lowmemorykiller: Killing 'syz-executor.3' (29958) (tgid 29952), adj 1000, to free 51376kB on behalf of 'kswapd0' (33) because cache 360kB is below limit 6144kB for oom_score_adj 0 Free memory is -13264kB above reserved INFO: task syz-executor.2:29954 blocked for more than 140 seconds. Not tainted 4.9.141+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29424 29954 2090 0x00000004 ffff8801d7600000 ffff8801ca54e300 ffff8801c4d25800 ffff8801d1cdaf80 ffff8801db621018 ffff8800612dfbd8 ffffffff828075c2 0000000000000000 ffff8801d76008b0 ffffed003aec0115 00ff8801d7600000 ffff8801db6218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3586 [] __mutex_lock_common kernel/locking/mutex.c:582 [inline] [] mutex_lock_nested+0x38d/0x900 kernel/locking/mutex.c:621 lowmemorykiller: Killing 'syz-executor.3' (29958) (tgid 29952), adj 1000, to free 51376kB on behalf of 'cron' (1953) because cache 296kB is below limit 6144kB for oom_score_adj 0 Free memory is -12720kB above reserved lowmemorykiller: Killing 'syz-executor.3' (29958) (tgid 29952), adj 1000, to free 51376kB on behalf of 'syz-executor.0' (29976) because cache 296kB is below limit 6144kB for oom_score_adj 0 Free memory is -12720kB above reserved [] copy_net_ns+0x155/0x330 net/core/net_namespace.c:406 [] create_new_namespaces+0x501/0x760 kernel/nsproxy.c:106 [] unshare_nsproxy_namespaces+0xa5/0x1d0 kernel/nsproxy.c:205 [] SYSC_unshare kernel/fork.c:2263 [inline] [] SyS_unshare+0x319/0x710 kernel/fork.c:2213 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 3 locks held by kworker/0:1/23: #0: ("%s"("ipv6_addrconf")){.+.+..}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((addr_chk_work).work){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 #2: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 3 locks held by rs:main Q:Reg/1897: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 #1: (sb_writers#4){.+.+.+}, at: [] file_start_write include/linux/fs.h:2640 [inline] #1: (sb_writers#4){.+.+.+}, at: [] vfs_write+0x3eb/0x520 fs/read_write.c:556 #2: (&sb->s_type->i_mutex_key#9){++++++}, at: [] inode_lock include/linux/fs.h:766 [inline] #2: (&sb->s_type->i_mutex_key#9){++++++}, at: [] ext4_file_write_iter+0x122/0xd70 fs/ext4/file.c:100 2 locks held by getty/2027: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: [ 1147.654832] lowmemorykiller: Killing 'syz-executor.3' (29958) (tgid 29952), adj 1000, to free 51376kB on behalf of 'kworker/u4:19' (26918) because cache 296kB is below limit 6144kB for oom_score_adj 0 Free memory is -12720kB above reserved (&ldata->atomic_read_lock){+.+.+.}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&rew.rew_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 5 locks held by kworker/u4:18/15451: #0: ("%s""netns"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: (net_cleanup_work){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 #2: (net_mutex){+.+.+.}, at: [] cleanup_net+0x13f/0x8b0 net/core/net_namespace.c:439 #3: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 #4: (rcu_preempt_state.exp_mutex){+.+...}, at: [] exp_funnel_lock kernel/rcu/tree_exp.h:256 [inline] #4: (rcu_preempt_state.exp_mutex){+.+...}, at: [] _synchronize_rcu_expedited+0x339/0x840 kernel/rcu/tree_exp.h:569 1 lock held by syz-executor.2/29954: #0: (net_mutex){+.+.+.}, at: [] copy_net_ns+0x155/0x330 net/core/net_namespace.c:406 1 lock held by syz-executor.3/29958: #0: (net_mutex){+.+.+.}, at: [] copy_net_ns+0x155/0x330 net/core/net_namespace.c:406 1 lock held by syz-executor.3/29961: #0: (net_mutex){+.+.+.}, at: [] copy_net_ns+0x155/0x330 net/core/net_namespace.c:406 ============================================= oom_reaper: reaped process 29976 (syz-executor.0), now anon-rss:0kB, file-rss:8kB, shmem-rss:0kB warn_alloc: 26 callbacks suppressed syz-executor.0: vmalloc: allocation failure, allocated 217554944 of 3896647680 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 29976 Comm: syz-executor.0 Not tainted 4.9.141+ #1 ffff88004672f718 ffffffff81b42e79 1ffff10008ce5ee5 dffffc0000000000 ffffffff82aa8ba0 0000000000000000 0000000000400000 ffff88004672f860 ffffffff814fc7c8 0000000041b58ab3 ffffffff82e37a10 ffffffff81427db0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc.cold.31+0x7f/0x9c mm/page_alloc.c:3068 [] __vmalloc_area_node mm/vmalloc.c:1661 [inline] [] __vmalloc_node_range+0x3f8/0x600 mm/vmalloc.c:1702 [] __vmalloc_node mm/vmalloc.c:1745 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1759 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1774 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:758 [] translate_table+0x2bb/0x1ba0 net/ipv4/netfilter/arp_tables.c:552 [] do_replace.isra.7+0x1cc/0x470 net/ipv4/netfilter/arp_tables.c:990 [] do_arpt_set_ctl+0xff/0x140 net/ipv4/netfilter/arp_tables.c:1469 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0x88/0xa0 net/ipv4/ip_sockglue.c:1249 [] udp_setsockopt+0x4a/0x90 net/ipv4/udp.c:2110 [] ipv6_setsockopt+0x10a/0x130 net/ipv6/ipv6_sockglue.c:912 [] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2758 [] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1785 [inline] [] SyS_setsockopt+0x166/0x260 net/socket.c:1764 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Mem-Info: active_anon:815754 inactive_anon:594687 isolated_anon:0 active_file:30 inactive_file:46 isolated_file:0 unevictable:173 dirty:42 writeback:0 unstable:0 slab_reclaimable:6768 slab_unreclaimable:73478 mapped:632969 shmem:669931 pagetables:23479 bounce:0 free:895 free_pcp:142 free_cma:0 Node 0 active_anon:3263016kB inactive_anon:2378748kB active_file:120kB inactive_file:184kB unevictable:692kB isolated(anon):0kB isolated(file):0kB mapped:2531876kB dirty:168kB writeback:0kB shmem:2679724kB writeback_tmp:0kB unstable:0kB pages_scanned:9 all_unreclaimable? no DMA32 free:1084kB min:4696kB low:7712kB high:10728kB active_anon:1917644kB inactive_anon:773832kB active_file:56kB inactive_file:4kB unevictable:8kB writepending:0kB present:3145324kB managed:3020132kB mlocked:8kB slab_reclaimable:1720kB slab_unreclaimable:117512kB kernel_stack:11520kB pagetables:31576kB bounce:0kB free_pcp:148kB local_pcp:0kB free_cma:0kB Normal free:2496kB min:5580kB low:9168kB high:12756kB active_anon:1345472kB inactive_anon:1604916kB active_file:64kB inactive_file:180kB unevictable:684kB writepending:168kB present:4718592kB managed:3589316kB mlocked:0kB slab_reclaimable:25352kB slab_unreclaimable:176400kB kernel_stack:18688kB pagetables:62340kB bounce:0kB free_pcp:420kB local_pcp:24kB free_cma:0kB DMA32: 29*4kB (H) 27*8kB (H) 23*16kB (H) 12*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 1084kB 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313617 pages reserved lowmemorykiller: Killing 'syz-executor.3' (29958) (tgid 29952), adj 1000, to free 51376kB on behalf of 'init' (1) because cache 296kB is below limit 6144kB for oom_score_adj 0 Free memory is -33928kB above reserved NMI backtrace for cpu 0 CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000000 0000000000000000 0000000000000002 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 2059 Comm: syz-fuzzer Not tainted 4.9.141+ #1 task: ffff8801cfc9c740 task.stack: ffff8801ce918000 RIP: 0010:[] c [] check_preemption_disabled+0x6/0x200 lib/smp_processor_id.c:12 RSP: 0000:ffff8801ce91f2e0 EFLAGS: 00000293 RAX: ffff8801cfc9c740 RBX: ffff8801cd942f80 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff82b447a0 RDI: ffffffff82b447e0 RBP: ffff8801ce91f2e8 R08: ffff8801cfc9d0b0 R09: 0bdf069b8bf16716 R10: ffff8801cfc9c740 R11: 0000000000000001 R12: ffff8801cd942f80 R13: ffff8801cd943398 R14: ffff8801c75697c0 R15: 0000000000000600 FS: 000000c420152768(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045ddb0 CR3: 00000001d0bad000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Stack: 0000000000000600c ffff8801ce91f2f8c ffffffff81ba7f5cc ffff8801ce91f318c ffffffff81247305c ffff8801ce91f318c ffff8801cd942f80c ffff8801ce91f360c ffffffff8141a11bc ffffffff81419f70c ffff8801c7569f80c ffff8801cd942f80c Call Trace: [] debug_smp_processor_id+0x1c/0x20 lib/smp_processor_id.c:56 [] __rcu_is_watching kernel/rcu/tree.c:1053 [inline] [] rcu_is_watching+0x15/0xa0 kernel/rcu/tree.c:1067 [] rcu_read_lock include/linux/rcupdate.h:876 [inline] [] find_lock_task_mm+0x1ab/0x270 mm/oom_kill.c:112 [] lowmem_scan+0x34f/0xaf0 drivers/staging/android/lowmemorykiller.c:134 [] do_shrink_slab mm/vmscan.c:398 [inline] [] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501 [] shrink_slab mm/vmscan.c:465 [inline] [] shrink_node+0x1ed/0x740 mm/vmscan.c:2602 [] shrink_zones mm/vmscan.c:2749 [inline] [] do_try_to_free_pages mm/vmscan.c:2791 [inline] [] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002 [] __perform_reclaim mm/page_alloc.c:3324 [inline] [] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline] [] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline] [] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862 [] __alloc_pages include/linux/gfp.h:433 [inline] [] __alloc_pages_node include/linux/gfp.h:446 [inline] [] alloc_pages_node include/linux/gfp.h:460 [inline] [] __page_cache_alloc include/linux/pagemap.h:208 [inline] [] __do_page_cache_readahead+0x21a/0x8b0 mm/readahead.c:183 [] ra_submit mm/internal.h:59 [inline] [] do_sync_mmap_readahead mm/filemap.c:2066 [inline] [] filemap_fault+0x924/0x1110 mm/filemap.c:2143 [] ext4_filemap_fault+0x71/0xa0 fs/ext4/inode.c:5853 [] __do_fault+0x223/0x500 mm/memory.c:2833 [] do_read_fault mm/memory.c:3180 [inline] [] do_fault mm/memory.c:3315 [inline] [] handle_pte_fault mm/memory.c:3516 [inline] [] __handle_mm_fault mm/memory.c:3603 [inline] [] handle_mm_fault+0x1326/0x2350 mm/memory.c:3640 [] __do_page_fault+0x403/0xa60 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:951 Code: cff cff ce8 cde cb3 c94 cff c48 c8b c8d cd8 cfe cff cff c48 c8b c85 ce0 cfe cff cff ce9 ce0 cf3 cff cff c66 c2e c0f c1f c84 c00 c00 c00 c00 c00 c90 c55 c48 c89 ce5 c41 c57 c<41> c56 c41 c55 c49 c89 cf5 c41 c54 c49 c89 cfc c53 c48 c83 cec c08 ce8 c04 c3d c77 c