[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   45.220681][   T23] audit: type=1800 audit(1575464637.516:25): pid=8134 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   45.241183][   T23] audit: type=1800 audit(1575464637.516:26): pid=8134 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   45.270707][   T23] audit: type=1800 audit(1575464637.526:27): pid=8134 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts.
2019/12/04 13:04:06 fuzzer started
2019/12/04 13:04:08 dialing manager at 10.128.0.26:36481
2019/12/04 13:04:08 syscalls: 2691
2019/12/04 13:04:08 code coverage: enabled
2019/12/04 13:04:08 comparison tracing: enabled
2019/12/04 13:04:08 extra coverage: extra coverage is not supported by the kernel
2019/12/04 13:04:08 setuid sandbox: enabled
2019/12/04 13:04:08 namespace sandbox: enabled
2019/12/04 13:04:08 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/04 13:04:08 fault injection: enabled
2019/12/04 13:04:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/04 13:04:08 net packet injection: enabled
2019/12/04 13:04:08 net device setup: enabled
2019/12/04 13:04:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/12/04 13:04:08 devlink PCI setup: PCI device 0000:00:10.0 is not available
13:04:09 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000700)=@ipv6_newrule={0x48, 0x20, 0x80d, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10015}, [@FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'nr0\x00'}, @FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'lo\x00'}]}, 0x48}}, 0x0)

13:04:09 executing program 1:
r0 = memfd_create(&(0x7f0000000700)='/dev/ful\xbb.\xddq\xafb\xd3\x91\x85\xa0\xc1l\x00', 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ftruncate(r0, 0x800799c)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x2, 0x2012, r0, 0x0)
ftruncate(r0, 0x0)

syzkaller login: [   57.344541][ T8297] IPVS: ftp: loaded support on port[0] = 21
13:04:09 executing program 2:
r0 = socket$inet6(0xa, 0x803, 0x2)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in6=@empty, 0x0, 0x3c}, 0x2, @in, 0x0, 0x4, 0x0, 0xff}}, 0xe8)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newsa={0x138, 0x1a, 0x801, 0x0, 0x0, {{@in, @in6=@mcast1}, {@in, 0x0, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {}, {}, {}, 0x0, 0x0, 0x2, 0x1}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0)
sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x1aa, 0x0}}], 0x400000000000107, 0x0)

[   57.507231][ T8297] chnl_net:caif_netlink_parms(): no params data found
[   57.562737][ T8300] IPVS: ftp: loaded support on port[0] = 21
[   57.579966][ T8297] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.594175][ T8297] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.604182][ T8297] device bridge_slave_0 entered promiscuous mode
[   57.615527][ T8297] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.634796][ T8297] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.654843][ T8297] device bridge_slave_1 entered promiscuous mode
[   57.706582][ T8297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.736793][ T8297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.788854][ T8302] IPVS: ftp: loaded support on port[0] = 21
[   57.814102][ T8297] team0: Port device team_slave_0 added
13:04:10 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x80)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f00000002c0)={0xa, 0x4e22}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

[   57.849092][ T8297] team0: Port device team_slave_1 added
[   57.988553][ T8297] device hsr_slave_0 entered promiscuous mode
13:04:10 executing program 4:
r0 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x7}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000080)=0x7ff, 0x4)
sendmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000001bc0)=[{&(0x7f0000000100)="65c98ddaaece527e004471764629115db30013aeaa07b700b461d9ae393ffc8ed9759fb154a4d3b5", 0x28}], 0x1}}], 0x1, 0x4001842)

[   58.066076][ T8297] device hsr_slave_1 entered promiscuous mode
[   58.118426][ T8300] chnl_net:caif_netlink_parms(): no params data found
[   58.242823][ T8305] IPVS: ftp: loaded support on port[0] = 21
[   58.271818][ T8302] chnl_net:caif_netlink_parms(): no params data found
[   58.338141][ T8300] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.348706][ T8300] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.361547][ T8300] device bridge_slave_0 entered promiscuous mode
[   58.390779][ T8308] IPVS: ftp: loaded support on port[0] = 21
[   58.398225][ T8297] netdevsim netdevsim0 netdevsim0: renamed from eth0
13:04:10 executing program 5:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000001c0)=0x1fe, 0x4)

[   58.476300][ T8300] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.483374][ T8300] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.495749][ T8300] device bridge_slave_1 entered promiscuous mode
[   58.519912][ T8297] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.596462][ T8302] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.603561][ T8302] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.612554][ T8302] device bridge_slave_0 entered promiscuous mode
[   58.621605][ T8300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.637229][ T8300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.656567][ T8310] IPVS: ftp: loaded support on port[0] = 21
[   58.666966][ T8297] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.707115][ T8297] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.776249][ T8302] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.783416][ T8302] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.791337][ T8302] device bridge_slave_1 entered promiscuous mode
[   58.826626][ T8300] team0: Port device team_slave_0 added
[   58.839113][ T8302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.851089][ T8302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.871544][ T8300] team0: Port device team_slave_1 added
[   58.890498][ T8302] team0: Port device team_slave_0 added
[   58.907765][ T8302] team0: Port device team_slave_1 added
[   59.076705][ T8300] device hsr_slave_0 entered promiscuous mode
[   59.115069][ T8300] device hsr_slave_1 entered promiscuous mode
[   59.164890][ T8300] debugfs: Directory 'hsr0' with parent '/' already present!
[   59.216721][ T8302] device hsr_slave_0 entered promiscuous mode
[   59.275079][ T8302] device hsr_slave_1 entered promiscuous mode
[   59.334746][ T8302] debugfs: Directory 'hsr0' with parent '/' already present!
[   59.352542][ T8308] chnl_net:caif_netlink_parms(): no params data found
[   59.376966][ T8305] chnl_net:caif_netlink_parms(): no params data found
[   59.397066][ T8300] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   59.446802][ T8300] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   59.513435][ T8308] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.521553][ T8308] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.529855][ T8308] device bridge_slave_0 entered promiscuous mode
[   59.537637][ T8300] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   59.609100][ T8300] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   59.676917][ T8308] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.683986][ T8308] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.692218][ T8308] device bridge_slave_1 entered promiscuous mode
[   59.730213][ T8305] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.737542][ T8305] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.745433][ T8305] device bridge_slave_0 entered promiscuous mode
[   59.753549][ T8305] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.761132][ T8305] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.768783][ T8305] device bridge_slave_1 entered promiscuous mode
[   59.780096][ T8308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.812661][ T8297] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.833598][ T8308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.864238][ T8310] chnl_net:caif_netlink_parms(): no params data found
[   59.874465][ T8302] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   59.920110][ T8308] team0: Port device team_slave_0 added
[   59.930805][ T8308] team0: Port device team_slave_1 added
[   59.940590][ T8302] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   59.997172][ T8305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.012724][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   60.021029][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.032872][ T8297] 8021q: adding VLAN 0 to HW filter on device team0
[   60.040662][ T8302] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   60.071847][ T8302] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   60.133841][ T8305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.179024][ T8310] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.186269][ T8310] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.195480][ T8310] device bridge_slave_0 entered promiscuous mode
[   60.247798][ T8308] device hsr_slave_0 entered promiscuous mode
[   60.305477][ T8308] device hsr_slave_1 entered promiscuous mode
[   60.354989][ T8308] debugfs: Directory 'hsr0' with parent '/' already present!
[   60.365173][ T8305] team0: Port device team_slave_0 added
[   60.372424][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.382077][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.391152][ T3694] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.398461][ T3694] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.408078][ T8310] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.415844][ T8310] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.423511][ T8310] device bridge_slave_1 entered promiscuous mode
[   60.446803][ T8310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.460625][ T8305] team0: Port device team_slave_1 added
[   60.473425][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   60.501087][ T8310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.537995][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   60.546999][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.555627][ T3694] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.562711][ T3694] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.570419][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   60.579364][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   60.588037][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   60.596606][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   60.604979][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   60.613396][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   60.624180][ T3694] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   60.640333][ T8308] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   60.702100][ T8310] team0: Port device team_slave_0 added
[   60.714498][ T8308] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   60.807762][ T8305] device hsr_slave_0 entered promiscuous mode
[   60.855123][ T8305] device hsr_slave_1 entered promiscuous mode
[   60.894961][ T8305] debugfs: Directory 'hsr0' with parent '/' already present!
[   60.903993][ T8311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   60.912842][ T8311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.921557][ T8311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   60.929934][ T8311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.939831][ T8310] team0: Port device team_slave_1 added
[   60.957871][ T8297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   60.970058][ T8308] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   60.997145][ T8308] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   61.049708][ T8302] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.106930][ T8310] device hsr_slave_0 entered promiscuous mode
[   61.155173][ T8310] device hsr_slave_1 entered promiscuous mode
[   61.205203][ T8310] debugfs: Directory 'hsr0' with parent '/' already present!
[   61.232487][ T8300] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.267863][ T8302] 8021q: adding VLAN 0 to HW filter on device team0
[   61.292824][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   61.303470][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.311248][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   61.320513][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   61.329136][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.336245][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.343944][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   61.351574][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   61.359161][ T8310] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   61.419703][ T8310] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   61.457229][ T8310] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   61.526719][ T8305] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   61.577144][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   61.588468][ T8297] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.607177][ T8310] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   61.637019][ T8305] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   61.687793][ T8300] 8021q: adding VLAN 0 to HW filter on device team0
[   61.695004][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   61.706597][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.719735][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   61.728623][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.737280][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.744316][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.751919][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   61.760843][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   61.769363][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   61.778303][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   61.798270][ T8305] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   61.855275][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   61.863088][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   61.872124][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   61.880365][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   61.889256][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   61.898266][ T8316] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.905354][ T8316] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.912849][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   61.921148][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.929245][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   61.937832][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.946267][ T8316] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.953362][ T8316] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.961053][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   61.969349][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.977779][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   61.987006][ T8316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   62.006468][ T8308] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.013561][ T8305] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   62.088852][ T8300] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   62.102206][ T8300] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.140395][ T8300] 8021q: adding VLAN 0 to HW filter on device batadv0
[  167.044656][    C1] rcu: INFO: rcu_preempt self-detected stall on CPU
[  167.051488][    C1] rcu: 	1-....: (10500 ticks this GP) idle=c1a/1/0x4000000000000002 softirq=11524/11524 fqs=2764 
[  167.062258][    C1] 	(t=10502 jiffies g=6557 q=464)
[  167.067275][    C1] rcu: rcu_preempt kthread starved for 4974 jiffies! g6557 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  167.078272][    C1] rcu: RCU grace-period kthread stack dump:
[  167.084149][    C1] rcu_preempt     R  running task    29032    10      2 0x80004000
[  167.092051][    C1] Call Trace:
[  167.095346][    C1]  __schedule+0x9a0/0xcc0
[  167.099697][    C1]  schedule+0x181/0x210
[  167.103871][    C1]  schedule_timeout+0x14f/0x240
[  167.108714][    C1]  ? run_local_timers+0x120/0x120
[  167.113728][    C1]  rcu_gp_kthread+0xed8/0x1770
[  167.118495][    C1]  kthread+0x332/0x350
[  167.122555][    C1]  ? rcu_report_qs_rsp+0x140/0x140
[  167.127660][    C1]  ? kthread_blkcg+0xe0/0xe0
[  167.132244][    C1]  ret_from_fork+0x24/0x30
[  167.136665][    C1] NMI backtrace for cpu 1
[  167.140994][    C1] CPU: 1 PID: 8319 Comm: syz-executor.0 Not tainted 5.4.0-syzkaller #0
[  167.149212][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  167.159252][    C1] Call Trace:
[  167.162522][    C1]  <IRQ>
[  167.165364][    C1]  dump_stack+0x1fb/0x318
[  167.169684][    C1]  nmi_cpu_backtrace+0xaf/0x1a0
[  167.174519][    C1]  ? nmi_trigger_cpumask_backtrace+0x16d/0x290
[  167.180660][    C1]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  167.186723][    C1]  nmi_trigger_cpumask_backtrace+0x174/0x290
[  167.192689][    C1]  arch_trigger_cpumask_backtrace+0x10/0x20
[  167.198565][    C1]  rcu_dump_cpu_stacks+0x15a/0x220
[  167.203757][    C1]  rcu_sched_clock_irq+0xe25/0x1ad0
[  167.208944][    C1]  ? trace_hardirqs_off+0x74/0x80
[  167.213957][    C1]  update_process_times+0x12d/0x180
[  167.219150][    C1]  tick_sched_timer+0x263/0x420
[  167.223991][    C1]  ? tick_setup_sched_timer+0x3d0/0x3d0
[  167.229524][    C1]  __hrtimer_run_queues+0x403/0x840
[  167.234722][    C1]  hrtimer_interrupt+0x38c/0xda0
[  167.239642][    C1]  ? do_raw_spin_unlock+0x136/0x260
[  167.244841][    C1]  ? debug_smp_processor_id+0x9/0x20
[  167.250124][    C1]  smp_apic_timer_interrupt+0x109/0x280
[  167.255653][    C1]  apic_timer_interrupt+0xf/0x20
[  167.260573][    C1]  </IRQ>
[  167.263502][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x22/0x50
[  167.269646][    C1] Code: d4 01 3b 00 5b 5d c3 cc 48 8b 04 24 65 48 8b 0c 25 c0 1d 02 00 65 8b 15 38 84 8b 7e f7 c2 00 01 1f 00 75 2c 8b 91 80 13 00 00 <83> fa 02 75 21 48 8b 91 88 13 00 00 48 8b 32 48 8d 7e 01 8b 89 84
[  167.289253][    C1] RSP: 0018:ffffc90002287850 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  167.297660][    C1] RAX: ffffffff81487433 RBX: 0000000000000000 RCX: ffff88808b762140
[  167.305645][    C1] RDX: 0000000000000000 RSI: 00000000fffffffc RDI: ffffea000282dd80
[  167.313620][    C1] RBP: ffffc90002287878 R08: dffffc0000000000 R09: fffffbfff120248a
[  167.321597][    C1] R10: fffffbfff120248a R11: 0000000000000000 R12: dffffc0000000000
[  167.329577][    C1] R13: dffffc0000000000 R14: 00000000fffffffc R15: ffff8880a9a814e8
[  167.337562][    C1]  ? mod_memcg_page_state+0x123/0x190
[  167.342932][    C1]  ? mod_memcg_page_state+0x123/0x190
[  167.348290][    C1]  free_thread_stack+0x168/0x590
[  167.353218][    C1]  put_task_stack+0xa3/0x130
[  167.357797][    C1]  finish_task_switch+0x3f1/0x550
[  167.362818][    C1]  __schedule+0x9a8/0xcc0
[  167.367148][    C1]  preempt_schedule_irq+0xc1/0x140
[  167.372247][    C1]  retint_kernel+0x1b/0x2b
[  167.376654][    C1] RIP: 0010:check_memory_region+0x84/0x2e0
[  167.382446][    C1] Code: 4d 29 ce 49 83 fe 10 7f 37 4d 85 f6 0f 84 a9 01 00 00 4c 89 cb 4c 29 d3 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 45 0f b6 19 <45> 84 db 0f 85 09 02 00 00 49 ff c1 48 ff c3 75 eb e9 7b 01 00 00
[  167.402164][    C1] RSP: 0000:ffffc90002287ad0 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff13
[  167.410566][    C1] RAX: 0000000000000001 RBX: ffffffffffffffff RCX: ffffffff81a9941e
[  167.418525][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8943d460
[  167.426484][    C1] RBP: ffffc90002287af8 R08: dffffc0000000000 R09: fffffbfff1287a8c
[  167.434526][    C1] R10: fffffbfff1287a8d R11: 0000000000000000 R12: 1ffffffff1287a8c
[  167.442484][    C1] R13: dffffc0000000001 R14: 0000000000000001 R15: 0000000000000000
[  167.450453][    C1]  ? trace_mm_page_alloc+0x13e/0x1f0
[  167.455732][    C1]  __kasan_check_read+0x11/0x20
[  167.460567][    C1]  trace_mm_page_alloc+0x13e/0x1f0
[  167.465667][    C1]  __alloc_pages_nodemask+0x2e3/0x5d0
[  167.471033][    C1]  alloc_pages_vma+0x4f7/0xd50
[  167.475787][    C1]  do_anonymous_page+0x327/0x1610
[  167.480823][    C1]  handle_mm_fault+0x1bce/0x2890
[  167.485771][    C1]  do_user_addr_fault+0x589/0xaf0
[  167.490792][    C1]  __do_page_fault+0xd3/0x1f0
[  167.495457][    C1]  do_page_fault+0x99/0xb0
[  167.499861][    C1]  page_fault+0x39/0x40
[  167.504000][    C1] RIP: 0033:0x45d02d
[  167.507896][    C1] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8c fb ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8
[  167.527486][    C1] RSP: 002b:00007ffca5bde3d8 EFLAGS: 00010202
[  167.533534][    C1] RAX: ffffffffffffffea RBX: 00007f4b96431700 RCX: 00007f4b96431700
[  167.541492][    C1] RDX: 00000000003d0f00 RSI: 00007f4b96430db0 RDI: 0000000000411260
[  167.549449][    C1] RBP: 00007ffca5bde5f0 R08: 00007f4b964319d0 R09: 00007f4b96431700
[  167.557405][    C1] R10: 00007f4b96430dc0 R11: 0000000000000246 R12: 0000000000000000
[  167.565366][    C1] R13: 00007ffca5bde48f R14: 00007f4b964319c0 R15: 000000000075bf2c