[ 39.776741][ T23] audit: type=1800 audit(1575411605.168:27): pid=7789 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 39.826367][ T23] audit: type=1800 audit(1575411605.168:28): pid=7789 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 40.249587][ T23] audit: type=1800 audit(1575411605.718:29): pid=7789 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 40.268817][ T23] audit: type=1800 audit(1575411605.728:30): pid=7789 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.206' (ECDSA) to the list of known hosts. 2019/12/03 22:20:13 fuzzer started 2019/12/03 22:20:15 dialing manager at 10.128.0.26:42111 2019/12/03 22:20:15 syscalls: 2689 2019/12/03 22:20:15 code coverage: enabled 2019/12/03 22:20:15 comparison tracing: enabled 2019/12/03 22:20:15 extra coverage: extra coverage is not supported by the kernel 2019/12/03 22:20:15 setuid sandbox: enabled 2019/12/03 22:20:15 namespace sandbox: enabled 2019/12/03 22:20:15 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/03 22:20:15 fault injection: enabled 2019/12/03 22:20:15 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/03 22:20:15 net packet injection: enabled 2019/12/03 22:20:15 net device setup: enabled 2019/12/03 22:20:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/03 22:20:15 devlink PCI setup: PCI device 0000:00:10.0 is not available 22:20:16 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="cb56b6cc0407008b65d8b4ac2ca35c66", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000001dc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="56ce85502199de64d3f057620d3e39cf", 0x10}], 0x1}}, {{0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000cc0)="f331c359488077d919b598d0ee2faa81", 0x10}], 0x1}}], 0x2, 0x0) 22:20:16 executing program 1: r0 = socket$kcm(0xa, 0x2, 0x73) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69) connect(r0, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @empty}, 0x3f) writev(r0, &(0x7f0000000580)=[{&(0x7f00000000c0)="ee", 0xc}], 0x1) syzkaller login: [ 50.990253][ T7954] IPVS: ftp: loaded support on port[0] = 21 22:20:16 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x1a001000000}, [@ldst={0x6, 0x3}]}, &(0x7f0000000080)='GPL\x00', 0x7, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48) [ 51.160684][ T7957] IPVS: ftp: loaded support on port[0] = 21 [ 51.168747][ T7954] chnl_net:caif_netlink_parms(): no params data found [ 51.295891][ T7954] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.304185][ T7954] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.312105][ T7954] device bridge_slave_0 entered promiscuous mode [ 51.353234][ T7954] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.360376][ T7954] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.373523][ T7959] IPVS: ftp: loaded support on port[0] = 21 [ 51.383489][ T7954] device bridge_slave_1 entered promiscuous mode 22:20:16 executing program 3: syz_mount_image$cifs(&(0x7f0000000000)='cifs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 51.426967][ T7957] chnl_net:caif_netlink_parms(): no params data found [ 51.439017][ T7954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 51.463576][ T7954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.544083][ T7954] team0: Port device team_slave_0 added [ 51.595450][ T7957] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.603006][ T7957] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.622580][ T7957] device bridge_slave_0 entered promiscuous mode [ 51.631979][ T7954] team0: Port device team_slave_1 added [ 51.652071][ T7957] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.659961][ T7957] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.668038][ T7957] device bridge_slave_1 entered promiscuous mode [ 51.686948][ T7959] chnl_net:caif_netlink_parms(): no params data found 22:20:17 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000a80)={0x2, &(0x7f0000000a00)=[{0x4d}, {0x6, 0x0, 0x0, 0x50000}]}) [ 51.735142][ T7954] device hsr_slave_0 entered promiscuous mode [ 51.804348][ T7954] device hsr_slave_1 entered promiscuous mode 22:20:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x2}}, 0x1c}}, 0x0) [ 51.979868][ T7965] IPVS: ftp: loaded support on port[0] = 21 [ 51.986629][ T7963] IPVS: ftp: loaded support on port[0] = 21 [ 51.994596][ T7957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.009644][ T7959] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.017998][ T7959] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.025908][ T7959] device bridge_slave_0 entered promiscuous mode [ 52.049521][ T7957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.071732][ T7959] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.080639][ T7959] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.088841][ T7959] device bridge_slave_1 entered promiscuous mode [ 52.115853][ T7957] team0: Port device team_slave_0 added [ 52.123337][ T7957] team0: Port device team_slave_1 added [ 52.140973][ T7959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.152053][ T7959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.163022][ T7954] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 52.206614][ T7954] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 52.266243][ T7954] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 52.340891][ T7959] team0: Port device team_slave_0 added [ 52.350340][ T7967] IPVS: ftp: loaded support on port[0] = 21 [ 52.375004][ T7954] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 52.429035][ T7959] team0: Port device team_slave_1 added [ 52.474019][ T7957] device hsr_slave_0 entered promiscuous mode [ 52.522711][ T7957] device hsr_slave_1 entered promiscuous mode [ 52.562797][ T7957] debugfs: Directory 'hsr0' with parent '/' already present! [ 52.625114][ T7959] device hsr_slave_0 entered promiscuous mode [ 52.652542][ T7959] device hsr_slave_1 entered promiscuous mode [ 52.702408][ T7959] debugfs: Directory 'hsr0' with parent '/' already present! [ 52.796659][ T7959] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 52.845060][ T7959] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 52.885500][ T7959] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 52.963727][ T7957] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 53.026083][ T7957] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 53.094280][ T7959] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 53.126298][ T7957] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 53.188562][ T7957] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 53.247968][ T7963] chnl_net:caif_netlink_parms(): no params data found [ 53.321286][ T7965] chnl_net:caif_netlink_parms(): no params data found [ 53.331788][ T7963] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.339362][ T7963] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.347170][ T7963] device bridge_slave_0 entered promiscuous mode [ 53.355128][ T7963] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.362168][ T7963] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.370127][ T7963] device bridge_slave_1 entered promiscuous mode [ 53.388734][ T7954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.418005][ T7963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.431161][ T7963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.460817][ T7967] chnl_net:caif_netlink_parms(): no params data found [ 53.482991][ T7963] team0: Port device team_slave_0 added [ 53.501292][ T7963] team0: Port device team_slave_1 added [ 53.564066][ T7963] device hsr_slave_0 entered promiscuous mode [ 53.612657][ T7963] device hsr_slave_1 entered promiscuous mode [ 53.662368][ T7963] debugfs: Directory 'hsr0' with parent '/' already present! [ 53.685308][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.694102][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.703431][ T7965] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.710493][ T7965] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.718699][ T7965] device bridge_slave_0 entered promiscuous mode [ 53.727253][ T7965] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.734377][ T7965] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.742031][ T7965] device bridge_slave_1 entered promiscuous mode [ 53.765969][ T7954] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.794661][ T7967] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.802027][ T7967] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.811566][ T7967] device bridge_slave_0 entered promiscuous mode [ 53.826577][ T7965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.848732][ T7963] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 53.893862][ T7963] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 53.945159][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.953847][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.962114][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.969419][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.977546][ T7967] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.986704][ T7967] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.994744][ T7967] device bridge_slave_1 entered promiscuous mode [ 54.008855][ T7965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.030481][ T7963] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.064265][ T7973] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.072756][ T7973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.081191][ T7973] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.089572][ T7973] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.096623][ T7973] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.116161][ T7965] team0: Port device team_slave_0 added [ 54.125104][ T7963] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.156894][ T7957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.165960][ T7967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.177351][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.186073][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.195797][ T7965] team0: Port device team_slave_1 added [ 54.210150][ T7959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.223058][ T7967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.238409][ T7954] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.250145][ T7954] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.265223][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.274154][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.283305][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.291655][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.300388][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.308851][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.317907][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.326257][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.359979][ T7967] team0: Port device team_slave_0 added [ 54.370112][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.377903][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.385764][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.393723][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.409171][ T7957] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.419328][ T7967] team0: Port device team_slave_1 added [ 54.455648][ T7965] device hsr_slave_0 entered promiscuous mode [ 54.482586][ T7965] device hsr_slave_1 entered promiscuous mode [ 54.532600][ T7965] debugfs: Directory 'hsr0' with parent '/' already present! [ 54.542404][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.550075][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.576481][ T7954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.587115][ T7959] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.599151][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.608808][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.617463][ T1109] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.624561][ T1109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.632119][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 54.640281][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 54.647838][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.656435][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.664768][ T1109] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.671788][ T1109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.679308][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.688078][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.727873][ T7968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.744997][ T7968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.753725][ T7968] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.760768][ T7968] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.768459][ T7968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.777715][ T7968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.786321][ T7968] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.793422][ T7968] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.801136][ T7968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.810362][ T7968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.818948][ T7968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.831125][ T7968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.846844][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.855392][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.864180][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.874892][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.884371][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.891997][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.900744][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.954809][ T7967] device hsr_slave_0 entered promiscuous mode [ 55.013072][ T7967] device hsr_slave_1 entered promiscuous mode [ 55.052834][ T7967] debugfs: Directory 'hsr0' with parent '/' already present! [ 55.080235][ T7959] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.106368][ T7959] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.124305][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.137695][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.146926][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.161157][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.169811][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.196744][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 160.152229][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 160.158994][ C0] rcu: 0-...!: (1 GPs behind) idle=58e/1/0x4000000000000002 softirq=10227/10228 fqs=5 [ 160.168844][ C0] (t=10501 jiffies g=5769 q=58) [ 160.173771][ C0] rcu: rcu_preempt kthread starved for 10492 jiffies! g5769 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 160.184851][ C0] rcu: RCU grace-period kthread stack dump: [ 160.190725][ C0] rcu_preempt R running task 29032 10 2 0x80004000 [ 160.198614][ C0] Call Trace: [ 160.201896][ C0] __schedule+0x9a0/0xcc0 [ 160.206225][ C0] schedule+0x181/0x210 [ 160.210369][ C0] schedule_timeout+0x14f/0x240 [ 160.215204][ C0] ? run_local_timers+0x120/0x120 [ 160.220219][ C0] rcu_gp_kthread+0xed8/0x1770 [ 160.224979][ C0] kthread+0x332/0x350 [ 160.229034][ C0] ? rcu_report_qs_rsp+0x140/0x140 [ 160.234139][ C0] ? kthread_blkcg+0xe0/0xe0 [ 160.238718][ C0] ret_from_fork+0x24/0x30 [ 160.243130][ C0] NMI backtrace for cpu 0 [ 160.247445][ C0] CPU: 0 PID: 7977 Comm: udevd Not tainted 5.4.0-syzkaller #0 [ 160.254882][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 160.264920][ C0] Call Trace: [ 160.268188][ C0] [ 160.271029][ C0] dump_stack+0x1fb/0x318 [ 160.275347][ C0] nmi_cpu_backtrace+0xaf/0x1a0 [ 160.280183][ C0] ? nmi_trigger_cpumask_backtrace+0x16d/0x290 [ 160.286324][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 160.292379][ C0] nmi_trigger_cpumask_backtrace+0x174/0x290 [ 160.298349][ C0] arch_trigger_cpumask_backtrace+0x10/0x20 [ 160.304223][ C0] rcu_dump_cpu_stacks+0x15a/0x220 [ 160.309324][ C0] rcu_sched_clock_irq+0xe25/0x1ad0 [ 160.314513][ C0] ? trace_hardirqs_off+0x74/0x80 [ 160.319525][ C0] update_process_times+0x12d/0x180 [ 160.324712][ C0] tick_sched_timer+0x263/0x420 [ 160.329546][ C0] ? tick_setup_sched_timer+0x3d0/0x3d0 [ 160.335079][ C0] __hrtimer_run_queues+0x403/0x840 [ 160.340280][ C0] hrtimer_interrupt+0x38c/0xda0 [ 160.345222][ C0] ? debug_smp_processor_id+0x9/0x20 [ 160.350514][ C0] smp_apic_timer_interrupt+0x109/0x280 [ 160.356046][ C0] apic_timer_interrupt+0xf/0x20 [ 160.360963][ C0] [ 160.363890][ C0] RIP: 0010:free_thread_stack+0x168/0x590 [ 160.369594][ C0] Code: 8b 1c 24 48 83 c3 08 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 25 a4 69 00 48 8b 3b be fc ff ff ff e8 28 04 00 00 <43> 80 3c 2e 00 74 08 4c 89 e7 e8 09 a4 69 00 49 8b 1c 24 48 83 c3 [ 160.389184][ C0] RSP: 0018:ffffc900025b76c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 160.397579][ C0] RAX: ffffffff81487433 RBX: ffff88808f08f888 RCX: ffff88808fe1a300 [ 160.405535][ C0] RDX: 0000000000000000 RSI: 00000000fffffffc RDI: ffffea00024e9fc0 [ 160.413491][ C0] RBP: ffffc900025b7700 R08: 000000000003a768 R09: ffffed1012e9034f [ 160.421444][ C0] R10: ffffed1012e9034f R11: 0000000000000000 R12: ffff88808f08f920 [ 160.429405][ C0] R13: dffffc0000000000 R14: 1ffff11011e11f24 R15: ffff888097481a68 [ 160.437368][ C0] ? mod_memcg_page_state+0x123/0x190 [ 160.442732][ C0] ? free_thread_stack+0x168/0x590 [ 160.447830][ C0] put_task_stack+0xa3/0x130 [ 160.452410][ C0] finish_task_switch+0x3f1/0x550 [ 160.457541][ C0] __schedule+0x9a8/0xcc0 [ 160.461898][ C0] preempt_schedule_irq+0xc1/0x140 [ 160.467004][ C0] retint_kernel+0x1b/0x2b [ 160.471410][ C0] RIP: 0010:kmem_cache_free+0xc8/0xf0 [ 160.476772][ C0] Code: 58 07 00 74 42 4c 89 f7 57 9d 0f 1f 44 00 00 e8 0e 98 ca ff eb 19 e8 a7 95 ca ff 48 83 3d 07 f7 58 07 00 74 24 4c 89 f7 57 9d <0f> 1f 44 00 00 4c 89 e7 4c 89 fe e8 58 01 00 00 5b 41 5c 41 5e 41 [ 160.496365][ C0] RSP: 0018:ffffc900025b7910 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 160.504762][ C0] RAX: ffff88808fe1ab94 RBX: ffff88821bc46700 RCX: ffffffff815c0597 [ 160.512718][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000286 [ 160.520673][ C0] RBP: ffffc900025b7930 R08: ffff88808fe1ab58 R09: fffffbfff13c8d2d [ 160.528630][ C0] R10: fffffbfff13c8d2d R11: 0000000000000000 R12: ffffffff81a708d0 [ 160.536586][ C0] R13: ffff88809495b288 R14: 0000000000000286 R15: ffff88809917fd90 [ 160.544552][ C0] ? unlink_anon_vmas+0x310/0x690 [ 160.549564][ C0] ? mark_lock+0x107/0x1650 [ 160.554059][ C0] unlink_anon_vmas+0x310/0x690 [ 160.558899][ C0] free_pgtables+0x1ae/0x300 [ 160.563482][ C0] exit_mmap+0x28a/0x530 [ 160.567709][ C0] ? exit_aio+0x25e/0x370 [ 160.572066][ C0] __mmput+0x120/0x3a0 [ 160.576121][ C0] mmput+0x5d/0x70 [ 160.579829][ C0] flush_old_exec+0x551/0x6d0 [ 160.584500][ C0] load_elf_binary+0x652/0x3670 [ 160.589346][ C0] ? load_elf_binary+0x761/0x3670 [ 160.594360][ C0] ? search_binary_handler+0x16b/0x660 [ 160.599818][ C0] ? do_raw_read_unlock+0x42/0xf0 [ 160.604832][ C0] search_binary_handler+0x1a5/0x660 [ 160.610109][ C0] __do_execve_file+0x1573/0x1cd0 [ 160.615138][ C0] __x64_sys_execve+0x94/0xb0 [ 160.619805][ C0] do_syscall_64+0xf7/0x1c0 [ 160.624296][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 160.630173][ C0] RIP: 0033:0x7f4adc317207 [ 160.634583][ C0] Code: Bad RIP value. [ 160.638634][ C0] RSP: 002b:00007ffdc27cce68 EFLAGS: 00000202 ORIG_RAX: 000000000000003b [ 160.647027][ C0] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f4adc317207 [ 160.654980][ C0] RDX: 000000000227d6c0 RSI: 00007ffdc27ccf60 RDI: 00007ffdc27cdf70 [ 160.663022][ C0] RBP: 0000000000625500 R08: 0000000000001ef4 R09: 0000000000001ef4 [ 160.670980][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000227d6c0 [ 160.678935][ C0] R13: 0000000000000007 R14: 000000000226c250 R15: 0000000000000005