Killed process 24008 (syz-executor.1) total-vm:57064kB, anon-rss:2452kB, file-rss:14340kB, shmem-rss:68kB oom_reaper: reaped process 24008 (syz-executor.1), now anon-rss:0kB, file-rss:14336kB, shmem-rss:4kB systemd-journald[22486]: /dev/kmsg buffer overrun, some messages lost. INFO: task kworker/u4:13:13225 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:13 D25080 13225 2 0x80000000 Workqueue: netns cleanup_net Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 netdev_run_todo+0x719/0xab0 net/core/dev.c:9005 sit_exit_batch_net+0x548/0x700 net/ipv6/sit.c:1894 ops_exit_list+0xf9/0x150 net/core/net_namespace.c:156 cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:554 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INFO: task kworker/1:5:17536 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:5 D26208 17536 2 0x80000000 Workqueue: events linkwatch_event Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 linkwatch_event+0xb/0x60 net/core/link_watch.c:236 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INFO: task syz-executor.1:32019 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D26928 32019 31767 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 in:imklog invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 in:imklog cpuset=/ mems_allowed=0-1 CPU: 1 PID: 24378 Comm: in:imklog Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 dump_header+0x15d/0xc3f mm/oom_kill.c:443 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 out_of_memory mm/oom_kill.c:1114 [inline] out_of_memory+0x1072/0x1390 mm/oom_kill.c:1064 __alloc_pages_may_oom mm/page_alloc.c:3553 [inline] __alloc_pages_slowpath mm/page_alloc.c:4255 [inline] __alloc_pages_nodemask+0x23a2/0x2890 mm/page_alloc.c:4419 __alloc_pages include/linux/gfp.h:496 [inline] __alloc_pages_node include/linux/gfp.h:509 [inline] kmem_getpages mm/slab.c:1412 [inline] cache_grow_begin+0xa4/0x8a0 mm/slab.c:2682 fallback_alloc+0x213/0x2e0 mm/slab.c:3224 __do_cache_alloc mm/slab.c:3361 [inline] slab_alloc mm/slab.c:3389 [inline] kmem_cache_alloc_trace+0x1f1/0x380 mm/slab.c:3623 kmalloc include/linux/slab.h:515 [inline] syslog_print kernel/printk/printk.c:1337 [inline] do_syslog.part.0+0x24f/0x1510 kernel/printk/printk.c:1505 do_syslog+0x49/0x60 kernel/printk/printk.c:1486 kmsg_read+0x8a/0xb0 fs/proc/kmsg.c:40 proc_reg_read+0x1bd/0x2d0 fs/proc/inode.c:231 __vfs_read+0xf7/0x750 fs/read_write.c:416 vfs_read+0x194/0x3c0 fs/read_write.c:452 ksys_read+0x12b/0x2a0 fs/read_write.c:579 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f1e1c1b922d Code: Bad RIP value. RSP: 002b:00007f1e19b55580 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1e1c1b922d RDX: 0000000000001fa0 RSI: 00007f1e19b55da0 RDI: 0000000000000004 RBP: 00005579032759d0 R08: 0000000000000000 R09: 0000000000000000 R10: 2ce33e6c02ce33e7 R11: 0000000000000293 R12: 00007f1e19b55da0 R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007f1e19b55dc7 Mem-Info: active_anon:194813 inactive_anon:7167 isolated_anon:0 active_file:26 inactive_file:91 isolated_file:32 unevictable:0 dirty:0 writeback:6 unstable:0 slab_reclaimable:51526 slab_unreclaimable:1222749 mapped:19523 shmem:10683 pagetables:58336 bounce:0 free:27117 free_pcp:85 free_cma:0 Node 0 active_anon:772804kB inactive_anon:28652kB active_file:100kB inactive_file:364kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:63756kB dirty:0kB writeback:24kB shmem:42708kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 200704kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:6448kB inactive_anon:16kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14336kB dirty:0kB writeback:0kB shmem:24kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 DMA free:10848kB min:204kB low:252kB high:300kB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:148kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 lowmem_reserve[]: 0 2693 2695 2695 2695 Node 0 DMA32 free:43692kB min:35996kB low:44992kB high:53988kB active_anon:772804kB inactive_anon:28652kB active_file:116kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:24992kB pagetables:60688kB bounce:0kB free_pcp:932kB local_pcp:476kB free_cma:0kB ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 vti_init_net+0x2a/0x370 net/ipv4/ip_vti.c:520 lowmem_reserve[]: 0 0 1 1 1 ops_init+0xb3/0x410 net/core/net_namespace.c:129 Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 Node 1 Normal free:53812kB min:53876kB low:67344kB high:80812kB active_anon:6448kB inactive_anon:16kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:105632kB pagetables:172628kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 lowmem_reserve[]: 0 0 0 0 0 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 Node 0 DMA: 2*4kB (UM) 11*8kB (UM) 2*16kB (ME) 3*32kB (UME) 2*64kB (UM) 2*128kB (ME) 2*256kB (ME) 3*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10848kB copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 Node 0 DMA32: 722*4kB (ME) 1313*8kB (UME) 707*16kB (UME) 447*32kB (ME) 10*64kB (M) 4*128kB (UM) 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 42464kB copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB Node 1 Normal: 301*4kB (UME) 168*8kB (UME) 145*16kB (UM) 134*32kB (UME) 3*64kB (UM) 2*128kB (M) 7*256kB (M) 7*512kB (ME) 2*1024kB (M) 4*2048kB (UME) 7*4096kB (M) = 53892kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB entry_SYSCALL_64_after_hwframe+0x49/0xbe Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB RIP: 0033:0x7fb5bf924e99 Code: Bad RIP value. RSP: 002b:00007fb5be279168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007fb5bfa38030 RCX: 00007fb5bf924e99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041040000 RBP: 00007fb5bf97eff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffffb165daf R14: 00007fb5be279300 R15: 0000000000022000 INFO: task syz-executor.1:32237 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. 10916 total pagecache pages syz-executor.1 D26752 32237 31933 0x00000000 0 pages in swap cache Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 2097051 pages RAM 0 pages HighMem/MovableOnly 369649 pages reserved 0 pages cma reserved Unreclaimable slab info: Name Used Total pid_6 0KB 4KB pid_5 9KB 12KB pid_4 3KB 7KB pid_3 3KB 7KB pid_2 276KB 280KB ubi_wl_entry_slab 0KB 3KB batadv_tt_change_cache 8KB 15KB batadv_tl_cache 37KB 44KB TIPC 2881KB 2887KB schedule+0x8d/0x1b0 kernel/sched/core.c:3561 rds_tcp_connection 9KB 11KB schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 rds_connection 0KB 3KB __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 SCTPv6 7878KB 7882KB DCCPv6 9550KB 9555KB DCCP 9065KB 9070KB RXRPC 3121KB 3126KB ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 vti_init_net+0x2a/0x370 net/ipv4/ip_vti.c:520 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 rxrpc_call_jar 21593KB 21593KB bridge_fdb_cache 18KB 23KB copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 fib6_nodes 206KB 240KB create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 ip6_dst_cache 176KB 360KB RAWv6 38873KB 38873KB UDPv6 3626KB 3626KB TCPv6 5868KB 5868KB copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 nf_conntrack 12KB 41KB copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 t10_alua_lu_gp_cache 0KB 3KB sd_ext_cdb 0KB 7KB scsi_sense_cache 1056KB 1060KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 12KB sgpool-32 2KB 15KB sgpool-16 1KB 7KB sgpool-8 0KB 7KB mqueue_inode_cache 10KB 22KB bio_post_read_ctx 14KB 15KB bio-2 14KB 15KB copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 jfs_mp 7KB 7KB cifs_small_rq 15KB 16KB cifs_request 67KB 67KB cifs_mpx_ids 0KB 7KB nfs_commit_data 3KB 14KB do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 nfs_write_data 34KB 44KB entry_SYSCALL_64_after_hwframe+0x49/0xbe ext4_system_zone 1KB 7KB RIP: 0033:0x7fb5bf924e99 Code: Bad RIP value. RSP: 002b:00007fb5be279168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007fb5bfa38030 RCX: 00007fb5bf924e99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041040000 RBP: 00007fb5bf97eff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffffb165daf R14: 00007fb5be279300 R15: 0000000000022000 INFO: task syz-executor.1:32581 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 bio-1 1KB 7KB "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. pid_namespace 29KB 38KB syz-executor.1 D26752 32581 32025 0x00000000 rpc_buffers 17KB 25KB Call Trace: rpc_tasks 2KB 7KB context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 UNIX 168KB 172KB UDP-Lite 1KB 6KB tcp_bind_bucket 242KB 248KB inet_peer_cache 0KB 4KB schedule+0x8d/0x1b0 kernel/sched/core.c:3561 xfrm_state 4KB 12KB schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 ip_fib_trie 29KB 35KB __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_fib_alias 141KB 166KB ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb5bf924e99 Code: Bad RIP value. RSP: 002b:00007fb5be279168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007fb5bfa38030 RCX: 00007fb5bf924e99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041040000 RBP: 00007fb5bf97eff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffffb165daf R14: 00007fb5be279300 R15: 0000000000022000 INFO: task syz-executor.1:32750 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D26776 32750 32237 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb5bf924e99 Code: Bad RIP value. RSP: 002b:00007fb5be279168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007fb5bfa38030 RCX: 00007fb5bf924e99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041040000 RBP: 00007fb5bf97eff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffffb165daf R14: 00007fb5be279300 R15: 0000000000022000 INFO: task syz-executor.1:895 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D26888 895 32027 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb5bf924e99 Code: Bad RIP value. RSP: 002b:00007fb5be279168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007fb5bfa38030 RCX: 00007fb5bf924e99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041040000 RBP: 00007fb5bf97eff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffffb165daf R14: 00007fb5be279300 R15: 0000000000022000 INFO: task syz-executor.1:945 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D26928 945 32000 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb5bf924e99 Code: Bad RIP value. RSP: 002b:00007fb5be279168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007fb5bfa38030 RCX: 00007fb5bf924e99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041040000 RBP: 00007fb5bf97eff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffffb165daf R14: 00007fb5be279300 R15: 0000000000022000 INFO: task syz-executor.1:1194 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D26888 1194 32568 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb5bf924e99 Code: Bad RIP value. RSP: 002b:00007fb5be279168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007fb5bfa38030 RCX: 00007fb5bf924e99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041040000 RBP: 00007fb5bf97eff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffffb165daf R14: 00007fb5be279300 R15: 0000000000022000 INFO: task syz-executor.1:1733 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D26888 1733 649 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb5bf924e99 Code: Bad RIP value. RSP: 002b:00007fb5be279168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007fb5bfa38030 RCX: 00007fb5bf924e99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041040000 RBP: 00007fb5bf97eff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffffb165daf R14: 00007fb5be279300 R15: 0000000000022000 Showing all locks held in the system: 3 locks held by kworker/u4:0/7: #0: 0000000046042bf4 ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000e1a5d582 ((work_completion)(&sub_info->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 00000000d4e45611 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline] #2: 00000000d4e45611 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline] #2: 00000000d4e45611 (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline] #2: 00000000d4e45611 (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline] #2: 00000000d4e45611 (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline] #2: 00000000d4e45611 (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419 3 locks held by kworker/1:1/34: #0: 00000000b4e7cdc1 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 000000002acf811b (deferred_process_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 0000000086df197a (rtnl_mutex){+.+.}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:150 1 lock held by khungtaskd/1570: #0: 00000000f2a9ded7 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 3 locks held by kworker/0:2/3687: #0: 0000000093524a53 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000d182e19d ((addr_chk_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 0000000086df197a (rtnl_mutex){+.+.}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4476 2 locks held by syz-fuzzer/8115: #0: 00000000b2870b8b (sk_lock-AF_INET){+.+.}, at: lock_sock include/net/sock.h:1512 [inline] #0: 00000000b2870b8b (sk_lock-AF_INET){+.+.}, at: tcp_sendmsg+0x1d/0x40 net/ipv4/tcp.c:1461 #1: 00000000d4e45611 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline] #1: 00000000d4e45611 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline] #1: 00000000d4e45611 (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline] #1: 00000000d4e45611 (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline] #1: 00000000d4e45611 (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline] #1: 00000000d4e45611 (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419 4 locks held by kworker/u4:13/13225: #0: 00000000b799b3c8 ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 0000000053b242f6 (net_cleanup_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 00000000727c2655 (pernet_ops_rwsem){++++}, at: cleanup_net+0xa8/0x8b0 net/core/net_namespace.c:521 #3: 0000000086df197a (rtnl_mutex){+.+.}, at: netdev_run_todo+0x719/0xab0 net/core/dev.c:9005 3 locks held by kworker/1:5/17536: #0: 00000000b4e7cdc1 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 000000009a24eca5 ((linkwatch_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 0000000086df197a (rtnl_mutex){+.+.}, at: linkwatch_event+0xb/0x60 net/core/link_watch.c:236 2 locks held by syz-executor.1/31425: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/31501: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/31596: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/31598: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/31734: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/31762: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/31766: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/31767: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/31933: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32000: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/32005: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/32006: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/32009: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32019: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/32025: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/32027: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32237: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/32396: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32397: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32480: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32485: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32487: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/32554: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/32555: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/32563: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/32568: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32581: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/32586: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32588: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32589: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32590: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32603: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32668: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/32750: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/354: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/445: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/459: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/460: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/537: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/649: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/764: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/790: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/825: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/895: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/896: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/945: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/946: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 1 lock held by syz-executor.1/951: #0: 00000000d4e45611 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline] #0: 00000000d4e45611 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline] #0: 00000000d4e45611 (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline] #0: 00000000d4e45611 (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline] #0: 00000000d4e45611 (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline] #0: 00000000d4e45611 (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419 2 locks held by syz-executor.1/970: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/971: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/990: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1031: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/1044: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1053: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1069: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1077: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1090: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/1123: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 00000000d4e45611 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline] #1: 00000000d4e45611 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline] #1: 00000000d4e45611 (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline] #1: 00000000d4e45611 (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline] #1: 00000000d4e45611 (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline] #1: 00000000d4e45611 (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419 2 locks held by syz-executor.1/1124: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1125: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1138: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1145: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1194: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/1207: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1208: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/1281: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/1308: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1365: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1371: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/1381: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1382: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/1419: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1460: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/1565: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1594: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1625: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/1626: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1643: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1733: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/1838: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/1840: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 ip_dst_cache 8KB 48KB #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/1880: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/1956: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 syz-executor.1: page allocation failure: order:4, mode:0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) IPVS: ftp: loaded support on port[0] = 21 RAW 22987KB 22987KB syz-executor.1 cpuset=/ mems_allowed=0-1 2 locks held by syz-executor.1/2003: CPU: 1 PID: 24754 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 warn_alloc.cold+0x7b/0x18f mm/page_alloc.c:3457 __alloc_pages_slowpath mm/page_alloc.c:4317 [inline] __alloc_pages_nodemask+0x232f/0x2890 mm/page_alloc.c:4419 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 __alloc_pages include/linux/gfp.h:496 [inline] __alloc_pages_node include/linux/gfp.h:509 [inline] kmem_getpages mm/slab.c:1412 [inline] cache_grow_begin+0xa4/0x8a0 mm/slab.c:2682 fallback_alloc+0x213/0x2e0 mm/slab.c:3224 __do_cache_alloc mm/slab.c:3361 [inline] slab_alloc mm/slab.c:3389 [inline] kmem_cache_alloc_trace+0x1f1/0x380 mm/slab.c:3623 kmalloc include/linux/slab.h:515 [inline] kzalloc include/linux/slab.h:709 [inline] can_pernet_init+0x6a/0x3b0 net/can/af_can.c:888 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 2 locks held by syz-executor.1/2023: create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 RIP: 0033:0x7fb5bf924e99 Code: Bad RIP value. RSP: 002b:00007fb5be279168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007fb5bfa38030 RCX: 00007fb5bf924e99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041040000 RBP: 00007fb5bf97eff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffffb165daf R14: 00007fb5be279300 R15: 0000000000022000 Mem-Info: UDP 6496KB 6500KB active_anon:194814 inactive_anon:7167 isolated_anon:0 active_file:39 inactive_file:164 isolated_file:15 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:51530 slab_unreclaimable:1222794 mapped:19541 shmem:10683 pagetables:58366 bounce:0 free:26502 free_pcp:463 free_cma:0 Node 0 active_anon:772808kB inactive_anon:28652kB active_file:156kB inactive_file:652kB unevictable:0kB isolated(anon):0kB isolated(file):60kB mapped:63828kB dirty:0kB writeback:0kB shmem:42708kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 200704kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 1 active_anon:6448kB inactive_anon:16kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14336kB dirty:0kB writeback:0kB shmem:24kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes TCP 115KB 123KB Node 0 DMA free:10848kB min:204kB low:252kB high:300kB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:148kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 2 locks held by syz-executor.1/2083: lowmem_reserve[]: 0 2693 2695 2695 2695 systemd-journald[22486]: /dev/kmsg buffer overrun, some messages lost. hugetlbfs_inode_cache 8KB 23KB #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 fscache_cookie_jar 1KB 11KB Node 0 DMA32 free:41056kB min:35996kB low:44992kB high:53988kB active_anon:772804kB inactive_anon:28652kB active_file:20kB inactive_file:124kB unevictable:0kB writepending:0kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:24960kB pagetables:60688kB bounce:0kB free_pcp:2848kB local_pcp:1408kB free_cma:0kB #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 eventpoll_pwq 9KB 31KB 2 locks held by syz-executor.1/2127: eventpoll_epi 16KB 47KB #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 inotify_inode_mark 6KB 35KB #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 lowmem_reserve[]: 0 0 1 1 1 2 locks held by syz-executor.1/2213: Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 lowmem_reserve[]: 0 0 0 0 0 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 Node 1 Normal free:53828kB min:53876kB low:67344kB high:80812kB active_anon:6448kB inactive_anon:16kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:105696kB pagetables:172628kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 2 locks held by syz-executor.1/2263: lowmem_reserve[]: 0 0 0 0 0 #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 Node 0 DMA: 2*4kB (UM) 11*8kB (UM) 2*16kB (ME) 3*32kB (UME) 2*64kB (UM) 2*128kB (ME) 2*256kB (ME) 3*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10848kB #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 Node 0 DMA32: 1043*4kB (UME) 1339*8kB (UME) 708*16kB (UME) 451*32kB (UME) 13*64kB (UM) 3*128kB (M) 2*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 43908kB 2 locks held by syz-executor.1/2300: Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB request_queue 196KB 196KB Node 1 Normal: 301*4kB (UME) 182*8kB (UME) 150*16kB (UM) 131*32kB (UME) 3*64kB (UM) 3*128kB (UM) 8*256kB (UM) 8*512kB (UME) 3*1024kB (UM) 3*2048kB (ME) 7*4096kB (M) = 53860kB #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB blkdev_requests 1KB 3KB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB blkdev_ioc 46KB 46KB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB bio-0 8601KB 8632KB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 10733 total pagecache pages 2 locks held by syz-executor.1/2317: 0 pages in swap cache #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 Swap cache stats: add 0, delete 0, find 0/0 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 Free swap = 0kB biovec-max 3770KB 3770KB 2 locks held by syz-executor.1/2328: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 biovec-64 6859KB 6859KB 2 locks held by syz-executor.1/2337: Total swap = 0kB #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 2097051 pages RAM #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 biovec-16 1764KB 1766KB 2 locks held by syz-executor.1/2400: 0 pages HighMem/MovableOnly bio_integrity_payload 1KB 8KB #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 khugepaged_mm_slot 215KB 221KB #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 user_namespace 0KB 3KB 369649 pages reserved 2 locks held by syz-executor.1/2425: 0 pages cma reserved uid_cache 0KB 4KB #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 dmaengine-unmap-2 0KB 3KB #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 skbuff_fclone_cache 42KB 45KB 2 locks held by syz-executor.1/2461: skbuff_head_cache 8100KB 9742KB #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 configfs_dir_cache 3KB 7KB #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 file_lock_cache 8KB 15KB 2 locks held by syz-executor.1/2473: file_lock_ctx 9KB 15KB fsnotify_mark_connector 2KB 15KB net_namespace 33503KB 33503KB shmem_inode_cache 7887KB 8108KB task_delay_info 1287KB 2099KB taskstats 14KB 72KB proc_dir_entry 173414KB 173415KB pde_opener 1KB 7KB seq_file 113KB 118KB sigqueue 129KB 133KB kernfs_node_cache 499042KB 499042KB mnt_cache 227KB 252KB filp 6763KB 6892KB names_cache 103198KB 103198KB iint_cache 31KB 79KB key_jar 4KB 7KB uts_namespace 23KB 35KB nsproxy 344KB 347KB vm_area_struct 34141KB 34209KB mm_struct 6530KB 6532KB fs_cache 1727KB 2800KB #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 files_cache 6183KB 9375KB #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 signal_cache 9606KB 14281KB 2 locks held by syz-executor.1/2496: sighand_cache 9818KB 9865KB #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 task_struct 41132KB 41157KB #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 cred_jar 4739KB 6280KB 2 locks held by syz-executor.1/2509: anon_vma_chain 45242KB 45273KB #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 anon_vma 11516KB 11535KB pid 378KB 964KB Acpi-Operand 156KB 198KB Acpi-ParseExt 9KB 11KB Acpi-Parse 41KB 47KB Acpi-State 52KB 63KB Acpi-Namespace 20KB 27KB numa_policy 0KB 7KB debug_objects_cache 38375KB 38377KB trace_event_file 297KB 298KB ftrace_event_field 398KB 401KB pool_workqueue 3972KB 3972KB page->ptl 6910KB 6941KB #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 kmalloc-4194304 0KB 8192KB 2 locks held by syz-executor.1/2526: kmalloc-2097152 2050KB 6150KB #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 kmalloc-1048576 0KB 2052KB #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 kmalloc-524288 2056KB 3084KB kmalloc-262144 1290KB 1806KB kmalloc-131072 1690KB 1690KB kmalloc-65536 2442KB 2772KB kmalloc-32768 211002KB 211002KB kmalloc-16384 64449KB 64449KB kmalloc-8192 147081KB 147081KB kmalloc-4096 644516KB 644516KB kmalloc-2048 527352KB 527352KB kmalloc-1024 212370KB 212373KB kmalloc-512 166065KB 177558KB kmalloc-256 109659KB 110775KB kmalloc-128 55623KB 55680KB kmalloc-96 14874KB 15292KB kmalloc-64 38290KB 39456KB kmalloc-32 33658KB 34524KB kmalloc-192 74193KB 75880KB kmem_cache 179KB 187KB Out of memory (oom_kill_allocating_task): Kill process 24378 (in:imklog) score 0 or sacrifice child Killed process 24310 (rsyslogd) total-vm:254332kB, anon-rss:848kB, file-rss:0kB, shmem-rss:0kB syz-fuzzer invoked oom-killer: gfp_mask=0x6142c0(GFP_KERNEL|__GFP_NOWARN|__GFP_COMP|__GFP_NOMEMALLOC), nodemask=(null), order=1, oom_score_adj=0 syz-fuzzer cpuset=/ mems_allowed=0-1 IPVS: ftp: loaded support on port[0] = 21 CPU: 0 PID: 8115 Comm: syz-fuzzer Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 dump_header+0x15d/0xc3f mm/oom_kill.c:443 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 out_of_memory mm/oom_kill.c:1114 [inline] out_of_memory+0x1072/0x1390 mm/oom_kill.c:1064 __alloc_pages_may_oom mm/page_alloc.c:3553 [inline] __alloc_pages_slowpath mm/page_alloc.c:4255 [inline] __alloc_pages_nodemask+0x23a2/0x2890 mm/page_alloc.c:4419 __alloc_pages include/linux/gfp.h:496 [inline] __alloc_pages_node include/linux/gfp.h:509 [inline] kmem_getpages mm/slab.c:1412 [inline] cache_grow_begin+0xa4/0x8a0 mm/slab.c:2682 fallback_alloc+0x213/0x2e0 mm/slab.c:3224 slab_alloc_node mm/slab.c:3332 [inline] kmem_cache_alloc_node_trace+0xec/0x3b0 mm/slab.c:3666 __do_kmalloc_node mm/slab.c:3688 [inline] __kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3703 __kmalloc_reserve net/core/skbuff.c:137 [inline] __alloc_skb+0xae/0x560 net/core/skbuff.c:205 alloc_skb_fclone include/linux/skbuff.h:1037 [inline] sk_stream_alloc_skb+0xba/0x850 net/ipv4/tcp.c:884 tcp_sendmsg_locked+0xc0b/0x2f60 net/ipv4/tcp.c:1312 tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1462 inet_sendmsg+0x132/0x5a0 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 sock_write_iter+0x287/0x3c0 net/socket.c:966 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4b12db Code: Bad RIP value. RSP: 002b:000000c00030f2e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000c00001e800 RCX: 00000000004b12db RDX: 0000000000000012 RSI: 000000c00000a200 RDI: 0000000000000006 RBP: 000000c00030f338 R08: 000000c00030f301 R09: 0000000000000004 R10: 000000c00000a1e0 R11: 0000000000000212 R12: 000000000000011e R13: 000000c00040e000 R14: 000000000000000f R15: 00000000000088cd Mem-Info: active_anon:194583 inactive_anon:7167 isolated_anon:0 active_file:26 inactive_file:25 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:51542 slab_unreclaimable:1222916 mapped:19460 shmem:10683 pagetables:58365 bounce:0 free:26722 free_pcp:602 free_cma:0 Node 0 active_anon:771884kB inactive_anon:28652kB active_file:100kB inactive_file:100kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:63504kB dirty:0kB writeback:0kB shmem:42708kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 200704kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:6448kB inactive_anon:16kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14336kB dirty:0kB writeback:0kB shmem:24kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 DMA free:10848kB min:204kB low:252kB high:300kB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:148kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2693 2695 2695 2695 Node 0 DMA32 free:42108kB min:35996kB low:44992kB high:53988kB active_anon:771880kB inactive_anon:28652kB active_file:100kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:24896kB pagetables:60684kB bounce:0kB free_pcp:2408kB local_pcp:1504kB free_cma:0kB lowmem_reserve[]: 0 0 1 1 1 Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:53924kB min:53876kB low:67344kB high:80812kB active_anon:6448kB inactive_anon:16kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:105728kB pagetables:172628kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 2*4kB (UM) 11*8kB (UM) 2*16kB (ME) 3*32kB (UME) 2*64kB (UM) 2*128kB (ME) 2*256kB (ME) 3*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10848kB Node 0 DMA32: 575*4kB (UME) 1392*8kB (ME) 708*16kB (UME) 447*32kB (ME) 11*64kB (UM) 4*128kB (UM) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 42076kB Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB Node 1 Normal: 301*4kB (UME) 176*8kB (UME) 150*16kB (UM) 131*32kB (UME) 3*64kB (UM) 3*128kB (UM) 8*256kB (UM) 8*512kB (UME) 3*1024kB (UM) 3*2048kB (ME) 7*4096kB (M) = 53812kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10761 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 2097051 pages RAM 0 pages HighMem/MovableOnly 369649 pages reserved 0 pages cma reserved Unreclaimable slab info: Name Used Total pid_6 0KB 4KB pid_5 9KB 12KB pid_4 3KB 7KB pid_3 3KB 7KB pid_2 276KB 280KB ubi_wl_entry_slab 0KB 3KB batadv_tt_change_cache 8KB 15KB batadv_tl_cache 37KB 44KB TIPC 2881KB 2887KB rds_tcp_connection 9KB 11KB rds_connection 0KB 3KB SCTPv6 7882KB 7882KB DCCPv6 9555KB 9555KB DCCP 9070KB 9070KB RXRPC 3121KB 3126KB rxrpc_call_jar 21602KB 21609KB bridge_fdb_cache 18KB 23KB fib6_nodes 206KB 240KB ip6_dst_cache 174KB 360KB RAWv6 38898KB 38900KB UDPv6 3628KB 3630KB TCPv6 5868KB 5868KB nf_conntrack 12KB 41KB t10_alua_lu_gp_cache 0KB 3KB sd_ext_cdb 0KB 7KB scsi_sense_cache 1056KB 1060KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 12KB sgpool-32 2KB 15KB sgpool-16 1KB 7KB sgpool-8 0KB 7KB mqueue_inode_cache 10KB 22KB bio_post_read_ctx 14KB 15KB bio-2 14KB 15KB jfs_mp 7KB 7KB cifs_small_rq 15KB 16KB cifs_request 67KB 67KB cifs_mpx_ids 0KB 7KB nfs_commit_data 3KB 14KB nfs_write_data 34KB 44KB ext4_system_zone 1KB 7KB bio-1 1KB 7KB pid_namespace 29KB 38KB rpc_buffers 17KB 25KB rpc_tasks 2KB 7KB UNIX 166KB 172KB UDP-Lite 1KB 6KB tcp_bind_bucket 242KB 248KB inet_peer_cache 0KB 4KB xfrm_state 4KB 12KB ip_fib_trie 29KB 35KB ip_fib_alias 141KB 166KB ip_dst_cache 8KB 48KB RAW 22992KB 22995KB UDP 6496KB 6500KB TCP 115KB 123KB hugetlbfs_inode_cache 8KB 23KB fscache_cookie_jar 1KB 11KB eventpoll_pwq 9KB 31KB eventpoll_epi 16KB 47KB inotify_inode_mark 6KB 35KB request_queue 196KB 196KB blkdev_requests 1KB 3KB blkdev_ioc 43KB 46KB bio-0 8618KB 8632KB biovec-max 3770KB 3770KB biovec-64 6864KB 6874KB biovec-16 1764KB 1766KB bio_integrity_payload 1KB 8KB khugepaged_mm_slot 215KB 221KB user_namespace 0KB 3KB uid_cache 0KB 4KB dmaengine-unmap-2 0KB 3KB skbuff_fclone_cache 35KB 45KB skbuff_head_cache 8210KB 9742KB configfs_dir_cache 3KB 7KB file_lock_cache 8KB 15KB file_lock_ctx 9KB 15KB fsnotify_mark_connector 2KB 15KB net_namespace 33512KB 33512KB shmem_inode_cache 7887KB 8108KB task_delay_info 1283KB 2099KB taskstats 21KB 72KB proc_dir_entry 173440KB 173441KB pde_opener 1KB 7KB seq_file 112KB 118KB sigqueue 123KB 133KB kernfs_node_cache 499046KB 499046KB mnt_cache 227KB 252KB filp 6735KB 6892KB names_cache 103156KB 103173KB iint_cache 31KB 79KB key_jar 4KB 7KB uts_namespace 23KB 35KB nsproxy 344KB 347KB vm_area_struct 34141KB 34209KB mm_struct 6534KB 6539KB fs_cache 1722KB 2800KB files_cache 6142KB 9360KB signal_cache 9578KB 14281KB sighand_cache 9818KB 9865KB task_struct 41069KB 41100KB cred_jar 4715KB 6280KB anon_vma_chain 45254KB 45285KB anon_vma 11520KB 11539KB pid 375KB 964KB Acpi-Operand 156KB 198KB Acpi-ParseExt 9KB 11KB Acpi-Parse 41KB 47KB Acpi-State 52KB 63KB Acpi-Namespace 20KB 27KB numa_policy 0KB 7KB debug_objects_cache 38387KB 38389KB trace_event_file 297KB 298KB ftrace_event_field 398KB 401KB pool_workqueue 3972KB 3972KB page->ptl 6910KB 6941KB kmalloc-4194304 0KB 8192KB kmalloc-2097152 2050KB 6150KB kmalloc-1048576 0KB 2052KB kmalloc-524288 2056KB 3084KB kmalloc-262144 1290KB 1806KB kmalloc-131072 1690KB 1690KB kmalloc-65536 2442KB 2772KB kmalloc-32768 211002KB 211002KB kmalloc-16384 64449KB 64449KB kmalloc-8192 147081KB 147081KB kmalloc-4096 644538KB 644538KB kmalloc-2048 527401KB 527403KB kmalloc-1024 212492KB 212499KB kmalloc-512 166143KB 177558KB kmalloc-256 109678KB 110793KB kmalloc-128 55635KB 55692KB kmalloc-96 14874KB 15292KB kmalloc-64 38298KB 39456KB kmalloc-32 33670KB 34535KB kmalloc-192 74200KB 75888KB kmem_cache 179KB 187KB Out of memory (oom_kill_allocating_task): Kill process 8115 (syz-fuzzer) score 0 or sacrifice child Killed process 13769 (syz-executor.0) total-vm:48472kB, anon-rss:384kB, file-rss:0kB, shmem-rss:0kB 2 locks held by syz-executor.1/2547: IPVS: ftp: loaded support on port[0] = 21 #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 IPVS: ftp: loaded support on port[0] = 21 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: sit_exit_batch_net+0x88/0x700 net/ipv6/sit.c:1889 IPVS: ftp: loaded support on port[0] = 21 systemd-journald[22486]: /dev/kmsg buffer overrun, some messages lost. IPVS: ftp: loaded support on port[0] = 21 2 locks held by syz-executor.1/2558: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/2559: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/2566: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/2567: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/2568: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/2593: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/2610: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/2683: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/2747: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/2748: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/2761: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/2780: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/2789: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/2804: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/2811: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/2828: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/2831: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/2853: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/2975: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/3010: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/3041: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/3105: IPVS: ftp: loaded support on port[0] = 21 #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/3106: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/3117: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/3119: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/3144: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/3174: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/3175: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/3225: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/3280: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/3349: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 IPVS: ftp: loaded support on port[0] = 21 2 locks held by syz-executor.1/3354: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/3376: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/3406: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 0000000086df197a (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.1/3446: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 systemd-journald[22486]: /dev/kmsg buffer overrun, some messages lost. #1: 0000000086df197a (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.1/3449: #0: 00000000727c2655 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435