[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 44.866169][ T23] audit: type=1800 audit(1575411382.121:25): pid=8090 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 44.885157][ T23] audit: type=1800 audit(1575411382.131:26): pid=8090 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 44.928870][ T23] audit: type=1800 audit(1575411382.131:27): pid=8090 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts. 2019/12/03 22:16:30 fuzzer started 2019/12/03 22:16:32 dialing manager at 10.128.0.26:42111 2019/12/03 22:16:32 syscalls: 2689 2019/12/03 22:16:32 code coverage: enabled 2019/12/03 22:16:32 comparison tracing: enabled 2019/12/03 22:16:32 extra coverage: extra coverage is not supported by the kernel 2019/12/03 22:16:32 setuid sandbox: enabled 2019/12/03 22:16:32 namespace sandbox: enabled 2019/12/03 22:16:32 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/03 22:16:32 fault injection: enabled 2019/12/03 22:16:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/03 22:16:32 net packet injection: enabled 2019/12/03 22:16:32 net device setup: enabled 2019/12/03 22:16:32 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/03 22:16:32 devlink PCI setup: PCI device 0000:00:10.0 is not available 22:16:33 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x74, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x54, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0x40, 0x2, [@gre_common_policy=[@IFLA_GRE_TTL={0x8, 0x8, 0x4}, @IFLA_GRE_ENCAP_DPORT={0x8, 0x11, 0x4e22}, @IFLA_GRE_ENCAP_TYPE={0x8, 0xe, 0x3}, @IFLA_GRE_OKEY={0x8, 0x5, 0x80}], @gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8}], @IFLA_GRE_REMOTE={0x14, 0x7, @mcast1}]}}}]}, 0x74}}, 0x0) 22:16:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(0x0, 0x141042, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x0) r2 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x4100, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000180)='tasks\x00', 0x2, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000440)='cpuset.cpus\x00\xaa\xef+e\xcb\x98\xe6xm\xbe\xf2F\x96%\x12G\xc8X`\xed\xbe\xce\xdea', 0x2, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10, &(0x7f0000000240), 0x4) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000100)=0x2, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) syzkaller login: [ 56.453998][ T8254] IPVS: ftp: loaded support on port[0] = 21 [ 56.583384][ T8256] IPVS: ftp: loaded support on port[0] = 21 22:16:33 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0xc0189436, &(0x7f0000000080)={'bridge_slave_0\x00?', 0x22000000c0ffffff}) [ 56.687743][ T8254] chnl_net:caif_netlink_parms(): no params data found [ 56.829201][ T8254] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.847691][ T8254] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.855644][ T8254] device bridge_slave_0 entered promiscuous mode [ 56.882683][ T8256] chnl_net:caif_netlink_parms(): no params data found [ 56.897326][ T8254] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.904551][ T8254] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.927339][ T8254] device bridge_slave_1 entered promiscuous mode [ 56.954430][ T8260] IPVS: ftp: loaded support on port[0] = 21 [ 56.976824][ T8254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.008697][ T8254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.042817][ T8254] team0: Port device team_slave_0 added [ 57.053926][ T8254] team0: Port device team_slave_1 added [ 57.067901][ T8256] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.075150][ T8256] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.096953][ T8256] device bridge_slave_0 entered promiscuous mode 22:16:34 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') read$FUSE(r3, &(0x7f0000001100), 0x11e5) setsockopt$sock_timeval(r3, 0x1, 0x42, &(0x7f0000000380)={r1, r2/1000+10000}, 0x13) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) listen(r0, 0x80) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='reno\x00', 0x5) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r5, 0x0, 0xfffffffffffffdc6, 0x20000004, &(0x7f0000000280)={0xa, 0x4e22}, 0x1c) ioctl$TIOCGSERIAL(r4, 0x541e, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/221}) getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) write(r5, &(0x7f00000000c0)="f7", 0x1) recvfrom$inet6(r5, &(0x7f0000001840)=""/31, 0xfffffe0e, 0x100, &(0x7f0000001880), 0x1c) r6 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000140)={'lo\x00\x00\x00$\x00\x00\x00\x00\x00\x00\b\x00\x00\x11', 0xff}) r7 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r7, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) [ 57.111707][ T8256] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.126468][ T8256] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.134479][ T8256] device bridge_slave_1 entered promiscuous mode [ 57.183752][ T8256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.240326][ T8254] device hsr_slave_0 entered promiscuous mode 22:16:34 executing program 4: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, 0x0) [ 57.296614][ T8254] device hsr_slave_1 entered promiscuous mode [ 57.381183][ T8256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.411370][ T8262] IPVS: ftp: loaded support on port[0] = 21 [ 57.489398][ T8256] team0: Port device team_slave_0 added [ 57.549090][ T8256] team0: Port device team_slave_1 added [ 57.571185][ T8254] netdevsim netdevsim0 netdevsim0: renamed from eth0 22:16:34 executing program 5: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000280)=""/60, 0xc4}], 0x13ad, 0x0, 0x539, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r1, 0x0, 0x0) [ 57.648763][ T8254] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.728382][ T8254] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.778277][ T8260] chnl_net:caif_netlink_parms(): no params data found [ 57.822179][ T8267] IPVS: ftp: loaded support on port[0] = 21 [ 57.848257][ T8256] device hsr_slave_0 entered promiscuous mode [ 57.898001][ T8256] device hsr_slave_1 entered promiscuous mode [ 57.936477][ T8256] debugfs: Directory 'hsr0' with parent '/' already present! [ 57.944237][ T8254] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.003579][ T8265] IPVS: ftp: loaded support on port[0] = 21 [ 58.083133][ T8260] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.090354][ T8260] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.098267][ T8260] device bridge_slave_0 entered promiscuous mode [ 58.107646][ T8260] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.114680][ T8260] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.122297][ T8260] device bridge_slave_1 entered promiscuous mode [ 58.145126][ T8256] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 58.199369][ T8256] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 58.268793][ T8262] chnl_net:caif_netlink_parms(): no params data found [ 58.287311][ T8256] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 58.366442][ T8260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.393497][ T8256] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 58.459759][ T8260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.486092][ T8260] team0: Port device team_slave_0 added [ 58.510962][ T8260] team0: Port device team_slave_1 added [ 58.525593][ T8262] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.534451][ T8262] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.542732][ T8262] device bridge_slave_0 entered promiscuous mode [ 58.551189][ T8262] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.558331][ T8262] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.565954][ T8262] device bridge_slave_1 entered promiscuous mode [ 58.599033][ T8265] chnl_net:caif_netlink_parms(): no params data found [ 58.641252][ T8262] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.664684][ T8265] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.675075][ T8265] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.683503][ T8265] device bridge_slave_0 entered promiscuous mode [ 58.702785][ T8265] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.710046][ T8265] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.717904][ T8265] device bridge_slave_1 entered promiscuous mode [ 58.725759][ T8262] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.799775][ T8260] device hsr_slave_0 entered promiscuous mode [ 58.856841][ T8260] device hsr_slave_1 entered promiscuous mode [ 58.906399][ T8260] debugfs: Directory 'hsr0' with parent '/' already present! [ 58.926384][ T8254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.944253][ T8265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.960250][ T8267] chnl_net:caif_netlink_parms(): no params data found [ 58.978903][ T8265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.990291][ T8262] team0: Port device team_slave_0 added [ 59.008396][ T8265] team0: Port device team_slave_0 added [ 59.017321][ T8265] team0: Port device team_slave_1 added [ 59.044386][ T8262] team0: Port device team_slave_1 added [ 59.074918][ T8267] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.084057][ T8267] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.092012][ T8267] device bridge_slave_0 entered promiscuous mode [ 59.100783][ T8267] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.110959][ T8267] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.118769][ T8267] device bridge_slave_1 entered promiscuous mode [ 59.209264][ T8265] device hsr_slave_0 entered promiscuous mode [ 59.247184][ T8265] device hsr_slave_1 entered promiscuous mode [ 59.286601][ T8265] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.303273][ T8260] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 59.378746][ T8260] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 59.418937][ T8260] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 59.479779][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.488877][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.500783][ T8254] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.524651][ T8260] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 59.599926][ T8271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.611844][ T8271] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.621071][ T8271] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.628423][ T8271] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.688868][ T8262] device hsr_slave_0 entered promiscuous mode [ 59.757421][ T8262] device hsr_slave_1 entered promiscuous mode [ 59.816423][ T8262] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.827724][ T8267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.849430][ T2880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.857601][ T2880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.866160][ T2880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.874905][ T2880] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.882142][ T2880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.891647][ T2880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.900341][ T2880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.923550][ T8267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.954625][ T8267] team0: Port device team_slave_0 added [ 59.972521][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.982288][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.991577][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.001885][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.011777][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.025876][ T8254] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.037290][ T8254] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.060736][ T8267] team0: Port device team_slave_1 added [ 60.069960][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.081494][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.090633][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.100369][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.109611][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.130118][ T8256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.152950][ T8265] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 60.221461][ T8265] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 60.258926][ T8262] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 60.304155][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 60.313287][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 60.324774][ T8254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.347431][ T8265] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 60.429429][ T8267] device hsr_slave_0 entered promiscuous mode [ 60.467602][ T8267] device hsr_slave_1 entered promiscuous mode [ 60.526591][ T8267] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.534253][ T8262] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 60.602636][ T8256] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.621873][ T8265] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 60.666785][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.674605][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.683707][ T8262] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 60.728241][ T8262] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 60.771888][ T8260] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.826370][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.835147][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.845149][ T3208] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.852441][ T3208] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.861695][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.877869][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.892393][ T3208] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.899511][ T3208] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.913973][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.017646][ T8276] netlink: 'syz-executor.0': attribute type 8 has an invalid length. [ 61.033027][ T8276] netlink: 'syz-executor.0': attribute type 17 has an invalid length. [ 61.041731][ T8276] netlink: 'syz-executor.0': attribute type 14 has an invalid length. [ 61.055508][ T8276] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 165.876231][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 165.883091][ C1] rcu: 1-...!: (1 GPs behind) idle=4c2/1/0x4000000000000002 softirq=11444/11445 fqs=31 [ 165.893063][ C1] (t=10500 jiffies g=6501 q=321) [ 165.898155][ C1] rcu: rcu_preempt kthread starved for 10429 jiffies! g6501 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 165.909428][ C1] rcu: RCU grace-period kthread stack dump: [ 165.915330][ C1] rcu_preempt R running task 29104 10 2 0x80004000 [ 165.923239][ C1] Call Trace: [ 165.926531][ C1] __schedule+0x9a0/0xcc0 [ 165.930862][ C1] schedule+0x181/0x210 [ 165.935011][ C1] schedule_timeout+0x14f/0x240 [ 165.939864][ C1] ? run_local_timers+0x120/0x120 [ 165.944897][ C1] rcu_gp_kthread+0xed8/0x1770 [ 165.949658][ C1] kthread+0x332/0x350 [ 165.953710][ C1] ? rcu_report_qs_rsp+0x140/0x140 [ 165.958824][ C1] ? kthread_blkcg+0xe0/0xe0 [ 165.963414][ C1] ret_from_fork+0x24/0x30 [ 165.967849][ C1] NMI backtrace for cpu 1 [ 165.972173][ C1] CPU: 1 PID: 8225 Comm: udevd Not tainted 5.4.0-syzkaller #0 [ 165.979785][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 165.989825][ C1] Call Trace: [ 165.993099][ C1] [ 165.995951][ C1] dump_stack+0x1fb/0x318 [ 166.000367][ C1] nmi_cpu_backtrace+0xaf/0x1a0 [ 166.005269][ C1] ? nmi_trigger_cpumask_backtrace+0x16d/0x290 [ 166.011418][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 166.017649][ C1] nmi_trigger_cpumask_backtrace+0x174/0x290 [ 166.023620][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 166.029501][ C1] rcu_dump_cpu_stacks+0x15a/0x220 [ 166.034609][ C1] rcu_sched_clock_irq+0xe25/0x1ad0 [ 166.039887][ C1] ? trace_hardirqs_off+0x74/0x80 [ 166.045054][ C1] update_process_times+0x12d/0x180 [ 166.050383][ C1] tick_sched_timer+0x263/0x420 [ 166.055242][ C1] ? tick_setup_sched_timer+0x3d0/0x3d0 [ 166.060796][ C1] __hrtimer_run_queues+0x403/0x840 [ 166.066006][ C1] hrtimer_interrupt+0x38c/0xda0 [ 166.071387][ C1] ? debug_smp_processor_id+0x9/0x20 [ 166.076666][ C1] smp_apic_timer_interrupt+0x109/0x280 [ 166.082204][ C1] apic_timer_interrupt+0xf/0x20 [ 166.087129][ C1] [ 166.090062][ C1] RIP: 0010:__memcg_kmem_uncharge+0x213/0x2e0 [ 166.096293][ C1] Code: a4 ff 48 c7 c7 98 4b 0d 89 e8 59 97 00 00 bf 01 00 00 00 e8 2f e3 9b ff 65 8b 05 d4 fd 4a 7e 85 c0 74 53 48 83 c4 08 5b 41 5c <41> 5d 41 5e 41 5f 5d c3 49 8d 5f 10 48 89 df be 08 00 00 00 e8 04 [ 166.115976][ C1] RSP: 0018:ffffc90001e37620 EFLAGS: 00000292 ORIG_RAX: ffffffffffffff13 [ 166.124387][ C1] RAX: 0000000000000001 RBX: ffffea0002819680 RCX: 0000000000000000 [ 166.132346][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea0002819680 [ 166.140307][ C1] RBP: ffffc90001e37638 R08: dffffc0000000000 R09: fffffbfff120248a [ 166.148264][ C1] R10: fffffbfff120248a R11: 0000000000000000 R12: ffff8880a2fb40a0 [ 166.156223][ C1] R13: 1ffffd40005032d7 R14: ffffea00028196b8 R15: 0000000000000000 [ 166.164221][ C1] free_thread_stack+0x12e/0x590 [ 166.169149][ C1] put_task_stack+0xa3/0x130 [ 166.173726][ C1] finish_task_switch+0x3f1/0x550 [ 166.178745][ C1] __schedule+0x9a8/0xcc0 [ 166.183075][ C1] preempt_schedule_irq+0xc1/0x140 [ 166.188194][ C1] retint_kernel+0x1b/0x2b [ 166.192596][ C1] RIP: 0010:read_seqcount_begin+0x139/0x1b0 [ 166.198474][ C1] Code: 28 96 0a 89 48 c1 e8 03 42 80 3c 28 00 74 0c 48 c7 c7 28 96 0a 89 e8 46 f9 07 00 48 83 3d 66 7c 60 07 00 74 74 4c 89 ff 57 9d <0f> 1f 44 00 00 4c 89 f3 48 c1 eb 03 42 8a 04 2b 84 c0 74 43 44 89 [ 166.218327][ C1] RSP: 0000:ffffc90001e37890 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 166.226723][ C1] RAX: 1ffffffff12152c5 RBX: ffff88812fffb760 RCX: ffffffff815c0597 [ 166.234691][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000286 [ 166.242738][ C1] RBP: ffffc90001e378b8 R08: ffff88809ecaab58 R09: fffffbfff13c8d2d [ 166.250717][ C1] R10: fffffbfff13c8d2d R11: 0000000000000000 R12: ffffffff81aa16cb [ 166.258675][ C1] R13: dffffc0000000000 R14: ffff88812fffb758 R15: 0000000000000286 [ 166.266653][ C1] ? bad_range+0x7b/0x240 [ 166.270977][ C1] ? mark_lock+0x107/0x1650 [ 166.275510][ C1] bad_range+0x7b/0x240 [ 166.279662][ C1] rmqueue+0xdd/0x2080 [ 166.283790][ C1] ? __kasan_check_read+0x11/0x20 [ 166.289140][ C1] get_page_from_freelist+0x746/0xaa0 [ 166.294525][ C1] __alloc_pages_nodemask+0x264/0x5d0 [ 166.299991][ C1] alloc_pages_vma+0x4f7/0xd50 [ 166.304772][ C1] do_anonymous_page+0x327/0x1610 [ 166.309816][ C1] handle_mm_fault+0x1bce/0x2890 [ 166.314876][ C1] do_user_addr_fault+0x589/0xaf0 [ 166.319906][ C1] __do_page_fault+0xd3/0x1f0 [ 166.324583][ C1] do_page_fault+0x99/0xb0 [ 166.329001][ C1] page_fault+0x39/0x40 [ 166.333169][ C1] RIP: 0033:0x7fd8cce9f2c9 [ 166.337575][ C1] Code: fd 4c 39 eb 4c 0f 46 eb 49 83 fd 14 77 5b 4d 85 ed 74 29 4b 8d 0c 2c 48 89 f8 0f 1f 80 00 00 00 00 41 0f b6 14 24 49 83 c4 01 <88> 10 48 83 c0 01 49 39 cc 75 ec 4c 01 ef 48 89 7d 28 4c 29 eb 48 [ 166.357178][ C1] RSP: 002b:00007ffec2b868e0 EFLAGS: 00010202 [ 166.363234][ C1] RAX: 00007fd8cd7fc000 RBX: 0000000000000002 RCX: 0000000000420726 [ 166.371189][ C1] RDX: 000000000000004e RSI: 0000000000420724 RDI: 00007fd8cd7fc000 [ 166.379159][ C1] RBP: 0000000000f07c30 R08: 00000000ffffffff R09: 0000000000000000 [ 166.387378][ C1] R10: 0000000000000022 R11: 00000000ffffffff R12: 0000000000420725 [ 166.395430][ C1] R13: 0000000000000002 R14: 0000000000000002 R15: 0000000000420724