[ 43.509185][ T23] audit: type=1800 audit(1575391540.699:25): pid=8050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 43.528183][ T23] audit: type=1800 audit(1575391540.699:26): pid=8050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 43.548604][ T23] audit: type=1800 audit(1575391540.699:27): pid=8050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 43.608481][ T23] audit: type=1800 audit(1575391540.799:28): pid=8050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.51' (ECDSA) to the list of known hosts. 2019/12/03 16:45:51 fuzzer started 2019/12/03 16:45:52 dialing manager at 10.128.0.26:45711 2019/12/03 16:45:52 syscalls: 2689 2019/12/03 16:45:52 code coverage: enabled 2019/12/03 16:45:52 comparison tracing: enabled 2019/12/03 16:45:52 extra coverage: extra coverage is not supported by the kernel 2019/12/03 16:45:52 setuid sandbox: enabled 2019/12/03 16:45:52 namespace sandbox: enabled 2019/12/03 16:45:52 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/03 16:45:52 fault injection: enabled 2019/12/03 16:45:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/03 16:45:52 net packet injection: enabled 2019/12/03 16:45:52 net device setup: enabled 2019/12/03 16:45:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/03 16:45:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 16:45:54 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x0, &(0x7f0000000180)) r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0x1}], 0x1, 0x0, 0x0, 0x9000004}, 0x0) 16:45:54 executing program 1: r0 = socket(0x1, 0x5, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0x5) setreuid(0x0, r1) capset(&(0x7f0000000380)={0x19980330}, &(0x7f0000001fe8)={0x0, 0xffffffffffffffff}) syzkaller login: [ 56.989944][ T8216] IPVS: ftp: loaded support on port[0] = 21 [ 57.137210][ T8216] chnl_net:caif_netlink_parms(): no params data found [ 57.209779][ T8219] IPVS: ftp: loaded support on port[0] = 21 [ 57.255170][ T8216] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.262777][ T8216] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.280648][ T8216] device bridge_slave_0 entered promiscuous mode 16:45:54 executing program 2: timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000100), 0x0) ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40085400, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [{}], {}, [{}, {}]}, 0x3c, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 57.302452][ T8216] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.309527][ T8216] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.330681][ T8216] device bridge_slave_1 entered promiscuous mode [ 57.380901][ T8216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.422369][ T8216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.513110][ T8216] team0: Port device team_slave_0 added [ 57.525245][ T8219] chnl_net:caif_netlink_parms(): no params data found [ 57.546122][ T8216] team0: Port device team_slave_1 added 16:45:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 57.625148][ T8216] device hsr_slave_0 entered promiscuous mode 16:45:54 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000080)='/dev/v4l-subdev#\x00', 0x20000000003, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000000100)={0x0, 0x0, {0x0, 0x0, 0x100d}}) [ 57.760875][ T8216] device hsr_slave_1 entered promiscuous mode [ 57.855732][ T8222] IPVS: ftp: loaded support on port[0] = 21 [ 57.875193][ T8224] IPVS: ftp: loaded support on port[0] = 21 [ 57.905758][ T8219] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.930482][ T8219] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.938542][ T8219] device bridge_slave_0 entered promiscuous mode [ 57.972674][ T8219] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.979766][ T8219] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.992293][ T8219] device bridge_slave_1 entered promiscuous mode 16:45:55 executing program 5: r0 = socket$inet(0x2, 0x200000002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000500)=@broute={'broute\x00', 0x20, 0x2, 0x238, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000580], 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0100000019000000000000000000726f736530000000000000000000000076657468315f746f5f627269646765007465616d5f736c000d0000000000080064756d6d7930000000000000000000000180c2000000000000000000ffffffffffff000000000000000070000000a8000000d80000006d61726b00000000000000000000000000000000000000000000000000000000100000000000000000000000000000f5fcffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff01000000030000000000000000007465616d5f736c6176655f300000000074756e6c30000000000000000000000076657468315f746f5f7465616d000000766c616e300000000000000000000000aaaaaaaaaabb000000000000aaaaaaaaaa000000000000000000a0000000a0000000d00000006367726f757000000000000000000000000000000000000000000000000000000800000000000000000000000500000041554449540000000000000000000000000000000000000000000000000000000600"/568]}, 0x2b0) [ 58.084159][ T8226] IPVS: ftp: loaded support on port[0] = 21 [ 58.105981][ T8216] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 58.144079][ T8219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.172838][ T8216] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.212001][ T8216] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.255687][ T8219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.283843][ T8216] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.349801][ T8219] team0: Port device team_slave_0 added [ 58.373084][ T8219] team0: Port device team_slave_1 added [ 58.395305][ T8228] IPVS: ftp: loaded support on port[0] = 21 [ 58.462275][ T8224] chnl_net:caif_netlink_parms(): no params data found [ 58.553283][ T8219] device hsr_slave_0 entered promiscuous mode [ 58.611915][ T8219] device hsr_slave_1 entered promiscuous mode [ 58.650435][ T8219] debugfs: Directory 'hsr0' with parent '/' already present! [ 58.658285][ T8222] chnl_net:caif_netlink_parms(): no params data found [ 58.700985][ T8224] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.708082][ T8224] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.716339][ T8224] device bridge_slave_0 entered promiscuous mode [ 58.725714][ T8224] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.733515][ T8224] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.741667][ T8224] device bridge_slave_1 entered promiscuous mode [ 58.787268][ T8219] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 58.834470][ T8219] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 58.884789][ T8224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.896639][ T8216] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.916184][ T8224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.926034][ T8219] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 58.973622][ T8219] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 59.025153][ T8222] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.033567][ T8222] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.041657][ T8222] device bridge_slave_0 entered promiscuous mode [ 59.073165][ T8222] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.080502][ T8222] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.088226][ T8222] device bridge_slave_1 entered promiscuous mode [ 59.114194][ T2725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.122521][ T2725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.137844][ T8224] team0: Port device team_slave_0 added [ 59.144991][ T8224] team0: Port device team_slave_1 added [ 59.151208][ T8226] chnl_net:caif_netlink_parms(): no params data found [ 59.163988][ T8216] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.173140][ T8222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.194679][ T8222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.244492][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.256317][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.265040][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.272507][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.290842][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.298788][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.307625][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.316711][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.323809][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.354063][ T8228] chnl_net:caif_netlink_parms(): no params data found [ 59.404767][ T8224] device hsr_slave_0 entered promiscuous mode [ 59.460603][ T8224] device hsr_slave_1 entered promiscuous mode [ 59.500463][ T8224] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.523907][ T8222] team0: Port device team_slave_0 added [ 59.538123][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.546940][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.558039][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.566792][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.575685][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.585640][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.609318][ T8226] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.618834][ T8226] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.626921][ T8226] device bridge_slave_0 entered promiscuous mode [ 59.636179][ T8222] team0: Port device team_slave_1 added [ 59.649249][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.668111][ T8224] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 59.704357][ T8226] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.712547][ T8226] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.720726][ T8226] device bridge_slave_1 entered promiscuous mode [ 59.733495][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.742742][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.756992][ T8216] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.768742][ T8216] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.787993][ T8224] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 59.913052][ T8222] device hsr_slave_0 entered promiscuous mode [ 59.940879][ T8222] device hsr_slave_1 entered promiscuous mode [ 59.980373][ T8222] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.988182][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.997926][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.010446][ T8228] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.017560][ T8228] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.025974][ T8228] device bridge_slave_0 entered promiscuous mode [ 60.038900][ T8228] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.047505][ T8228] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.056138][ T8228] device bridge_slave_1 entered promiscuous mode [ 60.065191][ T8224] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 60.132993][ T8226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.156469][ T8219] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.169649][ T8224] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 60.192950][ T8226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.204805][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 60.212710][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 60.225889][ T8228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.252428][ T8219] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.264372][ T8228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.277827][ T8216] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.288217][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.296572][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.338681][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.347920][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.356741][ T3788] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.363920][ T3788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.372482][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.381729][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.390284][ T3788] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.397385][ T3788] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.405184][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.413971][ T8222] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 60.463906][ T8222] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 60.517375][ T8226] team0: Port device team_slave_0 added [ 60.528846][ T8226] team0: Port device team_slave_1 added [ 60.538356][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.549803][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.566469][ T8222] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 60.612033][ T8222] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 60.654184][ T8228] team0: Port device team_slave_0 added [ 60.672351][ T8228] team0: Port device team_slave_1 added [ 60.688323][ T8219] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.699896][ T8219] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.752303][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.762206][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.770914][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.779528][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.788189][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.797559][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.806182][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.814736][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.823637][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.831907][ T8232] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 165.750062][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 165.757330][ C1] rcu: 1-....: (10499 ticks this GP) idle=882/1/0x4000000000000002 softirq=11744/11744 fqs=2803 [ 165.768196][ C1] (t=10500 jiffies g=6213 q=388) [ 165.773220][ C1] rcu: rcu_preempt kthread starved for 4872 jiffies! g6213 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 165.784227][ C1] rcu: RCU grace-period kthread stack dump: [ 165.790110][ C1] rcu_preempt R running task 29032 10 2 0x80004000 [ 165.798028][ C1] Call Trace: [ 165.801359][ C1] __schedule+0x9a0/0xcc0 [ 165.805691][ C1] schedule+0x181/0x210 [ 165.809931][ C1] schedule_timeout+0x14f/0x240 [ 165.814781][ C1] ? run_local_timers+0x120/0x120 [ 165.820183][ C1] rcu_gp_kthread+0xed8/0x1770 [ 165.824974][ C1] kthread+0x332/0x350 [ 165.829031][ C1] ? rcu_report_qs_rsp+0x140/0x140 [ 165.834134][ C1] ? kthread_blkcg+0xe0/0xe0 [ 165.838718][ C1] ret_from_fork+0x24/0x30 [ 165.843235][ C1] NMI backtrace for cpu 1 [ 165.847647][ C1] CPU: 1 PID: 8237 Comm: syz-executor.0 Not tainted 5.4.0-syzkaller #0 [ 165.856590][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 165.866672][ C1] Call Trace: [ 165.869950][ C1] [ 165.872819][ C1] dump_stack+0x1fb/0x318 [ 165.877264][ C1] nmi_cpu_backtrace+0xaf/0x1a0 [ 165.882552][ C1] ? nmi_trigger_cpumask_backtrace+0x16d/0x290 [ 165.888719][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 165.894913][ C1] nmi_trigger_cpumask_backtrace+0x174/0x290 [ 165.901031][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 165.907037][ C1] rcu_dump_cpu_stacks+0x15a/0x220 [ 165.912157][ C1] rcu_sched_clock_irq+0xe25/0x1ad0 [ 165.917380][ C1] ? trace_hardirqs_off+0x74/0x80 [ 165.922604][ C1] update_process_times+0x12d/0x180 [ 165.927916][ C1] tick_sched_timer+0x263/0x420 [ 165.932794][ C1] ? tick_setup_sched_timer+0x3d0/0x3d0 [ 165.938428][ C1] __hrtimer_run_queues+0x403/0x840 [ 165.943643][ C1] hrtimer_interrupt+0x38c/0xda0 [ 165.948747][ C1] ? debug_smp_processor_id+0x9/0x20 [ 165.954140][ C1] smp_apic_timer_interrupt+0x109/0x280 [ 165.959701][ C1] apic_timer_interrupt+0xf/0x20 [ 165.964685][ C1] [ 165.967664][ C1] RIP: 0010:mod_memcg_page_state+0xb/0x190 [ 165.973475][ C1] Code: 0b 29 2e 00 eb 05 e8 04 29 2e 00 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 54 53 <41> 89 f6 48 89 fb e8 da 28 2e 00 48 83 c3 38 48 89 d8 48 c1 e8 03 [ 165.993544][ C1] RSP: 0018:ffffc90002316ff8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 166.001955][ C1] RAX: 1ffff1100d823e01 RBX: ffff88806c11f008 RCX: 0000000000000000 [ 166.010064][ C1] RDX: 0000000000000000 RSI: 00000000fffffffc RDI: ffffea0001b04e80 [ 166.018049][ C1] RBP: ffffc90002317018 R08: 000000000003a768 R09: ffffed10151b9747 [ 166.026063][ C1] R10: ffffed10151b9747 R11: 0000000000000000 R12: ffff88806c11f0a0 [ 166.034252][ C1] R13: dffffc0000000000 R14: 1ffff1100d823e14 R15: ffff8880a8dcba28 [ 166.043737][ C1] free_thread_stack+0x168/0x590 [ 166.049050][ C1] put_task_stack+0xa3/0x130 [ 166.053998][ C1] finish_task_switch+0x3f1/0x550 [ 166.059314][ C1] __schedule+0x9a8/0xcc0 [ 166.063656][ C1] preempt_schedule_irq+0xc1/0x140 [ 166.068990][ C1] retint_kernel+0x1b/0x2b [ 166.073550][ C1] RIP: 0010:stack_depot_save+0x13c/0x470 [ 166.079970][ C1] Code: 4c 8b 3c f5 00 b9 52 8a 41 89 dc 4d 85 ff 74 41 45 39 77 08 75 28 41 39 5f 0c 75 22 31 c0 49 8b 4c c5 00 49 3b 4c c7 18 75 14 <48> ff c0 41 39 c4 75 ec eb 14 66 2e 0f 1f 84 00 00 00 00 00 4d 8b [ 166.099926][ C1] RSP: 0018:ffffc90002317270 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff02 [ 166.108434][ C1] RAX: 0000000000000009 RBX: 0000000000000013 RCX: ffffffff83566f41 [ 166.116444][ C1] RDX: 0000000000000d40 RSI: 000000000003858e RDI: 000000008a1199f9 [ 166.124501][ C1] RBP: ffffc900023172b0 R08: 0000000000000002 R09: ffffc90002317370 [ 166.132502][ C1] R10: 0000000000000013 R11: 0000000000000000 R12: 0000000000000013 [ 166.140504][ C1] R13: ffffc900023172e0 R14: 000000008613858e R15: ffff888099b8e920 [ 166.148493][ C1] ? tomoyo_file_open+0x141/0x190 [ 166.153557][ C1] __kasan_kmalloc+0x178/0x1b0 [ 166.158348][ C1] ? __kasan_kmalloc+0x11c/0x1b0 [ 166.163280][ C1] ? kasan_slab_alloc+0xf/0x20 [ 166.168047][ C1] ? __kmalloc+0x22b/0x340 [ 166.172560][ C1] ? kzalloc+0x1f/0x40 [ 166.176626][ C1] ? tomoyo_commit_ok+0x23/0x1d0 [ 166.181864][ C1] ? tomoyo_update_domain+0x4ef/0x7c0 [ 166.187350][ C1] ? tomoyo_write_file+0x322/0x1040 [ 166.192570][ C1] ? tomoyo_supervisor+0x1021/0x1330 [ 166.197847][ C1] ? tomoyo_check_open_permission+0x723/0x9d0 [ 166.203907][ C1] ? tomoyo_file_open+0x141/0x190 [ 166.209164][ C1] ? security_file_open+0x65/0x2f0 [ 166.214288][ C1] ? do_dentry_open+0x351/0x10c0 [ 166.219329][ C1] ? vfs_open+0x73/0x80 [ 166.223583][ C1] ? path_openat+0x1397/0x44a0 [ 166.228524][ C1] ? do_filp_open+0x192/0x3d0 [ 166.233285][ C1] ? do_sys_open+0x29f/0x560 [ 166.237958][ C1] ? __x64_sys_open+0x87/0x90 [ 166.242866][ C1] ? do_syscall_64+0xf7/0x1c0 [ 166.247633][ C1] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.256235][ C1] ? __kasan_check_read+0x11/0x20 [ 166.261263][ C1] ? mark_lock+0x107/0x1650 [ 166.265797][ C1] ? trace_lock_acquire+0x159/0x1d0 [ 166.272343][ C1] ? kzalloc+0x1f/0x40 [ 166.276933][ C1] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 166.282247][ C1] ? __kmalloc+0x1c0/0x340 [ 166.286701][ C1] kasan_slab_alloc+0xf/0x20 [ 166.291550][ C1] __kmalloc+0x22b/0x340 [ 166.295788][ C1] ? kzalloc+0x1f/0x40 [ 166.299884][ C1] kzalloc+0x1f/0x40 [ 166.303772][ C1] tomoyo_commit_ok+0x23/0x1d0 [ 166.308528][ C1] ? tomoyo_update_domain+0x4c2/0x7c0 [ 166.313897][ C1] tomoyo_update_domain+0x4ef/0x7c0 [ 166.319088][ C1] ? rcu_lock_release+0x30/0x30 [ 166.323947][ C1] ? tomoyo_same_path_acl+0xc0/0xc0 [ 166.329318][ C1] tomoyo_write_file+0x322/0x1040 [ 166.334343][ C1] ? snprintf+0x6f/0x90 [ 166.338629][ C1] tomoyo_supervisor+0x1021/0x1330 [ 166.343850][ C1] ? kfree+0x194/0x200 [ 166.347947][ C1] ? tomoyo_path_matches_pattern+0x1a8/0x280 [ 166.353925][ C1] ? tomoyo_check_acl+0x2dc/0x3a0 [ 166.359218][ C1] tomoyo_check_open_permission+0x723/0x9d0 [ 166.365168][ C1] tomoyo_file_open+0x141/0x190 [ 166.370195][ C1] security_file_open+0x65/0x2f0 [ 166.375133][ C1] do_dentry_open+0x351/0x10c0 [ 166.379902][ C1] vfs_open+0x73/0x80 [ 166.383882][ C1] path_openat+0x1397/0x44a0 [ 166.388509][ C1] do_filp_open+0x192/0x3d0 [ 166.393118][ C1] ? noop_direct_IO+0x20/0x20 [ 166.397807][ C1] do_sys_open+0x29f/0x560 [ 166.402225][ C1] __x64_sys_open+0x87/0x90 [ 166.406788][ C1] do_syscall_64+0xf7/0x1c0 [ 166.411295][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.417320][ C1] RIP: 0033:0x4143f0 [ 166.421338][ C1] Code: 05 48 3d 01 f0 ff ff 0f 83 2d 19 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 7d 40 66 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff [ 166.441033][ C1] RSP: 002b:00007ffec5de8478 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 166.449442][ C1] RAX: ffffffffffffffda RBX: 00007ffec5de84a4 RCX: 00000000004143f0 [ 166.458180][ C1] RDX: 00007ffec5de84aa RSI: 0000000000080001 RDI: 00000000004c00fb [ 166.466326][ C1] RBP: 00007ffec5de84a0 R08: 0000000000000000 R09: 0000000000000004 [ 166.474293][ C1] R10: 0000000000000075 R11: 0000000000000246 R12: 00000000004c00fb [ 166.482261][ C1] R13: 00007ffec5de89c0 R14: 0000000000000000 R15: 00007ffec5de89d0