[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   47.216743][   T25] audit: type=1800 audit(1575352071.081:25): pid=8205 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   47.245156][   T25] audit: type=1800 audit(1575352071.081:26): pid=8205 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   47.285738][   T25] audit: type=1800 audit(1575352071.081:27): pid=8205 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts.
2019/12/03 05:48:58 fuzzer started
2019/12/03 05:49:00 dialing manager at 10.128.0.26:38907
2019/12/03 05:49:00 syscalls: 2697
2019/12/03 05:49:00 code coverage: enabled
2019/12/03 05:49:00 comparison tracing: enabled
2019/12/03 05:49:00 extra coverage: extra coverage is not supported by the kernel
2019/12/03 05:49:00 setuid sandbox: enabled
2019/12/03 05:49:00 namespace sandbox: enabled
2019/12/03 05:49:00 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/03 05:49:00 fault injection: enabled
2019/12/03 05:49:00 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/03 05:49:00 net packet injection: enabled
2019/12/03 05:49:00 net device setup: enabled
2019/12/03 05:49:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/12/03 05:49:00 devlink PCI setup: PCI device 0000:00:10.0 is not available
05:49:01 executing program 0:
syz_mount_image$iso9660(&(0x7f0000001240)='iso9660\x00', &(0x7f0000001280)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001400)=ANY=[@ANYBLOB='utf8,hide'])

05:49:01 executing program 1:
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001c008105e00f80ecdb4cb9f207c804a01c0000003f0006000a0002000a0ada1b40d805000500c50083b8", 0x2e}], 0x1}, 0x0)

syzkaller login: [  117.792810][ T8369] IPVS: ftp: loaded support on port[0] = 21
05:49:01 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ipip={{0x8, 0x1, 'ipip\x00'}, {0x14, 0x2, [@IFLA_IPTUN_PMTUDISC={0x8}, @tunl_policy=[@IFLA_IPTUN_TTL={0x8}]]}}}]}, 0x44}}, 0x0)

[  117.960999][ T8369] chnl_net:caif_netlink_parms(): no params data found
[  118.009037][ T8372] IPVS: ftp: loaded support on port[0] = 21
[  118.047037][ T8369] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.054989][ T8369] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.063057][ T8369] device bridge_slave_0 entered promiscuous mode
[  118.117128][ T8369] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.124221][ T8369] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.146523][ T8369] device bridge_slave_1 entered promiscuous mode
05:49:02 executing program 3:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={0x2, 0xd, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, [@sadb_lifetime={0x4, 0x4}, @sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast2, @in=@multicast1}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xc0}}, 0x0)

[  118.229262][ T8369] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  118.275244][ T8369] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  118.297996][ T8372] chnl_net:caif_netlink_parms(): no params data found
[  118.316868][ T8375] IPVS: ftp: loaded support on port[0] = 21
[  118.364365][ T8369] team0: Port device team_slave_0 added
[  118.376458][ T8369] team0: Port device team_slave_1 added
[  118.394121][ T8377] IPVS: ftp: loaded support on port[0] = 21
[  118.439477][ T8369] device hsr_slave_0 entered promiscuous mode
05:49:02 executing program 4:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket(0x2, 0x3, 0x100000001)
setsockopt$inet_group_source_req(r0, 0x0, 0x2f, &(0x7f00000002c0)={0x0, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {{0x2, 0x0, @loopback}}}, 0x108)

[  118.516744][ T8369] device hsr_slave_1 entered promiscuous mode
[  118.645392][ T8372] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.652550][ T8372] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.661818][ T8372] device bridge_slave_0 entered promiscuous mode
05:49:02 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pipe2(&(0x7f0000000140), 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000540)="c3", 0x1, 0x0, 0x0, 0x0)
pipe2(&(0x7f0000000140), 0x0)
pipe2(&(0x7f0000000140), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in, @in6=@loopback}, {@in6, 0x0, 0x33}, @in=@broadcast, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x2, {{'md5\x00'}}}]}, 0x138}}, 0x0)
pipe2(&(0x7f0000000140), 0x0)
pipe2(&(0x7f0000000140), 0x0)
pipe2(&(0x7f0000000140), 0x0)
pipe2(0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x201, 0x0)
ioctl$int_in(r4, 0xc0000840045010, &(0x7f0000000000))
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x2, 0x0, 0x15000, 0x1000, &(0x7f0000007000/0x1000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x73, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  118.697707][ T8372] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.707592][ T8372] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.717370][ T8372] device bridge_slave_1 entered promiscuous mode
[  118.730669][ T8369] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  118.788383][ T8369] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  118.887973][ T8369] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  118.961286][ T8369] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  119.033071][ T8381] IPVS: ftp: loaded support on port[0] = 21
[  119.058247][ T8379] IPVS: ftp: loaded support on port[0] = 21
[  119.071778][ T8372] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.112211][ T8372] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.134310][ T8372] team0: Port device team_slave_0 added
[  119.151937][ T8372] team0: Port device team_slave_1 added
[  119.168999][ T8375] chnl_net:caif_netlink_parms(): no params data found
[  119.212477][ T8377] chnl_net:caif_netlink_parms(): no params data found
[  119.252801][ T8375] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.259985][ T8375] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.267715][ T8375] device bridge_slave_0 entered promiscuous mode
[  119.347958][ T8372] device hsr_slave_0 entered promiscuous mode
[  119.395422][ T8372] device hsr_slave_1 entered promiscuous mode
[  119.456663][ T8372] debugfs: Directory 'hsr0' with parent '/' already present!
[  119.479982][ T8375] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.488000][ T8375] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.496426][ T8375] device bridge_slave_1 entered promiscuous mode
[  119.539609][ T8369] 8021q: adding VLAN 0 to HW filter on device bond0
[  119.551605][ T8375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.564088][ T8375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.599456][ T8372] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  119.646091][ T8377] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.653209][ T8377] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.662842][ T8377] device bridge_slave_0 entered promiscuous mode
[  119.672300][ T8375] team0: Port device team_slave_0 added
[  119.710607][ T8372] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  119.756145][ T8377] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.763307][ T8377] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.771625][ T8377] device bridge_slave_1 entered promiscuous mode
[  119.792013][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  119.800267][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  119.809269][ T8375] team0: Port device team_slave_1 added
[  119.825753][ T8372] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  119.858371][ T8369] 8021q: adding VLAN 0 to HW filter on device team0
[  119.866411][ T8377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.937540][ T8375] device hsr_slave_0 entered promiscuous mode
[  119.975271][ T8375] device hsr_slave_1 entered promiscuous mode
[  120.034905][ T8375] debugfs: Directory 'hsr0' with parent '/' already present!
[  120.043893][ T8372] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  120.097843][ T8377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.116116][ T8381] chnl_net:caif_netlink_parms(): no params data found
[  120.131653][ T8379] chnl_net:caif_netlink_parms(): no params data found
[  120.157057][ T8377] team0: Port device team_slave_0 added
[  120.178762][ T8377] team0: Port device team_slave_1 added
[  120.199074][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  120.208038][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  120.216681][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.223869][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.249310][ T8375] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  120.321163][ T8381] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.328366][ T8381] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.335996][ T8381] device bridge_slave_0 entered promiscuous mode
[  120.348962][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  120.357493][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  120.366545][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  120.375144][ T8388] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.382220][ T8388] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.392272][ T8375] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  120.457347][ T8375] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  120.517950][ T8381] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.525128][ T8381] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.532687][ T8381] device bridge_slave_1 entered promiscuous mode
[  120.552014][ T8381] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.567305][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  120.586368][ T8375] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  120.631208][ T8381] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.666912][ T8381] team0: Port device team_slave_0 added
[  120.673193][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  120.683435][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  120.692388][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  120.701094][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  120.726008][ T8379] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.733079][ T8379] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.741425][ T8379] device bridge_slave_0 entered promiscuous mode
[  120.750035][ T8379] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.757551][ T8379] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.765550][ T8379] device bridge_slave_1 entered promiscuous mode
[  120.817592][ T8377] device hsr_slave_0 entered promiscuous mode
[  120.855043][ T8377] device hsr_slave_1 entered promiscuous mode
[  120.884869][ T8377] debugfs: Directory 'hsr0' with parent '/' already present!
[  120.893301][ T8381] team0: Port device team_slave_1 added
[  120.909505][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  120.917973][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  120.950547][ T8372] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.964381][ T8379] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.986157][ T8369] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  120.996958][ T8369] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  121.014166][ T8389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  121.023257][ T8389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  121.032174][ T8389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  121.040517][ T8389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  121.049093][ T8389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  121.057761][ T8379] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  121.083707][ T8372] 8021q: adding VLAN 0 to HW filter on device team0
[  121.102980][ T8377] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  121.127666][ T8377] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  121.177357][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  121.188495][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  121.268152][ T8381] device hsr_slave_0 entered promiscuous mode
[  121.305168][ T8381] device hsr_slave_1 entered promiscuous mode
[  121.335162][ T8381] debugfs: Directory 'hsr0' with parent '/' already present!
[  121.351336][ T8369] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.366116][ T8377] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  121.407924][ T8379] team0: Port device team_slave_0 added
[  121.413733][ T8377] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  121.458158][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  121.466751][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  121.475528][ T8388] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.482566][ T8388] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.490166][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  121.498391][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  121.505989][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  121.514455][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  121.522930][ T8388] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.529995][ T8388] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.537598][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  121.546582][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  121.564143][ T8372] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  121.577837][ T8372] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  121.601125][ T8379] team0: Port device team_slave_1 added
[  121.634419][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  121.643316][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  121.652321][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  121.661887][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  121.672293][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  121.681096][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  121.689530][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  121.698103][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  121.706459][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  121.715122][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  121.722875][ T8388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  121.767563][ T8379] device hsr_slave_0 entered promiscuous mode
[  121.794989][ T8379] device hsr_slave_1 entered promiscuous mode
[  121.845090][ T8379] debugfs: Directory 'hsr0' with parent '/' already present!
[  121.893694][ T8375] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.920028][ T8372] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.943640][ T8381] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  121.971258][ T8393] ISOFS: Unable to identify CD-ROM format.
[  226.934680][    C0] rcu: INFO: rcu_preempt self-detected stall on CPU
[  226.941460][    C0] rcu: 	0-...!: (10499 ticks this GP) idle=8aa/1/0x4000000000000002 softirq=11361/11361 fqs=40 
[  226.952121][    C0] 	(t=10501 jiffies g=6693 q=148)
[  226.957158][    C0] rcu: rcu_preempt kthread starved for 10422 jiffies! g6693 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  226.968259][    C0] rcu: RCU grace-period kthread stack dump:
[  226.974147][    C0] rcu_preempt     R  running task    29032    10      2 0x80004000
[  226.982036][    C0] Call Trace:
[  226.985339][    C0]  __schedule+0x9a0/0xcc0
[  226.989715][    C0]  schedule+0x181/0x210
[  226.993880][    C0]  schedule_timeout+0x14f/0x240
[  226.998749][    C0]  ? run_local_timers+0x120/0x120
[  227.003903][    C0]  rcu_gp_kthread+0xed8/0x1770
[  227.008676][    C0]  kthread+0x332/0x350
[  227.012761][    C0]  ? rcu_report_qs_rsp+0x140/0x140
[  227.017875][    C0]  ? kthread_blkcg+0xe0/0xe0
[  227.022456][    C0]  ret_from_fork+0x24/0x30
[  227.027001][    C0] NMI backtrace for cpu 0
[  227.031345][    C0] CPU: 0 PID: 8340 Comm: udevd Not tainted 5.4.0-syzkaller #0
[  227.038799][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  227.048855][    C0] Call Trace:
[  227.052155][    C0]  <IRQ>
[  227.055014][    C0]  dump_stack+0x1fb/0x318
[  227.059352][    C0]  nmi_cpu_backtrace+0xaf/0x1a0
[  227.064197][    C0]  ? nmi_trigger_cpumask_backtrace+0x16d/0x290
[  227.070373][    C0]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  227.076455][    C0]  nmi_trigger_cpumask_backtrace+0x174/0x290
[  227.082793][    C0]  arch_trigger_cpumask_backtrace+0x10/0x20
[  227.088804][    C0]  rcu_dump_cpu_stacks+0x15a/0x220
[  227.093916][    C0]  rcu_sched_clock_irq+0xe25/0x1ad0
[  227.099105][    C0]  ? trace_hardirqs_off+0x74/0x80
[  227.104149][    C0]  update_process_times+0x12d/0x180
[  227.109345][    C0]  tick_sched_timer+0x263/0x420
[  227.114207][    C0]  ? tick_setup_sched_timer+0x3d0/0x3d0
[  227.119772][    C0]  __hrtimer_run_queues+0x403/0x840
[  227.124996][    C0]  hrtimer_interrupt+0x38c/0xda0
[  227.129954][    C0]  ? debug_smp_processor_id+0x9/0x20
[  227.135348][    C0]  smp_apic_timer_interrupt+0x109/0x280
[  227.140900][    C0]  apic_timer_interrupt+0xf/0x20
[  227.145828][    C0]  </IRQ>
[  227.148764][    C0] RIP: 0010:mod_memcg_page_state+0x123/0x190
[  227.154738][    C0] Code: e8 f2 9e 69 00 48 83 3d 12 22 c2 07 00 74 70 e8 e3 27 2e 00 4c 89 ff 57 9d 0f 1f 44 00 00 e8 f4 c2 33 00 eb 43 e8 cd 27 2e 00 <eb> 3c e8 86 c0 33 00 48 c7 c0 28 96 0a 89 48 c1 e8 03 42 80 3c 20
[  227.174329][    C0] RSP: 0018:ffffc900029d7638 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[  227.182748][    C0] RAX: ffffffff81487433 RBX: 0000000000000000 RCX: ffff888091f7a080
[  227.190736][    C0] RDX: 0000000000000000 RSI: 00000000fffffffc RDI: ffffea000235e500
[  227.198714][    C0] RBP: ffffc900029d7658 R08: 000000000003a768 R09: ffffed1012b926d7
[  227.206676][    C0] R10: ffffed1012b926d7 R11: 0000000000000000 R12: dffffc0000000000
[  227.214640][    C0] R13: dffffc0000000000 R14: 00000000fffffffc R15: ffff888095c936a8
[  227.222623][    C0]  ? mod_memcg_page_state+0x123/0x190
[  227.227988][    C0]  ? mod_memcg_page_state+0x123/0x190
[  227.233347][    C0]  free_thread_stack+0x168/0x590
[  227.238281][    C0]  put_task_stack+0xa3/0x130
[  227.242862][    C0]  finish_task_switch+0x3f1/0x550
[  227.247878][    C0]  __schedule+0x9a8/0xcc0
[  227.252208][    C0]  preempt_schedule_irq+0xc1/0x140
[  227.257315][    C0]  retint_kernel+0x1b/0x2b
[  227.261740][    C0] RIP: 0010:lock_acquire+0x1b2/0x250
[  227.267015][    C0] Code: c1 e8 03 42 80 3c 30 00 74 0c 48 c7 c7 28 96 0a 89 e8 b2 7e 56 00 48 83 3d d2 01 af 07 00 0f 84 9c 00 00 00 48 8b 7d c0 57 9d <0f> 1f 44 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 44 89
[  227.286605][    C0] RSP: 0018:ffffc900029d78b8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff02
[  227.295003][    C0] RAX: 1ffffffff12152c5 RBX: 0000000000000000 RCX: e668264dc84383e6
[  227.302960][    C0] RDX: dffffc0000000000 RSI: ffff888091f7a918 RDI: 0000000000000286
[  227.311005][    C0] RBP: ffffc900029d7910 R08: dffffc0000000000 R09: fffffbfff13c851d
[  227.319071][    C0] R10: fffffbfff13c851d R11: 0000000000000000 R12: 0000000000000000
[  227.327062][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff890d4bc0
[  227.335077][    C0]  ? stack_trace_save+0x150/0x150
[  227.340091][    C0]  rcu_lock_acquire+0x2e/0x40
[  227.344759][    C0]  ? rcu_lock_acquire+0x9/0x40
[  227.349515][    C0]  is_bpf_text_address+0x2a/0x370
[  227.354527][    C0]  ? is_module_text_address+0xe1/0x150
[  227.360072][    C0]  ? stack_trace_save+0x150/0x150
[  227.365084][    C0]  __kernel_text_address+0x9a/0x110
[  227.370597][    C0]  unwind_get_return_address+0x4c/0x90
[  227.376051][    C0]  arch_stack_walk+0x98/0xe0
[  227.380641][    C0]  stack_trace_save+0xb6/0x150
[  227.385399][    C0]  __kasan_kmalloc+0x11c/0x1b0
[  227.390147][    C0]  ? __kasan_kmalloc+0x11c/0x1b0
[  227.395065][    C0]  ? kasan_slab_alloc+0xf/0x20
[  227.399815][    C0]  ? kmem_cache_alloc+0x1f5/0x2e0
[  227.404820][    C0]  ? getname_flags+0xba/0x640
[  227.409479][    C0]  ? user_path_at_empty+0x2d/0x50
[  227.414486][    C0]  ? __se_sys_newstat+0x4b/0x150
[  227.419409][    C0]  ? __x64_sys_newstat+0x5b/0x70
[  227.424332][    C0]  ? do_syscall_64+0xf7/0x1c0
[  227.428995][    C0]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  227.435049][    C0]  ? rcu_read_lock_sched_held+0x10b/0x170
[  227.440768][    C0]  ? trace_mm_page_alloc+0x18c/0x1f0
[  227.446040][    C0]  ? cache_grow_end+0x143/0x170
[  227.450891][    C0]  ? do_raw_spin_unlock+0x136/0x260
[  227.456080][    C0]  ? _raw_spin_unlock+0x27/0x40
[  227.460921][    C0]  ? cache_grow_end+0x143/0x170
[  227.465760][    C0]  ? kmem_cache_alloc+0x194/0x2e0
[  227.470773][    C0]  kasan_slab_alloc+0xf/0x20
[  227.475347][    C0]  kmem_cache_alloc+0x1f5/0x2e0
[  227.480182][    C0]  ? getname_flags+0xba/0x640
[  227.484846][    C0]  getname_flags+0xba/0x640
[  227.489334][    C0]  ? check_preemption_disabled+0x44/0x260
[  227.495041][    C0]  user_path_at_empty+0x2d/0x50
[  227.499888][    C0]  __se_sys_newstat+0x4b/0x150
[  227.504638][    C0]  ? debug_smp_processor_id+0x1c/0x20
[  227.509996][    C0]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  227.516047][    C0]  ? prepare_exit_to_usermode+0x221/0x5b0
[  227.521754][    C0]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[  227.527456][    C0]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  227.532932][    C0]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[  227.538670][    C0]  ? do_syscall_64+0x1d/0x1c0
[  227.543471][    C0]  __x64_sys_newstat+0x5b/0x70
[  227.548247][    C0]  do_syscall_64+0xf7/0x1c0
[  227.552760][    C0]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  227.558646][    C0] RIP: 0033:0x7f9a1eb40c65
[  227.563053][    C0] Code: 00 00 00 e8 5d 01 00 00 48 83 c4 18 c3 90 90 90 90 90 90 90 90 83 ff 01 48 89 f0 77 18 48 89 c7 48 89 d6 b8 04 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 17 f3 c3 90 48 8b 05 a1 51 2b 00 64 c7 00 16
[  227.582668][    C0] RSP: 002b:00007fff8a0bc1c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  227.591065][    C0] RAX: ffffffffffffffda RBX: 00007fff8a0bc260 RCX: 00007f9a1eb40c65
[  227.599031][    C0] RDX: 00007fff8a0bc1d0 RSI: 00007fff8a0bc1d0 RDI: 00007fff8a0bc260
[  227.607004][    C0] RBP: 00000000016105f0 R08: 00007fff8a0bc270 R09: 00007f9a1eb97790
[  227.614961][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000015fe250
[  227.622921][    C0] R13: 0000000000000000 R14: 00007fff8a0bc6d0 R15: 0000000000000001