[   41.680982][   T27] audit: type=1800 audit(1575380973.085:26): pid=7955 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   41.730605][   T27] audit: type=1800 audit(1575380973.085:27): pid=7955 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   41.785652][   T27] audit: type=1800 audit(1575380973.115:28): pid=7955 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   42.512255][   T27] audit: type=1800 audit(1575380973.935:29): pid=7955 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts.
2019/12/03 13:49:43 fuzzer started
2019/12/03 13:49:45 dialing manager at 10.128.0.26:45711
2019/12/03 13:49:45 syscalls: 2689
2019/12/03 13:49:45 code coverage: enabled
2019/12/03 13:49:45 comparison tracing: enabled
2019/12/03 13:49:45 extra coverage: extra coverage is not supported by the kernel
2019/12/03 13:49:45 setuid sandbox: enabled
2019/12/03 13:49:45 namespace sandbox: enabled
2019/12/03 13:49:45 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/03 13:49:45 fault injection: enabled
2019/12/03 13:49:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/03 13:49:45 net packet injection: enabled
2019/12/03 13:49:45 net device setup: enabled
2019/12/03 13:49:45 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/12/03 13:49:45 devlink PCI setup: PCI device 0000:00:10.0 is not available
13:49:46 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x2, 0x4, &(0x7f0000000fc0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x73}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)

13:49:46 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)='sysfs\x00*\x86OK\xc0\v\xce\x1b\xdb\x04,r&\xeb\x016\xd9bN\xa1\xd23t\xa6`\xfeZ\xc1sr/\xd3g\xad\"\xe8U0\x05\xa2\xe8\xbe\v\xc5QCy\xafr\x13\xd3+\x8d]\x06\xdc\x8f\xbf,\x84\x9e\xd9\xcd\xef\xc7K\x03\xdf\xa9\xcbZ\x90\xb2\vK$\xd7\x86,5f\xfc\xa51g\xd5BB5CZ=\xbbv\xbc}<B\xfc.\x9cia\x14\xa6\xf8\x88\xf0\xda\x85\'v\x83\xcf\xc1\xc4\xd2\xbfq\xc2U\xa3\x13Md\xcc?\xed\x8e\x97y\x8d\xeb\x861\xcb\xf7h,\x9f\xa2\xed\x03\x14e\xaa\x19\x1d\xf9\"\xf7d)|\xba\"\xa8I\x9d\x17\x7fI\xfb\xa9@\xf5[\xbc\x8br?\xd3t\xf1E\xfe\xd7\x8c\x8a\xee\xc6\x81c_\xb3]\xbf\xa0\x1d\x9bXyHs\x87\xd5e\x94\xa1L%\x88\'M\xe8O\xa2v\x100+?\xb5Ar\xa8\xc9\x10\xa0~|v\xee\xb0n\x1e\xc2(r3w\xa8\x1ee\x9e\xf9<\xc8\xb8FZ\x15\xc8(\xc5@\xd2\xff\x02@\xce\x87\xd0-\xb4\xbe\x88\xe6)j\x15\x88\x00\x00\x00\x00qF\xe5\'-\xed\xd4\x0ey-k\xc7\xba', 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
chmod(&(0x7f0000000280)='./file0\x00', 0x0)

syzkaller login: [   55.340241][ T8119] IPVS: ftp: loaded support on port[0] = 21
13:49:46 executing program 2:
syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x20, 0x0)

[   55.497983][ T8121] IPVS: ftp: loaded support on port[0] = 21
[   55.545236][ T8119] chnl_net:caif_netlink_parms(): no params data found
[   55.634731][ T8124] IPVS: ftp: loaded support on port[0] = 21
[   55.685451][ T8119] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.693660][ T8119] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.701796][ T8119] device bridge_slave_0 entered promiscuous mode
13:49:47 executing program 3:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo\x00')
getdents(r0, &(0x7f0000000080)=""/47, 0x16ad)

[   55.754114][ T8119] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.761235][ T8119] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.770997][ T8119] device bridge_slave_1 entered promiscuous mode
[   55.816440][ T8119] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.830989][ T8119] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.850394][ T8121] chnl_net:caif_netlink_parms(): no params data found
[   55.960228][ T8119] team0: Port device team_slave_0 added
[   55.974290][ T8119] team0: Port device team_slave_1 added
[   56.005278][ T8127] IPVS: ftp: loaded support on port[0] = 21
[   56.025083][ T8124] chnl_net:caif_netlink_parms(): no params data found
[   56.033922][ T8121] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.041012][ T8121] bridge0: port 1(bridge_slave_0) entered disabled state
13:49:47 executing program 4:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setfsuid(r1)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000040)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x5c}]})

[   56.050978][ T8121] device bridge_slave_0 entered promiscuous mode
[   56.060415][ T8121] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.069431][ T8121] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.077397][ T8121] device bridge_slave_1 entered promiscuous mode
[   56.135184][ T8119] device hsr_slave_0 entered promiscuous mode
[   56.182803][ T8119] device hsr_slave_1 entered promiscuous mode
[   56.285454][ T8121] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.319532][ T8121] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.345526][ T8130] IPVS: ftp: loaded support on port[0] = 21
13:49:47 executing program 5:
r0 = eventfd(0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = dup2(r1, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket(0x40000000000001e, 0x1, 0x0)
sendmsg(r3, &(0x7f0000db5fc8)={&(0x7f00004aeb5c)=@generic={0x10000001001e, "030000000000000000000001e526cc573c5bf86c483724c71e14dd6a739effea1b48007be61ffe06d79f00000000000000076c3f010039d8f986ff01000000000000af06d5fe32c419d67bcbc7e3ad316a198356edb9b7341c1fd45624281e27800ece70b076c3979ac40000bd767e2e78a1dfd300881a1565b3b16d7436"}, 0x80, 0x0}, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000000940)=[{{&(0x7f00000000c0)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @ipv4={[], [], @empty}}}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000d80)=""/4096, 0x1000}], 0x1, &(0x7f0000000480)=""/59, 0x3b}}], 0x4000000000000ec, 0x0, 0x0)

[   56.391542][ T8124] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.412016][ T8124] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.420283][ T8124] device bridge_slave_0 entered promiscuous mode
[   56.440151][ T8121] team0: Port device team_slave_0 added
[   56.464538][ T8121] team0: Port device team_slave_1 added
[   56.470390][ T8119] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.527042][ T8119] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.565022][ T8124] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.572108][ T8124] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.580209][ T8124] device bridge_slave_1 entered promiscuous mode
[   56.655600][ T8121] device hsr_slave_0 entered promiscuous mode
[   56.713730][ T8121] device hsr_slave_1 entered promiscuous mode
[   56.772633][ T8121] debugfs: Directory 'hsr0' with parent '/' already present!
[   56.794066][ T8119] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.834824][ T8119] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.891750][ T8132] IPVS: ftp: loaded support on port[0] = 21
[   56.939482][ T8124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.956748][ T8121] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   57.037434][ T8124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.051227][ T8121] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   57.097554][ T8121] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   57.161114][ T8121] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   57.227207][ T8124] team0: Port device team_slave_0 added
[   57.237350][ T8124] team0: Port device team_slave_1 added
[   57.256290][ T8127] chnl_net:caif_netlink_parms(): no params data found
[   57.296296][ T8130] chnl_net:caif_netlink_parms(): no params data found
[   57.354279][ T8124] device hsr_slave_0 entered promiscuous mode
[   57.402961][ T8124] device hsr_slave_1 entered promiscuous mode
[   57.452567][ T8124] debugfs: Directory 'hsr0' with parent '/' already present!
[   57.500449][ T8127] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.508233][ T8127] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.516811][ T8127] device bridge_slave_0 entered promiscuous mode
[   57.545879][ T8130] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.553143][ T8130] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.560793][ T8130] device bridge_slave_0 entered promiscuous mode
[   57.568630][ T8127] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.576141][ T8127] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.585310][ T8127] device bridge_slave_1 entered promiscuous mode
[   57.607396][ T8130] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.614812][ T8130] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.622552][ T8130] device bridge_slave_1 entered promiscuous mode
[   57.647005][ T8127] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.658402][ T8127] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.709291][ T8130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.721284][ T8119] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.746446][ T8130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.771159][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.779702][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.791245][ T8119] 8021q: adding VLAN 0 to HW filter on device team0
[   57.798486][ T8124] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   57.854865][ T8124] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   57.896117][ T8127] team0: Port device team_slave_0 added
[   57.901926][ T8124] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   57.948441][ T8124] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   57.995413][ T8132] chnl_net:caif_netlink_parms(): no params data found
[   58.015938][ T8127] team0: Port device team_slave_1 added
[   58.028599][ T8130] team0: Port device team_slave_0 added
[   58.039228][ T8130] team0: Port device team_slave_1 added
[   58.053024][ T8121] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.060276][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   58.069276][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   58.078157][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.085340][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.103122][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   58.110967][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   58.120667][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   58.129156][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.136267][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.145427][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   58.154316][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   58.162843][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   58.171288][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   58.179698][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   58.188139][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   58.211931][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   58.236295][ T8132] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.244527][ T8132] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.252238][ T8132] device bridge_slave_0 entered promiscuous mode
[   58.260745][ T8132] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.268000][ T8132] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.276237][ T8132] device bridge_slave_1 entered promiscuous mode
[   58.344328][ T8130] device hsr_slave_0 entered promiscuous mode
[   58.382985][ T8130] device hsr_slave_1 entered promiscuous mode
[   58.435694][ T8130] debugfs: Directory 'hsr0' with parent '/' already present!
[   58.458032][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   58.466847][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   58.476905][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   58.484723][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.495989][ T8119] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   58.507623][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   58.521952][ T8132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.534740][ T8121] 8021q: adding VLAN 0 to HW filter on device team0
[   58.546354][ T3954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   58.555372][ T3954] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   58.636978][ T8127] device hsr_slave_0 entered promiscuous mode
[   58.692890][ T8127] device hsr_slave_1 entered promiscuous mode
[   58.722685][ T8127] debugfs: Directory 'hsr0' with parent '/' already present!
[   58.731335][ T8132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.770783][ T8119] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.785563][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   58.800167][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   58.808763][ T2613] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.815865][ T2613] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.824678][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   58.833615][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   58.841894][ T2613] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.848985][ T2613] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.856800][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   58.865769][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   58.874392][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   58.882945][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   58.891145][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   58.899843][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   58.908427][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   58.916806][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   58.925074][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   58.933422][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   58.941576][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   58.949389][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   58.957154][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   58.965587][ T2613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   58.984760][ T8130] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   59.061837][ T8132] team0: Port device team_slave_0 added
[   59.069940][ T8130] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   59.125125][ T8121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   59.143441][ T8132] team0: Port device team_slave_1 added
[   59.149348][ T8127] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   59.197209][ T8130] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   59.247088][ T8130] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   59.294615][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   59.314105][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   59.334876][ T8127] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  164.332438][    C0] rcu: INFO: rcu_preempt self-detected stall on CPU
[  164.339334][    C0] rcu: 	0-...!: (10499 ticks this GP) idle=7ea/1/0x4000000000000002 softirq=11856/11856 fqs=142 
[  164.350308][    C0] 	(t=10500 jiffies g=6089 q=80)
[  164.355267][    C0] rcu: rcu_preempt kthread starved for 10204 jiffies! g6089 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  164.366374][    C0] rcu: RCU grace-period kthread stack dump:
[  164.372274][    C0] rcu_preempt     R  running task    29032    10      2 0x80004000
[  164.380176][    C0] Call Trace:
[  164.383469][    C0]  __schedule+0x9a0/0xcc0
[  164.387798][    C0]  schedule+0x181/0x210
[  164.391981][    C0]  schedule_timeout+0x14f/0x240
[  164.396926][    C0]  ? run_local_timers+0x120/0x120
[  164.401962][    C0]  rcu_gp_kthread+0xed8/0x1770
[  164.406772][    C0]  kthread+0x332/0x350
[  164.410842][    C0]  ? rcu_report_qs_rsp+0x140/0x140
[  164.415956][    C0]  ? kthread_blkcg+0xe0/0xe0
[  164.420548][    C0]  ret_from_fork+0x24/0x30
[  164.424985][    C0] NMI backtrace for cpu 0
[  164.429314][    C0] CPU: 0 PID: 8140 Comm: syz-executor.0 Not tainted 5.4.0-syzkaller #0
[  164.437575][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  164.447637][    C0] Call Trace:
[  164.450936][    C0]  <IRQ>
[  164.453806][    C0]  dump_stack+0x1fb/0x318
[  164.458136][    C0]  nmi_cpu_backtrace+0xaf/0x1a0
[  164.462988][    C0]  ? nmi_trigger_cpumask_backtrace+0x16d/0x290
[  164.469161][    C0]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  164.475226][    C0]  nmi_trigger_cpumask_backtrace+0x174/0x290
[  164.481238][    C0]  arch_trigger_cpumask_backtrace+0x10/0x20
[  164.487147][    C0]  rcu_dump_cpu_stacks+0x15a/0x220
[  164.492267][    C0]  rcu_sched_clock_irq+0xe25/0x1ad0
[  164.497592][    C0]  ? trace_hardirqs_off+0x74/0x80
[  164.502620][    C0]  update_process_times+0x12d/0x180
[  164.507943][    C0]  tick_sched_timer+0x263/0x420
[  164.512798][    C0]  ? tick_setup_sched_timer+0x3d0/0x3d0
[  164.518339][    C0]  __hrtimer_run_queues+0x403/0x840
[  164.523541][    C0]  hrtimer_interrupt+0x38c/0xda0
[  164.528506][    C0]  ? debug_smp_processor_id+0x9/0x20
[  164.533793][    C0]  smp_apic_timer_interrupt+0x109/0x280
[  164.539335][    C0]  apic_timer_interrupt+0xf/0x20
[  164.544265][    C0]  </IRQ>
[  164.547207][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0xd/0x50
[  164.553268][    C0] Code: e5 53 48 89 fb e8 13 00 00 00 48 8b 3d 74 25 cd 07 48 89 de e8 64 02 3b 00 5b 5d c3 cc 48 8b 04 24 65 48 8b 0c 25 c0 1d 02 00 <65> 8b 15 b8 81 8b 7e f7 c2 00 01 1f 00 75 2c 8b 91 80 13 00 00 83
[  164.572857][    C0] RSP: 0018:ffffc90002496db0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  164.581266][    C0] RAX: ffffffff81487326 RBX: ffffea00029e0400 RCX: ffff88808d71a040
[  164.589223][    C0] RDX: ffffc90001f39000 RSI: 00000000fffffffc RDI: ffffea00029e0400
[  164.597180][    C0] RBP: ffffc90002496dd8 R08: 000000000003a768 R09: ffffed10127c4ecf
[  164.605137][    C0] R10: ffffed10127c4ecf R11: 0000000000000000 R12: ffff8880950bc5a0
[  164.613094][    C0] R13: dffffc0000000000 R14: 00000000fffffffc R15: ffff888093e27668
[  164.621064][    C0]  ? mod_memcg_page_state+0x16/0x190
[  164.626351][    C0]  ? mod_memcg_page_state+0x16/0x190
[  164.631625][    C0]  free_thread_stack+0x168/0x590
[  164.636554][    C0]  put_task_stack+0xa3/0x130
[  164.641130][    C0]  finish_task_switch+0x3f1/0x550
[  164.646147][    C0]  __schedule+0x9a8/0xcc0
[  164.650471][    C0]  ? ___preempt_schedule+0x16/0x18
[  164.655567][    C0]  preempt_schedule+0xdb/0x120
[  164.660316][    C0]  ___preempt_schedule+0x16/0x18
[  164.665240][    C0]  ? page_poisoning_enabled+0x1c/0x30
[  164.670597][    C0]  prep_new_page+0x161/0x2e0
[  164.675201][    C0]  get_page_from_freelist+0x850/0xaa0
[  164.680570][    C0]  __alloc_pages_nodemask+0x264/0x5d0
[  164.685937][    C0]  alloc_pages_vma+0x94a/0xd50
[  164.690693][    C0]  do_huge_pmd_anonymous_page+0x883/0xe50
[  164.696405][    C0]  handle_mm_fault+0x2017/0x2890
[  164.701351][    C0]  do_user_addr_fault+0x589/0xaf0
[  164.706370][    C0]  __do_page_fault+0xd3/0x1f0
[  164.711035][    C0]  do_page_fault+0x99/0xb0
[  164.715439][    C0]  page_fault+0x39/0x40
[  164.719580][    C0] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0
[  164.725910][    C0] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a
[  164.745499][    C0] RSP: 0018:ffffc90002497560 EFLAGS: 00010206
[  164.751547][    C0] RAX: ffffffff838f9c01 RBX: 000000002062b019 RCX: 0000000000000003
[  164.759516][    C0] RDX: 0000000000000001 RSI: ffff8880a350c264 RDI: 000000002062b000
[  164.767473][    C0] RBP: ffffc90002497590 R08: 3d65707974203152 R09: ffffed10146a1850
[  164.775431][    C0] R10: ffffed10146a1850 R11: 0000000000000000 R12: 0000000000000019
[  164.783389][    C0] R13: 00007ffffffff000 R14: ffff8880a350c264 R15: 000000002062b000
[  164.791361][    C0]  ? _copy_to_user+0x11/0x150
[  164.796028][    C0]  ? _copy_to_user+0x104/0x150
[  164.800796][    C0]  bpf_verifier_vlog+0x18b/0x2f0
[  164.805731][    C0]  verbose+0x173/0x200
[  164.809791][    C0]  ? do_check+0x9ab7/0x1c4d0
[  164.814402][    C0]  do_check+0x1bbe2/0x1c4d0
[  164.818943][    C0]  ? kasan_slab_free+0xe/0x10
[  164.823608][    C0]  ? kvfree+0x47/0x50
[  164.827608][    C0]  ? bpf_check+0xd97c/0xfc40
[  164.832191][    C0]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  164.838282][    C0]  ? kvfree+0x47/0x50
[  164.842254][    C0]  ? trace_hardirqs_on+0x74/0x80
[  164.847185][    C0]  bpf_check+0xd9a8/0xfc40
[  164.851635][    C0]  ? ktime_get_with_offset+0x98/0x180
[  164.856996][    C0]  ? read_seqcount_begin+0x125/0x1c0
[  164.862280][    C0]  ? memset+0x31/0x40
[  164.866268][    C0]  __do_sys_bpf+0x99d6/0xc890
[  164.870961][    C0]  ? kcov_ioctl+0x285/0x2c0
[  164.875458][    C0]  ? __might_fault+0xf9/0x160
[  164.880134][    C0]  ? check_preemption_disabled+0xb4/0x260
[  164.886283][    C0]  ? debug_smp_processor_id+0x9/0x20
[  164.891580][    C0]  ? debug_smp_processor_id+0x1c/0x20
[  164.896964][    C0]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  164.903022][    C0]  ? prepare_exit_to_usermode+0x221/0x5b0
[  164.908730][    C0]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[  164.914435][    C0]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  164.919881][    C0]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[  164.925598][    C0]  ? do_syscall_64+0x1d/0x1c0
[  164.930267][    C0]  __x64_sys_bpf+0x7a/0x90
[  164.934697][    C0]  do_syscall_64+0xf7/0x1c0
[  164.939203][    C0]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  164.945088][    C0] RIP: 0033:0x45a679
[  164.948973][    C0] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  164.969148][    C0] RSP: 002b:00007f755dcf7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  164.977598][    C0] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679
[  164.985574][    C0] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005
[  164.993538][    C0] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  165.001495][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f755dcf86d4
[  165.009456][    C0] R13: 00000000004c0d07 R14: 00000000004d4808 R15: 00000000ffffffff