Killed process 7721 (syz-executor900) total-vm:17872kB, anon-rss:16848kB, file-rss:0kB, shmem-rss:0kB Out of memory: Kill process 7729 (syz-executor900) score 1002 or sacrifice child Killed process 7729 (syz-executor900) total-vm:17872kB, anon-rss:16848kB, file-rss:0kB, shmem-rss:0kB Out of memory: Kill process 7739 (syz-executor900) score 1002 or sacrifice child Killed process 7739 (syz-executor900) total-vm:17872kB, anon-rss:16848kB, file-rss:0kB, shmem-rss:0kB INFO: task kworker/u4:1:64 blocked for more than 140 seconds. Not tainted 4.9.135+ #62 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:1 D23304 64 2 0x80000000 Workqueue: netns cleanup_net ffff8801d7845f00 ffff8801cc3bee00 ffff8801cc3bee00 ffff8801cc0c97c0 ffff8801db721018 ffff8801d79af5d0 ffffffff828067a2 ffffffff83ccf600 ffffffff00000000 fffffbfff0848da8 005164f000000001 ffff8801db7218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771 [] do_wait_for_common kernel/sched/completion.c:75 [inline] [] __wait_for_common kernel/sched/completion.c:93 [inline] [] wait_for_common+0x3ef/0x5d0 kernel/sched/completion.c:101 [] wait_for_completion+0x18/0x20 kernel/sched/completion.c:122 [] _rcu_barrier+0x231/0x340 kernel/rcu/tree.c:3701 [] rcu_barrier+0x10/0x20 kernel/rcu/tree_plugin.h:698 [] netdev_run_todo+0x110/0x770 net/core/dev.c:7542 [] rtnl_unlock+0xe/0x10 net/core/rtnetlink.c:104 [] ip6_tnl_exit_net+0x3e2/0x5b0 net/ipv6/ip6_tunnel.c:2240 [] ops_exit_list.isra.0+0xb0/0x160 net/core/net_namespace.c:136 [] cleanup_net+0x3f2/0x8b0 net/core/net_namespace.c:473 [] process_one_work+0x831/0x1530 kernel/workqueue.c:2092 [] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 4 locks held by kworker/u4:1/64: #0: ("%s""netns"){.+.+.+}, at: [] process_one_work+0x73c/0x1530 kernel/workqueue.c:2085 #1: (net_cleanup_work){+.+.+.}, at: [] process_one_work+0x774/0x1530 kernel/workqueue.c:2089 #2: (net_mutex){+.+.+.}, at: [] cleanup_net+0x13f/0x8b0 net/core/net_namespace.c:439 #3: (rcu_preempt_state.barrier_mutex){+.+...}, at: [] _rcu_barrier+0x5d/0x340 kernel/rcu/tree.c:3637 4 locks held by kworker/1:2/622: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x1530 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x1530 kernel/workqueue.c:2089 #2: (&type->s_umount_key#19){++++.+}, at: [] deactivate_super+0x89/0xd0 fs/super.c:340 #3: (shrinker_rwsem){++++..}, at: [] unregister_shrinker+0x58/0x230 mm/vmscan.c:300 1 lock held by rsyslogd/1892: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 2 locks held by getty/2019: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by init/8890: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/8891: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/8892: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/8893: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/8894: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/8895: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by syz-executor900/9646: #0: (&mm->mmap_sem){++++++}, at: [] vm_mmap_pgoff+0x128/0x1b0 mm/util.c:327 1 lock held by syz-executor900/9647: #0: (&mm->mmap_sem){++++++}, at: [] __mm_populate+0x257/0x350 mm/gup.c:1136 1 lock held by syz-executor900/9652: #0: (&mm->mmap_sem){++++++}, at: [] vm_mmap_pgoff+0x128/0x1b0 mm/util.c:327 1 lock held by syz-executor900/9653: #0: (&mm->mmap_sem){++++++}, at: [] __mm_populate+0x257/0x350 mm/gup.c:1136 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.135+ #62 ffff8801d9907d08 ffffffff81b42a19 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ffffffff81098330 ffff8801d9907d40 ffffffff81b4db29 0000000000000000 0000000000000000 0000000000000003 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 2159 Comm: syz-executor900 Not tainted 4.9.135+ #62 task: ffff8801cc0c97c0 task.stack: ffff8801c5610000 RIP: 0010:[] c [] __const_udelay+0x2a/0x30 arch/x86/lib/delay.c:174 RSP: 0018:ffff8801c56170d8 EFLAGS: 00000082 RAX: 0000000080000001 RBX: ffffffff84b5db20 RCX: 0000000000000000 RDX: 0000000000000002 RSI: ffffffff81ba789b RDI: ffffffff841ed840 RBP: ffff8801c56170d8 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 000000000000270e R13: 0000000000000020 R14: fffffbfff096bbab R15: fffffbfff096bb6d FS: 0000000002229880(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000022328b8 CR3: 00000001cb08d000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8801c5617128c ffffffff81d643ffc ffffffff81b6c908c ffffffff84b5db68c ffffffff84b5dd5ac ffffffff84b5db20c 000000000000005dc ffffffff81d64570c dffffc0000000000c 000000000000005dc ffff8801c5617148c ffffffff81d6458fc Call Trace: [] wait_for_xmitr+0x6f/0x1e0 drivers/tty/serial/8250/8250_port.c:2005 [] serial8250_console_putchar+0x1f/0x60 drivers/tty/serial/8250/8250_port.c:3103 [] uart_console_write+0x59/0xf0 drivers/tty/serial/serial_core.c:1866 [] serial8250_console_write+0x528/0x820 drivers/tty/serial/8250/8250_port.c:3169 [] univ8250_console_write+0x5f/0x70 drivers/tty/serial/8250/8250_core.c:594 [] call_console_drivers.isra.0.constprop.15+0x1ad/0x360 kernel/printk/printk.c:1589 [] console_unlock+0x47f/0xb50 kernel/printk/printk.c:2449 [] vprintk_emit+0x448/0x790 kernel/printk/printk.c:1903 [] vprintk+0x28/0x30 kernel/printk/printk.c:1913 [] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1914 [] vprintk_func kernel/printk/internal.h:36 [inline] [] printk+0xaf/0xd7 kernel/printk/printk.c:1975 [] lowmem_scan.cold.1+0x1f9/0x35b drivers/staging/android/lowmemorykiller.c:177 [] do_shrink_slab mm/vmscan.c:398 [inline] [] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501 [] shrink_slab mm/vmscan.c:465 [inline] [] shrink_node+0x1ed/0x740 mm/vmscan.c:2602 [] shrink_zones mm/vmscan.c:2749 [inline] [] do_try_to_free_pages mm/vmscan.c:2791 [inline] [] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002 [] __perform_reclaim mm/page_alloc.c:3324 [inline] [] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline] [] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline] [] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862 [] __alloc_pages include/linux/gfp.h:433 [inline] [] __alloc_pages_node include/linux/gfp.h:446 [inline] [] alloc_slab_page mm/slub.c:1408 [inline] [] allocate_slab mm/slub.c:1557 [inline] [] new_slab+0x367/0x3d0 mm/slub.c:1635 [] new_slab_objects mm/slub.c:2419 [inline] [] ___slab_alloc.constprop.33+0x2ed/0x470 mm/slub.c:2576 [] __slab_alloc.isra.25.constprop.32+0x50/0xa0 mm/slub.c:2618 [] slab_alloc_node mm/slub.c:2681 [inline] [] slab_alloc mm/slub.c:2723 [inline] [] kmem_cache_alloc+0x212/0x2b0 mm/slub.c:2728 [] getname_flags+0xc8/0x550 fs/namei.c:137 [] getname+0x19/0x20 fs/namei.c:208 [] do_sys_open+0x20b/0x5c0 fs/open.c:1066 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1085 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c00 c55 c48 c8d c0c cbd c00 c00 c00 c00 c65 c48 c8b c15 c67 c5e c4a c7e c48 c8d c14 c92 c48 c89 ce5 c48 c89 cc8 c48 c8d c14 c92 cf7 ce2 c48 c8d c7a c01 ce8 cb6 cff cff cff c<5d> cc3 c0f c1f c40 c00 c48 c69 ccf c1c c43 c00 c00 c55 c65 c48 c8b c15 c38 c5e c4a c