[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   46.184405][   T26] audit: type=1800 audit(1575458732.817:25): pid=8187 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   46.203912][   T26] audit: type=1800 audit(1575458732.817:26): pid=8187 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   46.225429][   T26] audit: type=1800 audit(1575458732.827:27): pid=8187 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts.
2019/12/04 11:25:41 fuzzer started
2019/12/04 11:25:43 dialing manager at 10.128.0.26:36481
2019/12/04 11:25:43 syscalls: 2691
2019/12/04 11:25:43 code coverage: enabled
2019/12/04 11:25:43 comparison tracing: enabled
2019/12/04 11:25:43 extra coverage: extra coverage is not supported by the kernel
2019/12/04 11:25:43 setuid sandbox: enabled
2019/12/04 11:25:43 namespace sandbox: enabled
2019/12/04 11:25:43 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/04 11:25:43 fault injection: enabled
2019/12/04 11:25:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/04 11:25:43 net packet injection: enabled
2019/12/04 11:25:43 net device setup: enabled
2019/12/04 11:25:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/12/04 11:25:43 devlink PCI setup: PCI device 0000:00:10.0 is not available
11:25:44 executing program 0:
r0 = syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0x7fff, 0x0)
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000140)={0x9, @output={0x0, 0x0, {0x8af, 0x6e}}})

11:25:44 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, &(0x7f0000000680), 0x3ba, &(0x7f0000002000)=[{0x10, 0x29}], 0x10}}], 0x2, 0x8000)

syzkaller login: [   57.905627][ T8354] IPVS: ftp: loaded support on port[0] = 21
[   58.020426][ T8356] IPVS: ftp: loaded support on port[0] = 21
11:25:44 executing program 2:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0)
ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000040)={0x0, 0x0, {0x0, 0x0, 0x0, {}, {}, @ramp}, {0x0, 0x0, 0x0, {}, {}, @ramp}})

[   58.110662][ T8354] chnl_net:caif_netlink_parms(): no params data found
[   58.256469][ T8354] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.265857][ T8354] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.275569][ T8354] device bridge_slave_0 entered promiscuous mode
[   58.308108][ T8356] chnl_net:caif_netlink_parms(): no params data found
[   58.318373][ T8359] IPVS: ftp: loaded support on port[0] = 21
[   58.333841][ T8354] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.340901][ T8354] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.350358][ T8354] device bridge_slave_1 entered promiscuous mode
11:25:45 executing program 3:
getpid()
sched_setattr(0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30}, 0x0)
mmap(&(0x7f0000009000/0x2000)=nil, 0x2000, 0x4800004, 0x8004401f071, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
shutdown(r1, 0x20000000000001)
recvmmsg(r0, &(0x7f0000001f4c), 0x209a6b90bb7b17, 0x0, 0x0)

[   58.415805][ T8354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.440397][ T8356] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.459198][ T8356] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.483113][ T8356] device bridge_slave_0 entered promiscuous mode
[   58.491587][ T8354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.509051][ T8356] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.523111][ T8356] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.531199][ T8356] device bridge_slave_1 entered promiscuous mode
[   58.599836][ T8354] team0: Port device team_slave_0 added
[   58.614489][ T8354] team0: Port device team_slave_1 added
[   58.623182][ T8356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.667072][ T8356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
11:25:45 executing program 4:
unshare(0x8000400)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0xae1352fb87ba14a4, 0x0)
shutdown(r0, 0x0)

[   58.716747][ T8362] IPVS: ftp: loaded support on port[0] = 21
[   58.734329][ T8354] device hsr_slave_0 entered promiscuous mode
[   58.783434][ T8354] device hsr_slave_1 entered promiscuous mode
[   58.855262][ T8356] team0: Port device team_slave_0 added
[   58.886738][ T8356] team0: Port device team_slave_1 added
[   58.909807][ T8359] chnl_net:caif_netlink_parms(): no params data found
[   58.945405][ T8365] IPVS: ftp: loaded support on port[0] = 21
11:25:45 executing program 5:
unshare(0x400)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/nullb0\x00', 0x4222, 0x0)
fallocate(r0, 0x11, 0x0, 0x1000200)

[   59.045527][ T8356] device hsr_slave_0 entered promiscuous mode
[   59.082517][ T8356] device hsr_slave_1 entered promiscuous mode
[   59.132523][ T8356] debugfs: Directory 'hsr0' with parent '/' already present!
[   59.157326][ T8359] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.164696][ T8359] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.173130][ T8359] device bridge_slave_0 entered promiscuous mode
[   59.191923][ T8359] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.199746][ T8359] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.208122][ T8359] device bridge_slave_1 entered promiscuous mode
[   59.227493][ T8359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.247296][ T8354] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   59.258490][ T8367] IPVS: ftp: loaded support on port[0] = 21
[   59.320661][ T8356] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   59.355429][ T8359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.372763][ T8354] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   59.415888][ T8354] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   59.476721][ T8354] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   59.534654][ T8356] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   59.575406][ T8356] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   59.657853][ T8356] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   59.740760][ T8359] team0: Port device team_slave_0 added
[   59.750517][ T8359] team0: Port device team_slave_1 added
[   59.825297][ T8359] device hsr_slave_0 entered promiscuous mode
[   59.862591][ T8359] device hsr_slave_1 entered promiscuous mode
[   59.932230][ T8359] debugfs: Directory 'hsr0' with parent '/' already present!
[   59.957588][ T8362] chnl_net:caif_netlink_parms(): no params data found
[   60.015986][ T8362] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.023399][ T8362] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.031023][ T8362] device bridge_slave_0 entered promiscuous mode
[   60.040301][ T8362] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.047490][ T8362] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.055478][ T8362] device bridge_slave_1 entered promiscuous mode
[   60.086536][ T8359] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   60.185363][ T8359] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   60.255654][ T8359] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   60.324363][ T8359] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   60.366111][ T8362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.377803][ T8362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.390022][ T8365] chnl_net:caif_netlink_parms(): no params data found
[   60.429702][ T8362] team0: Port device team_slave_0 added
[   60.484159][ T8362] team0: Port device team_slave_1 added
[   60.508680][ T8367] chnl_net:caif_netlink_parms(): no params data found
[   60.520819][ T8365] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.528821][ T8365] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.539223][ T8365] device bridge_slave_0 entered promiscuous mode
[   60.578097][ T8365] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.585548][ T8365] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.594523][ T8365] device bridge_slave_1 entered promiscuous mode
[   60.615195][ T8365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.629668][ T8356] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.685135][ T8362] device hsr_slave_0 entered promiscuous mode
[   60.722626][ T8362] device hsr_slave_1 entered promiscuous mode
[   60.772292][ T8362] debugfs: Directory 'hsr0' with parent '/' already present!
[   60.789026][ T8365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.813185][ T8356] 8021q: adding VLAN 0 to HW filter on device team0
[   60.837055][ T2815] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   60.847256][ T2815] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.869476][ T8367] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.876848][ T8367] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.886706][ T8367] device bridge_slave_0 entered promiscuous mode
[   60.895488][ T8367] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.902730][ T8367] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.910474][ T8367] device bridge_slave_1 entered promiscuous mode
[   60.924786][ T8365] team0: Port device team_slave_0 added
[   60.939137][ T8365] team0: Port device team_slave_1 added
[   60.950925][ T2815] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.959968][ T2815] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.968919][ T2815] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.976214][ T2815] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.991717][ T8367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.047162][ T8365] device hsr_slave_0 entered promiscuous mode
[   61.092554][ T8365] device hsr_slave_1 entered promiscuous mode
[   61.142387][ T8365] debugfs: Directory 'hsr0' with parent '/' already present!
[   61.157819][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   61.166862][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   61.176109][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.184505][   T22] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.191554][   T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.207599][ T8367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.228346][ T8354] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.256394][ T8367] team0: Port device team_slave_0 added
[   61.284486][ T8365] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   61.305843][ T8362] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   61.376044][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   61.384805][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   61.393527][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   61.402436][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   61.411128][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   61.420019][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   61.430004][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   61.439335][ T8367] team0: Port device team_slave_1 added
[   61.506292][ T8367] device hsr_slave_0 entered promiscuous mode
[   61.572543][ T8367] device hsr_slave_1 entered promiscuous mode
[   61.612264][ T8367] debugfs: Directory 'hsr0' with parent '/' already present!
[   61.620162][ T8365] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   61.664784][ T8362] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   61.717758][ T8354] 8021q: adding VLAN 0 to HW filter on device team0
[   61.736682][ T8365] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   61.774332][ T8362] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   61.824275][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   61.834045][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.858075][ T8359] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.876395][ T8365] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   61.934834][ T8362] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   61.994990][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.004958][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.013792][ T3729] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.021026][ T3729] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.029023][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.038085][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.046648][ T3729] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.053743][ T3729] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.061355][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   62.070504][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   62.079145][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   62.087864][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   62.096453][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   62.105463][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   62.114116][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   62.123044][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.132615][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   62.140514][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   62.149110][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   62.158503][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.175654][ T8356] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.187894][ T8356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   62.219372][ T8354] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.230869][ T8354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   62.240114][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   62.249130][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   62.257742][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   62.266772][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   62.300532][ T8367] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   62.381733][ T8367] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   62.425909][ T8367] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   62.491048][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   62.498641][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   62.511148][ T8356] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.531051][ T8359] 8021q: adding VLAN 0 to HW filter on device team0
[   62.540791][ T8367] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   62.589934][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   62.601965][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.611360][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   62.619486][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   62.646541][ T8362] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.658492][ T8354] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.676239][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.696834][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.708596][ T3729] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.715771][ T3729] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.730249][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.739490][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.753354][ T3729] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.760420][ T3729] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.774418][ T3729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  167.722098][    C1] rcu: INFO: rcu_preempt self-detected stall on CPU
[  167.728965][    C1] rcu: 	1-...!: (10499 ticks this GP) idle=b22/1/0x4000000000000002 softirq=11293/11295 fqs=41 
[  167.739555][    C1] 	(t=10501 jiffies g=6801 q=162)
[  167.744580][    C1] rcu: rcu_preempt kthread starved for 10419 jiffies! g6801 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
[  167.755837][    C1] rcu: RCU grace-period kthread stack dump:
[  167.761720][    C1] rcu_preempt     I29032    10      2 0x80004000
[  167.768046][    C1] Call Trace:
[  167.771349][    C1]  __schedule+0x9a0/0xcc0
[  167.775689][    C1]  schedule+0x181/0x210
[  167.779854][    C1]  schedule_timeout+0x14f/0x240
[  167.784695][    C1]  ? run_local_timers+0x120/0x120
[  167.789711][    C1]  rcu_gp_kthread+0xed8/0x1770
[  167.794509][    C1]  kthread+0x332/0x350
[  167.798565][    C1]  ? rcu_report_qs_rsp+0x140/0x140
[  167.803758][    C1]  ? kthread_blkcg+0xe0/0xe0
[  167.808339][    C1]  ret_from_fork+0x24/0x30
[  167.812785][    C1] NMI backtrace for cpu 1
[  167.817104][    C1] CPU: 1 PID: 8356 Comm: syz-executor.1 Not tainted 5.4.0-syzkaller #0
[  167.825333][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  167.835378][    C1] Call Trace:
[  167.838680][    C1]  <IRQ>
[  167.841524][    C1]  dump_stack+0x1fb/0x318
[  167.845859][    C1]  nmi_cpu_backtrace+0xaf/0x1a0
[  167.850715][    C1]  ? nmi_trigger_cpumask_backtrace+0x16d/0x290
[  167.856863][    C1]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  167.863019][    C1]  nmi_trigger_cpumask_backtrace+0x174/0x290
[  167.868990][    C1]  arch_trigger_cpumask_backtrace+0x10/0x20
[  167.874877][    C1]  rcu_dump_cpu_stacks+0x15a/0x220
[  167.879984][    C1]  rcu_sched_clock_irq+0xe25/0x1ad0
[  167.885182][    C1]  ? trace_hardirqs_off+0x74/0x80
[  167.890301][    C1]  update_process_times+0x12d/0x180
[  167.895501][    C1]  tick_sched_timer+0x263/0x420
[  167.900342][    C1]  ? tick_setup_sched_timer+0x3d0/0x3d0
[  167.905876][    C1]  __hrtimer_run_queues+0x403/0x840
[  167.911083][    C1]  hrtimer_interrupt+0x38c/0xda0
[  167.916025][    C1]  ? debug_smp_processor_id+0x9/0x20
[  167.921302][    C1]  smp_apic_timer_interrupt+0x109/0x280
[  167.926840][    C1]  apic_timer_interrupt+0xf/0x20
[  167.936361][    C1]  </IRQ>
[  167.939292][    C1] RIP: 0010:mod_memcg_page_state+0x168/0x190
[  167.945276][    C1] Code: c7 28 95 0a 89 e8 a8 9a 69 00 48 83 3d c8 20 c2 07 00 74 2d e8 19 25 2e 00 4c 89 ff 57 9d 0f 1f 44 00 00 5b 41 5c 41 5e 41 5f <5d> c3 e8 01 25 2e 00 0f 0b e8 fa 24 2e 00 0f 0b e8 f3 24 2e 00 0f
[  167.964868][    C1] RSP: 0018:ffffc90002007bc0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[  167.973268][    C1] RAX: ffffffff81487433 RBX: ffff888091eaf788 RCX: ffff8880a706a000
[  167.981228][    C1] RDX: 0000000000000000 RSI: 00000000fffffffc RDI: ffffea00029b9140
[  167.989192][    C1] RBP: ffffc90002007bc0 R08: 000000000003a728 R09: ffffed10132696ff
[  167.997147][    C1] R10: ffffed10132696ff R11: 0000000000000000 R12: ffff888091eaf820
[  168.005107][    C1] R13: dffffc0000000000 R14: 1ffff110123d5f04 R15: ffff88809934b7e8
[  168.013778][    C1]  ? mod_memcg_page_state+0x123/0x190
[  168.019142][    C1]  free_thread_stack+0x168/0x590
[  168.024079][    C1]  put_task_stack+0xa3/0x130
[  168.028658][    C1]  finish_task_switch+0x3f1/0x550
[  168.033674][    C1]  __schedule+0x9a8/0xcc0
[  168.038026][    C1]  schedule+0x181/0x210
[  168.042171][    C1]  do_nanosleep+0x1d0/0x6c0
[  168.046759][    C1]  hrtimer_nanosleep+0x3a6/0x5b0
[  168.051689][    C1]  ? trace_hrtimer_expire_exit+0x2d0/0x2d0
[  168.057516][    C1]  __x64_sys_nanosleep+0x186/0x1d0
[  168.062622][    C1]  do_syscall_64+0xf7/0x1c0
[  168.067476][    C1]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  168.073362][    C1] RIP: 0033:0x458b20
[  168.077338][    C1] Code: c0 5b 5d c3 66 0f 1f 44 00 00 8b 04 24 48 83 c4 18 5b 5d c3 66 0f 1f 44 00 00 83 3d 11 fe 61 00 00 75 14 b8 23 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 d4 d1 fb ff c3 48 83 ec 08 e8 ea 46 00 00
[  168.096931][    C1] RSP: 002b:00007ffd86b9f9a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000023
[  168.105327][    C1] RAX: ffffffffffffffda RBX: 000000000000f4d1 RCX: 0000000000458b20
[  168.113302][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffd86b9f9b0
[  168.121261][    C1] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001d97940
[  168.129342][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  168.137408][    C1] R13: 00007ffd86b9fa00 R14: 000000000000f4d1 R15: 00007ffd86b9fa10