ C1] handle_mm_fault+0x2017/0x2890 [ 165.897260][ C1] do_user_addr_fault+0x589/0xaf0 [ 165.902281][ C1] __do_page_fault+0xd3/0x1f0 [ 165.906945][ C1] do_page_fault+0x99/0xb0 [ 165.911350][ C1] page_fault+0x39/0x40 [ 165.915541][ C1] RIP: 0033:0x441991 [ 165.919421][ C1] Code: 2e 0f 1f 84 00 00 00 00 00 48 81 fa 00 04 00 00 77 77 89 d1 c1 e9 05 74 60 ff c9 48 8b 06 4c 8b 46 08 4c 8b 4e 10 4c 8b 56 18 <48> 89 07 4c 89 47 08 4c 89 4f 10 4c 89 57 18 48 8d 76 20 48 8d 7f [ 165.939115][ C1] RSP: 002b:00007ffc0419a4c8 EFLAGS: 00010246 [ 165.945259][ C1] RAX: 025f001e00000024 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 165.953230][ C1] RDX: 0000000000000024 RSI: 0000000000760080 RDI: 0000000020000040 [ 165.961209][ C1] RBP: 0000000000760060 R08: 0007f8ffffffff14 R09: 0000000000000000 [ 165.969206][ C1] R10: 0008000300080000 R11: 0000000000000246 R12: 000000000075bf20 [ 165.977191][ C1] R13: 000000000000ec31 R14: 0000000000760068 R15: 000000000075bf2c