Memory cgroup stats for /syz3: cache:10624KB rss:264944KB rss_huge:245760KB shmem:10640KB mapped_file:10560KB dirty:0KB writeback:0KB swap:0KB inactive_anon:86760KB active_anon:180652KB inactive_file:8KB active_file:4KB unevictable:8192KB Memory cgroup out of memory: Kill process 32314 (syz-executor3) score 1110 or sacrifice child Killed process 32314 (syz-executor3) total-vm:70328kB, anon-rss:4252kB, file-rss:32768kB, shmem-rss:0kB rcu: INFO: rcu_preempt self-detected stall on CPU rcu: 0-...!: (10402 ticks this GP) idle=c96/1/0x4000000000000002 softirq=151945/151945 fqs=9 rcu: (t=10501 jiffies g=232713 q=439) rcu: rcu_preempt kthread starved for 10450 jiffies! g232713 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 rcu: RCU grace-period kthread stack dump: rcu_preempt R running task 22696 10 2 0x80000000 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472 schedule+0xfe/0x460 kernel/sched/core.c:3516 schedule_timeout+0x140/0x260 kernel/time/timer.c:1804 rcu_gp_fqs_loop+0x762/0xa80 kernel/rcu/tree.c:1934 rcu_gp_kthread+0x341/0xc70 kernel/rcu/tree.c:2090 kthread+0x35a/0x440 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 NMI backtrace for cpu 0 CPU: 0 PID: 26445 Comm: syz-executor2 Not tainted 4.20.0-rc6+ #153 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 nmi_cpu_backtrace.cold.2+0x5c/0xa1 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1e8/0x22a lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline] rcu_dump_cpu_stacks+0x16f/0x1bc kernel/rcu/tree.c:1195 print_cpu_stall.cold.67+0x1f3/0x3c7 kernel/rcu/tree.c:1334 check_cpu_stall kernel/rcu/tree.c:1408 [inline] rcu_pending kernel/rcu/tree.c:2961 [inline] rcu_check_callbacks+0xf3b/0x13f0 kernel/rcu/tree.c:2506 update_process_times+0x2d/0x70 kernel/time/timer.c:1636 tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164 tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274 __run_hrtimer kernel/time/hrtimer.c:1398 [inline] __hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460 hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1034 [inline] smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1059 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:761 [inline] RIP: 0010:lock_acquire+0x268/0x520 kernel/locking/lockdep.c:3847 Code: 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 44 02 00 00 48 83 3d 57 2b f0 07 00 0f 84 c3 01 00 00 48 8b bd 20 ff ff ff 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 RSP: 0018:ffff888196a1d8f0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: 1ffff11032d43b23 RCX: 0000000000000000 RDX: 1ffffffff12a401e RSI: 0000000000000000 RDI: 0000000000000286 RBP: ffff888196a1d9e0 R08: ffff8881ba3a8d30 R09: 0000000000000008 R10: 0000000000000050 R11: ffff8881ba3a8440 R12: ffff8881ba3a8440 R13: 0000000000000002 R14: 0000000000000000 R15: 0000000000000000 rcu_lock_acquire include/linux/rcupdate.h:223 [inline] rcu_read_lock_sched include/linux/rcupdate.h:715 [inline] percpu_ref_put_many+0x94/0x260 include/linux/percpu-refcount.h:280 percpu_ref_put include/linux/percpu-refcount.h:301 [inline] css_put include/linux/cgroup.h:387 [inline] mem_cgroup_iter+0x6e1/0x1160 mm/memcontrol.c:1003 shrink_node+0x516/0x16b0 mm/vmscan.c:2781 shrink_zones mm/vmscan.c:2987 [inline] do_try_to_free_pages+0x3e7/0x1290 mm/vmscan.c:3049 try_to_free_mem_cgroup_pages+0x4cf/0xcd0 mm/vmscan.c:3350 try_charge+0x521/0x1700 mm/memcontrol.c:2211 mem_cgroup_try_charge+0x627/0xe20 mm/memcontrol.c:5890 mem_cgroup_try_charge_delay+0x1d/0xa0 mm/memcontrol.c:5905 shmem_getpage_gfp+0x186b/0x4840 mm/shmem.c:1788 shmem_fault+0x25f/0x960 mm/shmem.c:1986 __do_fault+0x100/0x6b0 mm/memory.c:2996 do_read_fault mm/memory.c:3408 [inline] do_fault mm/memory.c:3534 [inline] handle_pte_fault mm/memory.c:3765 [inline] __handle_mm_fault+0x3ea6/0x5be0 mm/memory.c:3889 handle_mm_fault+0x54f/0xc70 mm/memory.c:3926 faultin_page mm/gup.c:535 [inline] __get_user_pages+0xa3d/0x1ea0 mm/gup.c:738 populate_vma_page_range+0x2db/0x3d0 mm/gup.c:1247 __mm_populate+0x286/0x4d0 mm/gup.c:1295 mm_populate include/linux/mm.h:2337 [inline] vm_mmap_pgoff+0x27f/0x2c0 mm/util.c:355 ksys_mmap_pgoff+0xf1/0x660 mm/mmap.c:1609 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457659 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f097d7ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457659 RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000000020000000 RBP: 000000000072bf00 R08: ffffffffffffffff R09: 0000000000000000 R10: 0000000000008031 R11: 0000000000000246 R12: 00007f097d7ed6d4 R13: 00000000004c2d3e R14: 00000000004d5078 R15: 00000000ffffffff ip6_tunnel: 6tnl0 xmit: Local address not yet configured! oom_reaper: reaped process 32314 (syz-executor3), now anon-rss:0kB, file-rss:32640kB, shmem-rss:0kB oom_reaper: reaped process 4325 (syz-executor2), now anon-rss:0kB, file-rss:32824kB, shmem-rss:0kB syz-executor3 (26452) used greatest stack depth: 7416 bytes left audit: type=1804 audit(1544863506.351:592): pid=26452 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor3" name="file0" dev="sda1" ino=16587 res=1 audit: type=1804 audit(1544863613.881:593): pid=26467 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir812468947/syzkaller.8kra6I/1906/bus" dev="sda1" ino=16502 res=1 audit: type=1804 audit(1544863614.561:594): pid=26474 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor1" name="/root/syzkaller-testdir812468947/syzkaller.8kra6I/1906/bus" dev="sda1" ino=16502 res=1 audit: type=1804 audit(1544863614.561:595): pid=26475 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir812468947/syzkaller.8kra6I/1906/bus" dev="sda1" ino=16502 res=1 audit: type=1804 audit(1544863616.531:596): pid=26494 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir812468947/syzkaller.8kra6I/1907/bus" dev="sda1" ino=16498 res=1 audit: type=1804 audit(1544863616.741:597): pid=26498 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir812468947/syzkaller.8kra6I/1908/bus" dev="sda1" ino=16497 res=1 audit: type=1804 audit(1544863617.721:598): pid=26501 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir812468947/syzkaller.8kra6I/1909/bus" dev="sda1" ino=16520 res=1 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21