[ 44.366035][ T27] audit: type=1800 audit(1575368226.474:26): pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 44.402084][ T27] audit: type=1800 audit(1575368226.484:27): pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 44.421842][ T27] audit: type=1800 audit(1575368226.484:28): pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 45.153823][ T27] audit: type=1800 audit(1575368227.284:29): pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.32' (ECDSA) to the list of known hosts. 2019/12/03 10:17:16 fuzzer started 2019/12/03 10:17:18 dialing manager at 10.128.0.26:38907 2019/12/03 10:17:18 syscalls: 2697 2019/12/03 10:17:18 code coverage: enabled 2019/12/03 10:17:18 comparison tracing: enabled 2019/12/03 10:17:18 extra coverage: extra coverage is not supported by the kernel 2019/12/03 10:17:18 setuid sandbox: enabled 2019/12/03 10:17:18 namespace sandbox: enabled 2019/12/03 10:17:18 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/03 10:17:18 fault injection: enabled 2019/12/03 10:17:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/03 10:17:18 net packet injection: enabled 2019/12/03 10:17:18 net device setup: enabled 2019/12/03 10:17:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/03 10:17:18 devlink PCI setup: PCI device 0000:00:10.0 is not available 10:17:19 executing program 0: r0 = socket$inet6(0xa, 0x5, 0x0) listen(r0, 0x1d7) sendmmsg$inet6(r0, &(0x7f0000005480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000084000000010000000083fbc9f6e60000"], 0x18}}], 0x1, 0x0) 10:17:19 executing program 1: r0 = memfd_create(&(0x7f0000000300)='\x00\xb3y\xb1\xc4\xc5)\xa3\xc6\x9cjuu\xa1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x20a81) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'}) write$P9_RLINK(r2, &(0x7f0000000280)={0x7}, 0x269) ppoll(&(0x7f0000000180)=[{r0}], 0x1, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040)="0a0775db7b2803b4", 0x8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000040)={0x393, @time}) syzkaller login: [ 57.217126][ T8232] IPVS: ftp: loaded support on port[0] = 21 10:17:19 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'lo\x00', &(0x7f00000019c0)=@ethtool_perm_addr}) [ 57.354900][ T8234] IPVS: ftp: loaded support on port[0] = 21 [ 57.440696][ T8232] chnl_net:caif_netlink_parms(): no params data found [ 57.557921][ T8232] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.566433][ T8232] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.576009][ T8232] device bridge_slave_0 entered promiscuous mode [ 57.599376][ T8232] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.607947][ T8232] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.617785][ T8232] device bridge_slave_1 entered promiscuous mode [ 57.631518][ T8234] chnl_net:caif_netlink_parms(): no params data found 10:17:19 executing program 3: unshare(0x2040400) r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x0, 0x0) ioctl$VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, 0x0) [ 57.653946][ T8232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.675122][ T8238] IPVS: ftp: loaded support on port[0] = 21 [ 57.684289][ T8232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.743874][ T8234] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.750971][ T8234] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.773343][ T8234] device bridge_slave_0 entered promiscuous mode [ 57.797790][ T8232] team0: Port device team_slave_0 added [ 57.816992][ T8234] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.832575][ T8234] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.840619][ T8234] device bridge_slave_1 entered promiscuous mode [ 57.863580][ T8232] team0: Port device team_slave_1 added [ 57.911823][ T8234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.943268][ T8234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 10:17:20 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x36cc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x24, 0x23, 0x853, 0x0, 0x0, {0x2804, 0xe00000000000000}, [@typed={0x10, 0x11, @str=':%/ime_type\x00'}]}, 0x24}, 0x1, 0x1c689, 0x0, 0x1cabe}, 0x0) [ 57.959165][ T8240] IPVS: ftp: loaded support on port[0] = 21 [ 57.988148][ T8232] device hsr_slave_0 entered promiscuous mode [ 58.052261][ T8232] device hsr_slave_1 entered promiscuous mode [ 58.141849][ T8234] team0: Port device team_slave_0 added [ 58.158300][ T8232] netdevsim netdevsim0 netdevsim0: renamed from eth0 10:17:20 executing program 5: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) creat(&(0x7f0000000040)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) link(&(0x7f00000000c0)='./bus/file0\x00', &(0x7f0000000200)='./bus/file1\x00') mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) prlimit64(0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) unlink(&(0x7f00000001c0)='./bus/file0\x00') [ 58.245181][ T8232] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.325271][ T8232] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.384037][ T8234] team0: Port device team_slave_1 added [ 58.389917][ T8232] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.459277][ T8242] IPVS: ftp: loaded support on port[0] = 21 [ 58.465422][ T8232] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.472583][ T8232] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.480288][ T8232] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.487417][ T8232] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.511691][ T22] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.521145][ T8244] IPVS: ftp: loaded support on port[0] = 21 [ 58.529996][ T22] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.635970][ T8234] device hsr_slave_0 entered promiscuous mode [ 58.702234][ T8234] device hsr_slave_1 entered promiscuous mode [ 58.752243][ T8234] debugfs: Directory 'hsr0' with parent '/' already present! [ 58.767740][ T8238] chnl_net:caif_netlink_parms(): no params data found [ 58.838462][ T8234] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 58.875778][ T8234] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 58.929271][ T8234] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 58.985540][ T8234] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 59.105473][ T8238] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.113221][ T8238] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.121219][ T8238] device bridge_slave_0 entered promiscuous mode [ 59.141107][ T8238] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.148353][ T8238] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.156495][ T8238] device bridge_slave_1 entered promiscuous mode [ 59.169856][ T8240] chnl_net:caif_netlink_parms(): no params data found [ 59.198846][ T8242] chnl_net:caif_netlink_parms(): no params data found [ 59.225192][ T8238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.256261][ T8232] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.269035][ T8238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.319925][ T8242] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.327562][ T8242] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.335757][ T8242] device bridge_slave_0 entered promiscuous mode [ 59.345187][ T8238] team0: Port device team_slave_0 added [ 59.357299][ T8240] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.364621][ T8240] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.374996][ T8240] device bridge_slave_0 entered promiscuous mode [ 59.385044][ T8240] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.392243][ T8240] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.399905][ T8240] device bridge_slave_1 entered promiscuous mode [ 59.408716][ T8242] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.416667][ T8242] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.424610][ T8242] device bridge_slave_1 entered promiscuous mode [ 59.432686][ T8238] team0: Port device team_slave_1 added [ 59.445860][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.454559][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.465579][ T8244] chnl_net:caif_netlink_parms(): no params data found [ 59.545663][ T8238] device hsr_slave_0 entered promiscuous mode [ 59.602461][ T8238] device hsr_slave_1 entered promiscuous mode [ 59.652099][ T8238] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.665673][ T8232] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.697952][ T8242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.709419][ T8240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.722208][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.730853][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.739777][ T8245] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.746888][ T8245] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.771372][ T8242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.782584][ T8240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.808309][ T8240] team0: Port device team_slave_0 added [ 59.828446][ T8234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.839431][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.851607][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.860293][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.867367][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.883155][ T8240] team0: Port device team_slave_1 added [ 59.893280][ T8244] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.900343][ T8244] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.908251][ T8244] device bridge_slave_0 entered promiscuous mode [ 59.917649][ T8244] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.925125][ T8244] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.933229][ T8244] device bridge_slave_1 entered promiscuous mode [ 59.946657][ T8242] team0: Port device team_slave_0 added [ 59.956749][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.965322][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.974027][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.983991][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.993899][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.001854][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.011509][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.031009][ T8242] team0: Port device team_slave_1 added [ 60.048481][ T8232] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.059317][ T8232] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.080184][ T8238] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 60.109635][ T8238] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 60.169591][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.178121][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.187304][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.196025][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.204310][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.212079][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.220195][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.229666][ T8244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.246630][ T8238] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 60.344724][ T8240] device hsr_slave_0 entered promiscuous mode [ 60.372572][ T8240] device hsr_slave_1 entered promiscuous mode [ 60.412390][ T8240] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.425505][ T8244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.474911][ T8242] device hsr_slave_0 entered promiscuous mode [ 60.513187][ T8242] device hsr_slave_1 entered promiscuous mode [ 60.552842][ T8242] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.562530][ T8234] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.575580][ T8238] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 60.678861][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.687759][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.696558][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.703664][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.712167][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.732020][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.740571][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.749538][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.756875][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.764680][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.773855][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.782532][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.790942][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.800980][ T8244] team0: Port device team_slave_0 added [ 60.822822][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.830567][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.844315][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.853510][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.861753][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.870946][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 60.878566][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 60.886996][ T8244] team0: Port device team_slave_1 added [ 60.920895][ T8232] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.936560][ T8234] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.947735][ T8234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.966129][ T8240] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 61.033994][ T8242] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 61.074719][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.084579][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.107688][ T8240] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 61.144672][ T8242] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 61.186041][ T8242] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 61.251112][ T8234] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 166.301894][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 166.308689][ C1] rcu: 1-...!: (10499 ticks this GP) idle=21a/1/0x4000000000000002 softirq=11584/11584 fqs=1 [ 166.319197][ C1] (t=10500 jiffies g=6341 q=95) [ 166.324130][ C1] rcu: rcu_preempt kthread starved for 10498 jiffies! g6341 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 166.335478][ C1] rcu: RCU grace-period kthread stack dump: [ 166.341358][ C1] rcu_preempt R running task 29032 10 2 0x80004000 [ 166.349253][ C1] Call Trace: [ 166.352545][ C1] __schedule+0x9a0/0xcc0 [ 166.356874][ C1] schedule+0x181/0x210 [ 166.361020][ C1] schedule_timeout+0x14f/0x240 [ 166.365860][ C1] ? run_local_timers+0x120/0x120 [ 166.370882][ C1] rcu_gp_kthread+0xed8/0x1770 [ 166.375654][ C1] kthread+0x332/0x350 [ 166.379710][ C1] ? rcu_report_qs_rsp+0x140/0x140 [ 166.384808][ C1] ? kthread_blkcg+0xe0/0xe0 [ 166.389400][ C1] ret_from_fork+0x24/0x30 [ 166.393837][ C1] NMI backtrace for cpu 1 [ 166.398179][ C1] CPU: 1 PID: 8253 Comm: blkid Not tainted 5.4.0-syzkaller #0 [ 166.405621][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.415665][ C1] Call Trace: [ 166.418935][ C1] [ 166.421778][ C1] dump_stack+0x1fb/0x318 [ 166.426122][ C1] nmi_cpu_backtrace+0xaf/0x1a0 [ 166.430961][ C1] ? nmi_trigger_cpumask_backtrace+0x16d/0x290 [ 166.437105][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 166.443160][ C1] nmi_trigger_cpumask_backtrace+0x174/0x290 [ 166.449133][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 166.455017][ C1] rcu_dump_cpu_stacks+0x15a/0x220 [ 166.460123][ C1] rcu_sched_clock_irq+0xe25/0x1ad0 [ 166.465315][ C1] ? trace_hardirqs_off+0x74/0x80 [ 166.470360][ C1] update_process_times+0x12d/0x180 [ 166.475554][ C1] tick_sched_timer+0x263/0x420 [ 166.480400][ C1] ? tick_setup_sched_timer+0x3d0/0x3d0 [ 166.485938][ C1] __hrtimer_run_queues+0x403/0x840 [ 166.491143][ C1] hrtimer_interrupt+0x38c/0xda0 [ 166.496086][ C1] ? debug_smp_processor_id+0x9/0x20 [ 166.501475][ C1] smp_apic_timer_interrupt+0x109/0x280 [ 166.507010][ C1] apic_timer_interrupt+0xf/0x20 [ 166.511932][ C1] [ 166.514861][ C1] RIP: 0010:free_thread_stack+0x14c/0x590 [ 166.520572][ C1] Code: 2e 00 48 89 df 31 f6 e8 42 af 6e 00 43 80 3c 2e 00 74 08 4c 89 e7 e8 43 a4 69 00 49 8b 1c 24 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 25 a4 69 00 48 8b 3b be fc ff ff [ 166.540262][ C1] RSP: 0018:ffffc90002707758 EFLAGS: 00000a02 ORIG_RAX: ffffffffffffff13 [ 166.548688][ C1] RAX: 1ffff110121de9f1 RBX: ffff888090ef4f88 RCX: 0000000000000000 [ 166.556659][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea00027b3d00 [ 166.564616][ C1] RBP: ffffc90002707790 R08: dffffc0000000000 R09: fffffbfff120248a [ 166.572713][ C1] R10: fffffbfff120248a R11: 0000000000000000 R12: ffff888090ebd020 [ 166.580839][ C1] R13: dffffc0000000000 R14: 1ffff110121d7a04 R15: ffff88808812b568 [ 166.588835][ C1] ? free_thread_stack+0x12e/0x590 [ 166.593941][ C1] put_task_stack+0xa3/0x130 [ 166.598523][ C1] finish_task_switch+0x3f1/0x550 [ 166.603629][ C1] __schedule+0x9a8/0xcc0 [ 166.607956][ C1] preempt_schedule_irq+0xc1/0x140 [ 166.613059][ C1] retint_kernel+0x1b/0x2b [ 166.617463][ C1] RIP: 0010:kmem_cache_free+0xc8/0xf0 [ 166.622822][ C1] Code: 58 07 00 74 42 4c 89 f7 57 9d 0f 1f 44 00 00 e8 0e 98 ca ff eb 19 e8 a7 95 ca ff 48 83 3d 07 f7 58 07 00 74 24 4c 89 f7 57 9d <0f> 1f 44 00 00 4c 89 e7 4c 89 fe e8 58 01 00 00 5b 41 5c 41 5e 41 [ 166.642418][ C1] RSP: 0018:ffffc900027079a0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 166.650820][ C1] RAX: ffff88809940e9d4 RBX: ffff8880aa812a80 RCX: ffff88809940e140 [ 166.658783][ C1] RDX: 0000000000000000 RSI: ffffffff81a3c074 RDI: 0000000000000286 [ 166.666747][ C1] RBP: ffffc900027079c0 R08: ffff88809940e998 R09: ffffc900027077d4 [ 166.674722][ C1] R10: 0000000000000012 R11: 0000000000000000 R12: ffffffff81a3c074 [ 166.682681][ C1] R13: dffffc0000000000 R14: 0000000000000286 R15: ffff8880a834b000 [ 166.690654][ C1] ? ptlock_free+0x44/0x50 [ 166.695063][ C1] ? ptlock_free+0x44/0x50 [ 166.699481][ C1] ptlock_free+0x44/0x50 [ 166.703718][ C1] ___pmd_free_tlb+0xb2/0x120 [ 166.708383][ C1] free_pgd_range+0xac5/0xea0 [ 166.713074][ C1] free_pgtables+0x2c8/0x300 [ 166.717654][ C1] exit_mmap+0x28a/0x530 [ 166.721882][ C1] ? exit_aio+0x25e/0x370 [ 166.726209][ C1] __mmput+0x120/0x3a0 [ 166.730271][ C1] mmput+0x5d/0x70 [ 166.733990][ C1] exit_mm+0x50a/0x590 [ 166.738059][ C1] do_exit+0x544/0x2020 [ 166.742210][ C1] ? check_preemption_disabled+0xb4/0x260 [ 166.747927][ C1] do_group_exit+0x15c/0x2b0 [ 166.752514][ C1] __do_sys_exit_group+0x17/0x20 [ 166.757443][ C1] __se_sys_exit_group+0x14/0x20 [ 166.762373][ C1] __x64_sys_exit_group+0x3b/0x40 [ 166.767392][ C1] do_syscall_64+0xf7/0x1c0 [ 166.771888][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.777845][ C1] RIP: 0033:0x7fe7c6dd81e8 [ 166.782270][ C1] Code: Bad RIP value. [ 166.786351][ C1] RSP: 002b:00007fff6b66e908 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 166.794761][ C1] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fe7c6dd81e8 [ 166.802724][ C1] RDX: 0000000000000002 RSI: 000000000000003c RDI: 0000000000000002 [ 166.810684][ C1] RBP: 00007fe7c70ad840 R08: 00000000000000e7 R09: ffffffffffffffa8 [ 166.818644][ C1] R10: 00007fe7c70b3740 R11: 0000000000000246 R12: 00007fe7c70ad840 [ 166.826608][ C1] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000