INFO: task syz-executor5:20720 blocked for more than 140 seconds. Not tainted 4.19.0-rc8+ #295 oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor5 D 18936 20720 5471 0x00000004 Call Trace: out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120 context_switch kernel/sched/core.c:2825 [inline] __schedule+0x86c/0x1ed0 kernel/sched/core.c:3473 __alloc_pages_may_oom mm/page_alloc.c:3522 [inline] __alloc_pages_slowpath+0x230f/0x2d70 mm/page_alloc.c:4235 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] kmem_getpages mm/slab.c:1409 [inline] cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 schedule+0xfe/0x460 kernel/sched/core.c:3517 fallback_alloc+0x203/0x2e0 mm/slab.c:3219 ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 __do_cache_alloc mm/slab.c:3356 [inline] slab_alloc mm/slab.c:3384 [inline] kmem_cache_alloc+0x1f8/0x730 mm/slab.c:3552 getname_flags+0xd0/0x5a0 fs/namei.c:140 user_path_at_empty+0x2d/0x50 fs/namei.c:2608 user_path_at include/linux/namei.h:57 [inline] vfs_statx+0x129/0x210 fs/stat.c:185 vfs_stat include/linux/fs.h:3113 [inline] __do_sys_newstat+0x8f/0x110 fs/stat.c:337 __se_sys_newstat fs/stat.c:333 [inline] __x64_sys_newstat+0x54/0x80 fs/stat.c:333 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fe4f930dc65 Code: Bad RIP value. __lock_sock+0x1fb/0x350 net/core/sock.c:2312 RSP: 002b:00007ffe15b5b0e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 RAX: ffffffffffffffda RBX: 00007ffe15b5b320 RCX: 00007fe4f930dc65 RDX: 00007ffe15b5b320 RSI: 00007ffe15b5b320 RDI: 0000000000407545 RBP: 0000000000000000 R08: 0000000000844240 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00007ffe15b5b820 R14: 0000000000000000 R15: 0000000000000000 Mem-Info: active_anon:133293 inactive_anon:112 isolated_anon:0 active_file:31 inactive_file:37 isolated_file:17 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:12016 slab_unreclaimable:1376893 mapped:49171 shmem:120 pagetables:977 bounce:0 free:24418 free_pcp:42 free_cma:0 Node 0 active_anon:533172kB inactive_anon:448kB active_file:124kB inactive_file:148kB unevictable:0kB isolated(anon):0kB isolated(file):68kB mapped:196684kB dirty:0kB writeback:0kB shmem:480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 512000kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2819 6323 6323 Node 0 DMA32 free:43780kB min:30060kB low:37572kB high:45084kB active_anon:8192kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: lock_sock_nested+0xfe/0x120 net/core/sock.c:2834 0 0 3503 3503 Node 0 Normal free:36932kB min:37352kB low:46688kB high:56024kB active_anon:524980kB inactive_anon:448kB active_file:200kB inactive_file:276kB unevictable:0kB writepending:0kB present:4718592kB managed:3588044kB mlocked:0kB kernel_stack:5856kB pagetables:3908kB bounce:0kB free_pcp:988kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: lock_sock include/net/sock.h:1491 [inline] sctp_wait_for_connect+0x3ae/0x640 net/sctp/socket.c:8669 0 0 0 0 Node 0 DMA: sctp_sendmsg_to_asoc+0x1d0f/0x2230 net/sctp/socket.c:1985 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 5*4kB (ME) 2*8kB (UE) 4*16kB (UME) 3*32kB (ME) 5*64kB (ME) 4*128kB (ME) 5*256kB (UME) 5*512kB (UME) 4*1024kB (UME) 3*2048kB (UME) 7*4096kB (M) = 43780kB Node 0 Normal: 879*4kB (UMEH) 734*8kB (MH) 439*16kB (MEH) 252*32kB (UMEH) 96*64kB (UMEH) 23*128kB (UMH) 3*256kB (UH) 0*512kB 1*1024kB (E) 1*2048kB (U) 0*4096kB = 37404kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 206 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 sctp_sendmsg+0x13c2/0x1da0 net/sctp/socket.c:2131 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 342307 pages reserved 0 pages cma reserved Unreclaimable slab info: Name Used Total pid_3 1KB 7KB inet_sendmsg+0x1a1/0x690 net/ipv4/af_inet.c:798 pid_2 137KB 164KB TIPC 10KB 14KB rds_tcp_connection 4KB 7KB rds_connection 1KB 3KB SCTPv6 14KB 18KB sctp_chunk 1193137KB 1193137KB sctp_bind_bucket 1KB 7KB DCCPv6 17KB 21KB DCCP 16KB 20KB ccid2_hc_tx_sock 5KB 6KB ccid2_hc_rx_sock 0KB 3KB dccp_ackvec_record 0KB 3KB dccp_ackvec 2KB 7KB dccp_bind_bucket 0KB 4KB kcm_mux_cache 1KB 7KB bridge_fdb_cache 8KB 15KB xfrm6_tunnel_spi 0KB 4KB fib6_nodes 76KB 92KB ip6_dst_cache 229KB 285KB RAWv6 68KB 71KB UDPv6 3KB 3KB sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 TCPv6 23KB 29KB __sys_sendto+0x3d7/0x670 net/socket.c:1788 nf_conntrack 63KB 157KB ashmem_area_cache 0KB 3KB AF_VSOCK 3KB 7KB sd_ext_cdb 0KB 3KB scsi_sense_cache 1056KB 1060KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 6KB sgpool-32 2KB 7KB sgpool-16 1KB 3KB sgpool-8 0KB 3KB mqueue_inode_cache 11KB 14KB bio_post_read_ctx 14KB 15KB bio-2 14KB 19KB jfs_mp 7KB 7KB fuse_request 5KB 16KB nfs_commit_data 3KB 7KB nfs_write_data 34KB 37KB ecryptfs_sb_cache 0KB 3KB ext4_system_zone 0KB 3KB kioctx 3KB 7KB aio_kiocb 1KB 8KB userfaultfd_ctx_cache 4KB 7KB bio-1 1KB 3KB __do_sys_sendto net/socket.c:1800 [inline] __se_sys_sendto net/socket.c:1796 [inline] __x64_sys_sendto+0xe1/0x1a0 net/socket.c:1796 fasync_cache 0KB 4KB do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 pid_namespace 5KB 11KB posix_timers_cache 3KB 11KB kvm_async_pf 0KB 3KB rpc_buffers 19KB 19KB entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457569 Code: Bad RIP value. RSP: 002b:00007fb9c5846c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000007 rpc_tasks 2KB 3KB RBP: 000000000072bf00 R08: 000000002005ffe4 R09: 000000000000001c UNIX 18KB 18KB R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb9c58476d4 tcp_bind_bucket 21KB 32KB R13: 00000000004c3921 R14: 00000000004d57d8 R15: 00000000ffffffff inet_peer_cache 31KB 32KB Showing all locks held in the system: xfrm_state 28KB 32KB 5 locks held by init/1: ip_fib_trie 12KB 15KB ip_fib_alias 53KB 67KB ip_dst_cache 151KB 252KB 1 lock held by khungtaskd/982: RAW 40KB 43KB #0: UDP 16KB 19KB TCP 8KB 16KB hugetlbfs_inode_cache 2KB 7KB fscache_cookie_jar 1KB 7KB eventpoll_pwq 24KB 47KB eventpoll_epi 45KB 78KB inotify_inode_mark 44KB 74KB request_queue 160KB 160KB blkdev_requests 2KB 3KB blkdev_ioc 10KB 19KB bio-0 2606KB 2606KB biovec-max 2268KB 2268KB biovec-64 315KB 315KB biovec-16 401KB 401KB bio_integrity_payload 1KB 4KB 000000006eef302b khugepaged_mm_slot 18KB 23KB user_namespace 4KB 7KB dmaengine-unmap-256 2KB 6KB dmaengine-unmap-128 1KB 3KB dmaengine-unmap-16 0KB 4KB dmaengine-unmap-2 0KB 3KB (rcu_read_lock skbuff_fclone_cache 1011KB 1522KB skbuff_head_cache 1194963KB 1194963KB configfs_dir_cache 0KB 4KB file_lock_cache 2KB 3KB file_lock_ctx 1KB 7KB ){....}, at: debug_show_all_locks+0xd0/0x424 kernel/locking/lockdep.c:4435 2 locks held by udevd/3193: #0: fsnotify_mark_connector 26KB 43KB 0000000016fd6b99 (&mm->mmap_sem){++++}, at: __do_page_fault+0x3e3/0xed0 arch/x86/mm/fault.c:1324 #1: 00000000ee2d1c9d (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7a/0xad fs/ext4/inode.c:6258 net_namespace 51KB 51KB shmem_inode_cache 4711KB 4934KB task_delay_info 80KB 233KB taskstats 122KB 153KB proc_dir_entry 585KB 637KB pde_opener 2KB 7KB 2 locks held by rs:main Q:Reg/5205: #0: 00000000c714b746 (&mm->mmap_sem){++++}, at: __do_page_fault+0x3e3/0xed0 arch/x86/mm/fault.c:1324 #1: 000000006f94a4b4 (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7a/0xad fs/ext4/inode.c:6258 seq_file 276KB 334KB 2 locks held by rsyslogd/5207: 2 locks held by getty/5298: sigqueue 363KB 370KB kernfs_node_cache 11313KB 11359KB #0: 000000000126994f (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 mnt_cache 113KB 144KB filp 3575KB 4455KB names_cache 91345KB 91345KB #1: 000000002d2ae2a5 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 iint_cache 74KB 79KB 2 locks held by getty/5299: key_jar 18KB 22KB uts_namespace 3KB 3KB #0: 00000000870951f2 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 nsproxy 4KB 7KB #1: 000000005070b342 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 vm_area_struct 5747KB 8836KB mm_struct 809KB 1670KB 2 locks held by getty/5300: #0: 00000000f6d4f820 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 fs_cache 71KB 248KB #1: 00000000e2d3fc7d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 files_cache 267KB 510KB signal_cache 628KB 1128KB sighand_cache 376KB 409KB 2 locks held by getty/5301: task_struct 2772KB 2772KB #0: 00000000b4a6834d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 cred_jar 495KB 1492KB anon_vma_chain 3403KB 4421KB anon_vma 124KB 346KB #1: 00000000d007680f (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 pid 55KB 140KB Acpi-Operand 106KB 158KB 2 locks held by getty/5302: Acpi-Namespace 19KB 23KB #0: 00000000dd5ff8d7 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 shared_policy_node 0KB 3KB #1: 00000000b84795ab (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 numa_policy 0KB 3KB 2 locks held by getty/5303: #0: 0000000075a1b7d9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 debug_objects_cache 1056KB 1172KB trace_event_file 258KB 258KB ftrace_event_field 372KB 374KB #1: 00000000398a9856 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 pool_workqueue 93KB 96KB task_group 7KB 7KB 2 locks held by getty/5304: #0: 000000001169963a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 page->ptl 1577KB 2945KB kmalloc-4194304 8192KB 8192KB kmalloc-2097152 2050KB 2050KB #1: 00000000aca74135 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by syz-fuzzer/5322: kmalloc-524288 2056KB 2056KB kmalloc-262144 1548KB 1548KB kmalloc-131072 2860KB 2860KB #0: kmalloc-65536 20196KB 20196KB kmalloc-32768 924KB 924KB kmalloc-16384 924KB 924KB kmalloc-8192 2301KB 2301KB 000000002f2d996a kmalloc-4096 20344KB 20344KB kmalloc-2048 10159KB 11672KB (&mm->mmap_sem){++++}, at: __do_page_fault+0x3e3/0xed0 arch/x86/mm/fault.c:1324 #1: 000000002d891b1b (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7a/0xad fs/ext4/inode.c:6258 kmalloc-1024 7524KB 9142KB kmalloc-512 2390730KB 2390730KB 2 locks held by syz-fuzzer/5324: 2 locks held by syz-fuzzer/5327: kmalloc-256 1882KB 2366KB #0: kmalloc-128 1119KB 1326KB 000000002f2d996a (&mm->mmap_sem){++++}, at: __do_page_fault+0x3e3/0xed0 arch/x86/mm/fault.c:1324 kmalloc-96 2330KB 3464KB #1: 000000002d891b1b (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7a/0xad fs/ext4/inode.c:6258 kmalloc-64 1317KB 1688KB 1 lock held by udevd/11824: 2 locks held by udevd/13604: kmalloc-32 1832KB 1972KB kmalloc-192 865KB 1096KB #0: 0000000092a3f355 (&mm->mmap_sem){++++}, at: __do_page_fault+0x3e3/0xed0 arch/x86/mm/fault.c:1324 kmem_cache 290KB 292KB Out of memory: Kill process 20649 (syz-executor4) score 1004 or sacrifice child #1: 00000000ee2d1c9d (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7a/0xad fs/ext4/inode.c:6258 1 lock held by syz-executor5/20728: #0: 00000000da551b2b (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1491 [inline] #0: 00000000da551b2b (sk_lock-AF_INET6){+.+.}, at: sctp_sendmsg+0x1425/0x1da0 net/sctp/socket.c:2070 Killed process 20649 (syz-executor4) total-vm:70472kB, anon-rss:2216kB, file-rss:32640kB, shmem-rss:0kB ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 982 Comm: khungtaskd Not tainted 4.19.0-rc8+ #295 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b6 lib/dump_stack.c:113 nmi_cpu_backtrace.cold.3+0x63/0xa2 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1b3/0x1ed lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline] watchdog+0xb3e/0x1050 kernel/hung_task.c:265 kthread+0x35a/0x420 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413 Sending NMI from CPU 0 to CPUs 1: INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 2.159 msecs NMI backtrace for cpu 1 CPU: 1 PID: 5207 Comm: rsyslogd Not tainted 4.19.0-rc8+ #295 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:mmu_shrink_count+0x1/0x20 arch/x86/kvm/mmu.c:5861 Code: 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e8 e7 38 6e 00 c6 05 30 7f 1d 09 00 5d c3 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 <48> 89 e5 e8 c7 38 6e 00 48 8b 05 48 7e 1d 09 ba 00 00 00 00 48 85 RSP: 0000:ffff8801bdc5df80 EFLAGS: 00000246 RAX: ffffffff81107300 RBX: 0000000000000000 RCX: ffffffff81a672a5 RDX: 1ffffffff12599c4 RSI: ffff8801bdc5e240 RDI: ffffffff892cce20 RBP: ffff8801bdc5e178 R08: ffff8801be1f4600 R09: ffffed003b5e4732 R10: ffffed003b5e4732 R11: ffff8801daf23993 R12: ffff8801bdc5e240 R13: ffffffff892cce20 R14: 0000000000000080 R15: ffffffff892cce20 FS: 00007f4f14278700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000041cbc7 CR3: 00000001be482000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: shrink_slab+0x389/0x8c0 mm/vmscan.c:696 shrink_node+0x431/0x16b0 mm/vmscan.c:2745 shrink_zones mm/vmscan.c:2974 [inline] do_try_to_free_pages+0x3e7/0x1290 mm/vmscan.c:3036 try_to_free_pages+0x4d0/0xb90 mm/vmscan.c:3251 __perform_reclaim mm/page_alloc.c:3769 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3790 [inline] __alloc_pages_slowpath+0x9c4/0x2d70 mm/page_alloc.c:4191 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 alloc_pages_current+0x10c/0x210 mm/mempolicy.c:2093 alloc_pages include/linux/gfp.h:509 [inline] __page_cache_alloc+0x38f/0x5b0 mm/filemap.c:946 __do_page_cache_readahead+0x383/0x980 mm/readahead.c:195 ra_submit mm/internal.h:66 [inline] do_sync_mmap_readahead mm/filemap.c:2444 [inline] filemap_fault+0xf4d/0x25f0 mm/filemap.c:2520 ext4_filemap_fault+0x82/0xad fs/ext4/inode.c:6259 __do_fault+0x100/0x6b0 mm/memory.c:3240 do_read_fault mm/memory.c:3652 [inline] do_fault mm/memory.c:3752 [inline] handle_pte_fault mm/memory.c:3983 [inline] __handle_mm_fault+0x3709/0x53e0 mm/memory.c:4107 handle_mm_fault+0x54f/0xc70 mm/memory.c:4144 __do_page_fault+0x67d/0xed0 arch/x86/mm/fault.c:1395 do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1470 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1161 RIP: 0033:0x41cbc7 Code: Bad RIP value. RSP: 002b:00007f4f14277d50 EFLAGS: 00010203 RAX: 00000000025d16c8 RBX: 00000000025d15a0 RCX: 3937202020202020 RDX: 00000000424b3937 RSI: 00007f4f15aad5dd RDI: 00000000025d1702 RBP: 00000000025d16c8 R08: 686361635f746e69 R09: 2020202020202065 R10: 2020202020202020 R11: 202020424b343720 R12: 0000000000000000 R13: 000000000000003a R14: 00007f4f15aad5a3 R15: 00007f4f15aad30c