Out of memory: Kill process 31416 (syz-executor.5) score 1002 or sacrifice child Killed process 31416 (syz-executor.5) total-vm:57196kB, anon-rss:2436kB, file-rss:14144kB, shmem-rss:0kB oom_reaper: reaped process 31416 (syz-executor.5), now anon-rss:0kB, file-rss:14144kB, shmem-rss:0kB INFO: task syz-executor.5:4388 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 kworker/u4:2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D26928 4388 4340 0x00000000 kworker/u4:2 cpuset=/ mems_allowed=0-1 CPU: 0 PID: 87 Comm: kworker/u4:2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_unbound call_usermodehelper_exec_work IPVS: ftp: loaded support on port[0] = 21 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 dump_header+0x15d/0xc3f mm/oom_kill.c:443 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 out_of_memory mm/oom_kill.c:1132 [inline] out_of_memory+0x34d/0x1390 mm/oom_kill.c:1064 IPVS: ftp: loaded support on port[0] = 21 __alloc_pages_may_oom mm/page_alloc.c:3553 [inline] __alloc_pages_slowpath mm/page_alloc.c:4255 [inline] __alloc_pages_nodemask+0x23a2/0x2890 mm/page_alloc.c:4419 __alloc_pages include/linux/gfp.h:496 [inline] __alloc_pages_node include/linux/gfp.h:509 [inline] alloc_pages_node include/linux/gfp.h:523 [inline] alloc_thread_stack_node kernel/fork.c:240 [inline] dup_task_struct kernel/fork.c:811 [inline] copy_process.part.0+0x3cf/0x8260 kernel/fork.c:1753 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 kernel_thread+0x2f/0x40 kernel/fork.c:2278 call_usermodehelper_exec_work kernel/umh.c:199 [inline] call_usermodehelper_exec_work+0x16d/0x260 kernel/umh.c:185 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 IPVS: ftp: loaded support on port[0] = 21 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 Mem-Info: active_anon:191268 inactive_anon:9101 isolated_anon:0 active_file:72 inactive_file:49 isolated_file:36 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:53325 slab_unreclaimable:1232303 mapped:11542 shmem:10673 pagetables:59644 bounce:0 free:24589 free_pcp:186 free_cma:0 Node 0 active_anon:758496kB inactive_anon:34384kB active_file:12kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:45664kB dirty:0kB writeback:0kB shmem:40672kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 188416kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 1 active_anon:6576kB inactive_anon:2020kB active_file:152kB inactive_file:188kB unevictable:0kB isolated(anon):0kB isolated(file):36kB mapped:404kB dirty:0kB writeback:0kB shmem:2020kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:10952kB min:204kB low:252kB high:300kB active_anon:4kB inactive_anon:1020kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:88kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2693 2695 2695 2695 Node 0 DMA32 free:33768kB min:35996kB low:44992kB high:53988kB active_anon:758492kB inactive_anon:33364kB active_file:12kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:29376kB pagetables:56460kB bounce:0kB free_pcp:184kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 1 1 1 Node 0 Normal free:0kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:53636kB min:53876kB low:67344kB high:80812kB active_anon:6576kB inactive_anon:2020kB active_file:228kB inactive_file:120kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:103712kB pagetables:182028kB bounce:0kB free_pcp:664kB local_pcp:632kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 4*4kB (UM) 3*8kB (M) 4*16kB (UME) 3*32kB (ME) 2*64kB (M) 5*128kB (UE) 5*256kB (UME) 3*512kB (UME) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10952kB Node 0 DMA32: 604*4kB (UME) 875*8kB (ME) 634*16kB (ME) 445*32kB (M) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33800kB Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB Node 1 Normal: 23*4kB (UM) 256*8kB (UM) 212*16kB (UM) 197*32kB (UM) 7*64kB (UM) 1*128kB (M) 5*256kB (UM) 2*512kB (ME) 2*1024kB (ME) 2*2048kB (UE) 8*4096kB (M) = 53628kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10753 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 2097051 pages RAM 0 pages HighMem/MovableOnly 369649 pages reserved 0 pages cma reserved Unreclaimable slab info: Name Used Total pid_2 329KB 552KB batadv_tl_cache 4KB 12KB TIPC 2943KB 2947KB SCTPv6 8066KB 8068KB SCTP 11KB 11KB sctp_chunk 2KB 3KB sctp_bind_bucket 0KB 3KB DCCPv6 9760KB 9765KB DCCP 9272KB 9276KB RXRPC 3189KB 3191KB rxrpc_call_jar 22072KB 22073KB bridge_fdb_cache 9KB 15KB fib6_nodes 169KB 252KB ip6_dst_cache 206KB 498KB RAWv6 39629KB 39629KB UDPLITEv6 1KB 3KB UDPv6 3755KB 3757KB tw_sock_TCPv6 0KB 3KB TCPv6 5997KB 6000KB nf_conntrack 201KB 213KB t10_alua_lu_gp_cache 0KB 3KB sd_ext_cdb 0KB 7KB scsi_sense_cache 1056KB 1060KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 12KB sgpool-32 2KB 15KB sgpool-16 1KB 7KB sgpool-8 0KB 7KB mqueue_inode_cache 18KB 30KB bio_post_read_ctx 14KB 15KB bio-2 14KB 15KB jfs_mp 7KB 7KB cifs_small_rq 15KB 16KB cifs_request 67KB 67KB cifs_mpx_ids 0KB 7KB nfs_commit_data 3KB 14KB nfs_write_data 34KB 44KB ext4_system_zone 1KB 7KB dio 3KB 7KB bio-1 1KB 7KB pid_namespace 2KB 7KB kvm_vcpu 23KB 23KB rpc_buffers 17KB 25KB rpc_tasks 2KB 7KB UNIX 196KB 198KB tcp_bind_bucket 247KB 252KB inet_peer_cache 0KB 4KB xfrm_state 2KB 4KB ip_fib_trie 23KB 35KB ip_fib_alias 110KB 158KB ip_dst_cache 9KB 80KB RAW 23490KB 23490KB UDP 6631KB 6635KB request_sock_TCP 0KB 3KB TCP 180KB 185KB hugetlbfs_inode_cache 3KB 15KB fscache_cookie_jar 1KB 7KB eventpoll_pwq 17KB 35KB eventpoll_epi 32KB 43KB inotify_inode_mark 6KB 23KB request_queue 196KB 196KB blkdev_requests 1KB 3KB blkdev_ioc 42KB 42KB bio-0 10833KB 10833KB biovec-max 4405KB 4405KB biovec-64 8759KB 8764KB biovec-16 2059KB 2062KB bio_integrity_payload 1KB 8KB khugepaged_mm_slot 247KB 384KB user_namespace 2KB 7KB uid_cache 0KB 4KB dmaengine-unmap-2 0KB 3KB skbuff_fclone_cache 26KB 30KB skbuff_head_cache 15803KB 15817KB configfs_dir_cache 3KB 7KB file_lock_cache 12KB 19KB file_lock_ctx 9KB 11KB fsnotify_mark_connector 2KB 15KB net_namespace 34247KB 34247KB shmem_inode_cache 7953KB 8201KB task_delay_info 1361KB 2118KB taskstats 12KB 61KB proc_dir_entry 177190KB 177191KB pde_opener 2KB 3KB seq_file 133KB 137KB sigqueue 157KB 161KB kernfs_node_cache 509655KB 509658KB mnt_cache 288KB 312KB filp 4941KB 5992KB names_cache 60137KB 60158KB iint_cache 63KB 87KB key_jar 9KB 18KB uts_namespace 3KB 7KB nsproxy 341KB 343KB vm_area_struct 35360KB 35361KB mm_struct 6729KB 6734KB fs_cache 1826KB 2824KB files_cache 6656KB 9405KB signal_cache 10038KB 14295KB sighand_cache 9869KB 9899KB task_struct 43398KB 43411KB cred_jar 4109KB 6376KB anon_vma_chain 43715KB 43718KB anon_vma 10881KB 10884KB pid 447KB 960KB Acpi-Operand 156KB 198KB Acpi-ParseExt 9KB 11KB Acpi-Parse 41KB 47KB Acpi-State 52KB 63KB Acpi-Namespace 20KB 27KB numa_policy 0KB 3KB debug_objects_cache 39622KB 39624KB trace_event_file 297KB 298KB ftrace_event_field 398KB 401KB pool_workqueue 4036KB 4036KB page->ptl 6744KB 6755KB kmalloc-2097152 2050KB 2050KB kmalloc-524288 2056KB 2056KB kmalloc-262144 1290KB 1290KB kmalloc-131072 1690KB 1690KB kmalloc-65536 2244KB 2574KB kmalloc-32768 218295KB 218295KB kmalloc-16384 65620KB 65620KB kmalloc-8192 149118KB 149118KB kmalloc-4096 662698KB 662698KB kmalloc-2048 539112KB 539114KB kmalloc-1024 215787KB 215790KB kmalloc-512 188295KB 201806KB kmalloc-256 111876KB 113430KB kmalloc-128 56949KB 56995KB kmalloc-96 16477KB 17204KB kmalloc-64 38699KB 40008KB kmalloc-32 34378KB 35307KB kmalloc-192 75927KB 77576KB kmem_cache 178KB 187KB Out of memory: Kill process 31547 (syz-executor.5) score 1002 or sacrifice child Killed process 31547 (syz-executor.5) total-vm:57196kB, anon-rss:2436kB, file-rss:14144kB, shmem-rss:0kB oom_reaper: reaped process 31547 (syz-executor.5), now anon-rss:0kB, file-rss:14144kB, shmem-rss:0kB rs:main Q:Reg invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 rs:main Q:Reg cpuset=/ mems_allowed=0-1 CPU: 0 PID: 31152 Comm: rs:main Q:Reg Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: ops_init+0xb3/0x410 net/core/net_namespace.c:129 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 dump_header+0x15d/0xc3f mm/oom_kill.c:443 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 out_of_memory mm/oom_kill.c:1114 [inline] out_of_memory+0x1072/0x1390 mm/oom_kill.c:1064 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 __alloc_pages_may_oom mm/page_alloc.c:3553 [inline] __alloc_pages_slowpath mm/page_alloc.c:4255 [inline] __alloc_pages_nodemask+0x23a2/0x2890 mm/page_alloc.c:4419 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197 alloc_pages include/linux/gfp.h:532 [inline] __page_cache_alloc mm/filemap.c:969 [inline] page_cache_read mm/filemap.c:2408 [inline] filemap_fault+0x146e/0x2180 mm/filemap.c:2592 ext4_filemap_fault+0x84/0xb0 fs/ext4/inode.c:6379 __do_fault+0x10b/0x4b0 mm/memory.c:3403 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 do_read_fault mm/memory.c:3815 [inline] do_fault mm/memory.c:3944 [inline] handle_pte_fault mm/memory.c:4175 [inline] __handle_mm_fault+0x273b/0x41c0 mm/memory.c:4299 handle_mm_fault+0x436/0xb10 mm/memory.c:4336 __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x55c57ff20ef8 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 Code: Bad RIP value. RSP: 002b:00007f4cb9e147d8 EFLAGS: 00010206 RAX: 0000000000000000 RBX: 00007f4cac031220 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00007f4cac031238 RBP: 00007f4cac031238 R08: 00007f4cac031238 R09: 0000000000000000 R10: 000055c5801a4280 R11: 00007f4cb0007b88 R12: 00007f4cac031220 R13: 0000000000000000 R14: 00007f4cac031220 R15: 00007f4cb0015890 Mem-Info: active_anon:191270 inactive_anon:9101 isolated_anon:0 active_file:12 inactive_file:13 isolated_file:11 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:53360 slab_unreclaimable:1232535 mapped:11479 shmem:10673 pagetables:59687 bounce:0 free:24419 free_pcp:233 free_cma:0 Node 0 active_anon:758496kB inactive_anon:34384kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):12kB mapped:45664kB dirty:0kB writeback:0kB shmem:40672kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 188416kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 1 active_anon:6584kB inactive_anon:2020kB active_file:44kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):32kB mapped:252kB dirty:0kB writeback:0kB shmem:2020kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f89ae07ce99 Code: Bad RIP value. RSP: 002b:00007f89ac98f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f89ae1901d0 RCX: 00007f89ae07ce99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00007f89ae0d6ff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc29660fff R14: 00007f89ac98f300 R15: 0000000000022000 INFO: task syz-executor.5:4473 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D26792 4473 4388 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 vti_init_net+0x2a/0x370 net/ipv4/ip_vti.c:520 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f89ae07ce99 Code: Bad RIP value. RSP: 002b:00007f89ac98f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f89ae1901d0 RCX: 00007f89ae07ce99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00007f89ae0d6ff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc29660fff R14: 00007f89ac98f300 R15: 0000000000022000 INFO: task syz-executor.5:4674 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D26880 4674 4474 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f89ae07ce99 Code: Bad RIP value. RSP: 002b:00007f89ac98f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f89ae1901d0 RCX: 00007f89ae07ce99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00007f89ae0d6ff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc29660fff R14: 00007f89ac98f300 R15: 0000000000022000 INFO: task syz-executor.5:4685 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D26712 4685 4478 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f89ae07ce99 Code: Bad RIP value. RSP: 002b:00007f89ac98f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f89ae1901d0 RCX: 00007f89ae07ce99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00007f89ae0d6ff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc29660fff R14: 00007f89ac98f300 R15: 0000000000022000 INFO: task syz-executor.5:4987 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D26792 4987 4473 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f89ae07ce99 Code: Bad RIP value. RSP: 002b:00007f89ac98f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f89ae1901d0 RCX: 00007f89ae07ce99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00007f89ae0d6ff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc29660fff R14: 00007f89ac98f300 R15: 0000000000022000 INFO: task syz-executor.5:5037 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D26752 5037 4621 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f89ae07ce99 Node 0 DMA free:10888kB min:204kB low:252kB high:300kB active_anon:4kB inactive_anon:1020kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:88kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB Code: Bad RIP value. lowmem_reserve[]: 0 2693 2695 2695 2695 RSP: 002b:00007f89ac98f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 Node 0 DMA32 free:33008kB min:35996kB low:44992kB high:53988kB active_anon:758492kB inactive_anon:33364kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:29376kB pagetables:56460kB bounce:0kB free_pcp:252kB local_pcp:252kB free_cma:0kB RAX: ffffffffffffffda RBX: 00007f89ae1901d0 RCX: 00007f89ae07ce99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00007f89ae0d6ff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc29660fff R14: 00007f89ac98f300 R15: 0000000000022000 INFO: task syz-executor.5:5513 blocked for more than 140 seconds. lowmem_reserve[]: 0 0 1 1 1 Not tainted 4.19.211-syzkaller #0 Node 0 Normal free:0kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. lowmem_reserve[]: 0 0 0 0 0 syz-executor.5 D26920 5513 4595 0x00000000 Node 1 Normal free:53748kB min:53876kB low:67344kB high:80812kB active_anon:6584kB inactive_anon:2020kB active_file:44kB inactive_file:48kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:103776kB pagetables:182200kB bounce:0kB free_pcp:464kB local_pcp:216kB free_cma:0kB Call Trace: lowmem_reserve[]: 0 0 0 0 0 context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 Node 0 DMA: 4*4kB (UM) 3*8kB (M) 4*16kB (UME) 3*32kB (ME) 3*64kB (UM) 4*128kB (UE) 5*256kB (UME) 3*512kB (UME) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10888kB schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 Node 0 DMA32: 542*4kB (ME) 841*8kB (UME) 618*16kB (ME) 437*32kB (M) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32768kB Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB ops_init+0xb3/0x410 net/core/net_namespace.c:129 Node 1 Normal: 41*4kB (UM) 209*8kB (UME) 223*16kB (UME) 198*32kB (UME) 10*64kB (UME) 1*128kB (M) 5*256kB (UM) 2*512kB (ME) 2*1024kB (ME) 2*2048kB (UE) 8*4096kB (M) = 53724kB setup_net+0x2c2/0x720 net/core/net_namespace.c:316 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10706 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 2097051 pages RAM 0 pages HighMem/MovableOnly 369649 pages reserved 0 pages cma reserved Unreclaimable slab info: Name Used Total pid_2 326KB 552KB batadv_tl_cache 4KB 12KB copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 TIPC 2943KB 2947KB create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 SCTPv6 8072KB 8074KB copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 SCTP 11KB 11KB sctp_chunk 2KB 3KB copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 sctp_bind_bucket 0KB 3KB DCCPv6 9767KB 9772KB do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f89ae07ce99 Code: Bad RIP value. DCCP 9279KB 9283KB RSP: 002b:00007f89ac98f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RXRPC 3188KB 3191KB rxrpc_call_jar 22072KB 22073KB bridge_fdb_cache 9KB 15KB fib6_nodes 169KB 252KB ip6_dst_cache 206KB 498KB RAWv6 39642KB 39642KB UDPLITEv6 1KB 3KB UDPv6 3755KB 3757KB tw_sock_TCPv6 0KB 3KB TCPv6 5997KB 6000KB nf_conntrack 201KB 213KB t10_alua_lu_gp_cache 0KB 3KB sd_ext_cdb 0KB 7KB scsi_sense_cache 1056KB 1060KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 12KB sgpool-32 2KB 15KB sgpool-16 1KB 7KB sgpool-8 0KB 7KB mqueue_inode_cache 18KB 30KB bio_post_read_ctx 14KB 15KB bio-2 14KB 15KB jfs_mp 7KB 7KB cifs_small_rq 15KB 16KB cifs_request 67KB 67KB cifs_mpx_ids 0KB 7KB nfs_commit_data 3KB 14KB nfs_write_data 34KB 44KB ext4_system_zone 1KB 7KB dio 3KB 7KB bio-1 1KB 7KB pid_namespace 2KB 7KB kvm_vcpu 23KB 23KB rpc_buffers 17KB 25KB rpc_tasks 2KB 7KB UNIX 195KB 198KB tcp_bind_bucket 246KB 252KB inet_peer_cache 0KB 4KB xfrm_state 2KB 4KB ip_fib_trie 23KB 35KB ip_fib_alias 110KB 158KB ip_dst_cache 9KB 80KB RAW 23490KB 23490KB UDP 6631KB 6635KB request_sock_TCP 0KB 3KB TCP 180KB 185KB hugetlbfs_inode_cache 3KB 15KB fscache_cookie_jar 1KB 7KB eventpoll_pwq 17KB 35KB eventpoll_epi 32KB 43KB inotify_inode_mark 6KB 23KB request_queue 196KB 196KB blkdev_requests 1KB 3KB blkdev_ioc 39KB 42KB bio-0 10835KB 10837KB biovec-max 4405KB 4405KB biovec-64 8762KB 8764KB biovec-16 2059KB 2062KB bio_integrity_payload 1KB 8KB khugepaged_mm_slot 247KB 384KB user_namespace 2KB 7KB uid_cache 0KB 4KB dmaengine-unmap-2 0KB 3KB skbuff_fclone_cache 26KB 30KB skbuff_head_cache 15943KB 15956KB configfs_dir_cache 3KB 7KB file_lock_cache 12KB 19KB file_lock_ctx 9KB 11KB fsnotify_mark_connector 2KB 15KB net_namespace 34247KB 34247KB shmem_inode_cache 7953KB 8201KB task_delay_info 1361KB 2118KB taskstats 12KB 61KB proc_dir_entry 177208KB 177210KB pde_opener 2KB 3KB seq_file 132KB 137KB sigqueue 156KB 161KB kernfs_node_cache 509697KB 509697KB mnt_cache 288KB 312KB filp 4941KB 5992KB names_cache 60137KB 60158KB iint_cache 57KB 87KB key_jar 9KB 18KB uts_namespace 3KB 7KB nsproxy 341KB 343KB vm_area_struct 35360KB 35361KB mm_struct 6729KB 6734KB fs_cache 1826KB 2824KB files_cache 6656KB 9405KB signal_cache 10038KB 14295KB sighand_cache 9869KB 9899KB task_struct 43423KB 43423KB cred_jar 4109KB 6376KB anon_vma_chain 43715KB 43718KB anon_vma 10881KB 10884KB RAX: ffffffffffffffda RBX: 00007f89ae1901d0 RCX: 00007f89ae07ce99 pid 447KB 960KB RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00007f89ae0d6ff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc29660fff R14: 00007f89ac98f300 R15: 0000000000022000 INFO: task syz-executor.5:5639 blocked for more than 140 seconds. Acpi-Operand 156KB 198KB Not tainted 4.19.211-syzkaller #0 Acpi-ParseExt 9KB 11KB "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. Acpi-Parse 41KB 47KB syz-executor.5 D26840 5639 5102 0x00000000 Acpi-State 52KB 63KB Acpi-Namespace 20KB 27KB numa_policy 0KB 3KB debug_objects_cache 39641KB 39643KB Call Trace: trace_event_file 297KB 298KB context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 ftrace_event_field 398KB 401KB pool_workqueue 4036KB 4036KB page->ptl 6744KB 6755KB schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f89ae07ce99 Code: Bad RIP value. kmalloc-2097152 2050KB 2050KB RSP: 002b:00007f89ac98f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 kmalloc-524288 2056KB 2056KB RAX: ffffffffffffffda RBX: 00007f89ae1901d0 RCX: 00007f89ae07ce99 kmalloc-262144 1290KB 1290KB RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 kmalloc-131072 1690KB 1690KB RBP: 00007f89ae0d6ff1 R08: 0000000000000000 R09: 0000000000000000 kmalloc-65536 2244KB 2574KB R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 kmalloc-32768 218328KB 218328KB kmalloc-16384 65620KB 65620KB R13: 00007ffc29660fff R14: 00007f89ac98f300 R15: 0000000000022000 kmalloc-8192 149151KB 149151KB INFO: task syz-executor.5:5739 blocked for more than 140 seconds. kmalloc-4096 662787KB 662787KB Not tainted 4.19.211-syzkaller #0 kmalloc-2048 539157KB 539159KB "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kmalloc-1024 215858KB 215861KB kmalloc-512 188573KB 202076KB kmalloc-256 111895KB 113448KB kmalloc-128 56953KB 56999KB kmalloc-96 16505KB 17232KB kmalloc-64 38699KB 40008KB syz-executor.5 D26792 5739 4621 0x00000000 kmalloc-32 34394KB 35323KB Call Trace: kmalloc-192 75934KB 77580KB context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 kmem_cache 178KB 187KB Out of memory (oom_kill_allocating_task): Kill process 31152 (rs:main Q:Reg) score 0 or sacrifice child Killed process 31010 (rsyslogd) total-vm:254332kB, anon-rss:1112kB, file-rss:0kB, shmem-rss:0kB oom_reaper: reaped process 31010 (rsyslogd), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB schedule+0x8d/0x1b0 kernel/sched/core.c:3561 systemd-udevd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=-1000 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f89ae07ce99 Code: Bad RIP value. RSP: 002b:00007f89ac98f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f89ae1901d0 RCX: 00007f89ae07ce99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00007f89ae0d6ff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc29660fff R14: 00007f89ac98f300 R15: 0000000000022000 INFO: task syz-executor.5:5922 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D26560 5922 5157 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f89ae07ce99 Code: Bad RIP value. RSP: 002b:00007f89ac98f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f89ae1901d0 RCX: 00007f89ae07ce99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00007f89ae0d6ff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc29660fff R14: 00007f89ac98f300 R15: 0000000000022000 Showing all locks held in the system: 3 locks held by systemd/1: 3 locks held by kworker/0:0/5: #0: 000000005acfa9ce ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 0000000066fde618 (deferred_process_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 000000009865e659 (rtnl_mutex){+.+.}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:150 3 locks held by kworker/u4:0/7: #0: 000000001eea016d ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 000000007b32283a ((work_completion)(&sub_info->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419 3 locks held by kworker/u4:2/87: #0: 000000001eea016d ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 0000000065caf3d7 ((work_completion)(&sub_info->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419 4 locks held by kworker/u4:3/214: #0: 00000000d68d44f9 ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000c1c5f2af (net_cleanup_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: cleanup_net+0xa8/0x8b0 net/core/net_namespace.c:521 #3: 000000009865e659 (rtnl_mutex){+.+.}, at: ip6gre_exit_batch_net+0x82/0x6c0 net/ipv6/ip6_gre.c:1632 1 lock held by khungtaskd/1571: #0: 000000005d20baef (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 3 locks held by kworker/1:2/3582: #0: 00000000b0d1d4d5 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 0000000017e778b0 ((addr_chk_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 000000009865e659 (rtnl_mutex){+.+.}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4476 3 locks held by kworker/0:2/3636: #0: 000000005acfa9ce ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000bf4c4252 ((linkwatch_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 000000009865e659 (rtnl_mutex){+.+.}, at: linkwatch_event+0xb/0x60 net/core/link_watch.c:236 3 locks held by systemd-udevd/4703: 3 locks held by syz-fuzzer/8095: #0: 00000000cef0d2d3 (&mm->mmap_sem){++++}, at: __do_page_fault+0x398/0xd60 arch/x86/mm/fault.c:1341 #1: 00000000ee3f9fbc (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6378 #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419 3 locks held by syz-fuzzer/8096: #0: 00000000cef0d2d3 (&mm->mmap_sem){++++}, at: __do_page_fault+0x398/0xd60 arch/x86/mm/fault.c:1341 #1: 00000000ee3f9fbc (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6378 #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419 3 locks held by syz-fuzzer/8097: #0: 00000000cef0d2d3 (&mm->mmap_sem){++++}, at: __do_page_fault+0x398/0xd60 arch/x86/mm/fault.c:1341 #1: 00000000ee3f9fbc (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6378 #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419 3 locks held by syz-fuzzer/8102: #0: 00000000cef0d2d3 (&mm->mmap_sem){++++}, at: __do_page_fault+0x398/0xd60 arch/x86/mm/fault.c:1341 #1: 00000000ee3f9fbc (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6378 #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline] #2: 0000000068d49f2f (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419 3 locks held by kworker/0:3/9343: #0: 00000000b0d1d4d5 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000b2c919e2 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 000000009865e659 (rtnl_mutex){+.+.}, at: addrconf_dad_work+0x9c/0x10a0 net/ipv6/addrconf.c:3989 1 lock held by syz-executor.3/2718: #0: 000000009865e659 (rtnl_mutex){+.+.}, at: tun_detach drivers/net/tun.c:759 [inline] #0: 000000009865e659 (rtnl_mutex){+.+.}, at: tun_chr_close+0x3a/0x180 drivers/net/tun.c:3323 2 locks held by syz-executor.5/4340: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/4388: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/4390: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/4473: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/4474: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/4478: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/4486: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/4595: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/4621: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/4641: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/4674: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/4677: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/4685: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/4729: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/4894: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/4903: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/4952: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/4953: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/4987: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5005: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/5037: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5079: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/5102: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/5157: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5166: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 systemd-udevd cpuset=/ mems_allowed=0-1 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 CPU: 0 PID: 31515 Comm: systemd-udevd Not tainted 4.19.211-syzkaller #0 2 locks held by syz-executor.5/5230: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 dump_header+0x15d/0xc3f mm/oom_kill.c:443 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 out_of_memory mm/oom_kill.c:1132 [inline] out_of_memory+0x34d/0x1390 mm/oom_kill.c:1064 __alloc_pages_may_oom mm/page_alloc.c:3553 [inline] __alloc_pages_slowpath mm/page_alloc.c:4255 [inline] __alloc_pages_nodemask+0x23a2/0x2890 mm/page_alloc.c:4419 2 locks held by syz-executor.5/5231: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 alloc_pages include/linux/gfp.h:532 [inline] __page_cache_alloc mm/filemap.c:969 [inline] page_cache_read mm/filemap.c:2408 [inline] filemap_fault+0x146e/0x2180 mm/filemap.c:2592 2 locks held by syz-executor.5/5232: ext4_filemap_fault+0x84/0xb0 fs/ext4/inode.c:6379 #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 __do_fault+0x10b/0x4b0 mm/memory.c:3403 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 do_read_fault mm/memory.c:3815 [inline] do_fault mm/memory.c:3944 [inline] handle_pte_fault mm/memory.c:4175 [inline] __handle_mm_fault+0x273b/0x41c0 mm/memory.c:4299 handle_mm_fault+0x436/0xb10 mm/memory.c:4336 __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 2 locks held by syz-executor.5/5401: page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x55588c1292f4 Code: Bad RIP value. RSP: 002b:00007ffdc618d8b0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 858e694c9b2102af RCX: 000055588c156c28 RDX: 00007ffdc618d8e0 RSI: 0000000000000000 RDI: 00007ffdc618d8d0 RBP: 0000000000007b02 R08: 00007ffdc618d8d0 R09: 0000000000007b02 R10: dbeef62101b3b199 R11: c12ec22586cbf009 R12: 0000000000007b02 R13: 000055588cdb5520 R14: 000055588cda8010 R15: 000055588cda8028 Mem-Info: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 active_anon:190972 inactive_anon:9101 isolated_anon:0 active_file:12 inactive_file:238 isolated_file:42 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:53359 slab_unreclaimable:1232365 mapped:11599 shmem:10673 pagetables:59657 bounce:0 free:24473 free_pcp:425 free_cma:0 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 Node 0 active_anon:757392kB inactive_anon:34384kB active_file:12kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:45664kB dirty:0kB writeback:0kB shmem:40672kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 188416kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 2 locks held by syz-executor.5/5435: Node 1 active_anon:6496kB inactive_anon:2020kB active_file:36kB inactive_file:940kB unevictable:0kB isolated(anon):0kB isolated(file):168kB mapped:832kB dirty:0kB writeback:0kB shmem:2020kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 Node 0 DMA free:10888kB min:204kB low:252kB high:300kB active_anon:4kB inactive_anon:1020kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:88kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 lowmem_reserve[]: 0 2693 2695 2695 2695 2 locks held by syz-executor.5/5436: Node 0 DMA32 free:33320kB min:35996kB low:44992kB high:53988kB active_anon:757388kB inactive_anon:33364kB active_file:12kB inactive_file:12kB unevictable:0kB writepending:0kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:29248kB pagetables:56340kB bounce:0kB free_pcp:932kB local_pcp:484kB free_cma:0kB #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 lowmem_reserve[]: 0 0 1 1 1 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 Node 0 Normal free:0kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 2 locks held by syz-executor.5/5471: lowmem_reserve[]: 0 0 0 0 0 #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 Node 1 Normal free:53684kB min:53876kB low:67344kB high:80812kB active_anon:6496kB inactive_anon:2020kB active_file:36kB inactive_file:844kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:103776kB pagetables:182200kB bounce:0kB free_pcp:820kB local_pcp:496kB free_cma:0kB #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 lowmem_reserve[]: 0 0 0 0 0 2 locks held by syz-executor.5/5500: Node 0 DMA: 4*4kB (UM) 3*8kB (M) 4*16kB (UME) 3*32kB (ME) 3*64kB (UM) 4*128kB (UE) 5*256kB (UME) 3*512kB (UME) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10888kB #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 Node 0 DMA32: 432*4kB (UME) 843*8kB (UME) 679*16kB (UME) 436*32kB (M) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33288kB #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 2 locks held by syz-executor.5/5511: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 Node 1 Normal: 3*4kB (UME) 319*8kB (UE) 237*16kB (UM) 193*32kB (UE) 3*64kB (E) 2*128kB (UM) 3*256kB (U) 2*512kB (ME) 2*1024kB (ME) 2*2048kB (UE) 8*4096kB (M) = 53684kB 2 locks held by syz-executor.5/5513: Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10948 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 2097051 pages RAM 0 pages HighMem/MovableOnly 369649 pages reserved 0 pages cma reserved Unreclaimable slab info: Name Used Total pid_2 322KB 552KB batadv_tl_cache 4KB 12KB #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 TIPC 2943KB 2947KB 2 locks held by syz-executor.5/5555: SCTPv6 8074KB 8074KB SCTP 11KB 11KB #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 sctp_chunk 2KB 3KB #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 sctp_bind_bucket 0KB 3KB DCCPv6 9772KB 9772KB DCCP 9283KB 9283KB RXRPC 3188KB 3191KB 2 locks held by syz-executor.5/5562: rxrpc_call_jar 22072KB 22073KB #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 bridge_fdb_cache 9KB 15KB #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/5575: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/5576: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5577: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/5589: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5620: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5639: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5739: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5740: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5754: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/5802: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/5812: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5862: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5909: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5922: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/5989: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6052: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6068: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6120: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6179: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6203: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6229: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6239: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6419: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6470: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6480: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6491: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6492: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6494: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6496: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6639: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6646: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6668: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6670: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6671: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6700: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6729: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6746: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6757: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6758: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6759: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6760: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6761: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6762: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6763: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6764: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 fib6_nodes 169KB 252KB 2 locks held by syz-executor.5/6765: ip6_dst_cache 203KB 498KB #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 RAWv6 39654KB 39656KB #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6827: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6835: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6843: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/6874: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6875: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6876: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/6964: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/7009: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/7059: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/7083: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/7116: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/7186: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/7220: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/7221: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/7296: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/7324: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/7359: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/7428: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/7502: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/7537: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/7740: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/7786: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/7849: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/7891: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.5/7923: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 1 lock held by syz-executor.0/7991: UDPLITEv6 1KB 3KB #0: 000000009865e659 (rtnl_mutex){+.+.}, at: tun_detach drivers/net/tun.c:759 [inline] #0: 000000009865e659 (rtnl_mutex){+.+.}, at: tun_chr_close+0x3a/0x180 drivers/net/tun.c:3323 UDPv6 3755KB 3757KB 2 locks held by syz-executor.5/8104: tw_sock_TCPv6 0KB 3KB #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 TCPv6 5997KB 6000KB #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 nf_conntrack 197KB 213KB 2 locks held by syz-executor.5/8170: t10_alua_lu_gp_cache 0KB 3KB #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 sd_ext_cdb 0KB 7KB #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 scsi_sense_cache 1056KB 1060KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 12KB 2 locks held by syz-executor.5/8187: sgpool-32 2KB 15KB sgpool-16 1KB 7KB sgpool-8 0KB 7KB mqueue_inode_cache 18KB 30KB bio_post_read_ctx 14KB 15KB bio-2 14KB 15KB jfs_mp 7KB 7KB cifs_small_rq 15KB 16KB cifs_request 67KB 67KB cifs_mpx_ids 0KB 7KB nfs_commit_data 3KB 14KB nfs_write_data 34KB 44KB ext4_system_zone 1KB 7KB dio 3KB 7KB bio-1 1KB 7KB pid_namespace 2KB 7KB kvm_vcpu 23KB 23KB rpc_buffers 17KB 25KB rpc_tasks 2KB 7KB UNIX 195KB 198KB tcp_bind_bucket 246KB 252KB inet_peer_cache 0KB 4KB xfrm_state 2KB 4KB ip_fib_trie 23KB 35KB ip_fib_alias 110KB 158KB ip_dst_cache 9KB 80KB RAW 23490KB 23490KB UDP 6631KB 6635KB request_sock_TCP 0KB 3KB TCP 180KB 185KB hugetlbfs_inode_cache 3KB 15KB fscache_cookie_jar 1KB 7KB eventpoll_pwq 19KB 35KB eventpoll_epi 35KB 43KB inotify_inode_mark 6KB 23KB request_queue 196KB 196KB blkdev_requests 1KB 3KB blkdev_ioc 38KB 42KB bio-0 10852KB 10856KB biovec-max 4405KB 4405KB biovec-64 8791KB 8796KB biovec-16 2063KB 2066KB bio_integrity_payload 1KB 8KB khugepaged_mm_slot 245KB 384KB user_namespace 2KB 7KB uid_cache 0KB 4KB dmaengine-unmap-2 0KB 3KB skbuff_fclone_cache 26KB 30KB skbuff_head_cache 16037KB 16050KB configfs_dir_cache 3KB 7KB file_lock_cache 12KB 19KB file_lock_ctx 9KB 11KB fsnotify_mark_connector 2KB 15KB net_namespace 34247KB 34247KB shmem_inode_cache 7953KB 8201KB task_delay_info 1351KB 2118KB taskstats 18KB 61KB proc_dir_entry 177233KB 177236KB pde_opener 2KB 3KB seq_file 132KB 137KB sigqueue 155KB 161KB kernfs_node_cache 509741KB 509744KB mnt_cache 288KB 312KB filp 4913KB 5992KB names_cache 59844KB 59882KB iint_cache 54KB 87KB key_jar 9KB 18KB uts_namespace 3KB 7KB nsproxy 340KB 343KB vm_area_struct 35360KB 35361KB mm_struct 6729KB 6734KB fs_cache 1796KB 2824KB files_cache 6602KB 9393KB signal_cache 9941KB 14267KB sighand_cache 9865KB 9899KB task_struct 43114KB 43171KB cred_jar 4085KB 6376KB anon_vma_chain 43715KB 43718KB anon_vma 10876KB 10884KB pid 432KB 960KB Acpi-Operand 156KB 198KB Acpi-ParseExt 9KB 11KB Acpi-Parse 41KB 47KB Acpi-State 52KB 63KB Acpi-Namespace 20KB 27KB numa_policy 0KB 3KB debug_objects_cache 39641KB 39643KB trace_event_file 297KB 298KB ftrace_event_field 398KB 401KB pool_workqueue 4036KB 4036KB page->ptl 6744KB 6755KB kmalloc-2097152 2050KB 2050KB kmalloc-524288 2056KB 2056KB kmalloc-262144 1290KB 1290KB kmalloc-131072 1690KB 1690KB kmalloc-65536 2244KB 2574KB kmalloc-32768 218427KB 218427KB kmalloc-16384 65620KB 65620KB kmalloc-8192 149184KB 149184KB kmalloc-4096 662358KB 662358KB kmalloc-2048 539148KB 539172KB kmalloc-1024 215935KB 215940KB kmalloc-512 188751KB 202263KB kmalloc-256 111903KB 113456KB kmalloc-128 56954KB 56999KB kmalloc-96 16529KB 17256KB kmalloc-64 38699KB 40008KB kmalloc-32 34393KB 35323KB kmalloc-192 75936KB 77580KB kmem_cache 178KB 187KB Out of memory: Kill process 31104 (syz-executor.5) score 1002 or sacrifice child Killed process 31104 (syz-executor.5) total-vm:57196kB, anon-rss:2436kB, file-rss:14140kB, shmem-rss:0kB oom_reaper: reaped process 31104 (syz-executor.5), now anon-rss:0kB, file-rss:14140kB, shmem-rss:0kB systemd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 systemd cpuset=/ mems_allowed=0-1 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 CPU: 0 PID: 1 Comm: systemd Not tainted 4.19.211-syzkaller #0 2 locks held by syz-executor.5/8188: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 Call Trace: #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 2 locks held by syz-executor.5/8189: dump_header+0x15d/0xc3f mm/oom_kill.c:443 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 out_of_memory mm/oom_kill.c:1132 [inline] out_of_memory+0x34d/0x1390 mm/oom_kill.c:1064 __alloc_pages_may_oom mm/page_alloc.c:3553 [inline] __alloc_pages_slowpath mm/page_alloc.c:4255 [inline] __alloc_pages_nodemask+0x23a2/0x2890 mm/page_alloc.c:4419 alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197 alloc_pages include/linux/gfp.h:532 [inline] __page_cache_alloc mm/filemap.c:969 [inline] page_cache_read mm/filemap.c:2408 [inline] filemap_fault+0x146e/0x2180 mm/filemap.c:2592 ext4_filemap_fault+0x84/0xb0 fs/ext4/inode.c:6379 __do_fault+0x10b/0x4b0 mm/memory.c:3403 do_read_fault mm/memory.c:3815 [inline] do_fault mm/memory.c:3944 [inline] handle_pte_fault mm/memory.c:4175 [inline] __handle_mm_fault+0x273b/0x41c0 mm/memory.c:4299 handle_mm_fault+0x436/0xb10 mm/memory.c:4336 __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x7fc56509bf60 Code: Bad RIP value. RSP: 002b:00007ffc606b0c18 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fc565196ade RDX: 0000559d9445a3c0 RSI: 0000559d943219d0 RDI: 0000000000000000 RBP: 00007fc565196ade R08: 00000000ffffffff R09: 0000000000000000 R10: 0000000000000004 R11: 00007fc563adb184 R12: 00007ffc606b0c68 R13: 0000559d943217f0 R14: 0000559d943f3590 R15: 0000559d94321808 Mem-Info: #0: 00000000f8368a2e (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 active_anon:190972 inactive_anon:9101 isolated_anon:0 active_file:10 inactive_file:18 isolated_file:19 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:53361 slab_unreclaimable:1232528 mapped:11473 shmem:10673 pagetables:59656 bounce:0 free:24467 free_pcp:460 free_cma:0 #1: 000000009865e659 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.5/8213: