audit: type=1326 audit(1568610183.431:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8708 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4598e9 code=0x0
rcu: INFO: rcu_sched self-detected stall on CPU
rcu: 	1-...!: (10499 ticks this GP) idle=3b6/1/0x4000000000000004 softirq=13959/13959 fqs=29 
rcu: 	 (t=10500 jiffies g=-823 q=0)
rcu: rcu_sched kthread starved for 10430 jiffies! g-823 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
rcu: RCU grace-period kthread stack dump:
rcu_sched       I29624    11      2 0x80000000
Call Trace:
 context_switch kernel/sched/core.c:2826 [inline]
 __schedule+0x866/0x1dc0 kernel/sched/core.c:3474
 schedule+0x92/0x1c0 kernel/sched/core.c:3518
 schedule_timeout+0x4db/0xfc0 kernel/time/timer.c:1804
 rcu_gp_kthread+0xd5c/0x2190 kernel/rcu/tree.c:2202
 kthread+0x354/0x420 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
NMI backtrace for cpu 1
CPU: 1 PID: 7754 Comm: syz-fuzzer Not tainted 4.19.72 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1b0/0x1f8 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
 rcu_dump_cpu_stacks+0x189/0x1d5 kernel/rcu/tree.c:1340
 print_cpu_stall kernel/rcu/tree.c:1478 [inline]
 check_cpu_stall kernel/rcu/tree.c:1550 [inline]
 __rcu_pending kernel/rcu/tree.c:3293 [inline]
 rcu_pending kernel/rcu/tree.c:3336 [inline]
 rcu_check_callbacks.cold+0x5e3/0xd90 kernel/rcu/tree.c:2682
 update_process_times+0x32/0x80 kernel/time/timer.c:1636
 tick_sched_handle+0xa2/0x190 kernel/time/tick-sched.c:164
 tick_sched_timer+0x47/0x130 kernel/time/tick-sched.c:1274
 __run_hrtimer kernel/time/hrtimer.c:1398 [inline]
 __hrtimer_run_queues+0x33b/0xdc0 kernel/time/hrtimer.c:1460
 hrtimer_interrupt+0x314/0x770 kernel/time/hrtimer.c:1518
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1067 [inline]
 smp_apic_timer_interrupt+0x111/0x550 arch/x86/kernel/apic/apic.c:1092
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
RIP: 0010:hhf_dequeue+0x86/0xa00 net/sched/sch_hhf.c:431
Code: 00 00 48 8b 75 d0 49 8b 85 40 03 00 00 49 89 f6 48 39 c6 0f 84 71 04 00 00 e8 e6 dd dc fb 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 <0f> 85 52 07 00 00 49 8b 1e 48 8d 7b 10 48 89 f8 48 c1 e8 03 42 0f
RSP: 0000:ffff8880ae906f18 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 1ffff11014d00c72 RBX: ffff8880a68062f8 RCX: ffffffff858e7e8e
RDX: 0000000000000100 RSI: ffffffff858e78aa RDI: ffff8880a6806300
RBP: ffff8880ae906f68 R08: ffff88809be422c0 R09: 0000000000000007
R10: ffff88809be42c58 R11: 00000000fea5af3f R12: dffffc0000000000
R13: ffff8880a6806040 R14: ffff8880a6806390 R15: ffff8880a6806390
 dequeue_skb net/sched/sch_generic.c:277 [inline]
 qdisc_restart net/sched/sch_generic.c:380 [inline]
 __qdisc_run+0x1e7/0x1960 net/sched/sch_generic.c:398
 __dev_xmit_skb net/core/dev.c:3501 [inline]
 __dev_queue_xmit+0x165c/0x2fe0 net/core/dev.c:3811
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3876
 br_dev_queue_push_xmit+0x405/0x5d0 net/bridge/br_forward.c:56
 NF_HOOK include/linux/netfilter.h:289 [inline]
 NF_HOOK include/linux/netfilter.h:283 [inline]
 br_forward_finish+0xfa/0x400 net/bridge/br_forward.c:69
 NF_HOOK include/linux/netfilter.h:289 [inline]
 NF_HOOK include/linux/netfilter.h:283 [inline]
 __br_forward+0x647/0xb30 net/bridge/br_forward.c:113
 deliver_clone+0x61/0xc0 net/bridge/br_forward.c:129
 maybe_deliver net/bridge/br_forward.c:184 [inline]
 maybe_deliver net/bridge/br_forward.c:172 [inline]
 br_flood+0x4da/0x710 net/bridge/br_forward.c:226
 br_dev_xmit+0xeeb/0x1490 net/bridge/br_device.c:103
 __netdev_start_xmit include/linux/netdevice.h:4303 [inline]
 netdev_start_xmit include/linux/netdevice.h:4312 [inline]
 xmit_one net/core/dev.c:3257 [inline]
 dev_hard_start_xmit+0x1a5/0x980 net/core/dev.c:3273
 __dev_queue_xmit+0x2704/0x2fe0 net/core/dev.c:3843
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3876
 neigh_hh_output include/net/neighbour.h:491 [inline]
 neigh_output include/net/neighbour.h:499 [inline]
 ip6_finish_output2+0x12fd/0x2550 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x574/0xbe0 net/ipv6/ip6_output.c:154
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip6_output+0x235/0x7c0 net/ipv6/ip6_output.c:171
 dst_output include/net/dst.h:447 [inline]
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ndisc_send_skb+0xf3b/0x1460 net/ipv6/ndisc.c:491
 ndisc_send_rs+0x134/0x6d0 net/ipv6/ndisc.c:685
 addrconf_rs_timer+0x30f/0x680 net/ipv6/addrconf.c:3821
 call_timer_fn+0x18d/0x720 kernel/time/timer.c:1326
 expire_timers kernel/time/timer.c:1363 [inline]
 __run_timers kernel/time/timer.c:1682 [inline]
 __run_timers kernel/time/timer.c:1650 [inline]
 run_timer_softirq+0x652/0x1700 kernel/time/timer.c:1695
 __do_softirq+0x25c/0x921 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x180/0x1d0 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
 </IRQ>
RIP: 0033:0x411e4b
Code: 29 c2 48 c1 ea 0d 48 8b 35 a2 75 3d 01 48 8b 3d 93 75 3d 01 48 39 f2 0f 83 d7 03 00 00 48 8b 34 d7 48 85 f6 74 10 48 8b 7e 18 <48> 39 fb 0f 83 a9 02 00 00 48 85 f6 74 08 0f b6 46 64 3c 02 75 3b
RSP: 002b:000000c4202ebe28 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
RAX: 000000c420000000 RBX: 000000c42d862c00 RCX: 000000c420001e00
RDX: 0000000000006c31 RSI: 00007f546549dda8 RDI: 000000c42d862000
RBP: 000000c4202ebe70 R08: 0000000000000000 R09: 0000000002a8ef50
R10: 0000000000000030 R11: 000000c42d862c00 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	(detected by 1, t=10580 jiffies, g=11865, q=75)
rcu: All QSes seen, last rcu_preempt kthread activity 10580 (4294974546-4294963966), jiffies_till_next_fqs=1, root ->qsmask 0x0
syz-fuzzer      R  running task    25880  7754   7738 0x8000000a
Call Trace:
 <IRQ>
 sched_show_task kernel/sched/core.c:5297 [inline]
 sched_show_task.cold+0x2ee/0x35d kernel/sched/core.c:5272
 print_other_cpu_stall kernel/rcu/tree.c:1430 [inline]
 check_cpu_stall kernel/rcu/tree.c:1557 [inline]
 __rcu_pending kernel/rcu/tree.c:3293 [inline]
 rcu_pending kernel/rcu/tree.c:3336 [inline]
 rcu_check_callbacks.cold+0xaa1/0xd90 kernel/rcu/tree.c:2682
 update_process_times+0x32/0x80 kernel/time/timer.c:1636
 tick_sched_handle+0xa2/0x190 kernel/time/tick-sched.c:164
 tick_sched_timer+0x47/0x130 kernel/time/tick-sched.c:1274
 __run_hrtimer kernel/time/hrtimer.c:1398 [inline]
 __hrtimer_run_queues+0x33b/0xdc0 kernel/time/hrtimer.c:1460
 hrtimer_interrupt+0x314/0x770 kernel/time/hrtimer.c:1518
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1067 [inline]
 smp_apic_timer_interrupt+0x111/0x550 arch/x86/kernel/apic/apic.c:1092
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
RIP: 0010:hhf_dequeue+0x86/0xa00 net/sched/sch_hhf.c:431
Code: 00 00 48 8b 75 d0 49 8b 85 40 03 00 00 49 89 f6 48 39 c6 0f 84 71 04 00 00 e8 e6 dd dc fb 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 <0f> 85 52 07 00 00 49 8b 1e 48 8d 7b 10 48 89 f8 48 c1 e8 03 42 0f
RSP: 0000:ffff8880ae906f18 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 1ffff11014d00c72 RBX: ffff8880a68062f8 RCX: ffffffff858e7e8e
RDX: 0000000000000100 RSI: ffffffff858e78aa RDI: ffff8880a6806300
RBP: ffff8880ae906f68 R08: ffff88809be422c0 R09: 0000000000000007
R10: ffff88809be42c58 R11: 00000000fea5af3f R12: dffffc0000000000
R13: ffff8880a6806040 R14: ffff8880a6806390 R15: ffff8880a6806390
 dequeue_skb net/sched/sch_generic.c:277 [inline]
 qdisc_restart net/sched/sch_generic.c:380 [inline]
 __qdisc_run+0x1e7/0x1960 net/sched/sch_generic.c:398
 __dev_xmit_skb net/core/dev.c:3501 [inline]
 __dev_queue_xmit+0x165c/0x2fe0 net/core/dev.c:3811
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3876
 br_dev_queue_push_xmit+0x405/0x5d0 net/bridge/br_forward.c:56
 NF_HOOK include/linux/netfilter.h:289 [inline]
 NF_HOOK include/linux/netfilter.h:283 [inline]
 br_forward_finish+0xfa/0x400 net/bridge/br_forward.c:69
 NF_HOOK include/linux/netfilter.h:289 [inline]
 NF_HOOK include/linux/netfilter.h:283 [inline]
 __br_forward+0x647/0xb30 net/bridge/br_forward.c:113
 deliver_clone+0x61/0xc0 net/bridge/br_forward.c:129
 maybe_deliver net/bridge/br_forward.c:184 [inline]
 maybe_deliver net/bridge/br_forward.c:172 [inline]
 br_flood+0x4da/0x710 net/bridge/br_forward.c:226
 br_dev_xmit+0xeeb/0x1490 net/bridge/br_device.c:103
 __netdev_start_xmit include/linux/netdevice.h:4303 [inline]
 netdev_start_xmit include/linux/netdevice.h:4312 [inline]
 xmit_one net/core/dev.c:3257 [inline]
 dev_hard_start_xmit+0x1a5/0x980 net/core/dev.c:3273
 __dev_queue_xmit+0x2704/0x2fe0 net/core/dev.c:3843
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3876
 neigh_hh_output include/net/neighbour.h:491 [inline]
 neigh_output include/net/neighbour.h:499 [inline]
 ip6_finish_output2+0x12fd/0x2550 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x574/0xbe0 net/ipv6/ip6_output.c:154
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip6_output+0x235/0x7c0 net/ipv6/ip6_output.c:171
 dst_output include/net/dst.h:447 [inline]
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ndisc_send_skb+0xf3b/0x1460 net/ipv6/ndisc.c:491
 ndisc_send_rs+0x134/0x6d0 net/ipv6/ndisc.c:685
 addrconf_rs_timer+0x30f/0x680 net/ipv6/addrconf.c:3821
 call_timer_fn+0x18d/0x720 kernel/time/timer.c:1326
 expire_timers kernel/time/timer.c:1363 [inline]
 __run_timers kernel/time/timer.c:1682 [inline]
 __run_timers kernel/time/timer.c:1650 [inline]
 run_timer_softirq+0x652/0x1700 kernel/time/timer.c:1695
 __do_softirq+0x25c/0x921 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x180/0x1d0 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
 </IRQ>
RIP: 0033:0x411e4b
Code: 29 c2 48 c1 ea 0d 48 8b 35 a2 75 3d 01 48 8b 3d 93 75 3d 01 48 39 f2 0f 83 d7 03 00 00 48 8b 34 d7 48 85 f6 74 10 48 8b 7e 18 <48> 39 fb 0f 83 a9 02 00 00 48 85 f6 74 08 0f b6 46 64 3c 02 75 3b
RSP: 002b:000000c4202ebe28 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
RAX: 000000c420000000 RBX: 000000c42d862c00 RCX: 000000c420001e00
RDX: 0000000000006c31 RSI: 00007f546549dda8 RDI: 000000c42d862000
RBP: 000000c4202ebe70 R08: 0000000000000000 R09: 0000000002a8ef50
R10: 0000000000000030 R11: 000000c42d862c00 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100
rcu: rcu_preempt kthread starved for 10580 jiffies! g11865 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: RCU grace-period kthread stack dump:
rcu_preempt     R  running task    29424    10      2 0x80000000
Call Trace:
 context_switch kernel/sched/core.c:2826 [inline]
 __schedule+0x866/0x1dc0 kernel/sched/core.c:3474
 schedule+0x92/0x1c0 kernel/sched/core.c:3518
 schedule_timeout+0x4db/0xfc0 kernel/time/timer.c:1804
 rcu_gp_kthread+0xd5c/0x2190 kernel/rcu/tree.c:2202
 kthread+0x354/0x420 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415