[ 45.548021][ T23] audit: type=1800 audit(1575341500.724:25): pid=8067 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 45.575472][ T23] audit: type=1800 audit(1575341500.724:26): pid=8067 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 45.624806][ T23] audit: type=1800 audit(1575341500.734:27): pid=8067 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 45.658456][ T23] audit: type=1800 audit(1575341500.734:28): pid=8067 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. 2019/12/03 02:51:50 fuzzer started 2019/12/03 02:51:52 dialing manager at 10.128.0.26:38907 2019/12/03 02:51:52 syscalls: 2697 2019/12/03 02:51:52 code coverage: enabled 2019/12/03 02:51:52 comparison tracing: enabled 2019/12/03 02:51:52 extra coverage: extra coverage is not supported by the kernel 2019/12/03 02:51:52 setuid sandbox: enabled 2019/12/03 02:51:52 namespace sandbox: enabled 2019/12/03 02:51:52 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/03 02:51:52 fault injection: enabled 2019/12/03 02:51:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/03 02:51:52 net packet injection: enabled 2019/12/03 02:51:52 net device setup: enabled 2019/12/03 02:51:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/03 02:51:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 02:51:53 executing program 0: mkdirat(0xffffffffffffff9c, 0x0, 0x0) sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) setpgid(0x0, 0x0) r1 = fsopen(&(0x7f00000000c0)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 02:51:53 executing program 1: r0 = socket$inet6(0xa, 0x100800000000002, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @ipv4={[], [], @local}}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps\x00') sendfile(r0, r3, 0x0, 0x88201) syzkaller login: [ 58.437247][ T8234] IPVS: ftp: loaded support on port[0] = 21 [ 58.576280][ T8234] chnl_net:caif_netlink_parms(): no params data found [ 58.608600][ T8234] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.609407][ T8237] IPVS: ftp: loaded support on port[0] = 21 02:51:53 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) close(r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = epoll_create1(0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000200)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000040)={0x11}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000001c0)={0xfffbffff80000013}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000939ff4)={0x7}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r5, r0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) [ 58.616112][ T8234] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.629481][ T8234] device bridge_slave_0 entered promiscuous mode [ 58.638995][ T8234] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.646254][ T8234] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.654087][ T8234] device bridge_slave_1 entered promiscuous mode [ 58.687056][ T8234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.719020][ T8234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.773777][ T8234] team0: Port device team_slave_0 added [ 58.796976][ T8234] team0: Port device team_slave_1 added [ 58.822505][ T8240] IPVS: ftp: loaded support on port[0] = 21 02:51:54 executing program 3: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)={[{@fmask={'fmask', 0x2c}}]}) [ 58.888531][ T8234] device hsr_slave_0 entered promiscuous mode [ 58.926661][ T8234] device hsr_slave_1 entered promiscuous mode 02:51:54 executing program 4: ioctl(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, 0x0, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000600)='/dev/btrfs-control\x00', 0x101000, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80389}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x9}}], 0x48}, 0x0) [ 59.093295][ T8237] chnl_net:caif_netlink_parms(): no params data found [ 59.122868][ T8234] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.189148][ T8234] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.244115][ T8243] IPVS: ftp: loaded support on port[0] = 21 [ 59.258987][ T8234] netdevsim netdevsim0 netdevsim2: renamed from eth2 02:51:54 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x69, 0x10, 0x5a}, [@ldst={0x4}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1c4, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) [ 59.318300][ T8234] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.393035][ T8237] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.400647][ T8237] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.410565][ T8237] device bridge_slave_0 entered promiscuous mode [ 59.419762][ T8237] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.428696][ T8237] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.436688][ T8237] device bridge_slave_1 entered promiscuous mode [ 59.470901][ T8245] IPVS: ftp: loaded support on port[0] = 21 [ 59.500535][ T8234] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.507786][ T8234] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.515391][ T8234] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.522432][ T8234] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.544458][ T8237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.555886][ T8237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.599377][ T8248] IPVS: ftp: loaded support on port[0] = 21 [ 59.608979][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.617434][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.628132][ T8237] team0: Port device team_slave_0 added [ 59.635825][ T8237] team0: Port device team_slave_1 added [ 59.641765][ T8240] chnl_net:caif_netlink_parms(): no params data found [ 59.737999][ T8237] device hsr_slave_0 entered promiscuous mode [ 59.796845][ T8237] device hsr_slave_1 entered promiscuous mode [ 59.855423][ T8237] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.881130][ T8240] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.888888][ T8240] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.896533][ T8240] device bridge_slave_0 entered promiscuous mode [ 59.905009][ T8240] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.912125][ T8240] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.919721][ T8240] device bridge_slave_1 entered promiscuous mode [ 59.972868][ T8240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.984664][ T8240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.008455][ T8243] chnl_net:caif_netlink_parms(): no params data found [ 60.042926][ T8234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.056111][ T8240] team0: Port device team_slave_0 added [ 60.067683][ T8240] team0: Port device team_slave_1 added [ 60.103061][ T8243] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.113200][ T8243] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.121512][ T8243] device bridge_slave_0 entered promiscuous mode [ 60.129798][ T8243] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.137141][ T8243] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.144599][ T8243] device bridge_slave_1 entered promiscuous mode [ 60.188951][ T8237] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 60.246777][ T8237] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 60.303380][ T8243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.327242][ T8245] chnl_net:caif_netlink_parms(): no params data found [ 60.336840][ T8237] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 60.397420][ T8243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.420357][ T8248] chnl_net:caif_netlink_parms(): no params data found [ 60.431377][ T8237] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 60.507736][ T8240] device hsr_slave_0 entered promiscuous mode [ 60.545538][ T8240] device hsr_slave_1 entered promiscuous mode [ 60.616174][ T8240] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.637647][ T2708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.646037][ T2708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.655510][ T8234] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.709195][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.718347][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.727050][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.734078][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.741628][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.750097][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.758501][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.765570][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.774168][ T8243] team0: Port device team_slave_0 added [ 60.781953][ T8243] team0: Port device team_slave_1 added [ 60.795675][ T8248] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.802718][ T8248] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.810649][ T8248] device bridge_slave_0 entered promiscuous mode [ 60.821667][ T8248] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.828837][ T8248] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.836888][ T8248] device bridge_slave_1 entered promiscuous mode [ 60.908247][ T8243] device hsr_slave_0 entered promiscuous mode [ 60.965701][ T8243] device hsr_slave_1 entered promiscuous mode [ 61.045475][ T8243] debugfs: Directory 'hsr0' with parent '/' already present! [ 61.079566][ T2708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.088554][ T2708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.098386][ T8240] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 61.136599][ T8245] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.143997][ T8245] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.151679][ T8245] device bridge_slave_0 entered promiscuous mode [ 61.163003][ T8245] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.170140][ T8245] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.177859][ T8245] device bridge_slave_1 entered promiscuous mode [ 61.204548][ T8240] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 61.258891][ T8248] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.271643][ T8249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.280398][ T8249] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.289026][ T8249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.297528][ T8249] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.306476][ T8249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.314630][ T8249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.322885][ T8249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.331208][ T8249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.347210][ T8245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.359020][ T8234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.367156][ T8240] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 61.417900][ T8248] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.444270][ T8238] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.453258][ T8245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.467633][ T8240] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 61.522602][ T8248] team0: Port device team_slave_0 added [ 61.529850][ T8248] team0: Port device team_slave_1 added [ 61.607880][ T8248] device hsr_slave_0 entered promiscuous mode [ 61.656515][ T8248] device hsr_slave_1 entered promiscuous mode [ 61.695398][ T8248] debugfs: Directory 'hsr0' with parent '/' already present! [ 61.707269][ T8237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.736050][ T8243] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 61.767389][ T8243] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 61.819559][ T8245] team0: Port device team_slave_0 added [ 61.832670][ T8243] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 61.867375][ T8243] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 61.917628][ T8249] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 61.925060][ T8249] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 61.934186][ T8245] team0: Port device team_slave_1 added [ 61.947643][ T8234] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.961853][ T8237] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.985061][ T8249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.993204][ T8249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.068492][ T8245] device hsr_slave_0 entered promiscuous mode [ 62.105673][ T8245] device hsr_slave_1 entered promiscuous mode [ 62.145382][ T8245] debugfs: Directory 'hsr0' with parent '/' already present! [ 62.162643][ T8238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.171501][ T8238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.179915][ T8238] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.186981][ T8238] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.194924][ T8238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.203972][ T8238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.212281][ T8238] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.219324][ T8238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.228781][ T8238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.237541][ T8238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.245825][ T8248] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 62.287944][ T8248] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 62.346840][ T8248] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 62.386926][ T8248] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 167.415225][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 167.422009][ C1] rcu: 1-...!: (10499 ticks this GP) idle=596/1/0x4000000000000002 softirq=12244/12244 fqs=143 [ 167.432650][ C1] (t=10500 jiffies g=6081 q=92) [ 167.437581][ C1] rcu: rcu_preempt kthread starved for 10203 jiffies! g6081 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 167.448665][ C1] rcu: RCU grace-period kthread stack dump: [ 167.454543][ C1] rcu_preempt R running task 29032 10 2 0x80004000 [ 167.462443][ C1] Call Trace: [ 167.465729][ C1] __schedule+0x9a0/0xcc0 [ 167.470057][ C1] schedule+0x181/0x210 [ 167.474202][ C1] schedule_timeout+0x14f/0x240 [ 167.479038][ C1] ? run_local_timers+0x120/0x120 [ 167.484056][ C1] rcu_gp_kthread+0xed8/0x1770 [ 167.488824][ C1] kthread+0x332/0x350 [ 167.492878][ C1] ? rcu_report_qs_rsp+0x140/0x140 [ 167.497975][ C1] ? kthread_blkcg+0xe0/0xe0 [ 167.502553][ C1] ret_from_fork+0x24/0x30 [ 167.506969][ C1] NMI backtrace for cpu 1 [ 167.511285][ C1] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.4.0-syzkaller #0 [ 167.519160][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.529213][ C1] Workqueue: events_unbound fsnotify_connector_destroy_workfn [ 167.536647][ C1] Call Trace: [ 167.539915][ C1] [ 167.542760][ C1] dump_stack+0x1fb/0x318 [ 167.547085][ C1] nmi_cpu_backtrace+0xaf/0x1a0 [ 167.551925][ C1] ? nmi_trigger_cpumask_backtrace+0x16d/0x290 [ 167.558064][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 167.564114][ C1] nmi_trigger_cpumask_backtrace+0x174/0x290 [ 167.570080][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 167.575958][ C1] rcu_dump_cpu_stacks+0x15a/0x220 [ 167.581061][ C1] rcu_sched_clock_irq+0xe25/0x1ad0 [ 167.586248][ C1] ? trace_hardirqs_off+0x74/0x80 [ 167.591264][ C1] update_process_times+0x12d/0x180 [ 167.596452][ C1] tick_sched_timer+0x263/0x420 [ 167.601292][ C1] ? tick_setup_sched_timer+0x3d0/0x3d0 [ 167.606822][ C1] __hrtimer_run_queues+0x403/0x840 [ 167.612026][ C1] hrtimer_interrupt+0x38c/0xda0 [ 167.616976][ C1] ? debug_smp_processor_id+0x9/0x20 [ 167.622268][ C1] smp_apic_timer_interrupt+0x109/0x280 [ 167.627815][ C1] apic_timer_interrupt+0xf/0x20 [ 167.632732][ C1] [ 167.635657][ C1] RIP: 0010:__memcg_kmem_uncharge+0x219/0x2e0 [ 167.641707][ C1] Code: 4b 0d 89 e8 59 97 00 00 bf 01 00 00 00 e8 2f e3 9b ff 65 8b 05 d4 fd 4a 7e 85 c0 74 53 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f <5d> c3 49 8d 5f 10 48 89 df be 08 00 00 00 e8 04 c1 fa ff 48 8b 45 [ 167.661300][ C1] RSP: 0018:ffffc90000dd78f8 EFLAGS: 00000292 ORIG_RAX: ffffffffffffff13 [ 167.669693][ C1] RAX: 0000000000000001 RBX: ffffea00025786c0 RCX: 0000000000000000 [ 167.677652][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea00025786c0 [ 167.685627][ C1] RBP: ffffc90000dd78f8 R08: 000000000003a768 R09: ffffed1013003b27 [ 167.693588][ C1] R10: ffffed1013003b27 R11: 0000000000000000 R12: ffff8880a2fede20 [ 167.701549][ C1] R13: dffffc0000000000 R14: 1ffff110145fdbc4 R15: ffff88809801d928 [ 167.709527][ C1] free_thread_stack+0x12e/0x590 [ 167.714454][ C1] put_task_stack+0xa3/0x130 [ 167.719032][ C1] finish_task_switch+0x3f1/0x550 [ 167.724048][ C1] __schedule+0x9a8/0xcc0 [ 167.728373][ C1] ? ___preempt_schedule+0x16/0x18 [ 167.733472][ C1] preempt_schedule+0xdb/0x120 [ 167.738225][ C1] ___preempt_schedule+0x16/0x18 [ 167.743167][ C1] _raw_spin_unlock_irqrestore+0xcc/0xe0 [ 167.748830][ C1] __call_srcu+0x7ab/0xb00 [ 167.753244][ C1] __synchronize_srcu+0x1cf/0x260 [ 167.758251][ C1] ? rcu_read_lock_any_held+0x1a0/0x1a0 [ 167.763794][ C1] synchronize_srcu+0x2cb/0x2f0 [ 167.768635][ C1] fsnotify_connector_destroy_workfn+0x44/0xb0 [ 167.774786][ C1] process_one_work+0x7ef/0x10d0 [ 167.779724][ C1] worker_thread+0xc01/0x1630 [ 167.784411][ C1] kthread+0x332/0x350 [ 167.788468][ C1] ? rcu_lock_release+0x30/0x30 [ 167.793308][ C1] ? kthread_blkcg+0xe0/0xe0 [ 167.797886][ C1] ret_from_fork+0x24/0x30