Free memory is -13336kB above reserved lowmemorykiller: Killing 'syz-executor.1' (27360) (tgid 27359), adj 1000, to free 51416kB on behalf of 'syz-fuzzer' (2043) because cache 240kB is below limit 6144kB for oom_score_adj 0 Free memory is -13336kB above reserved INFO: task syz-executor.1:27360 blocked for more than 140 seconds. Not tainted 4.9.141+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D 28824 27360 2107 0x00000004 0000000000000000 ffff8801ca91b180 ffff8801c97f5f00 ffff8801db621018 ffff8801d7f6fa08 ffffffff828075c2 0000000000000000 ffff8801da714ff0 ffffed003b4e29fd 00ff8801da714740 ffff8801db6218f0Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3586 [] __mutex_lock_common kernel/locking/mutex.c:582 [inline] [] mutex_lock_nested+0x38d/0x900 kernel/locking/mutex.c:621 [] copy_net_ns+0x155/0x330 net/core/net_namespace.c:406 [] create_new_namespaces+0x501/0x760 kernel/nsproxy.c:106 [] copy_namespaces+0x28d/0x320 kernel/nsproxy.c:164 [] copy_process.part.8+0x240c/0x6a10 kernel/fork.c:1695 [] copy_process kernel/fork.c:1505 [inline] [] _do_fork+0x1b2/0xd30 kernel/fork.c:1972 [] SYSC_clone kernel/fork.c:2084 [inline] [] SyS_clone+0x37/0x50 kernel/fork.c:2078 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 (&ldata->atomic_read_lock){+.+.+.}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 #0: ("%s"("ipv6_addrconf")){.+.+..}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 ((addr_chk_work).work){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 #0: (net_mutex){+.+.+.}, at: [] copy_net_ns+0x155/0x330 net/core/net_namespace.c:406 #0: (net_mutex){+.+.+.}, at: [] copy_net_ns+0x155/0x330 net/core/net_namespace.c:406 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000002Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 27402 Comm: syz-executor.2 Not tainted 4.9.141+ #1 task: ffff8801c80cc740 task.stack: ffff880101360000 RIP: 0010:[] c [] hlock_class kernel/locking/lockdep.c:149 [inline] RIP: 0010:[] c [] mark_lock+0x89/0x1290 kernel/locking/lockdep.c:3039 RSP: 0018:ffff8801013670f8 EFLAGS: 00000006 RAX: 000000000000001e RBX: ffff8801c80cd040 RCX: 1ffff10039019a0c RDX: 0000000000000000 RSI: ffff8801c80cd040 RDI: ffff8801c80cc740 RBP: ffff880101367140 R08: ffff8801c80cd060 R09: 0000000000000000 R10: ffff8801c80cc740 R11: 1ffff10039019a07 R12: 00000000000030f0 R13: 0000000000001000 R14: 000000000000000c R15: ffff8801c80cc740 FS: 00007ff88504b700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1dbd0d2317 CR3: 000000019df5f000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Stack: ffff8801c80cd062c ffff8801013672b8c 0000000000000046c 0000000000000000c ffff8801c80cd040c 000000000000001ec 0000000000000002c ffff8801c80ccfdcc 0000000000000000c ffff8801013672f8c ffffffff81207a04c ffff8801c80ccfe0c Call Trace: [] __lock_acquire+0x654/0x4a10 kernel/locking/lockdep.c:3306 [] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [] rcu_lock_acquire include/linux/rcupdate.h:493 [inline] [] rcu_read_lock include/linux/rcupdate.h:875 [inline] [] find_lock_task_mm+0x46/0x270 mm/oom_kill.c:112 [] lowmem_scan+0x34f/0xaf0 drivers/staging/android/lowmemorykiller.c:134 [] do_shrink_slab mm/vmscan.c:398 [inline] [] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501 [] shrink_slab mm/vmscan.c:465 [inline] [] shrink_node+0x1ed/0x740 mm/vmscan.c:2602 [] shrink_zones mm/vmscan.c:2749 [inline] [] do_try_to_free_pages mm/vmscan.c:2791 [inline] [] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002 [] __perform_reclaim mm/page_alloc.c:3324 [inline] [] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline] [] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline] [] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862 [] __alloc_pages include/linux/gfp.h:433 [inline] [] __alloc_pages_node include/linux/gfp.h:446 [inline] [] alloc_pages_node include/linux/gfp.h:460 [inline] [] __vmalloc_area_node mm/vmalloc.c:1644 [inline] [] __vmalloc_node_range+0x25b/0x600 mm/vmalloc.c:1702 [] __vmalloc_node mm/vmalloc.c:1745 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1759 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1774 [] xt_alloc_table_info+0xc9/0x100 net/netfilter/x_tables.c:997 [] do_replace.isra.7+0xfd/0x470 net/ipv4/netfilter/arp_tables.c:979 [] do_arpt_set_ctl+0xff/0x140 net/ipv4/netfilter/arp_tables.c:1469 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0x88/0xa0 net/ipv4/ip_sockglue.c:1249 [] udp_setsockopt+0x4a/0x90 net/ipv4/udp.c:2110 [] ipv6_setsockopt+0x10a/0x130 net/ipv6/ipv6_sockglue.c:912 [] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2758 [] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1785 [inline] [] SyS_setsockopt+0x166/0x260 net/socket.c:1764 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c4c c89 cc1 c48 cc1 ce9 c03 c0f cb6 c14 c11 c84 cd2 c74 c09 c80 cfa c03 c0f c8e c97 c04 c00 c00 c25 cff c1f c00 c00 c4c c69 ce0 cb0 c01 c00 c00 c49 c81 cec cb0 c01 c00 c00 c<49> c81 cc4 cc0 c79 cc6 c83 c49 c8d c7c c24 c30 c48 cb8 c00 c00 c00 c00 c00 cfc cff c