Killed process 18235 (syz-executor.0) total-vm:72576kB, anon-rss:172kB, file-rss:34688kB, shmem-rss:0kB lowmemorykiller: Killing 'syz-executor.1' (20451) (tgid 20451), adj 1000, to free 34860kB on behalf of 'syz-executor.2' (24244) because cache 5540kB is below limit 6144kB for oom_score_adj 0 Free memory is -13672kB above reserved INFO: task kworker/0:2:346 blocked for more than 140 seconds. Not tainted 4.9.141+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/0:2 D26744 346 2 0x80000000 Workqueue: events proc_cleanup_work ffff8801d651df00 ffff8801d15e8000 ffff8801d2badd80 ffff8801aab52f80 ffff8801db621018 ffff8801d624f7f0 ffffffff828075c2 ffffffff83c261e8 0000000041b58ab3 ffffffff82e33920 00ffffff83c7a980 ffff8801db6218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771 [] do_wait_for_common kernel/sched/completion.c:75 [inline] [] __wait_for_common kernel/sched/completion.c:93 [inline] [] wait_for_common+0x3ef/0x5d0 kernel/sched/completion.c:101 [] wait_for_completion+0x18/0x20 kernel/sched/completion.c:122 [] __wait_rcu_gp+0x137/0x1b0 kernel/rcu/update.c:369 [] synchronize_rcu.part.55+0xfa/0x110 kernel/rcu/tree_plugin.h:684 [] synchronize_rcu+0x27/0x90 kernel/rcu/tree_plugin.h:685 [] kern_unmount+0x57/0xd0 fs/namespace.c:3344 [] pid_ns_release_proc+0x37/0x50 fs/proc/root.c:227 [] proc_cleanup_work+0x19/0x20 kernel/pid_namespace.c:76 [] process_one_work+0x831/0x15f0 kernel/workqueue.c:2092 [] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 2 locks held by kworker/0:2/346: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 1 lock held by rsyslogd/1895: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 2 locks held by getty/2022: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+.+.}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by kworker/1:3/2940: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&map->work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by syz-executor.4/5576: #0: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 #1: (rcu_preempt_state.exp_mutex){+.+...}, at: [] exp_funnel_lock kernel/rcu/tree_exp.h:256 [inline] #1: (rcu_preempt_state.exp_mutex){+.+...}, at: [] _synchronize_rcu_expedited+0x339/0x840 kernel/rcu/tree_exp.h:569 1 lock held by syz-executor.4/7554: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.4/7556: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.1/14156: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 2 locks held by kworker/0:3/14407: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 1 lock held by syz-executor.2/14860: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 2 locks held by kworker/1:0/17021: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 1 lock held by syz-executor.4/22836: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.4/26466: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.5/26565: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.1/27882: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.3/28221: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.1/28459: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.4/28479: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.4/28491: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.4/30526: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 2 locks held by syz-executor.0/31268: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 #1: (sk_lock-AF_PACKET){+.+.+.}, at: [] lock_sock include/net/sock.h:1404 [inline] #1: (sk_lock-AF_PACKET){+.+.+.}, at: [] packet_release+0x4ad/0xb70 net/packet/af_packet.c:3029 1 lock held by syz-executor.5/420: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.1/3593: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 3 locks held by kworker/u4:3/6448: #0: ("%s""netns"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: (net_cleanup_work){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 #2: (net_mutex){+.+.+.}, at: [] cleanup_net+0x13f/0x8b0 net/core/net_namespace.c:439 1 lock held by syz-executor.3/7189: #0: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 2 locks held by kworker/1:1/7676: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by syz-executor.3/8531: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 #1: (rcu_preempt_state.exp_mutex){+.+...}, at: [] exp_funnel_lock kernel/rcu/tree_exp.h:289 [inline] #1: (rcu_preempt_state.exp_mutex){+.+...}, at: [] _synchronize_rcu_expedited+0x3a7/0x840 kernel/rcu/tree_exp.h:569 1 lock held by syz-executor.1/13973: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.5/15655: #0: (input_mutex){+.+.+.}, at: [] __input_unregister_device+0x152/0x490 drivers/input/input.c:2020 2 locks held by kworker/0:0/16103: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 1 lock held by syz-executor.3/17087: #0: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 2 locks held by kworker/0:4/18577: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by syz-executor.5/19221: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 #1: (sk_lock-AF_PACKET){+.+.+.}, at: [] lock_sock include/net/sock.h:1404 [inline] #1: (sk_lock-AF_PACKET){+.+.+.}, at: [] packet_release+0x4ad/0xb70 net/packet/af_packet.c:3029 2 locks held by syz-executor.5/19231: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 #1: (sk_lock-AF_PACKET){+.+.+.}, at: [] lock_sock include/net/sock.h:1404 [inline] #1: (sk_lock-AF_PACKET){+.+.+.}, at: [] packet_release+0x4ad/0xb70 net/packet/af_packet.c:3029 2 locks held by kworker/1:2/20233: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&rew.rew_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 1 lock held by syz-executor.3/20589: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 2 locks held by kworker/0:1/24248: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/0:5/24249: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/0:6/24252: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/0:7/24253: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/0:8/24254: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/1:5/24255: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/1:6/24256: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/0:10/24259: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/1:7/24260: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/1:8/24262: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 3 locks held by kworker/1:9/24263: #0: ("%s"("ipv6_addrconf")){.+.+..}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((addr_chk_work).work){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 #2: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1 ffff8801d98ffd08 ffffffff81b42e79 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ffffffff810983b0 ffff8801d98ffd40 ffffffff81b4df89 0000000000000000 0000000000000000 0000000000000002 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 24244 Comm: syz-executor.2 Not tainted 4.9.141+ #1 task: ffff8801a23edf00 task.stack: ffff880151e88000 RIP: 0010:[] c [] separate_irq_context kernel/locking/lockdep.c:2988 [inline] RIP: 0010:[] c [] __lock_acquire+0x753/0x4a10 kernel/locking/lockdep.c:3336 RSP: 0018:ffff880151e8f230 EFLAGS: 00000806 RAX: dffffc0000000000 RBX: ffff8801a23ee800 RCX: ffff8801a23ee7b0 RDX: 1ffff1003447dcff RSI: ffff8801a23ee800 RDI: ffff8801a23ee7f9 RBP: ffff880151e8f3d8 R08: ffff8801a23ee820 R09: 0000000000000000 R10: ffff8801a23edf00 R11: 0000000000000000 R12: 000000000000001e R13: ffff8801a23ee7d8 R14: 000000000000001e R15: dee16c6f2c44c917 FS: 00007f3255375700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000bdab78 CR3: 00000001750b3000 CR4: 00000000001606b0 Stack: ffffffff833d3600c ffff8801a23ee7d8c ffffffff83c73d80c 0000000000000001c 00000000000065b8c ffff8801a23ee818c ffffffff83c73d80c ffff8801a23ee820c 000000000000035dc ffff8801a23ee840c ffff8801a23ee7a0c ffff8801a23ee848c Call Trace: [] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [] rcu_lock_acquire include/linux/rcupdate.h:493 [inline] [] rcu_read_lock include/linux/rcupdate.h:875 [inline] [] find_lock_task_mm+0x46/0x270 mm/oom_kill.c:112 [] lowmem_scan+0x34f/0xaf0 drivers/staging/android/lowmemorykiller.c:134 [] do_shrink_slab mm/vmscan.c:398 [inline] [] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501 [] shrink_slab mm/vmscan.c:465 [inline] [] shrink_node+0x1ed/0x740 mm/vmscan.c:2602 [] shrink_zones mm/vmscan.c:2749 [inline] [] do_try_to_free_pages mm/vmscan.c:2791 [inline] [] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002 [] __perform_reclaim mm/page_alloc.c:3324 [inline] [] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline] [] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline] [] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862 [] __alloc_pages include/linux/gfp.h:433 [inline] [] __alloc_pages_node include/linux/gfp.h:446 [inline] [] alloc_pages_node include/linux/gfp.h:460 [inline] [] __vmalloc_area_node mm/vmalloc.c:1644 [inline] [] __vmalloc_node_range+0x25b/0x600 mm/vmalloc.c:1702 [] __vmalloc_node mm/vmalloc.c:1745 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1759 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1774 [] xt_alloc_table_info+0xc9/0x100 net/netfilter/x_tables.c:997 [] do_replace net/ipv6/netfilter/ip6_tables.c:1175 [inline] [] do_ip6t_set_ctl+0x235/0x470 net/ipv6/netfilter/ip6_tables.c:1712 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [] ipv6_setsockopt+0xc8/0x130 net/ipv6/ipv6_sockglue.c:922 [] udpv6_setsockopt+0x4a/0x90 net/ipv6/udp.c:1351 [] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1785 [inline] [] SyS_setsockopt+0x166/0x260 net/socket.c:1764 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c00 c85 cc0 c74 c7a c48 c8b c8c c24 c88 c00 c00 c00 c48 c8d c04 c80 c4c c8d c6c cc1 cd8 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c49 c8d c7d c21 c48 c89 cfa c48 cc1 cea c03 c<0f> cb6 c04 c02 c48 c89 cfa c83 ce2 c07 c38 cd0 c7f c08 c84 cc0 c0f c85 c50 c2d c00 c