339412 pages reserved 0 pages cma reserved oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=1204,uid=0 Out of memory: Kill process 1204 (syz-executor.3) score 1007 or sacrifice child Killed process 1204 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34688kB, shmem-rss:0kB INFO: task kworker/1:2:2980 blocked for more than 140 seconds. Not tainted 5.0.0-rc5+ #65 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:2 D25648 2980 2 0x80000000 Workqueue: events linkwatch_event Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x817/0x1cc0 kernel/sched/core.c:3485 schedule+0x92/0x180 kernel/sched/core.c:3529 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3587 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x726/0x1310 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 linkwatch_event+0xf/0x70 net/core/link_watch.c:236 process_one_work+0x98e/0x1790 kernel/workqueue.c:2173 worker_thread+0x98/0xe40 kernel/workqueue.c:2319 kthread+0x357/0x430 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 INFO: task kworker/1:0:22669 blocked for more than 140 seconds. Not tainted 5.0.0-rc5+ #65 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:0 D26456 22669 2 0x80000000 Workqueue: events switchdev_deferred_process_work Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x817/0x1cc0 kernel/sched/core.c:3485 schedule+0x92/0x180 kernel/sched/core.c:3529 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3587 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x726/0x1310 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:150 process_one_work+0x98e/0x1790 kernel/workqueue.c:2173 worker_thread+0x98/0xe40 kernel/workqueue.c:2319 kthread+0x357/0x430 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Showing all locks held in the system: 2 locks held by kworker/u4:0/7: 1 lock held by khungtaskd/1039: #0: 00000000b3c17bd6 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:4389 2 locks held by kswapd0/1549: 3 locks held by kworker/1:2/2980: #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:220 [inline] #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: process_one_work+0x87e/0x1790 kernel/workqueue.c:2144 #1: 000000005e5d6673 ((linkwatch_work).work){+.+.}, at: process_one_work+0x8b4/0x1790 kernel/workqueue.c:2148 #2: 0000000067c4da24 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 4 locks held by rs:main Q:Reg/8072: 1 lock held by rsyslogd/8074: #0: 00000000d92aa052 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:795 2 locks held by getty/8197: #0: 00000000bcc8434b (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000054e91e40 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 2 locks held by getty/8198: #0: 000000000af8e35a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000002afac7 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 2 locks held by getty/8199: #0: 00000000a6973814 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000922866d5 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 2 locks held by getty/8200: #0: 00000000626643c4 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000ba61f8b1 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 2 locks held by getty/8201: #0: 00000000f224dc70 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000fc588fe0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 2 locks held by getty/8202: #0: 00000000761c1995 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000012bd86eb (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 2 locks held by getty/8203: #0: 0000000066c1e5f7 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 000000004cd8becd (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 3 locks held by syz-fuzzer/8219: 4 locks held by kworker/u4:6/10026: 3 locks held by kworker/1:0/22669: #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:220 [inline] #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 00000000246893b1 ((wq_completion)"events"){+.+.}, at: process_one_work+0x87e/0x1790 kernel/workqueue.c:2144 #1: 00000000c287beef (deferred_process_work){+.+.}, at: process_one_work+0x8b4/0x1790 kernel/workqueue.c:2148 #2: 0000000067c4da24 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 3 locks held by kworker/0:5/26989: #0: 00000000ce06abc9 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: __write_once_size include/linux/compiler.h:220 [inline] #0: 00000000ce06abc9 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 00000000ce06abc9 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 00000000ce06abc9 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 00000000ce06abc9 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 00000000ce06abc9 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 00000000ce06abc9 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0x87e/0x1790 kernel/workqueue.c:2144 #1: 00000000f7c0da79 ((addr_chk_work).work){+.+.}, at: process_one_work+0x8b4/0x1790 kernel/workqueue.c:2148 #2: 0000000067c4da24 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 3 locks held by syz-executor.0/6269: ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1039 Comm: khungtaskd Not tainted 5.0.0-rc5+ #65 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1be/0x236 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x9df/0xee0 kernel/hung_task.c:287 kthread+0x357/0x430 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 0 to CPUs 1: INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.124 msecs NMI backtrace for cpu 1 CPU: 1 PID: 8219 Comm: syz-fuzzer Not tainted 5.0.0-rc5+ #65 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:check_preemption_disabled+0x8/0x290 lib/smp_processor_id.c:12 Code: 0f 18 fe 48 8b bd 18 ff ff ff e8 43 c7 7b fe e9 6a ec ff ff e8 d9 c7 7b fe e9 28 f1 ff ff 90 90 90 90 55 48 89 e5 41 57 41 56 <49> 89 f6 41 55 41 54 49 89 fc 53 48 83 ec 08 e8 74 ca 44 fe 65 44 RSP: 0018:ffff888095fbed98 EFLAGS: 00000293 RAX: ffff888084c9c400 RBX: 000000000002ddc0 RCX: ffffffff81918147 RDX: 0000000000000000 RSI: ffffffff87a24340 RDI: ffffffff87a24380 RBP: ffff888095fbeda8 R08: ffff888084c9c400 R09: ffff888084c9cd18 R10: ffff888084c9ccf8 R11: 0000000000000001 R12: ffffea0001b8bf40 R13: 0000000000000000 R14: ffffea0001b8bf48 R15: dffffc0000000000 FS: 000000000167c7a8(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000095f130 CR3: 000000008f1d0000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: debug_smp_processor_id+0x1c/0x20 lib/smp_processor_id.c:56 rcu_dynticks_curr_cpu_in_eqs+0x17/0xb0 kernel/rcu/tree.c:303 rcu_is_watching+0x10/0x30 kernel/rcu/tree.c:932 rcu_read_lock include/linux/rcupdate.h:608 [inline] page_evictable+0x23b/0x380 mm/vmscan.c:4289 shrink_page_list+0x419/0x58f0 mm/vmscan.c:1150 shrink_inactive_list+0x679/0x18d0 mm/vmscan.c:1961 shrink_list mm/vmscan.c:2273 [inline] shrink_node_memcg+0x621/0x1450 mm/vmscan.c:2538 shrink_node+0x29a/0x1540 mm/vmscan.c:2753 shrink_zones mm/vmscan.c:2987 [inline] do_try_to_free_pages+0x3cb/0x11e0 mm/vmscan.c:3049 try_to_free_pages+0x2ee/0x7f0 mm/vmscan.c:3265 __perform_reclaim mm/page_alloc.c:3926 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3948 [inline] __alloc_pages_slowpath+0x9bc/0x2900 mm/page_alloc.c:4341 __alloc_pages_nodemask+0x5ce/0x710 mm/page_alloc.c:4555 alloc_pages_current+0x107/0x210 mm/mempolicy.c:2106 alloc_pages include/linux/gfp.h:509 [inline] __page_cache_alloc mm/filemap.c:924 [inline] __page_cache_alloc+0x2bd/0x460 mm/filemap.c:909 page_cache_read mm/filemap.c:2373 [inline] filemap_fault+0xff7/0x2400 mm/filemap.c:2557 ext4_filemap_fault+0x83/0xaf fs/ext4/inode.c:6318 __do_fault+0x116/0x4e0 mm/memory.c:3019 do_read_fault mm/memory.c:3430 [inline] do_fault mm/memory.c:3556 [inline] handle_pte_fault mm/memory.c:3787 [inline] __handle_mm_fault+0x2cbd/0x3f20 mm/memory.c:3911 handle_mm_fault+0x43f/0xb30 mm/memory.c:3948 do_user_addr_fault arch/x86/mm/fault.c:1475 [inline] __do_page_fault+0x5da/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0x71/0x581 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0033:0x7307f0 Code: Bad RIP value. RSP: 002b:000000c42d3e52c0 EFLAGS: 00010246 RAX: 000000c434427ea0 RBX: 0000000001215580 RCX: 0000000000bd7e20 RDX: 00000000007307f0 RSI: 000000c42d3e54c0 RDI: 000000c4200b45a0 RBP: 000000c42d3e5470 R08: 0000000000bd7e20 R09: 00000000008317a0 R10: 0000000000000000 R11: 00000000ffffffff R12: 000000c4200b455c R13: 0000000000000010 R14: ffffffffffffffff R15: 0000000000000010 kobject: 'vlan0' (00000000d7c4a0e9): kobject_uevent_env kobject: 'vlan0' (00000000d7c4a0e9): kobject_uevent_env: attempted to send uevent without kset! kobject: 'mesh' (0000000082e0a742): kobject_cleanup, parent (null) kobject: 'mesh' (0000000082e0a742): calling ktype release kobject: (0000000082e0a742): dynamic_kobj_release kobject: 'mesh': free name kobject: 'vlan0' (00000000d7c4a0e9): kobject_cleanup, parent (null) kobject: 'vlan0' (00000000d7c4a0e9): calling ktype release kobject: (00000000d7c4a0e9): dynamic_kobj_release kobject: 'vlan0': free name