[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   45.181692][   T23] audit: type=1800 audit(1575331720.745:25): pid=8147 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   45.200697][   T23] audit: type=1800 audit(1575331720.745:26): pid=8147 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   45.227228][   T23] audit: type=1800 audit(1575331720.755:27): pid=8147 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts.
2019/12/03 00:08:49 fuzzer started
2019/12/03 00:08:50 dialing manager at 10.128.0.26:38907
2019/12/03 00:08:50 syscalls: 2697
2019/12/03 00:08:50 code coverage: enabled
2019/12/03 00:08:50 comparison tracing: enabled
2019/12/03 00:08:50 extra coverage: extra coverage is not supported by the kernel
2019/12/03 00:08:50 setuid sandbox: enabled
2019/12/03 00:08:50 namespace sandbox: enabled
2019/12/03 00:08:50 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/03 00:08:50 fault injection: enabled
2019/12/03 00:08:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/03 00:08:50 net packet injection: enabled
2019/12/03 00:08:50 net device setup: enabled
2019/12/03 00:08:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/12/03 00:08:50 devlink PCI setup: PCI device 0000:00:10.0 is not available
00:08:51 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000180)=0x580, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e1d, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000100)=0x8, 0x4)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/36, 0x24}, 0x2000)

00:08:52 executing program 1:
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000040)=[{0x0, 0xfffffd1a}], 0x1}}], 0x48}, 0x0)

syzkaller login: [   56.449243][ T8311] IPVS: ftp: loaded support on port[0] = 21
[   56.625080][ T8314] IPVS: ftp: loaded support on port[0] = 21
[   56.639001][ T8311] chnl_net:caif_netlink_parms(): no params data found
[   56.713130][ T8311] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.721135][ T8311] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.729482][ T8311] device bridge_slave_0 entered promiscuous mode
[   56.741478][ T8311] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.749061][ T8311] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.756983][ T8311] device bridge_slave_1 entered promiscuous mode
00:08:52 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
exit(0x0)
ppoll(&(0x7f0000000180)=[{r0}], 0x1, 0x0, 0x0, 0x0)

[   56.776301][ T8311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.787614][ T8311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.831107][ T8311] team0: Port device team_slave_0 added
[   56.851160][ T8311] team0: Port device team_slave_1 added
00:08:52 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$sock_SIOCGIFCONF(r1, 0x400448df, &(0x7f0000000600)=@buf)

[   56.989367][ T8311] device hsr_slave_0 entered promiscuous mode
[   57.017943][ T8311] device hsr_slave_1 entered promiscuous mode
[   57.119936][ T8317] IPVS: ftp: loaded support on port[0] = 21
[   57.135944][ T8314] chnl_net:caif_netlink_parms(): no params data found
[   57.220235][ T8311] netdevsim netdevsim0 netdevsim0: renamed from eth0
00:08:52 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00 \x00', 0x10)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @initdev}, 0x10)
write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="4ef27f45294600000033086c0200000000000000014410051166010000003800000000000044130a000b00000800"/56], 0x38)

[   57.290751][ T8311] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   57.377015][ T8311] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   57.436375][ T8320] IPVS: ftp: loaded support on port[0] = 21
[   57.442794][ T8311] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   57.509541][ T8314] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.516769][ T8314] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.527979][ T8314] device bridge_slave_0 entered promiscuous mode
[   57.571304][ T8321] IPVS: ftp: loaded support on port[0] = 21
[   57.601759][ T8314] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.609204][ T8314] bridge0: port 2(bridge_slave_1) entered disabled state
00:08:53 executing program 5:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1a, 0x18, 0x2, [@struct={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{}]}]}}, &(0x7f00000002c0)=""/236, 0x32, 0xec, 0x8}, 0x20)

[   57.618880][ T8314] device bridge_slave_1 entered promiscuous mode
[   57.663786][ T8317] chnl_net:caif_netlink_parms(): no params data found
[   57.687540][ T8311] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.694771][ T8311] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.702978][ T8311] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.710311][ T8311] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.728628][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.739517][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.778878][ T8314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.791900][ T8314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.824962][ T8317] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.832245][ T8317] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.840266][ T8317] device bridge_slave_0 entered promiscuous mode
[   57.863846][ T8314] team0: Port device team_slave_0 added
[   57.873201][ T8314] team0: Port device team_slave_1 added
[   57.886064][ T8326] IPVS: ftp: loaded support on port[0] = 21
[   57.894923][ T8317] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.903744][ T8317] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.912031][ T8317] device bridge_slave_1 entered promiscuous mode
[   57.933792][ T8317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.954023][ T8317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.001856][ T8317] team0: Port device team_slave_0 added
[   58.030896][ T8317] team0: Port device team_slave_1 added
[   58.089936][ T8314] device hsr_slave_0 entered promiscuous mode
[   58.147693][ T8314] device hsr_slave_1 entered promiscuous mode
[   58.207327][ T8314] debugfs: Directory 'hsr0' with parent '/' already present!
[   58.251798][ T8321] chnl_net:caif_netlink_parms(): no params data found
[   58.289118][ T8317] device hsr_slave_0 entered promiscuous mode
[   58.327472][ T8317] device hsr_slave_1 entered promiscuous mode
[   58.377314][ T8317] debugfs: Directory 'hsr0' with parent '/' already present!
[   58.385020][ T8320] chnl_net:caif_netlink_parms(): no params data found
[   58.445607][ T8326] chnl_net:caif_netlink_parms(): no params data found
[   58.486207][ T8321] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.493430][ T8321] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.503853][ T8321] device bridge_slave_0 entered promiscuous mode
[   58.538863][ T8321] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.545928][ T8321] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.557610][ T8321] device bridge_slave_1 entered promiscuous mode
[   58.576127][ T8314] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   58.654387][ T8314] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   58.699451][ T8317] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   58.743758][ T8317] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   58.813781][ T8317] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   58.870151][ T8314] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   58.913653][ T8314] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   58.976716][ T8321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.992342][ T8317] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   59.052143][ T8311] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.065406][ T8326] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.073782][ T8326] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.081877][ T8326] device bridge_slave_0 entered promiscuous mode
[   59.091598][ T8321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.102085][ T8320] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.109309][ T8320] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.116983][ T8320] device bridge_slave_0 entered promiscuous mode
[   59.133116][ T8320] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.140790][ T8320] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.150890][ T8320] device bridge_slave_1 entered promiscuous mode
[   59.168252][ T8311] 8021q: adding VLAN 0 to HW filter on device team0
[   59.175173][ T8326] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.182692][ T8326] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.191277][ T8326] device bridge_slave_1 entered promiscuous mode
[   59.219027][ T2877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.228316][ T2877] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.258478][ T8321] team0: Port device team_slave_0 added
[   59.265700][ T8320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.280323][ T8321] team0: Port device team_slave_1 added
[   59.290014][ T8326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.307663][ T8320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.319304][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   59.328527][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.336882][ T8325] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.344110][ T8325] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.351729][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   59.360599][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   59.369070][ T8325] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.376229][ T8325] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.383926][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   59.394059][ T8326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.421778][ T8326] team0: Port device team_slave_0 added
[   59.442808][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   59.457749][ T8326] team0: Port device team_slave_1 added
[   59.465132][ T8320] team0: Port device team_slave_0 added
[   59.529917][ T8321] device hsr_slave_0 entered promiscuous mode
[   59.567629][ T8321] device hsr_slave_1 entered promiscuous mode
[   59.627332][ T8321] debugfs: Directory 'hsr0' with parent '/' already present!
[   59.660046][ T8320] team0: Port device team_slave_1 added
[   59.682830][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   59.692599][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   59.701381][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   59.710215][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   59.718867][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   59.727235][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   59.735609][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   59.800117][ T8326] device hsr_slave_0 entered promiscuous mode
[   59.838067][ T8326] device hsr_slave_1 entered promiscuous mode
[   59.877325][ T8326] debugfs: Directory 'hsr0' with parent '/' already present!
[   59.890070][ T8314] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.940435][ T8320] device hsr_slave_0 entered promiscuous mode
[   59.987682][ T8320] device hsr_slave_1 entered promiscuous mode
[   60.048068][ T8320] debugfs: Directory 'hsr0' with parent '/' already present!
[   60.055979][ T8311] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   60.068059][ T8311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   60.076485][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   60.085238][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.113506][ T8314] 8021q: adding VLAN 0 to HW filter on device team0
[   60.135953][ T8321] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   60.181027][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   60.189172][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.238580][ T8321] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   60.279421][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.288651][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.296926][ T8325] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.304042][ T8325] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.311877][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   60.321075][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.329794][ T8325] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.336945][ T8325] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.344661][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   60.354148][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   60.365969][ T8317] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.378562][ T8320] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   60.423041][ T8320] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   60.479596][ T8321] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   60.530439][ T8321] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   60.599768][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   60.609833][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   60.617739][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   60.630506][ T8311] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.638695][ T8320] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   60.693911][ T8317] 8021q: adding VLAN 0 to HW filter on device team0
[   60.706733][ T8326] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   60.755443][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   60.764089][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.772529][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   60.783111][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   60.792372][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.802077][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.810906][ T8325] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.818163][ T8325] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.826041][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   60.834825][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   60.843184][ T8320] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   60.908866][ T8326] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   60.940032][ T8326] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   61.001732][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   61.014223][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   61.024595][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   61.039425][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.052047][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   61.062468][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.074415][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   61.085027][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.099340][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.106400][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[  165.987054][    C0] rcu: INFO: rcu_preempt self-detected stall on CPU
[  165.994080][    C0] rcu: 	0-...!: (10499 ticks this GP) idle=002/1/0x4000000000000002 softirq=11262/11262 fqs=6 
[  166.004626][    C0] 	(t=10501 jiffies g=6701 q=117)
[  166.009655][    C0] rcu: rcu_preempt kthread starved for 10490 jiffies! g6701 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[  166.021000][    C0] rcu: RCU grace-period kthread stack dump:
[  166.026898][    C0] rcu_preempt     I29104    10      2 0x80004000
[  166.033239][    C0] Call Trace:
[  166.036701][    C0]  __schedule+0x9a0/0xcc0
[  166.041070][    C0]  schedule+0x181/0x210
[  166.045518][    C0]  schedule_timeout+0x14f/0x240
[  166.050373][    C0]  ? run_local_timers+0x120/0x120
[  166.055403][    C0]  rcu_gp_kthread+0xed8/0x1770
[  166.060175][    C0]  kthread+0x332/0x350
[  166.064237][    C0]  ? rcu_report_qs_rsp+0x140/0x140
[  166.069451][    C0]  ? kthread_blkcg+0xe0/0xe0
[  166.074560][    C0]  ret_from_fork+0x24/0x30
[  166.079148][    C0] NMI backtrace for cpu 0
[  166.083486][    C0] CPU: 0 PID: 1039 Comm: kworker/u4:5 Not tainted 5.4.0-syzkaller #0
[  166.091538][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  166.101607][    C0] Workqueue: events_unbound fsnotify_connector_destroy_workfn
[  166.109070][    C0] Call Trace:
[  166.112355][    C0]  <IRQ>
[  166.115205][    C0]  dump_stack+0x1fb/0x318
[  166.119626][    C0]  nmi_cpu_backtrace+0xaf/0x1a0
[  166.124472][    C0]  ? nmi_trigger_cpumask_backtrace+0x16d/0x290
[  166.130626][    C0]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  166.136843][    C0]  nmi_trigger_cpumask_backtrace+0x174/0x290
[  166.143047][    C0]  arch_trigger_cpumask_backtrace+0x10/0x20
[  166.148960][    C0]  rcu_dump_cpu_stacks+0x15a/0x220
[  166.154087][    C0]  rcu_sched_clock_irq+0xe25/0x1ad0
[  166.159290][    C0]  ? trace_hardirqs_off+0x74/0x80
[  166.164317][    C0]  update_process_times+0x12d/0x180
[  166.169517][    C0]  tick_sched_timer+0x263/0x420
[  166.174376][    C0]  ? tick_setup_sched_timer+0x3d0/0x3d0
[  166.179922][    C0]  __hrtimer_run_queues+0x403/0x840
[  166.185134][    C0]  hrtimer_interrupt+0x38c/0xda0
[  166.190172][    C0]  ? debug_smp_processor_id+0x9/0x20
[  166.195464][    C0]  smp_apic_timer_interrupt+0x109/0x280
[  166.201179][    C0]  apic_timer_interrupt+0xf/0x20
[  166.206225][    C0]  </IRQ>
[  166.209166][    C0] RIP: 0010:__memcg_kmem_uncharge+0xe/0x2e0
[  166.215191][    C0] Code: c3 08 02 00 00 48 89 df 4c 89 f6 e8 dc 7d ff ff 5b 41 5e 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 50 <89> f3 49 89 fc 48 b8 00 00 00 00 00 fc ff df 4c 8d 77 38 4d 89 f5
[  166.234814][    C0] RSP: 0018:ffffc900048f78c8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  166.243442][    C0] RAX: ffffffff81486ea4 RBX: ffffea000279e600 RCX: ffff8880a71c2480
[  166.251427][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea000279e600
[  166.259396][    C0] RBP: ffffc900048f78f8 R08: 000000000003a768 R09: ffffed101197b74f
[  166.267367][    C0] R10: ffffed101197b74f R11: 0000000000000000 R12: ffff8880909f7ca0
[  166.275360][    C0] R13: dffffc0000000000 R14: 1ffff1101213ef94 R15: ffff88808cbdba68
[  166.283348][    C0]  ? free_thread_stack+0x124/0x590
[  166.288527][    C0]  ? free_thread_stack+0x124/0x590
[  166.293758][    C0]  free_thread_stack+0x12e/0x590
[  166.298694][    C0]  put_task_stack+0xa3/0x130
[  166.303292][    C0]  finish_task_switch+0x3f1/0x550
[  166.308326][    C0]  __schedule+0x9a8/0xcc0
[  166.312665][    C0]  ? ___preempt_schedule+0x16/0x18
[  166.317771][    C0]  preempt_schedule+0xdb/0x120
[  166.322536][    C0]  ___preempt_schedule+0x16/0x18
[  166.327483][    C0]  _raw_spin_unlock_irqrestore+0xcc/0xe0
[  166.333202][    C0]  __call_srcu+0x7ab/0xb00
[  166.337628][    C0]  __synchronize_srcu+0x1cf/0x260
[  166.342825][    C0]  ? rcu_read_lock_any_held+0x1a0/0x1a0
[  166.348385][    C0]  synchronize_srcu+0x2cb/0x2f0
[  166.353241][    C0]  fsnotify_connector_destroy_workfn+0x44/0xb0
[  166.359432][    C0]  process_one_work+0x7ef/0x10d0
[  166.364394][    C0]  worker_thread+0xc01/0x1630
[  166.369089][    C0]  kthread+0x332/0x350
[  166.373163][    C0]  ? rcu_lock_release+0x30/0x30
[  166.378008][    C0]  ? kthread_blkcg+0xe0/0xe0
[  166.382601][    C0]  ret_from_fork+0x24/0x30