handle_mm_fault+0x455/0x9c0 mm/memory.c:4276 __do_page_fault+0x549/0xad0 arch/x86/mm/fault.c:1442 page_fault+0x45/0x50 arch/x86/entry/entry_64.S:1126 RIP: c95c00:0xc0000064e0 RSP: 0000:000000c000067ec0 EFLAGS: c000067eb0 unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 Mem-Info: active_anon:16011 inactive_anon:4728 isolated_anon:0 active_file:16 inactive_file:15 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:25638 slab_unreclaimable:100497 mapped:18213 shmem:5160 pagetables:535 bounce:0 free:17803 free_pcp:31 free_cma:0 Node 0 active_anon:64040kB inactive_anon:18912kB active_file:60kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:72852kB dirty:0kB writeback:0kB shmem:20640kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 1 active_anon:4kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 DMA free:10976kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2717 2718 2718 2718 Node 0 DMA32 free:33696kB min:36196kB low:45244kB high:54292kB active_anon:64040kB inactive_anon:18912kB active_file:60kB inactive_file:60kB unevictable:0kB writepending:0kB present:3129332kB managed:2787976kB mlocked:0kB kernel_stack:7456kB pagetables:2140kB bounce:0kB free_pcp:124kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:468kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:26540kB min:53696kB low:67120kB high:80544kB active_anon:4kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 0*256kB 1*512kB (U) 0*1024kB 1*2048kB (M) 2*4096kB (M) = 10976kB Node 0 DMA32: 1897*4kB (UME) 757*8kB (UME) 261*16kB (UME) 92*32kB (UMH) 66*64kB (UMH) 19*128kB (UH) 9*256kB (UH) 4*512kB (UH) 2*1024kB (UH) 0*2048kB 0*4096kB = 33820kB Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB Node 1 Normal: 3*4kB (ME) 3*8kB (ME) 4*16kB (UME) 1*32kB (M) 1*64kB (M) 2*128kB (UM) 2*256kB (UM) 0*512kB 1*1024kB (M) 4*2048kB (ME) 4*4096kB (M) = 26564kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 5191 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 2097051 pages RAM 0 pages HighMem/MovableOnly 363899 pages reserved 0 pages cma reserved Out of memory (oom_kill_allocating_task): Kill process 7990 (syz-fuzzer) score 0 or sacrifice child Killed process 8005 (syz-executor.1) total-vm:48512kB, anon-rss:440kB, file-rss:0kB, shmem-rss:0kB Bluetooth: hci5 command 0x040f tx timeout Bluetooth: hci0 command 0x040f tx timeout Bluetooth: hci4 command 0x040f tx timeout syz-executor.4 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 syz-executor.4 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 15833 Comm: syz-executor.4 Not tainted 4.14.307-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 dump_header+0x178/0x82f mm/oom_kill.c:424 oom_kill_process.cold+0x10/0xa40 mm/oom_kill.c:863 out_of_memory+0x2dc/0x1190 mm/oom_kill.c:1086 __alloc_pages_may_oom mm/page_alloc.c:3351 [inline] __alloc_pages_slowpath mm/page_alloc.c:4070 [inline] __alloc_pages_nodemask+0x25a9/0x2900 mm/page_alloc.c:4239 __alloc_pages include/linux/gfp.h:484 [inline] __alloc_pages_node include/linux/gfp.h:497 [inline] kmem_getpages mm/slab.c:1419 [inline] cache_grow_begin+0x91/0x700 mm/slab.c:2676 fallback_alloc+0x207/0x2c0 mm/slab.c:3217 __do_cache_alloc mm/slab.c:3354 [inline] slab_alloc mm/slab.c:3382 [inline] kmem_cache_alloc_trace+0x1f1/0x3d0 mm/slab.c:3616 kmalloc include/linux/slab.h:488 [inline] kzalloc include/linux/slab.h:661 [inline] kobject_uevent_env+0x20c/0xf30 lib/kobject_uevent.c:398 device_del+0x642/0xa80 drivers/base/core.c:2097 hci_conn_del_sysfs+0xca/0x160 net/bluetooth/hci_sysfs.c:81 hci_conn_cleanup+0x216/0x500 net/bluetooth/hci_conn.c:128 hci_conn_del+0x253/0x6f0 net/bluetooth/hci_conn.c:611 hci_conn_hash_flush+0x19c/0x260 net/bluetooth/hci_conn.c:1394 hci_dev_do_close+0x57d/0xd80 net/bluetooth/hci_core.c:1642 hci_unregister_dev+0x143/0x420 net/bluetooth/hci_core.c:3210 vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354 __fput+0x25f/0x7a0 fs/file_table.c:210 task_work_run+0x11f/0x190 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xa44/0x2850 kernel/exit.c:915 do_group_exit+0x100/0x2e0 kernel/exit.c:1037 get_signal+0x38d/0x1ca0 kernel/signal.c:2412 do_signal+0x7c/0x1550 arch/x86/kernel/signal.c:792 exit_to_usermode_loop+0x160/0x200 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fba841576b7 RSP: 002b:00007ffd909b2828 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 RAX: fffffffffffffffc RBX: 00007ffd909b2e68 RCX: 00007fba841576b7 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000006 R13: 00007ffd909b2900 R14: 00007fba842764f8 R15: 0000000000000006 Mem-Info: active_anon:15877 inactive_anon:4727 isolated_anon:0 active_file:15 inactive_file:1139 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:25635 slab_unreclaimable:100198 mapped:15211 shmem:5160 pagetables:520 bounce:0 free:21826 free_pcp:384 free_cma:0 Node 0 active_anon:63804kB inactive_anon:18908kB active_file:1260kB inactive_file:12552kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:67344kB dirty:100kB writeback:0kB shmem:20640kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes systemd[1]: systemd-journald.service: Failed with result 'signal'. Node 1 active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. Node 0 DMA free:11096kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2717 2718 2718 2718 systemd[1]: Starting Load/Save RF Kill Switch Status... Node 0 DMA32 free:95852kB min:36196kB low:45244kB high:54292kB active_anon:63204kB inactive_anon:18908kB active_file:4760kB inactive_file:9652kB unevictable:0kB writepending:148kB present:3129332kB managed:2787976kB mlocked:0kB kernel_stack:7392kB pagetables:2228kB bounce:0kB free_pcp:996kB local_pcp:464kB free_cma:0kB systemd[1]: Stopped Flush Journal to Persistent Storage. lowmem_reserve[]: 0 0 0 0 0 Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:468kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB systemd[1]: Stopping Flush Journal to Persistent Storage... lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:66688kB min:53696kB low:67120kB high:80544kB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:648kB local_pcp:0kB free_cma:0kB systemd[1]: Stopped Journal Service. lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 2*4096kB (M) = 11100kB systemd[1]: Starting Journal Service... systemd[1]: Started Load/Save RF Kill Switch Status. Node 0 DMA32: 1219*4kB (UE) 763*8kB (UE) 532*16kB (UME) 265*32kB (UMEH) 164*64kB (UMH) 55*128kB (UMH) 24*256kB (UMH) 14*512kB (UH) 11*1024kB (UH) 4*2048kB (U) 4*4096kB (UM) = 94660kB Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB Node 1 Normal: 7*4kB (UME) 7*8kB (UME) 6*16kB (UME) 4*32kB (UM) 4*64kB (UM) 5*128kB (UM) 2*256kB (UM) 1*512kB (U) 3*1024kB (UM) 6*2048kB (UME) 12*4096kB (UM) = 66740kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 8965 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 2097051 pages RAM systemd-journald[15870]: File /run/log/journal/04d8c135ee6b410280ba31a58c89679d/system.journal corrupted or uncleanly shut down, renaming and replacing. 0 pages HighMem/MovableOnly 363899 pages reserved 0 pages cma reserved Out of memory: Kill process 7989 (syz-fuzzer) score 7 or sacrifice child Killed process 8006 (syz-executor.2) total-vm:48512kB, anon-rss:444kB, file-rss:14340kB, shmem-rss:0kB systemd[1]: Started Journal Service. Bluetooth: hci0 command 0x0419 tx timeout Bluetooth: hci5 command 0x0419 tx timeout Bluetooth: hci1 command 0x0409 tx timeout Bluetooth: hci1 command 0x041b tx timeout Bluetooth: hci1 command 0x040f tx timeout