[15611] 0 15611 18177 8732 26 4 0 1000 syz-executor.2 [15628] 0 15628 638 9 5 3 0 -1000 blkid Out of memory: Kill process 5585 (syz-executor.4) score 1005 or sacrifice child Killed process 5585 (syz-executor.4) total-vm:72708kB, anon-rss:180kB, file-rss:34816kB, shmem-rss:0kB binder: undelivered TRANSACTION_ERROR: 29201 INFO: rcu_preempt detected stalls on CPUs/tasks: Tasks blocked on level-0 rcu_node (CPUs 0-1): P15607 (detected by 1, t=10502 jiffies, g=9158, c=9157, q=4527) syz-executor.0 R running task 25976 15607 2098 0x00000004 ffff8801db707c60 ffffffff813fa6fd ffffffff813fa504 ffff8801cdbdaf80 ffffffff830cd6c0 0000000000000096 ffff8801cdbdb360 dffffc0000000000 ffff8801db707c98 ffffffff81404e39 00000000000023c5 00000000000011af Call Trace: [] sched_show_task.cold.35+0x279/0x31f kernel/sched/core.c:5317 [] rcu_print_detail_task_stall_rnp+0xc2/0xfe kernel/rcu/tree_plugin.h:530 [] rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:543 [inline] [] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline] [] check_cpu_stall kernel/rcu/tree.c:1520 [inline] [] __rcu_pending kernel/rcu/tree.c:3487 [inline] [] rcu_pending kernel/rcu/tree.c:3551 [inline] [] rcu_check_callbacks.cold.69+0x757/0xd27 kernel/rcu/tree.c:2880 [] update_process_times+0x30/0x70 kernel/time/timer.c:1629 [] tick_sched_handle.isra.5+0x4a/0xf0 kernel/time/tick-sched.c:151 [] tick_sched_timer+0x76/0x130 kernel/time/tick-sched.c:1190 [] __run_hrtimer kernel/time/hrtimer.c:1255 [inline] [] __hrtimer_run_queues+0x357/0xe30 kernel/time/hrtimer.c:1319 [] hrtimer_interrupt+0x1b1/0x430 kernel/time/hrtimer.c:1353 [] local_apic_timer_interrupt+0x74/0xa0 arch/x86/kernel/apic/apic.c:937 [] smp_apic_timer_interrupt+0x7c/0xb0 arch/x86/kernel/apic/apic.c:961 [] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648 [] vprintk_emit+0x448/0x790 kernel/printk/printk.c:1908 [] vprintk+0x28/0x30 kernel/printk/printk.c:1918 [] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1919 [] vprintk_func kernel/printk/internal.h:36 [inline] [] printk+0xaf/0xd7 kernel/printk/printk.c:1980 [] lowmem_scan.cold.1+0x1f9/0x35b drivers/staging/android/lowmemorykiller.c:177 [] do_shrink_slab mm/vmscan.c:398 [inline] [] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501 [] shrink_slab mm/vmscan.c:465 [inline] [] shrink_node+0x1ed/0x740 mm/vmscan.c:2602 [] shrink_zones mm/vmscan.c:2749 [inline] [] do_try_to_free_pages mm/vmscan.c:2791 [inline] [] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002 [] __perform_reclaim mm/page_alloc.c:3324 [inline] [] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline] [] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline] [] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862 [] __alloc_pages include/linux/gfp.h:433 [inline] [] __alloc_pages_node include/linux/gfp.h:446 [inline] [] alloc_pages_node include/linux/gfp.h:460 [inline] [] __vmalloc_area_node mm/vmalloc.c:1644 [inline] [] __vmalloc_node_range+0x25b/0x600 mm/vmalloc.c:1702 [] __vmalloc_node mm/vmalloc.c:1745 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1759 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1774 [] xt_alloc_table_info+0xc9/0x100 net/netfilter/x_tables.c:997 [] do_replace.isra.7+0xfd/0x470 net/ipv4/netfilter/arp_tables.c:979 [] do_arpt_set_ctl+0xff/0x140 net/ipv4/netfilter/arp_tables.c:1469 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0x88/0xa0 net/ipv4/ip_sockglue.c:1249 [] udp_setsockopt+0x4a/0x90 net/ipv4/udp.c:2110 [] ipv6_setsockopt+0x10a/0x130 net/ipv6/ipv6_sockglue.c:912 [] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2758 [] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1785 [inline] [] SyS_setsockopt+0x166/0x260 net/socket.c:1764 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb syz-executor.0 R running task 25976 15607 2098 0x80000004 ffff8801db707c60 ffffffff813fa6fd ffffffff813fa504 ffff8801cdbdaf80 ffffffff830cd6c0 0000000000000096 ffff8801cdbdb360 dffffc0000000000 ffff8801db707c98 ffffffff81404e39 ffffffff830cda40 00000000000011af Call Trace: [] sched_show_task.cold.35+0x279/0x31f kernel/sched/core.c:5317 [] rcu_print_detail_task_stall_rnp+0xc2/0xfe kernel/rcu/tree_plugin.h:530 [] rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:545 [inline] [] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline] [] check_cpu_stall kernel/rcu/tree.c:1520 [inline] [] __rcu_pending kernel/rcu/tree.c:3487 [inline] [] rcu_pending kernel/rcu/tree.c:3551 [inline] [] rcu_check_callbacks.cold.69+0x7af/0xd27 kernel/rcu/tree.c:2880 [] update_process_times+0x30/0x70 kernel/time/timer.c:1629 [] tick_sched_handle.isra.5+0x4a/0xf0 kernel/time/tick-sched.c:151 [] tick_sched_timer+0x76/0x130 kernel/time/tick-sched.c:1190 [] __run_hrtimer kernel/time/hrtimer.c:1255 [inline] [] __hrtimer_run_queues+0x357/0xe30 kernel/time/hrtimer.c:1319 [] hrtimer_interrupt+0x1b1/0x430 kernel/time/hrtimer.c:1353 [] local_apic_timer_interrupt+0x74/0xa0 arch/x86/kernel/apic/apic.c:937 [] smp_apic_timer_interrupt+0x7c/0xb0 arch/x86/kernel/apic/apic.c:961 [] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648 [] vprintk_emit+0x448/0x790 kernel/printk/printk.c:1908 [] vprintk+0x28/0x30 kernel/printk/printk.c:1918 [] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1919 [] vprintk_func kernel/printk/internal.h:36 [inline] [] printk+0xaf/0xd7 kernel/printk/printk.c:1980 [] lowmem_scan.cold.1+0x1f9/0x35b drivers/staging/android/lowmemorykiller.c:177 [] do_shrink_slab mm/vmscan.c:398 [inline] [] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501 [] shrink_slab mm/vmscan.c:465 [inline] [] shrink_node+0x1ed/0x740 mm/vmscan.c:2602 [] shrink_zones mm/vmscan.c:2749 [inline] [] do_try_to_free_pages mm/vmscan.c:2791 [inline] [] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002 [] __perform_reclaim mm/page_alloc.c:3324 [inline] [] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline] [] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline] [] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862 [] __alloc_pages include/linux/gfp.h:433 [inline] [] __alloc_pages_node include/linux/gfp.h:446 [inline] [] alloc_pages_node include/linux/gfp.h:460 [inline] [] __vmalloc_area_node mm/vmalloc.c:1644 [inline] [] __vmalloc_node_range+0x25b/0x600 mm/vmalloc.c:1702 [] __vmalloc_node mm/vmalloc.c:1745 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1759 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1774 [] xt_alloc_table_info+0xc9/0x100 net/netfilter/x_tables.c:997 [] do_replace.isra.7+0xfd/0x470 net/ipv4/netfilter/arp_tables.c:979 [] do_arpt_set_ctl+0xff/0x140 net/ipv4/netfilter/arp_tables.c:1469 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0x88/0xa0 net/ipv4/ip_sockglue.c:1249 [] udp_setsockopt+0x4a/0x90 net/ipv4/udp.c:2110 [] ipv6_setsockopt+0x10a/0x130 net/ipv6/ipv6_sockglue.c:912 [] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2758 [] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1785 [inline] [] SyS_setsockopt+0x166/0x260 net/socket.c:1764 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb BUG: Bad rss-counter state mm:ffff88018cec9600 idx:0 val:4 syz-executor.1 calls setitimer() with new_value NULL pointer. Misfeature support will be removed netlink: 2 bytes leftover after parsing attributes in process `syz-executor.1'. binder: 15837:15839 got transaction to context manager from process owning it netlink: 2 bytes leftover after parsing attributes in process `syz-executor.1'. binder: 15837:15839 transaction failed 29201/-22, size 0-0 line 3004 binder_alloc: binder_alloc_mmap_handler: 15837 20ff9000-20ffd000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. binder_alloc: 15837: binder_alloc_buf, no vma netlink: 11 bytes leftover after parsing attributes in process `syz-executor.0'. binder: 15837:15839 ioctl 40046207 0 returned -16 netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. binder: 15837:15856 transaction failed 29189/-3, size 0-0 line 3136 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189