active_file:18 inactive_file:28 isolated_file:17 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:18492 slab_unreclaimable:221093 mapped:18177 shmem:5186 pagetables:131087 bounce:0 free:24624 free_pcp:543 free_cma:0 INFO: task syz-executor.2:10595 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28576 10595 8109 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 Node 0 active_anon:1846704kB inactive_anon:19152kB active_file:68kB inactive_file:112kB unevictable:0kB isolated(anon):0kB isolated(file):68kB mapped:72708kB dirty:0kB writeback:0kB shmem:20720kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1683456kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 namespace_lock fs/namespace.c:1370 [inline] copy_mnt_ns+0x15d/0xad0 fs/namespace.c:2915 Node 1 active_anon:2617096kB inactive_anon:20kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:24kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes create_new_namespaces+0xd6/0x7b0 kernel/nsproxy.c:75 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:4508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:48kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2693 2695 2695 2695 Node 0 DMA32 free:33628kB min:35996kB low:44992kB high:53988kB active_anon:1842192kB inactive_anon:19152kB active_file:72kB inactive_file:112kB unevictable:0kB writepending:0kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:39680kB pagetables:75284kB bounce:0kB free_pcp:1876kB local_pcp:480kB free_cma:0kB lowmem_reserve[]: 0 0 1 1 1 Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:53804kB min:53876kB low:67344kB high:80812kB active_anon:2617096kB inactive_anon:20kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:247264kB pagetables:448956kB bounce:0kB free_pcp:436kB local_pcp:348kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 1*4kB (M) 0*8kB 1*16kB (U) 2*32kB (UM) 2*64kB (UM) 0*128kB 0*256kB 1*512kB (M) 2*1024kB (UM) 0*2048kB 2*4096kB (M) = 10964kB do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6cc7c9fe99 Code: Bad RIP value. Node 0 DMA32: 111*4kB (ME) 342*8kB (UME) 103*16kB (UME) 190*32kB (UMEH) 97*64kB (UME) 37*128kB (UME) 20*256kB (UM) 3*512kB (U) 3*1024kB (MEH) 1*2048kB (M) 0*4096kB = 33628kB Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB RSP: 002b:00007f6cc65b2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 Node 1 Normal: 121*4kB (UME) 75*8kB (UME) 37*16kB (UME) 9*32kB (UME) 8*64kB (UME) 3*128kB (UME) 5*256kB (UME) 3*512kB (UM) 1*1024kB (M) 1*2048kB (U) 11*4096kB (M) = 53804kB RAX: ffffffffffffffda RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB INFO: task syz-executor.2:10605 blocked for more than 140 seconds. Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28224 10605 8109 0x00000000 Call Trace: Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 5229 total pagecache pages 0 pages in swap cache schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 2097051 pages RAM 0 pages HighMem/MovableOnly call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 369649 pages reserved 0 pages cma reserved Out of memory (oom_kill_allocating_task): Kill process 15293 (syz-executor.2) score 0 or sacrifice child Killed process 15293 (syz-executor.2) total-vm:57328kB, anon-rss:2468kB, file-rss:14080kB, shmem-rss:0kB __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 oom_reaper: reaped process 15293 (syz-executor.2), now anon-rss:0kB, file-rss:14080kB, shmem-rss:0kB syz-executor.2 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=1000 namespace_lock fs/namespace.c:1370 [inline] copy_mnt_ns+0x15d/0xad0 fs/namespace.c:2915 create_new_namespaces+0xd6/0x7b0 kernel/nsproxy.c:75 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 syz-executor.2 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 15425 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 dump_header+0x15d/0xc3f mm/oom_kill.c:443 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 out_of_memory mm/oom_kill.c:1114 [inline] out_of_memory+0x1072/0x1390 mm/oom_kill.c:1064 __alloc_pages_may_oom mm/page_alloc.c:3553 [inline] __alloc_pages_slowpath mm/page_alloc.c:4255 [inline] __alloc_pages_nodemask+0x23a2/0x2890 mm/page_alloc.c:4419 __alloc_pages include/linux/gfp.h:496 [inline] __alloc_pages_node include/linux/gfp.h:509 [inline] kmem_getpages mm/slab.c:1412 [inline] cache_grow_begin+0xa4/0x8a0 mm/slab.c:2682 fallback_alloc+0x213/0x2e0 mm/slab.c:3224 slab_alloc_node mm/slab.c:3332 [inline] kmem_cache_alloc_node+0xe3/0x3b0 mm/slab.c:3647 alloc_task_struct_node kernel/fork.c:157 [inline] dup_task_struct kernel/fork.c:807 [inline] copy_process.part.0+0x1ceb/0x8260 kernel/fork.c:1753 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6cc7c9fe99 Code: Bad RIP value. RSP: 002b:00007f6cc65b2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 RIP: 0033:0x7f6cc7c9fe99 Code: Bad RIP value. RSP: 002b:00007f6cc65b2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 INFO: task syz-executor.2:10607 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28576 10607 10595 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 namespace_lock fs/namespace.c:1370 [inline] copy_mnt_ns+0x15d/0xad0 fs/namespace.c:2915 create_new_namespaces+0xd6/0x7b0 kernel/nsproxy.c:75 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 Mem-Info: active_anon:1115947 inactive_anon:4793 isolated_anon:0 active_file:0 inactive_file:29 isolated_file:12 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:18469 slab_unreclaimable:220700 mapped:18153 shmem:5186 pagetables:131057 bounce:0 free:25060 free_pcp:593 free_cma:0 Node 0 active_anon:1846696kB inactive_anon:19152kB active_file:0kB inactive_file:112kB unevictable:0kB isolated(anon):0kB isolated(file):48kB mapped:72612kB dirty:0kB writeback:0kB shmem:20720kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1683456kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6cc7c9fe99 Node 1 active_anon:2617092kB inactive_anon:20kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:24kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Code: Bad RIP value. Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:4508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:48kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB RSP: 002b:00007f6cc65b2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 lowmem_reserve[]: 0 2693 2695 2695 2695 RAX: ffffffffffffffda RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 INFO: task syz-executor.2:10608 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. Node 0 DMA32 free:35212kB min:35996kB low:44992kB high:53988kB active_anon:1842188kB inactive_anon:19152kB active_file:0kB inactive_file:112kB unevictable:0kB writepending:0kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:39680kB pagetables:75284kB bounce:0kB free_pcp:1952kB local_pcp:1400kB free_cma:0kB lowmem_reserve[]: 0 0 1 1 1 Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB syz-executor.2 D28576 10608 10599 0x00000000 lowmem_reserve[]: 0 0 0 0 0 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 Node 1 Normal free:53804kB min:53876kB low:67344kB high:80812kB active_anon:2617092kB inactive_anon:20kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:247264kB pagetables:448896kB bounce:0kB free_pcp:532kB local_pcp:88kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 1*4kB (M) 0*8kB 1*16kB (U) 2*32kB (UM) 2*64kB (UM) 0*128kB 0*256kB 1*512kB (M) 2*1024kB (UM) 0*2048kB 2*4096kB (M) = 10964kB Node 0 DMA32: 117*4kB (ME) 475*8kB (UME) 122*16kB (UME) 196*32kB (UMEH) 97*64kB (UME) 36*128kB (UME) 21*256kB (UM) 3*512kB (U) 3*1024kB (MEH) 1*2048kB (M) 0*4096kB = 35340kB Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB schedule+0x8d/0x1b0 kernel/sched/core.c:3561 Node 1 Normal: 121*4kB (UME) 75*8kB (UME) 37*16kB (UME) 9*32kB (UME) 8*64kB (UME) 3*128kB (UME) 5*256kB (UME) 3*512kB (UM) 1*1024kB (M) 1*2048kB (U) 11*4096kB (M) = 53804kB __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 5219 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 2097051 pages RAM 0 pages HighMem/MovableOnly 369649 pages reserved call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 0 pages cma reserved __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 Out of memory (oom_kill_allocating_task): Kill process 15425 (syz-executor.2) score 0 or sacrifice child Killed process 15425 (syz-executor.2) total-vm:57328kB, anon-rss:2468kB, file-rss:14092kB, shmem-rss:0kB oom_reaper: reaped process 15425 (syz-executor.2), now anon-rss:0kB, file-rss:14092kB, shmem-rss:0kB syz-executor.2 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=1000 namespace_lock fs/namespace.c:1370 [inline] copy_mnt_ns+0x15d/0xad0 fs/namespace.c:2915 syz-executor.2 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 15481 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 create_new_namespaces+0xd6/0x7b0 kernel/nsproxy.c:75 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 dump_header+0x15d/0xc3f mm/oom_kill.c:443 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 out_of_memory mm/oom_kill.c:1114 [inline] out_of_memory+0x1072/0x1390 mm/oom_kill.c:1064 __alloc_pages_may_oom mm/page_alloc.c:3553 [inline] __alloc_pages_slowpath mm/page_alloc.c:4255 [inline] __alloc_pages_nodemask+0x23a2/0x2890 mm/page_alloc.c:4419 alloc_pages_vma+0xf2/0x780 mm/mempolicy.c:2161 wp_page_copy+0x219/0x2c40 mm/memory.c:2605 do_wp_page+0x2d4/0x2210 mm/memory.c:2903 handle_pte_fault mm/memory.c:4191 [inline] __handle_mm_fault+0x258b/0x41c0 mm/memory.c:4299 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 handle_mm_fault+0x436/0xb10 mm/memory.c:4336 __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0010:__clear_user+0x40/0x70 arch/x86/lib/usercopy_64.c:23 Code: b7 71 89 e8 52 38 99 f9 0f 01 cb 48 89 d8 48 c1 eb 03 48 89 ef 83 e0 07 48 89 d9 48 85 c9 74 19 66 2e 0f 1f 84 00 00 00 00 00 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a RSP: 0000:ffff8881a9fefb20 EFLAGS: 00050202 RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000000008 RDX: 0000000000000000 RSI: ffffffff87f1b25e RDI: 0000000020000980 RBP: 0000000020000980 R08: ffffffff8cd38068 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881a9fe0140 R13: 1ffff110353fdf68 R14: 0000000000000001 R15: 00007ffffffff000 copy_xregs_to_user arch/x86/include/asm/fpu/internal.h:366 [inline] copy_fpregs_to_sigframe arch/x86/kernel/fpu/signal.c:126 [inline] copy_fpstate_to_sigframe+0x1a1/0x6b0 arch/x86/kernel/fpu/signal.c:177 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 get_sigframe.constprop.0.isra.0+0x4a6/0x6a0 arch/x86/kernel/signal.c:284 __setup_rt_frame arch/x86/kernel/signal.c:466 [inline] setup_rt_frame arch/x86/kernel/signal.c:711 [inline] handle_signal arch/x86/kernel/signal.c:755 [inline] do_signal+0xa55/0x1670 arch/x86/kernel/signal.c:801 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198 retint_user+0x8/0x18 RIP: 0033:0x7f6cc7c9fea1 Code: Bad RIP value. RSP: 002b:0000000020000b80 EFLAGS: 00010217 RAX: 0000000000000000 RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 Mem-Info: active_anon:1116457 inactive_anon:4793 isolated_anon:0 active_file:29 inactive_file:28 isolated_file:26 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:18442 slab_unreclaimable:220439 mapped:18180 shmem:5186 pagetables:131042 bounce:0 free:25072 free_pcp:434 free_cma:0 Node 0 active_anon:1848740kB inactive_anon:19152kB active_file:116kB inactive_file:108kB unevictable:0kB isolated(anon):0kB isolated(file):104kB mapped:72720kB dirty:0kB writeback:0kB shmem:20720kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1683456kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:2617088kB inactive_anon:20kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:24kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:4508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:48kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6cc7c9fe99 lowmem_reserve[]: 0 2693 2695 2695 2695 Code: Bad RIP value. RSP: 002b:00007f6cc65b2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 Node 0 DMA32 free:35512kB min:35996kB low:44992kB high:53988kB active_anon:1844232kB inactive_anon:19152kB active_file:116kB inactive_file:108kB unevictable:0kB writepending:0kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:39680kB pagetables:75284kB bounce:0kB free_pcp:1116kB local_pcp:424kB free_cma:0kB RAX: ffffffffffffffda RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 lowmem_reserve[]: 0 0 1 1 1 Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 lowmem_reserve[]: 0 0 0 0 0 R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 INFO: task syz-executor.2:10609 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 Node 1 Normal free:53804kB min:53876kB low:67344kB high:80812kB active_anon:2617088kB inactive_anon:20kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:247264kB pagetables:448836kB bounce:0kB free_pcp:628kB local_pcp:92kB free_cma:0kB "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28576 10609 8109 0x00000000 lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 1*4kB (M) 0*8kB 1*16kB (U) 2*32kB (UM) 2*64kB (UM) 0*128kB 0*256kB 1*512kB (M) 2*1024kB (UM) 0*2048kB 2*4096kB (M) = 10964kB Node 0 DMA32: 83*4kB (ME) 498*8kB (UME) 144*16kB (UE) 199*32kB (UEH) 96*64kB (UE) 34*128kB (UE) 20*256kB (UM) 3*512kB (U) 3*1024kB (MEH) 1*2048kB (M) 0*4096kB = 35260kB Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 Node 1 Normal: 121*4kB (UME) 75*8kB (UME) 37*16kB (UME) 9*32kB (UME) 8*64kB (UME) 3*128kB (UME) 5*256kB (UME) 3*512kB (UM) 1*1024kB (M) 1*2048kB (U) 11*4096kB (M) = 53804kB schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 5298 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 2097051 pages RAM 0 pages HighMem/MovableOnly 369649 pages reserved 0 pages cma reserved Out of memory (oom_kill_allocating_task): Kill process 15481 (syz-executor.2) score 0 or sacrifice child Killed process 15481 (syz-executor.2) total-vm:57328kB, anon-rss:2468kB, file-rss:14276kB, shmem-rss:0kB call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 oom_reaper: reaped process 15481 (syz-executor.2), now anon-rss:0kB, file-rss:14276kB, shmem-rss:0kB __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 namespace_lock fs/namespace.c:1370 [inline] copy_mnt_ns+0x15d/0xad0 fs/namespace.c:2915 create_new_namespaces+0xd6/0x7b0 kernel/nsproxy.c:75 syz-executor.2 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=1000 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 syz-executor.2 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 12611 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 dump_header+0x15d/0xc3f mm/oom_kill.c:443 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 out_of_memory mm/oom_kill.c:1114 [inline] out_of_memory+0x1072/0x1390 mm/oom_kill.c:1064 __alloc_pages_may_oom mm/page_alloc.c:3553 [inline] __alloc_pages_slowpath mm/page_alloc.c:4255 [inline] __alloc_pages_nodemask+0x23a2/0x2890 mm/page_alloc.c:4419 __alloc_pages include/linux/gfp.h:496 [inline] __alloc_pages_node include/linux/gfp.h:509 [inline] kmem_getpages mm/slab.c:1412 [inline] cache_grow_begin+0xa4/0x8a0 mm/slab.c:2682 fallback_alloc+0x213/0x2e0 mm/slab.c:3224 slab_alloc_node mm/slab.c:3332 [inline] kmem_cache_alloc_node+0xe3/0x3b0 mm/slab.c:3647 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 alloc_task_struct_node kernel/fork.c:157 [inline] dup_task_struct kernel/fork.c:807 [inline] copy_process.part.0+0x1ceb/0x8260 kernel/fork.c:1753 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6cc7c9fe99 Code: Bad RIP value. RSP: 002b:00007f6cc65b2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 Mem-Info: active_anon:1116457 inactive_anon:4793 isolated_anon:0 active_file:17 inactive_file:69 isolated_file:17 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:18442 slab_unreclaimable:220570 mapped:18194 shmem:5186 pagetables:131106 bounce:0 free:25050 free_pcp:308 free_cma:0 Node 0 active_anon:1848740kB inactive_anon:19152kB active_file:48kB inactive_file:292kB unevictable:0kB isolated(anon):0kB isolated(file):68kB mapped:72776kB dirty:0kB writeback:0kB shmem:20720kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1683456kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:2617088kB inactive_anon:20kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:24kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:4508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:48kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe lowmem_reserve[]: 0 2693 2695 2695 2695 RIP: 0033:0x7f6cc7c9fe99 Node 0 DMA32 free:35840kB min:35996kB low:44992kB high:53988kB active_anon:1844232kB inactive_anon:19152kB active_file:48kB inactive_file:192kB unevictable:0kB writepending:0kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:39680kB pagetables:75528kB bounce:0kB free_pcp:708kB local_pcp:424kB free_cma:0kB Code: Bad RIP value. lowmem_reserve[]: 0 0 1 1 1 Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB RSP: 002b:00007f6cc65b2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:53672kB min:53876kB low:67344kB high:80812kB active_anon:2617084kB inactive_anon:20kB active_file:0kB inactive_file:12kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:247456kB pagetables:448788kB bounce:0kB free_pcp:580kB local_pcp:332kB free_cma:0kB R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 INFO: task syz-executor.2:10610 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 1*4kB (M) 0*8kB 1*16kB (U) 2*32kB (UM) 2*64kB (UM) 0*128kB 0*256kB 1*512kB (M) 2*1024kB (UM) 0*2048kB 2*4096kB (M) = 10964kB "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28128 10610 10599 0x00000000 Call Trace: Node 0 DMA32: 99*4kB (ME) 562*8kB (UME) 174*16kB (UME) 201*32kB (UEH) 97*64kB (UME) 34*128kB (UE) 19*256kB (U) 4*512kB (UM) 2*1024kB (EH) 1*2048kB (M) 0*4096kB = 35676kB context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB Node 1 Normal: 82*4kB (UME) 88*8kB (UME) 44*16kB (UME) 9*32kB (UME) 7*64kB (ME) 2*128kB (ME) 5*256kB (UME) 3*512kB (UM) 1*1024kB (M) 1*2048kB (U) 11*4096kB (M) = 53672kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 5278 total pagecache pages __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 2097051 pages RAM 0 pages HighMem/MovableOnly namespace_lock fs/namespace.c:1370 [inline] copy_mnt_ns+0x15d/0xad0 fs/namespace.c:2915 369649 pages reserved 0 pages cma reserved Out of memory (oom_kill_allocating_task): Kill process 12611 (syz-executor.2) score 0 or sacrifice child create_new_namespaces+0xd6/0x7b0 kernel/nsproxy.c:75 Killed process 15339 (syz-executor.2) total-vm:57328kB, anon-rss:2468kB, file-rss:14096kB, shmem-rss:0kB oom_reaper: reaped process 15339 (syz-executor.2), now anon-rss:0kB, file-rss:14096kB, shmem-rss:0kB copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 syz-executor.2 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 11119 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 dump_header+0x15d/0xc3f mm/oom_kill.c:443 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 out_of_memory mm/oom_kill.c:1114 [inline] out_of_memory+0x1072/0x1390 mm/oom_kill.c:1064 __alloc_pages_may_oom mm/page_alloc.c:3553 [inline] __alloc_pages_slowpath mm/page_alloc.c:4255 [inline] __alloc_pages_nodemask+0x23a2/0x2890 mm/page_alloc.c:4419 __alloc_pages include/linux/gfp.h:496 [inline] __alloc_pages_node include/linux/gfp.h:509 [inline] alloc_pages_node include/linux/gfp.h:523 [inline] alloc_thread_stack_node kernel/fork.c:240 [inline] dup_task_struct kernel/fork.c:811 [inline] copy_process.part.0+0x3cf/0x8260 kernel/fork.c:1753 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6cc7c9fe99 Code: Bad RIP value. RSP: 002b:00007f6cc65b2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 Mem-Info: active_anon:1116456 inactive_anon:4793 isolated_anon:0 active_file:0 inactive_file:25 isolated_file:70 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:18412 slab_unreclaimable:220259 mapped:18200 shmem:5186 pagetables:131091 bounce:0 free:25183 free_pcp:277 free_cma:0 Node 0 active_anon:1848740kB inactive_anon:19152kB active_file:0kB inactive_file:96kB unevictable:0kB isolated(anon):0kB isolated(file):280kB mapped:72800kB dirty:0kB writeback:0kB shmem:20720kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1683456kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6cc7c9fe99 Code: Bad RIP value. Node 1 active_anon:2617084kB inactive_anon:20kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:24kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes RSP: 002b:00007f6cc65b2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:4508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:48kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 lowmem_reserve[]: 0 2693 2695 2695 2695 RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 Node 0 DMA32 free:35420kB min:35996kB low:44992kB high:53988kB active_anon:1844232kB inactive_anon:19152kB active_file:124kB inactive_file:96kB unevictable:0kB writepending:0kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:39680kB pagetables:75528kB bounce:0kB free_pcp:228kB local_pcp:0kB free_cma:0kB R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 INFO: task syz-executor.2:10615 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28576 10615 10599 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 lowmem_reserve[]: 0 0 1 1 1 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:53736kB min:53876kB low:67344kB high:80812kB active_anon:2617080kB inactive_anon:20kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:247584kB pagetables:448840kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 lowmem_reserve[]: 0 0 0 0 0 __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 namespace_lock fs/namespace.c:1370 [inline] copy_mnt_ns+0x15d/0xad0 fs/namespace.c:2915 create_new_namespaces+0xd6/0x7b0 kernel/nsproxy.c:75 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6cc7c9fe99 Code: Bad RIP value. RSP: 002b:00007f6cc65b2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 INFO: task syz-executor.2:10617 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28192 10617 10613 0x00100004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 Node 0 DMA: 1*4kB (M) 0*8kB 1*16kB (U) 2*32kB (UM) 2*64kB (UM) 0*128kB 0*256kB 1*512kB (M) 2*1024kB (UM) 0*2048kB 2*4096kB (M) = 10964kB __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 namespace_lock fs/namespace.c:1370 [inline] copy_mnt_ns+0x15d/0xad0 fs/namespace.c:2915 create_new_namespaces+0xd6/0x7b0 kernel/nsproxy.c:75 Node 0 DMA32: 109*4kB (UME) 490*8kB (UME) 181*16kB (UME) 203*32kB (UEH) 96*64kB (UE) 35*128kB (UME) 20*256kB (UM) 3*512kB (U) 2*1024kB (EH) 1*2048kB (M) 0*4096kB = 35124kB copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB Node 1 Normal: 122*4kB (UME) 90*8kB (UME) 45*16kB (UME) 9*32kB (UME) 7*64kB (ME) 3*128kB (UME) 4*256kB (ME) 3*512kB (UM) 1*1024kB (M) 1*2048kB (U) 11*4096kB (M) = 53736kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 5260 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe 2097051 pages RAM 0 pages HighMem/MovableOnly RIP: 0033:0x7f6cc7c9fe99 Code: Bad RIP value. RSP: 002b:00007f6cc65b2168 EFLAGS: 00000246 369649 pages reserved ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 0 pages cma reserved Out of memory (oom_kill_allocating_task): Kill process 11119 (syz-executor.2) score 0 or sacrifice child RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 Killed process 12467 (syz-executor.2) total-vm:57328kB, anon-rss:2468kB, file-rss:14080kB, shmem-rss:0kB RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 oom_reaper: reaped process 12467 (syz-executor.2), now anon-rss:0kB, file-rss:14080kB, shmem-rss:0kB INFO: task syz-executor.2:10620 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 syz-executor.2 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=0, oom_score_adj=1000 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28128 10620 8109 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 syz-executor.2 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 15464 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 dump_header+0x15d/0xc3f mm/oom_kill.c:443 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 out_of_memory mm/oom_kill.c:1114 [inline] out_of_memory+0x1072/0x1390 mm/oom_kill.c:1064 __alloc_pages_may_oom mm/page_alloc.c:3553 [inline] __alloc_pages_slowpath mm/page_alloc.c:4255 [inline] __alloc_pages_nodemask+0x23a2/0x2890 mm/page_alloc.c:4419 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 __alloc_pages include/linux/gfp.h:496 [inline] __alloc_pages_node include/linux/gfp.h:509 [inline] kmem_getpages mm/slab.c:1412 [inline] cache_grow_begin+0xa4/0x8a0 mm/slab.c:2682 fallback_alloc+0x213/0x2e0 mm/slab.c:3224 __do_cache_alloc mm/slab.c:3361 [inline] slab_alloc mm/slab.c:3389 [inline] kmem_cache_alloc+0x1e4/0x370 mm/slab.c:3557 anon_vma_chain_alloc mm/rmap.c:129 [inline] anon_vma_clone+0x32d/0x5e0 mm/rmap.c:273 anon_vma_fork+0x82/0x630 mm/rmap.c:332 dup_mmap kernel/fork.c:504 [inline] dup_mm kernel/fork.c:1285 [inline] copy_mm kernel/fork.c:1341 [inline] copy_process.part.0+0x360f/0x8260 kernel/fork.c:1913 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 namespace_lock fs/namespace.c:1370 [inline] copy_mnt_ns+0x15d/0xad0 fs/namespace.c:2915 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6cc7c9fe99 Code: Bad RIP value. RSP: 002b:00007f6cc65b2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6cc7db31d0 RCX: 00007f6cc7c9fe99 RDX: 0000000020000000 RSI: 0000000020000b80 RDI: 0000000004060000 RBP: 00007f6cc7cf9ff1 R08: 0000000020001b80 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd07518ff R14: 00007f6cc65b2300 R15: 0000000000022000 Mem-Info: active_anon:1116456 inactive_anon:4793 isolated_anon:0 active_file:23 inactive_file:30 isolated_file:19 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:18406 slab_unreclaimable:220402 mapped:18186 shmem:5186 pagetables:131104 bounce:0 free:24947 free_pcp:93 free_cma:0 Node 0 active_anon:1848744kB inactive_anon:19152kB active_file:92kB inactive_file:116kB unevictable:0kB isolated(anon):0kB isolated(file):76kB mapped:72744kB dirty:0kB writeback:0kB shmem:20720kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1683456kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no ---------------- Code disassembly (best guess): 0: b7 71 mov $0x71,%bh 2: 89 e8 mov %ebp,%eax 4: 52 push %rdx 5: 38 99 f9 0f 01 cb cmp %bl,-0x34fef007(%rcx) b: 48 89 d8 mov %rbx,%rax e: 48 c1 eb 03 shr $0x3,%rbx 12: 48 89 ef mov %rbp,%rdi 15: 83 e0 07 and $0x7,%eax 18: 48 89 d9 mov %rbx,%rcx 1b: 48 85 c9 test %rcx,%rcx 1e: 74 19 je 0x39 20: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 27: 00 00 00 * 2a: 48 c7 07 00 00 00 00 movq $0x0,(%rdi) <-- trapping instruction 31: 48 83 c7 08 add $0x8,%rdi 35: ff c9 dec %ecx 37: 75 f1 jne 0x2a 39: 48 89 c1 mov %rax,%rcx 3c: 85 c9 test %ecx,%ecx 3e: 74 0a je 0x4a