[   43.110502][   T25] audit: type=1800 audit(1575389894.851:26): pid=7990 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   43.152368][   T25] audit: type=1800 audit(1575389894.851:27): pid=7990 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   43.175652][   T25] audit: type=1800 audit(1575389894.851:28): pid=7990 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   43.911722][   T25] audit: type=1800 audit(1575389895.661:29): pid=7990 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.50' (ECDSA) to the list of known hosts.
2019/12/03 16:18:25 fuzzer started
2019/12/03 16:18:27 dialing manager at 10.128.0.26:45711
2019/12/03 16:18:27 syscalls: 2689
2019/12/03 16:18:27 code coverage: enabled
2019/12/03 16:18:27 comparison tracing: enabled
2019/12/03 16:18:27 extra coverage: extra coverage is not supported by the kernel
2019/12/03 16:18:27 setuid sandbox: enabled
2019/12/03 16:18:27 namespace sandbox: enabled
2019/12/03 16:18:27 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/03 16:18:27 fault injection: enabled
2019/12/03 16:18:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/03 16:18:27 net packet injection: enabled
2019/12/03 16:18:27 net device setup: enabled
2019/12/03 16:18:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/12/03 16:18:27 devlink PCI setup: PCI device 0000:00:10.0 is not available
16:18:28 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_NESTED_STATE(r2, 0xc018ae85, &(0x7f0000000440)={0x0, 0x0, 0x2080})

16:18:28 executing program 1:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001900)=[{&(0x7f0000000100)="2e0000003500050ad25a80648c6356c10224fc001000000a0a000400030082c1b0acea8b0900018004021700d1bd", 0x2e}], 0x1}, 0x0)

syzkaller login: [   56.504006][ T8154] IPVS: ftp: loaded support on port[0] = 21
[   56.629406][ T8154] chnl_net:caif_netlink_parms(): no params data found
[   56.669089][ T8157] IPVS: ftp: loaded support on port[0] = 21
[   56.699293][ T8154] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.716162][ T8154] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.724315][ T8154] device bridge_slave_0 entered promiscuous mode
16:18:28 executing program 2:
r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x20, 0x101002)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
write$evdev(r0, &(0x7f00000001c0)=[{{0x77359400}, 0x4, 0x3a}], 0x214)

[   56.748378][ T8154] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.756138][ T8154] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.764044][ T8154] device bridge_slave_1 entered promiscuous mode
[   56.813717][ T8154] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.852496][ T8154] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.896406][ T8157] chnl_net:caif_netlink_parms(): no params data found
[   56.910399][ T8154] team0: Port device team_slave_0 added
[   56.934074][ T8154] team0: Port device team_slave_1 added
[   56.973628][ T8160] IPVS: ftp: loaded support on port[0] = 21
[   57.006625][ T8157] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.013729][ T8157] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.022050][ T8157] device bridge_slave_0 entered promiscuous mode
16:18:28 executing program 3:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000c7a000/0x3000)=nil, 0x3000)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mremap(&(0x7f00005d4000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000d0b000/0x4000)=nil)

[   57.078035][ T8154] device hsr_slave_0 entered promiscuous mode
[   57.147240][ T8154] device hsr_slave_1 entered promiscuous mode
[   57.207721][ T8157] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.215137][ T8157] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.223430][ T8157] device bridge_slave_1 entered promiscuous mode
[   57.250024][ T8162] IPVS: ftp: loaded support on port[0] = 21
16:18:29 executing program 4:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000080), 0x4)
sendmsg$kcm(r0, &(0x7f0000007780)={&(0x7f0000000000)=@caif=@rfm={0x25, 0xb, "f5db2f49ebebd4068bb8c9fc36efba56"}, 0x80, 0x0}, 0x0)

[   57.299355][ T8157] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.329831][ T8154] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   57.399150][ T8154] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   57.446744][ T8157] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.471835][ T8154] netdevsim netdevsim0 netdevsim2: renamed from eth2
16:18:29 executing program 5:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000740)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c96ef15640cf8bc693f5ec9154a614f0400000000000000016598578744ec74540722a910af916429f33c047f88127d19a042b3e8f99ffba79e9ef678f641f1f7f4270ba9867067b74515bab0db5fc04e81ea03210a957dd4131b475a6825ed0234cd3da775ef1ed78ae41338346c4aa5691432b91d910f931ccfff722c1105e34a5ab6cef9fa139808c2996e5f75faaed77d8a8a7bc8b518265c9b7160f8dd5005f1fb252329a6ce14d9bbb713c5c9fc3c9a9b518e8770f6b6329ba520b9afacab10baa883ea9b4aa53544e405d58522656241b2607a44f73ec98905f804baaabad2e0182e8011f8a8fd85b8bbe2795e32baaf5b6965ccddc8a1f13763f41e017904fc47ee5f46ac9a33ea0956b71e1f6c156545"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0)

[   57.592312][ T8157] team0: Port device team_slave_0 added
[   57.599132][ T8154] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   57.691846][ T8157] team0: Port device team_slave_1 added
[   57.712668][ T8164] IPVS: ftp: loaded support on port[0] = 21
[   57.759971][ T8162] chnl_net:caif_netlink_parms(): no params data found
[   57.769994][ T8166] IPVS: ftp: loaded support on port[0] = 21
[   57.836734][ T8157] device hsr_slave_0 entered promiscuous mode
[   57.884648][ T8157] device hsr_slave_1 entered promiscuous mode
[   57.954536][ T8157] debugfs: Directory 'hsr0' with parent '/' already present!
[   57.977863][ T8160] chnl_net:caif_netlink_parms(): no params data found
[   58.051549][ T8160] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.060294][ T8160] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.068175][ T8160] device bridge_slave_0 entered promiscuous mode
[   58.087207][ T8162] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.095715][ T8162] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.103448][ T8162] device bridge_slave_0 entered promiscuous mode
[   58.111698][ T8162] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.119073][ T8162] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.127787][ T8162] device bridge_slave_1 entered promiscuous mode
[   58.135378][ T8160] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.147805][ T8160] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.155585][ T8160] device bridge_slave_1 entered promiscuous mode
[   58.198944][ T8160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.263328][ T8166] chnl_net:caif_netlink_parms(): no params data found
[   58.276114][ T8160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.296959][ T8162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.309337][ T8157] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   58.368253][ T8160] team0: Port device team_slave_0 added
[   58.375456][ T8162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.386485][ T8157] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   58.438755][ T8160] team0: Port device team_slave_1 added
[   58.460806][ T8157] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   58.509929][ T8154] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.522803][ T8166] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.530086][ T8166] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.537822][ T8166] device bridge_slave_0 entered promiscuous mode
[   58.577884][ T8160] device hsr_slave_0 entered promiscuous mode
[   58.614675][ T8160] device hsr_slave_1 entered promiscuous mode
[   58.664422][ T8160] debugfs: Directory 'hsr0' with parent '/' already present!
[   58.676361][ T8157] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   58.745802][ T8154] 8021q: adding VLAN 0 to HW filter on device team0
[   58.758436][ T8166] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.766173][ T8166] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.773897][ T8166] device bridge_slave_1 entered promiscuous mode
[   58.794052][ T8162] team0: Port device team_slave_0 added
[   58.803580][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   58.813255][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.860362][ T8162] team0: Port device team_slave_1 added
[   58.876883][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   58.886167][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   58.895338][ T3207] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.902559][ T3207] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.910715][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   58.919468][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   58.928243][ T3207] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.935343][ T3207] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.943068][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   58.955390][ T8164] chnl_net:caif_netlink_parms(): no params data found
[   58.969470][ T8166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.981887][ T8166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.996581][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   59.005584][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   59.013983][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   59.025248][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   59.036430][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   59.070559][ T8160] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   59.146205][ T8160] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   59.246463][ T8162] device hsr_slave_0 entered promiscuous mode
[   59.294539][ T8162] device hsr_slave_1 entered promiscuous mode
[   59.344519][ T8162] debugfs: Directory 'hsr0' with parent '/' already present!
[   59.352192][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   59.360773][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   59.369639][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   59.378697][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   59.387783][ T8160] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   59.440807][ T8160] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   59.515969][ T8166] team0: Port device team_slave_0 added
[   59.533756][ T8157] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.547025][ T8154] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   59.558600][ T8154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   59.568444][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   59.577736][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   59.587042][ T8166] team0: Port device team_slave_1 added
[   59.612803][ T8157] 8021q: adding VLAN 0 to HW filter on device team0
[   59.622534][ T8164] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.629856][ T8164] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.637872][ T8164] device bridge_slave_0 entered promiscuous mode
[   59.645917][ T8164] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.653055][ T8164] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.663637][ T8164] device bridge_slave_1 entered promiscuous mode
[   59.726214][ T8166] device hsr_slave_0 entered promiscuous mode
[   59.774738][ T8166] device hsr_slave_1 entered promiscuous mode
[   59.804337][ T8166] debugfs: Directory 'hsr0' with parent '/' already present!
[   59.815905][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.823692][ T3207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.844334][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   59.853482][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.862054][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.869238][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.876882][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   59.885759][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   59.894135][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.901253][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.908869][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   59.918349][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   59.926829][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   59.935457][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   59.943689][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   59.952193][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   59.976196][ T8154] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.984880][ T8162] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   60.006500][ T8162] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   60.041471][ T8157] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   60.057160][ T8157] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   60.069022][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   60.077062][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   60.085544][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   60.092984][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   60.100823][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   60.109762][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.118316][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   60.126596][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.136853][ T8164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.151769][ T8164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.165343][ T8162] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   60.219148][ T8162] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   60.267762][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   60.336283][ T8177] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   60.346571][ T8164] team0: Port device team_slave_0 added
[   60.370066][ T8157] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.388640][ T8160] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.396389][ T8166] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   60.419167][ T8166] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  165.424204][    C0] rcu: INFO: rcu_preempt self-detected stall on CPU
[  165.430996][    C0] rcu: 	0-...!: (1 GPs behind) idle=24a/1/0x4000000000000002 softirq=11420/11423 fqs=35 
[  165.440957][    C0] 	(t=10501 jiffies g=6249 q=68)
[  165.445883][    C0] rcu: rcu_preempt kthread starved for 10432 jiffies! g6249 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  165.456962][    C0] rcu: RCU grace-period kthread stack dump:
[  165.462837][    C0] rcu_preempt     R  running task    29104    10      2 0x80004000
[  165.470736][    C0] Call Trace:
[  165.474020][    C0]  __schedule+0x9a0/0xcc0
[  165.478345][    C0]  schedule+0x181/0x210
[  165.482486][    C0]  schedule_timeout+0x14f/0x240
[  165.487321][    C0]  ? run_local_timers+0x120/0x120
[  165.492593][    C0]  rcu_gp_kthread+0xed8/0x1770
[  165.497350][    C0]  kthread+0x332/0x350
[  165.501399][    C0]  ? rcu_report_qs_rsp+0x140/0x140
[  165.506494][    C0]  ? kthread_blkcg+0xe0/0xe0
[  165.511074][    C0]  ret_from_fork+0x24/0x30
[  165.515491][    C0] NMI backtrace for cpu 0
[  165.519805][    C0] CPU: 0 PID: 8177 Comm: syz-executor.0 Not tainted 5.4.0-syzkaller #0
[  165.528022][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  165.539984][    C0] Call Trace:
[  165.543270][    C0]  <IRQ>
[  165.546128][    C0]  dump_stack+0x1fb/0x318
[  165.550457][    C0]  nmi_cpu_backtrace+0xaf/0x1a0
[  165.555293][    C0]  ? nmi_trigger_cpumask_backtrace+0x16d/0x290
[  165.561519][    C0]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  165.567575][    C0]  nmi_trigger_cpumask_backtrace+0x174/0x290
[  165.573545][    C0]  arch_trigger_cpumask_backtrace+0x10/0x20
[  165.579443][    C0]  rcu_dump_cpu_stacks+0x15a/0x220
[  165.584549][    C0]  rcu_sched_clock_irq+0xe25/0x1ad0
[  165.589743][    C0]  ? trace_hardirqs_off+0x74/0x80
[  165.594755][    C0]  update_process_times+0x12d/0x180
[  165.599947][    C0]  tick_sched_timer+0x263/0x420
[  165.604781][    C0]  ? tick_setup_sched_timer+0x3d0/0x3d0
[  165.610313][    C0]  __hrtimer_run_queues+0x403/0x840
[  165.615515][    C0]  hrtimer_interrupt+0x38c/0xda0
[  165.620542][    C0]  ? debug_smp_processor_id+0x9/0x20
[  165.625821][    C0]  smp_apic_timer_interrupt+0x109/0x280
[  165.631356][    C0]  apic_timer_interrupt+0xf/0x20
[  165.636274][    C0]  </IRQ>
[  165.639203][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50
[  165.645345][    C0] Code: 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 53 48 89 fb e8 13 00 00 00 48 8b 3d 74 25 cd 07 48 89 de e8 64 02 3b 00 5b 5d c3 cc <48> 8b 04 24 65 48 8b 0c 25 c0 1d 02 00 65 8b 15 b8 81 8b 7e f7 c2
[  165.664940][    C0] RSP: 0018:ffffc900022a7900 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  165.673347][    C0] RAX: 1ffff1101477ec91 RBX: ffffea0001b1f3c0 RCX: 0000000000040000
[  165.681304][    C0] RDX: ffffc90002029000 RSI: 000000000003ffff RDI: 0000000000040000
[  165.689272][    C0] RBP: ffffc900022a7940 R08: 000000000003a768 R09: ffffed1012c862df
[  165.697236][    C0] R10: ffffed1012c862df R11: 0000000000000000 R12: ffff8880a3bf6520
[  165.705193][    C0] R13: dffffc0000000000 R14: 1ffff1101477eca4 R15: ffff8880964316e8
[  165.713176][    C0]  ? free_thread_stack+0x124/0x590
[  165.718286][    C0]  put_task_stack+0xa3/0x130
[  165.722865][    C0]  finish_task_switch+0x3f1/0x550
[  165.727884][    C0]  __schedule+0x9a8/0xcc0
[  165.732209][    C0]  schedule+0x181/0x210
[  165.736377][    C0]  schedule_timeout+0x46/0x240
[  165.741136][    C0]  do_wait_for_common+0x2e7/0x4d0
[  165.746149][    C0]  ? console_conditional_schedule+0x40/0x40
[  165.752033][    C0]  ? do_task_dead+0xc0/0xc0
[  165.756527][    C0]  wait_for_completion+0x47/0x60
[  165.761538][    C0]  kvm_vm_create_worker_thread+0x1d2/0x2b0
[  165.767330][    C0]  ? kvm_mmu_post_init_vm+0x80/0x80
[  165.772523][    C0]  ? kvm_mmu_post_init_vm+0x80/0x80
[  165.777710][    C0]  kvm_mmu_post_init_vm+0x31/0x80
[  165.782723][    C0]  kvm_arch_post_init_vm+0x15/0x20
[  165.787828][    C0]  kvm_dev_ioctl+0x17da/0x2110
[  165.792588][    C0]  ? kvm_reboot+0x40/0x40
[  165.796904][    C0]  do_vfs_ioctl+0x70b/0x1a30
[  165.801477][    C0]  ? __fget+0x441/0x510
[  165.805626][    C0]  ? tomoyo_file_ioctl+0x23/0x30
[  165.810547][    C0]  ? security_file_ioctl+0xa1/0xd0
[  165.815645][    C0]  __x64_sys_ioctl+0xe3/0x120
[  165.820317][    C0]  do_syscall_64+0xf7/0x1c0
[  165.824814][    C0]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  165.830701][    C0] RIP: 0033:0x45a679
[  165.834582][    C0] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  165.854334][    C0] RSP: 002b:00007fde3aad9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  165.862753][    C0] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679
[  165.870716][    C0] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003
[  165.878674][    C0] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  165.886727][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fde3aada6d4
[  165.894703][    C0] R13: 00000000004c3a43 R14: 00000000004d8f78 R15: 00000000ffffffff