[ 44.040684][ T23] audit: type=1800 audit(1575354734.849:25): pid=8035 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 44.069790][ T23] audit: type=1800 audit(1575354734.849:26): pid=8035 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 44.123575][ T23] audit: type=1800 audit(1575354734.849:27): pid=8035 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 44.161029][ T23] audit: type=1800 audit(1575354734.849:28): pid=8035 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.199' (ECDSA) to the list of known hosts. 2019/12/03 06:32:26 fuzzer started 2019/12/03 06:32:27 dialing manager at 10.128.0.26:38907 2019/12/03 06:32:27 syscalls: 2697 2019/12/03 06:32:27 code coverage: enabled 2019/12/03 06:32:27 comparison tracing: enabled 2019/12/03 06:32:27 extra coverage: extra coverage is not supported by the kernel 2019/12/03 06:32:27 setuid sandbox: enabled 2019/12/03 06:32:27 namespace sandbox: enabled 2019/12/03 06:32:27 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/03 06:32:27 fault injection: enabled 2019/12/03 06:32:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/03 06:32:27 net packet injection: enabled 2019/12/03 06:32:27 net device setup: enabled 2019/12/03 06:32:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/03 06:32:27 devlink PCI setup: PCI device 0000:00:10.0 is not available 06:32:28 executing program 0: syz_mount_image$hfs(0x0, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0, 0x0, 0x1802000, 0x0) 06:32:28 executing program 1: r0 = syz_open_dev$swradio(&(0x7f0000000100)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xa, 0x1, {0xb, @pix={0x0, 0x1f}}}) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000600)={0x0, 0xb, 0x4, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "18010004"}, 0x0, 0x0, @userptr=0x100000001, 0x4}) ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000600)={0x0, 0xb, 0x4, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "18010004"}, 0x0, 0x0, @userptr=0x100000001, 0x4}) syzkaller login: [ 58.161667][ T8198] IPVS: ftp: loaded support on port[0] = 21 [ 58.263734][ T8200] IPVS: ftp: loaded support on port[0] = 21 06:32:29 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}, r1}}, 0x48) [ 58.362793][ T8198] chnl_net:caif_netlink_parms(): no params data found [ 58.473457][ T8198] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.480546][ T8198] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.502227][ T8198] device bridge_slave_0 entered promiscuous mode [ 58.530267][ T8198] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.539294][ T8198] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.547691][ T8198] device bridge_slave_1 entered promiscuous mode [ 58.570157][ T8198] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.582261][ T8198] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.608394][ T8205] IPVS: ftp: loaded support on port[0] = 21 06:32:29 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1b6) setresuid(0x0, r2, 0xee00) r3 = socket$inet(0x2b, 0x801, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, 0x0, 0x0) [ 58.636445][ T8200] chnl_net:caif_netlink_parms(): no params data found [ 58.659477][ T8198] team0: Port device team_slave_0 added [ 58.675552][ T8198] team0: Port device team_slave_1 added [ 58.729381][ T8200] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.752712][ T8200] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.772725][ T8200] device bridge_slave_0 entered promiscuous mode [ 58.801539][ T8200] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.809048][ T8200] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.831983][ T8200] device bridge_slave_1 entered promiscuous mode [ 58.903837][ T8198] device hsr_slave_0 entered promiscuous mode 06:32:29 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() r1 = gettid() rt_tgsigqueueinfo(r1, r0, 0x0, &(0x7f0000000300)) [ 58.951357][ T8198] device hsr_slave_1 entered promiscuous mode [ 59.028562][ T8200] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.068586][ T8207] IPVS: ftp: loaded support on port[0] = 21 [ 59.082191][ T8200] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.154115][ T8200] team0: Port device team_slave_0 added [ 59.168232][ T8209] IPVS: ftp: loaded support on port[0] = 21 [ 59.180040][ T8198] netdevsim netdevsim0 netdevsim0: renamed from eth0 06:32:30 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0x7d}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xb579, &(0x7f000000cf3d)=""/195}, 0x48) [ 59.222560][ T8200] team0: Port device team_slave_1 added [ 59.265687][ T8198] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.333329][ T8198] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.394638][ T8198] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.468585][ T8205] chnl_net:caif_netlink_parms(): no params data found [ 59.574772][ T8200] device hsr_slave_0 entered promiscuous mode [ 59.641272][ T8200] device hsr_slave_1 entered promiscuous mode [ 59.701255][ T8200] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.736786][ T8212] IPVS: ftp: loaded support on port[0] = 21 [ 59.774402][ T8205] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.781845][ T8205] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.782669][ T8205] device bridge_slave_0 entered promiscuous mode [ 59.815041][ T8200] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 59.863082][ T8205] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.870208][ T8205] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.878886][ T8205] device bridge_slave_1 entered promiscuous mode [ 59.910205][ T8200] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 59.966300][ T8200] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 60.043605][ T8205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.056007][ T8205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.094683][ T8200] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 60.186032][ T8205] team0: Port device team_slave_0 added [ 60.197465][ T8209] chnl_net:caif_netlink_parms(): no params data found [ 60.219379][ T8205] team0: Port device team_slave_1 added [ 60.230441][ T8207] chnl_net:caif_netlink_parms(): no params data found [ 60.277323][ T8209] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.286093][ T8209] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.294372][ T8209] device bridge_slave_0 entered promiscuous mode [ 60.344345][ T8205] device hsr_slave_0 entered promiscuous mode [ 60.401449][ T8205] device hsr_slave_1 entered promiscuous mode [ 60.451227][ T8205] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.459264][ T8209] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.467136][ T8209] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.474970][ T8209] device bridge_slave_1 entered promiscuous mode [ 60.514487][ T8207] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.522525][ T8207] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.530674][ T8207] device bridge_slave_0 entered promiscuous mode [ 60.546472][ T8209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.562238][ T8212] chnl_net:caif_netlink_parms(): no params data found [ 60.589152][ T8207] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.600812][ T8207] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.609241][ T8207] device bridge_slave_1 entered promiscuous mode [ 60.617951][ T8209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.644991][ T8212] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.652293][ T8212] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.660202][ T8212] device bridge_slave_0 entered promiscuous mode [ 60.687538][ T8209] team0: Port device team_slave_0 added [ 60.695949][ T8209] team0: Port device team_slave_1 added [ 60.707887][ T8212] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.715773][ T8212] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.724555][ T8212] device bridge_slave_1 entered promiscuous mode [ 60.749250][ T8207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.771864][ T8198] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.778814][ T8205] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 60.841779][ T8212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.852873][ T8212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.863917][ T8207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.886711][ T8205] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 60.955716][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.965223][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.979612][ T8198] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.987035][ T8205] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 61.061942][ T8212] team0: Port device team_slave_0 added [ 61.073840][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.083029][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.091553][ T2709] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.098826][ T2709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.107546][ T8205] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 61.214144][ T8209] device hsr_slave_0 entered promiscuous mode [ 61.251564][ T8209] device hsr_slave_1 entered promiscuous mode [ 61.291128][ T8209] debugfs: Directory 'hsr0' with parent '/' already present! [ 61.301716][ T8207] team0: Port device team_slave_0 added [ 61.311043][ T8207] team0: Port device team_slave_1 added [ 61.320349][ T8212] team0: Port device team_slave_1 added [ 61.329111][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.413455][ T8212] device hsr_slave_0 entered promiscuous mode [ 61.461480][ T8212] device hsr_slave_1 entered promiscuous mode [ 61.501188][ T8212] debugfs: Directory 'hsr0' with parent '/' already present! [ 61.564697][ T8207] device hsr_slave_0 entered promiscuous mode [ 61.601494][ T8207] device hsr_slave_1 entered promiscuous mode [ 61.661161][ T8207] debugfs: Directory 'hsr0' with parent '/' already present! [ 61.671977][ T8200] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.683063][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.692279][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.701479][ T2709] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.708763][ T2709] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.716578][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.737774][ T8209] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 61.783300][ T8209] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 61.843207][ T8209] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 61.883716][ T8209] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 61.977349][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.987853][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.998381][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.007495][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.017149][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.027489][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.043032][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.053247][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.073204][ T8200] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.087610][ T8214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.096242][ T8214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.105535][ T8214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.114466][ T8214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.123034][ T8214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.132765][ T8214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.142569][ T8214] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.151142][ T8214] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.159849][ T8214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.194468][ T8212] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 62.243838][ T8212] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 62.295250][ T8212] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 62.354445][ T8198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.362617][ T8207] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 62.403401][ T8207] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 62.440183][ T8207] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 62.486270][ T8207] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 62.534710][ T8212] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 62.604657][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.613764][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.622780][ T2709] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.629975][ T2709] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.638069][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.647554][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.657281][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.665921][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.684509][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.713279][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.722321][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.732520][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.741876][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.777712][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.787486][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.800594][ T8200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.829803][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.840842][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.856061][ T8198] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.895557][ T8205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.911507][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.919294][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.934378][ T8212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.955303][ T8209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.969436][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.980172][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.993887][ T8212] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.013499][ T8200] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.028658][ T8209] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.047181][ T8205] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.059363][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.073173][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.096308][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.123996][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.169450][ T8207] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.199024][ T8207] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.256394][ T8207] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 63.274245][ T8207] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.319333][ T8207] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.080898][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 168.088555][ C0] rcu: 0-...!: (10499 ticks this GP) idle=fd2/1/0x4000000000000002 softirq=10950/10953 fqs=42 [ 168.100760][ C0] (t=10501 jiffies g=6429 q=462) [ 168.106753][ C0] rcu: rcu_preempt kthread starved for 10418 jiffies! g6429 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 168.123705][ C0] rcu: RCU grace-period kthread stack dump: [ 168.132311][ C0] rcu_preempt R running task 29048 10 2 0x80004000 [ 168.145044][ C0] Call Trace: [ 168.149489][ C0] __schedule+0x9a0/0xcc0 [ 168.155200][ C0] schedule+0x181/0x210 [ 168.160620][ C0] schedule_timeout+0x14f/0x240 [ 168.167014][ C0] ? run_local_timers+0x120/0x120 [ 168.173780][ C0] rcu_gp_kthread+0xed8/0x1770 [ 168.185955][ C0] kthread+0x332/0x350 [ 168.191517][ C0] ? rcu_report_qs_rsp+0x140/0x140 [ 168.198768][ C0] ? kthread_blkcg+0xe0/0xe0 [ 168.204184][ C0] ret_from_fork+0x24/0x30 [ 168.209324][ C0] NMI backtrace for cpu 0 [ 168.214435][ C0] CPU: 0 PID: 291 Comm: kworker/u4:5 Not tainted 5.4.0-syzkaller #0 [ 168.223083][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.233718][ C0] Workqueue: 0x0 (bat_events) [ 168.238655][ C0] Call Trace: [ 168.242034][ C0] [ 168.245079][ C0] dump_stack+0x1fb/0x318 [ 168.249446][ C0] nmi_cpu_backtrace+0xaf/0x1a0 [ 168.255380][ C0] ? nmi_trigger_cpumask_backtrace+0x16d/0x290 [ 168.261886][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 168.267954][ C0] nmi_trigger_cpumask_backtrace+0x174/0x290 [ 168.276734][ C0] arch_trigger_cpumask_backtrace+0x10/0x20 [ 168.283321][ C0] rcu_dump_cpu_stacks+0x15a/0x220 [ 168.288670][ C0] rcu_sched_clock_irq+0xe25/0x1ad0 [ 168.294498][ C0] ? trace_hardirqs_off+0x74/0x80 [ 168.299628][ C0] update_process_times+0x12d/0x180 [ 168.305023][ C0] tick_sched_timer+0x263/0x420 [ 168.310755][ C0] ? tick_setup_sched_timer+0x3d0/0x3d0 [ 168.317342][ C0] __hrtimer_run_queues+0x403/0x840 [ 168.322757][ C0] hrtimer_interrupt+0x38c/0xda0 [ 168.327901][ C0] ? debug_smp_processor_id+0x9/0x20 [ 168.333475][ C0] smp_apic_timer_interrupt+0x109/0x280 [ 168.339535][ C0] apic_timer_interrupt+0xf/0x20 [ 168.344599][ C0] [ 168.347737][ C0] RIP: 0010:free_thread_stack+0x18b/0x590 [ 168.353891][ C0] Code: ff ff e8 28 04 00 00 43 80 3c 2e 00 74 08 4c 89 e7 e8 09 a4 69 00 49 8b 1c 24 48 83 c3 08 48 89 d8 48 c1 e8 03 42 80 3c 28 00 <74> 08 48 89 df e8 eb a3 69 00 48 8b 1b e9 82 ff ff ff e8 de 2c 2e [ 168.375673][ C0] RSP: 0018:ffffc90001dc7c30 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 168.387662][ C0] RAX: 1ffff11014e31ba1 RBX: ffff8880a718dd08 RCX: ffff8880a8d42600 [ 168.395916][ C0] RDX: 0000000000000000 RSI: 00000000fffffffc RDI: ffffea000268c500 [ 168.404551][ C0] RBP: ffffc90001dc7c68 R08: dffffc0000000000 R09: fffffbfff120248a [ 168.414007][ C0] R10: fffffbfff120248a R11: 0000000000000000 R12: ffff8880a718dda0 [ 168.423402][ C0] R13: dffffc0000000000 R14: 1ffff11014e31bb4 R15: ffff8880a63df7a8 [ 168.433793][ C0] put_task_stack+0xa3/0x130 [ 168.441591][ C0] finish_task_switch+0x3f1/0x550 [ 168.448018][ C0] __schedule+0x9a8/0xcc0 [ 168.452359][ C0] schedule+0x181/0x210 [ 168.457399][ C0] worker_thread+0x10d6/0x1630 [ 168.462817][ C0] kthread+0x332/0x350 [ 168.467656][ C0] ? rcu_lock_release+0x30/0x30 [ 168.473086][ C0] ? kthread_blkcg+0xe0/0xe0 [ 168.478738][ C0] ret_from_fork+0x24/0x30