[?25l[?1c7[ ok 8[?25h[?0c. [ 42.977601][ T23] audit: type=1800 audit(1575396726.325:25): pid=8102 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 42.996790][ T23] audit: type=1800 audit(1575396726.325:26): pid=8102 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 43.035830][ T23] audit: type=1800 audit(1575396726.335:27): pid=8102 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts. 2019/12/03 18:12:18 fuzzer started 2019/12/03 18:12:19 dialing manager at 10.128.0.26:42111 2019/12/03 18:12:19 syscalls: 2689 2019/12/03 18:12:19 code coverage: enabled 2019/12/03 18:12:19 comparison tracing: enabled 2019/12/03 18:12:19 extra coverage: extra coverage is not supported by the kernel 2019/12/03 18:12:19 setuid sandbox: enabled 2019/12/03 18:12:19 namespace sandbox: enabled 2019/12/03 18:12:19 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/03 18:12:19 fault injection: enabled 2019/12/03 18:12:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/03 18:12:19 net packet injection: enabled 2019/12/03 18:12:19 net device setup: enabled 2019/12/03 18:12:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/03 18:12:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 18:12:20 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x200000004, 0x400, 0x0, 0xffffffffffffffff, 0x0, [0x2e, 0x2e, 0x2e, 0x2e, 0x6b6e, 0x2e, 0x2e, 0x34]}, 0x3c) 18:12:21 executing program 1: r0 = add_key(&(0x7f0000000180)='rxrpc\x00', &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$read(0xb, r0, 0x0, 0x0) syzkaller login: [ 57.835186][ T8265] IPVS: ftp: loaded support on port[0] = 21 [ 57.894378][ T8267] IPVS: ftp: loaded support on port[0] = 21 18:12:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f00000000c0)={0x7a, 0x4, [0x40000108], [0x3a]}) [ 58.017888][ T8265] chnl_net:caif_netlink_parms(): no params data found [ 58.134933][ T8267] chnl_net:caif_netlink_parms(): no params data found [ 58.152149][ T8271] IPVS: ftp: loaded support on port[0] = 21 [ 58.170154][ T8265] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.183090][ T8265] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.192748][ T8265] device bridge_slave_0 entered promiscuous mode [ 58.224169][ T8265] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.234675][ T8265] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.242990][ T8265] device bridge_slave_1 entered promiscuous mode 18:12:21 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000140)="240000002e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000005e00ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000064c0), 0x40000000000022a, 0x0, 0x0) [ 58.289458][ T8267] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.296702][ T8267] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.306512][ T8267] device bridge_slave_0 entered promiscuous mode [ 58.337453][ T8265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.359264][ T8265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.371493][ T8267] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.379758][ T8267] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.388124][ T8267] device bridge_slave_1 entered promiscuous mode [ 58.468625][ T8267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.480223][ T8265] team0: Port device team_slave_0 added [ 58.502105][ T8267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.513596][ T8265] team0: Port device team_slave_1 added [ 58.524089][ T8271] chnl_net:caif_netlink_parms(): no params data found 18:12:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r0, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0xb16579c7108f782f}, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) [ 58.597809][ T8265] device hsr_slave_0 entered promiscuous mode [ 58.635812][ T8265] device hsr_slave_1 entered promiscuous mode [ 58.719091][ T8274] IPVS: ftp: loaded support on port[0] = 21 [ 58.731320][ T8267] team0: Port device team_slave_0 added [ 58.768795][ T8271] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.776906][ T8271] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.784755][ T8271] device bridge_slave_0 entered promiscuous mode [ 58.794590][ T8267] team0: Port device team_slave_1 added 18:12:22 executing program 5: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'bridge_slave_1\x00', &(0x7f0000000100)=@ethtool_link_settings={0x4c}}) [ 58.900573][ T8267] device hsr_slave_0 entered promiscuous mode [ 58.975368][ T8267] device hsr_slave_1 entered promiscuous mode [ 59.004948][ T8267] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.012736][ T8271] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.019955][ T8271] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.027670][ T8271] device bridge_slave_1 entered promiscuous mode [ 59.034595][ T8265] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.080353][ T8265] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.126361][ T8265] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.136668][ T8276] IPVS: ftp: loaded support on port[0] = 21 [ 59.188750][ T8278] IPVS: ftp: loaded support on port[0] = 21 [ 59.218104][ T8265] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.278440][ T8271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.309756][ T8271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.389125][ T8271] team0: Port device team_slave_0 added [ 59.396135][ T8267] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 59.438248][ T8267] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 59.498135][ T8267] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 59.548068][ T8267] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 59.608161][ T8271] team0: Port device team_slave_1 added [ 59.638743][ T8274] chnl_net:caif_netlink_parms(): no params data found [ 59.698249][ T8271] device hsr_slave_0 entered promiscuous mode [ 59.745998][ T8271] device hsr_slave_1 entered promiscuous mode [ 59.775275][ T8271] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.870064][ T8274] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.877879][ T8274] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.885845][ T8274] device bridge_slave_0 entered promiscuous mode [ 59.893917][ T8274] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.901055][ T8274] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.908753][ T8274] device bridge_slave_1 entered promiscuous mode [ 59.925652][ T8278] chnl_net:caif_netlink_parms(): no params data found [ 59.972230][ T8271] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 60.017431][ T8271] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 60.063153][ T8271] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 60.120182][ T8274] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.136610][ T8271] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 60.172907][ T8278] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.183141][ T8278] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.191925][ T8278] device bridge_slave_0 entered promiscuous mode [ 60.203485][ T8274] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.213619][ T8276] chnl_net:caif_netlink_parms(): no params data found [ 60.232129][ T8278] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.242111][ T8278] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.250408][ T8278] device bridge_slave_1 entered promiscuous mode [ 60.261455][ T8267] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.300781][ T8274] team0: Port device team_slave_0 added [ 60.319667][ T8278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.336345][ T8267] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.343771][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.352402][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.362346][ T8274] team0: Port device team_slave_1 added [ 60.372748][ T8276] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.383290][ T8276] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.391256][ T8276] device bridge_slave_0 entered promiscuous mode [ 60.399860][ T8276] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.407210][ T8276] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.415061][ T8276] device bridge_slave_1 entered promiscuous mode [ 60.425138][ T8265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.434392][ T8278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.456583][ T8278] team0: Port device team_slave_0 added [ 60.472820][ T8276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.493192][ T8265] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.505104][ T8278] team0: Port device team_slave_1 added [ 60.515970][ T8284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.525232][ T8284] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.533736][ T8284] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.541101][ T8284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.549985][ T8284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.558327][ T8284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.566954][ T8284] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.579825][ T8276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.604273][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.613454][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.622708][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.629818][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.638118][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.647074][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.655707][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.662739][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.708518][ T8278] device hsr_slave_0 entered promiscuous mode [ 60.765174][ T8278] device hsr_slave_1 entered promiscuous mode [ 60.835020][ T8278] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.897628][ T8274] device hsr_slave_0 entered promiscuous mode [ 60.935318][ T8274] device hsr_slave_1 entered promiscuous mode [ 60.975176][ T8274] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.982934][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.990802][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.999709][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.008997][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.018931][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.027273][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.036017][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.044260][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.051346][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.059795][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.070799][ T8276] team0: Port device team_slave_0 added [ 61.082247][ T8276] team0: Port device team_slave_1 added [ 61.105740][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.114279][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.127248][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.136184][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.207348][ T8276] device hsr_slave_0 entered promiscuous mode [ 61.255190][ T8276] device hsr_slave_1 entered promiscuous mode [ 61.305029][ T8276] debugfs: Directory 'hsr0' with parent '/' already present! [ 61.329667][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.339697][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.349385][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.358730][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.367388][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.379469][ T8267] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.391767][ T8267] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.413587][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.422527][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.431379][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.439888][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.454322][ T8265] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 61.465596][ T8265] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.493645][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.503249][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.513567][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.522614][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.531458][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.545660][ T8267] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.564130][ T8278] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 61.596408][ T8274] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 61.638626][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 61.646832][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 61.664710][ T8271] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.676029][ T8278] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 61.716945][ T8274] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 61.757209][ T8274] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 61.797821][ T8276] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 61.847179][ T8276] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 61.887047][ T8276] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 61.931640][ T8278] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 61.966489][ T8274] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 62.041230][ T8265] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.049622][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.064191][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.072140][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.079791][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.089660][ T8271] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.097951][ T8276] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 62.156923][ T8278] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 62.214930][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.224634][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.233937][ T3689] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.241084][ T3689] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.252224][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.264507][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.279458][ T3689] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.286628][ T3689] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.306767][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.388116][ T8278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.410588][ T8278] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.462048][ T8278] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 62.472522][ T8278] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.506490][ T8278] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.314781][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 167.321584][ C1] rcu: 1-...!: (10499 ticks this GP) idle=47a/1/0x4000000000000002 softirq=10674/10674 fqs=8 [ 167.332073][ C1] (t=10500 jiffies g=6553 q=616) [ 167.337088][ C1] rcu: rcu_preempt kthread starved for 10480 jiffies! g6553 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 167.348167][ C1] rcu: RCU grace-period kthread stack dump: [ 167.354042][ C1] rcu_preempt R running task 29032 10 2 0x80004000 [ 167.361928][ C1] Call Trace: [ 167.365215][ C1] __schedule+0x9a0/0xcc0 [ 167.369545][ C1] schedule+0x181/0x210 [ 167.373716][ C1] schedule_timeout+0x14f/0x240 [ 167.378582][ C1] ? run_local_timers+0x120/0x120 [ 167.383607][ C1] rcu_gp_kthread+0xed8/0x1770 [ 167.388394][ C1] kthread+0x332/0x350 [ 167.392461][ C1] ? rcu_report_qs_rsp+0x140/0x140 [ 167.397571][ C1] ? kthread_blkcg+0xe0/0xe0 [ 167.402153][ C1] ret_from_fork+0x24/0x30 [ 167.406578][ C1] NMI backtrace for cpu 1 [ 167.410895][ C1] CPU: 1 PID: 8286 Comm: syz-executor.1 Not tainted 5.4.0-syzkaller #0 [ 167.419110][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.429161][ C1] Call Trace: [ 167.432433][ C1] [ 167.435273][ C1] dump_stack+0x1fb/0x318 [ 167.439591][ C1] nmi_cpu_backtrace+0xaf/0x1a0 [ 167.444429][ C1] ? nmi_trigger_cpumask_backtrace+0x16d/0x290 [ 167.450570][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 167.456624][ C1] nmi_trigger_cpumask_backtrace+0x174/0x290 [ 167.462680][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 167.468581][ C1] rcu_dump_cpu_stacks+0x15a/0x220 [ 167.473705][ C1] rcu_sched_clock_irq+0xe25/0x1ad0 [ 167.478904][ C1] ? trace_hardirqs_off+0x74/0x80 [ 167.483924][ C1] update_process_times+0x12d/0x180 [ 167.489112][ C1] tick_sched_timer+0x263/0x420 [ 167.493986][ C1] ? tick_setup_sched_timer+0x3d0/0x3d0 [ 167.499531][ C1] __hrtimer_run_queues+0x403/0x840 [ 167.504738][ C1] hrtimer_interrupt+0x38c/0xda0 [ 167.509679][ C1] ? debug_smp_processor_id+0x9/0x20 [ 167.514955][ C1] smp_apic_timer_interrupt+0x109/0x280 [ 167.520490][ C1] apic_timer_interrupt+0xf/0x20 [ 167.525409][ C1] [ 167.528337][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x1c/0x50 [ 167.534477][ C1] Code: cd 07 48 89 de e8 64 02 3b 00 5b 5d c3 cc 48 8b 04 24 65 48 8b 0c 25 c0 1d 02 00 65 8b 15 b8 81 8b 7e f7 c2 00 01 1f 00 75 2c <8b> 91 80 13 00 00 83 fa 02 75 21 48 8b 91 88 13 00 00 48 8b 32 48 [ 167.554067][ C1] RSP: 0018:ffffc900027e7880 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 167.562620][ C1] RAX: ffffffff81487326 RBX: ffffea00029c4000 RCX: ffff8880a7406200 [ 167.570602][ C1] RDX: 0000000000000001 RSI: 00000000fffffffc RDI: ffffea00029c4000 [ 167.578587][ C1] RBP: ffffc900027e78a8 R08: 000000000003a768 R09: ffffed1011e80aaf [ 167.586563][ C1] R10: ffffed1011e80aaf R11: 0000000000000000 R12: ffff888093b9dc20 [ 167.594529][ C1] R13: dffffc0000000000 R14: 00000000fffffffc R15: ffff88808f405568 [ 167.602506][ C1] ? mod_memcg_page_state+0x16/0x190 [ 167.607790][ C1] ? mod_memcg_page_state+0x16/0x190 [ 167.613061][ C1] free_thread_stack+0x168/0x590 [ 167.617987][ C1] put_task_stack+0xa3/0x130 [ 167.622561][ C1] finish_task_switch+0x3f1/0x550 [ 167.627588][ C1] __schedule+0x9a8/0xcc0 [ 167.631914][ C1] preempt_schedule_irq+0xc1/0x140 [ 167.637011][ C1] retint_kernel+0x1b/0x2b [ 167.641413][ C1] RIP: 0010:anon_vma_interval_tree_verify+0x2f/0x150 [ 167.648075][ C1] Code: 57 41 56 41 55 41 54 53 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 91 7a d5 ff 49 8d 7f 40 48 89 f8 48 c1 e8 03 42 80 3c 20 00 <74> 05 e8 7a f1 10 00 4d 8b 77 40 4d 89 fd 49 c1 ed 03 43 80 7c 25 [ 167.667664][ C1] RSP: 0018:ffffc900027e7b08 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff02 [ 167.676062][ C1] RAX: 1ffff11014f4a1e4 RBX: ffff8880a7a50ef0 RCX: ffff8880a7406200 [ 167.684020][ C1] RDX: 0000000000000000 RSI: 000000000000011b RDI: ffff8880a7a50f20 [ 167.691974][ C1] RBP: ffffc900027e7b30 R08: ffffffff81a12273 R09: ffffed1013451d2f [ 167.699930][ C1] R10: ffffed1013451d2f R11: 0000000000000000 R12: dffffc0000000000 [ 167.707888][ C1] R13: ffff8880a48bd1c0 R14: 1ffff11014f7e65a R15: ffff8880a7a50ee0 [ 167.715856][ C1] ? anon_vma_interval_tree_verify+0x123/0x150 [ 167.721998][ C1] ? anon_vma_interval_tree_verify+0x1f/0x150 [ 167.728053][ C1] validate_mm+0xfe/0x9b0 [ 167.732387][ C1] vma_link+0x264/0x290 [ 167.736536][ C1] mmap_region+0x12e1/0x1cb0 [ 167.741127][ C1] do_mmap+0xabb/0x1120 [ 167.745281][ C1] vm_mmap_pgoff+0x13d/0x1d0 [ 167.749868][ C1] ksys_mmap_pgoff+0x104/0x560 [ 167.754618][ C1] ? debug_smp_processor_id+0x9/0x20 [ 167.759920][ C1] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 167.765644][ C1] __x64_sys_mmap+0x103/0x120 [ 167.770322][ C1] do_syscall_64+0xf7/0x1c0 [ 167.774820][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.780698][ C1] RIP: 0033:0x45a6ca [ 167.784675][ C1] Code: 89 f5 41 54 49 89 fc 55 53 74 35 49 63 e8 48 63 da 4d 89 f9 49 89 e8 4d 63 d6 48 89 da 4c 89 ee 4c 89 e7 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 4e 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 00 [ 167.804283][ C1] RSP: 002b:00007ffc0e1c7b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 167.812698][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a6ca [ 167.820683][ C1] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 0000000000000000 [ 167.828845][ C1] RBP: ffffffffffffffff R08: ffffffffffffffff R09: 0000000000000000 [ 167.836807][ C1] R10: 0000000000020022 R11: 0000000000000246 R12: 0000000000000000 [ 167.844764][ C1] R13: 0000000000021000 R14: 0000000000020022 R15: 0000000000000000