Free memory is -13360kB above reserved lowmemorykiller: Killing 'syz-executor.2' (567) (tgid 564), adj 1000, to free 34988kB on behalf of 'kswapd0' (33) because cache 132kB is below limit 6144kB for oom_score_adj 0 Free memory is -13360kB above reserved INFO: task syz-executor.1:28728 blocked for more than 140 seconds. Not tainted 4.9.141+ #23 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28136 28728 2083 0xa0020002 ffff8801bc8297c0 0000000000000000 ffff880009568b00 ffff8801d99217c0 ffff8801db621018 ffff880162c9f798 ffffffff828075c2 0000000000000000 ffff8801bc82a070 ffffed003790540d 00ff8801bc8297c0 ffff8801db6218f0 Call Trace: [] schedule+0x7f/0x1b0 /kernel/sched/core.c:3553 [] schedule_preempt_disabled+0x13/0x20 /kernel/sched/core.c:3586 [] __mutex_lock_common /kernel/locking/mutex.c:582 [inline] [] mutex_lock_nested+0x38d/0x900 /kernel/locking/mutex.c:621 [] tty_release+0xb79/0xe90 /drivers/tty/tty_io.c:1938 [] __fput+0x263/0x700 /fs/file_table.c:208 [] ____fput+0x15/0x20 /fs/file_table.c:244 [] task_work_run+0x10c/0x180 /kernel/task_work.c:116 [] exit_task_work /./include/linux/task_work.h:21 [inline] [] do_exit+0x78d/0x2a50 /kernel/exit.c:833 [] do_group_exit+0x111/0x300 /kernel/exit.c:937 [] get_signal+0x4e1/0x1460 /kernel/signal.c:2321 [] do_signal+0x95/0x1b00 /arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0x10e/0x150 /arch/x86/entry/common.c:158 [] prepare_exit_to_usermode /arch/x86/entry/common.c:194 [inline] [] syscall_return_slowpath /arch/x86/entry/common.c:263 [inline] [] do_syscall_32_irqs_on /arch/x86/entry/common.c:334 [inline] [] do_fast_syscall_32+0x6dc/0xa10 /arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 /arch/x86/entry/entry_64_compat.S:137 Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] rcu_read_unlock /./include/linux/rcupdate.h:927 [inline] #0: (rcu_read_lock){......}, at: [] rcu_lock_break /kernel/hung_task.c:143 [inline] #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks /kernel/hung_task.c:177 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x310/0xa20 /kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 /kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/1893: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 /fs/file.c:781 2 locks held by getty/2020: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 /drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+.+.}, at: [] n_tty_read+0x202/0x16e0 /drivers/tty/n_tty.c:2142 1 lock held by syz-executor.1/28728: #0: (tty_mutex){+.+.+.}, at: [] tty_release+0xb79/0xe90 /drivers/tty/tty_io.c:1938 1 lock held by syz-executor.0/29073: #0: (tty_mutex){+.+.+.}, at: [] tty_release+0xb79/0xe90 /drivers/tty/tty_io.c:1938 1 lock held by init/624: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver /drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 /drivers/tty/tty_io.c:2130 1 lock held by init/625: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver /drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 /drivers/tty/tty_io.c:2130 1 lock held by init/630: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver /drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 /drivers/tty/tty_io.c:2130 1 lock held by init/631: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver /drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 /drivers/tty/tty_io.c:2130 1 lock held by init/632: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver /drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 /drivers/tty/tty_io.c:2130 1 lock held by init/633: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver /drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 /drivers/tty/tty_io.c:2130 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #23 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000003 Call Trace: [] __dump_stack /lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 /lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 /lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 /lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 /arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace /./include/linux/nmi.h:58 [inline] [] check_hung_task /kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks /kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 /kernel/hung_task.c:239 [] kthread+0x26d/0x300 /kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 /arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 2045 Comm: syz-fuzzer Not tainted 4.9.141+ #23 task: ffff8801d253af80 task.stack: ffff8801cf590000 RIP: 0010:[] c [] __read_once_size /./include/linux/compiler.h:243 [inline] RIP: 0010:[] c [] find_lock_task_mm+0x91/0x270 /mm/oom_kill.c:114 RSP: 0018:ffff8801cf597328 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: ffff8800898b1cc0 RCX: 1ffff10008c320e7 RDX: 0000000000000000 RSI: ffffffff81419fd6 RDI: ffffffff82e76400 RBP: ffff8801cf597360 R08: ffff8801d253b8f0 R09: 296d540454c17ee0 R10: ffff8801d253af80 R11: 0000000000000001 R12: ffff880046190000 R13: ffff880046190418 R14: ffff880174305f00 R15: ffff880046190738 FS: 000000c420028068(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004236d0 CR3: 00000001cf15b000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff81419f70c ffff8801743066c0c ffff880046190000c dffffc0000000000c ffff880046190418c ffff880174305f00c 0000000000000600c ffff8801cf597410c ffffffff821effdfc ffffffff821efedec ffff8801cf5973b8c ffffffff81ba7d7bc Call Trace: [] lowmem_scan+0x34f/0xaf0 /drivers/staging/android/lowmemorykiller.c:134 [] do_shrink_slab /mm/vmscan.c:398 [inline] [] shrink_slab.part.8+0x3c6/0xa00 /mm/vmscan.c:501 [] shrink_slab /mm/vmscan.c:465 [inline] [] shrink_node+0x1ed/0x740 /mm/vmscan.c:2602 [] shrink_zones /mm/vmscan.c:2749 [inline] [] do_try_to_free_pages /mm/vmscan.c:2791 [inline] [] try_to_free_pages+0x377/0xb80 /mm/vmscan.c:3002 [] __perform_reclaim /mm/page_alloc.c:3324 [inline] [] __alloc_pages_direct_reclaim /mm/page_alloc.c:3345 [inline] [] __alloc_pages_slowpath /mm/page_alloc.c:3697 [inline] [] __alloc_pages_nodemask+0x981/0x1bd0 /mm/page_alloc.c:3862 [] __alloc_pages /./include/linux/gfp.h:433 [inline] [] __alloc_pages_node /./include/linux/gfp.h:446 [inline] [] alloc_pages_node /./include/linux/gfp.h:460 [inline] [] __page_cache_alloc /./include/linux/pagemap.h:208 [inline] [] __do_page_cache_readahead+0x21a/0x8b0 /mm/readahead.c:183 [] ra_submit /mm/internal.h:59 [inline] [] do_sync_mmap_readahead /mm/filemap.c:2066 [inline] [] filemap_fault+0x924/0x1110 /mm/filemap.c:2143 [] ext4_filemap_fault+0x71/0xa0 /fs/ext4/inode.c:5853 [] __do_fault+0x223/0x500 /mm/memory.c:2833 [] do_read_fault /mm/memory.c:3180 [inline] [] do_fault /mm/memory.c:3315 [inline] [] handle_pte_fault /mm/memory.c:3516 [inline] [] __handle_mm_fault /mm/memory.c:3603 [inline] [] handle_mm_fault+0x1326/0x2350 /mm/memory.c:3640 [] __do_page_fault+0x403/0xa60 /arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 /arch/x86/mm/fault.c:1469 [] page_fault+0x25/0x30 /arch/x86/entry/entry_64.S:951 Code: c4d c8d cbc c24 c38 c07 c00 c00 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c4c c89 cf9 c48 cc1 ce9 c03 c80 c3c c01 c00 c0f c85 cb5 c01 c00 c00 c49 c8b c9c c24 c38 c07 c00 c00 c<48> cb8 c00 c00 c00 c00 c00 cfc cff cdf c4c c8d c6b c10 c4c c89 ce9 c48 cc1 ce9 c03 c