__alloc_pages_may_oom mm/page_alloc.c:3519 [inline] __alloc_pages_slowpath+0x2354/0x2e10 mm/page_alloc.c:4240 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4395 INFO: task syz-executor4:25852 blocked for more than 140 seconds. Not tainted 4.20.0-rc2+ #237 alloc_pages_current+0x173/0x350 mm/mempolicy.c:2080 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. alloc_pages include/linux/gfp.h:509 [inline] __page_cache_alloc+0x38c/0x5c0 mm/filemap.c:924 syz-executor4 D19128 25852 29302 0x20020004 page_cache_read mm/filemap.c:2312 [inline] filemap_fault+0x1595/0x25f0 mm/filemap.c:2496 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472 ext4_filemap_fault+0x82/0xad fs/ext4/inode.c:6292 __do_fault+0x100/0x6b0 mm/memory.c:2996 do_read_fault mm/memory.c:3408 [inline] do_fault mm/memory.c:3534 [inline] handle_pte_fault mm/memory.c:3765 [inline] __handle_mm_fault+0x3ea0/0x5be0 mm/memory.c:3889 handle_mm_fault+0x54f/0xc70 mm/memory.c:3926 do_user_addr_fault arch/x86/mm/fault.c:1423 [inline] __do_page_fault+0x5e8/0xe60 arch/x86/mm/fault.c:1489 do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1520 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1139 RIP: 0033:0x7ff317c99324 Code: Bad RIP value. RSP: 002b:00007ff316668d80 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00007ff317c9b50c RCX: 0000000000000000 RDX: 000b249f07e22b00 RSI: 0000000000000001 RDI: 00000000016773e0 RBP: 0000000000000006 R08: 0000000000000000 R09: 00000000000007e2 R10: 0000000000000011 R11: a3d70a3d70a3d70b R12: 0000000000000000 R13: 00007ff317e9e5a3 R14: 0000000000000984 R15: 00007ff317e9dbec Mem-Info: active_anon:140329 inactive_anon:184 isolated_anon:0 active_file:18 inactive_file:14 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:11513 slab_unreclaimable:1286235 mapped:49155 shmem:243 pagetables:2281 bounce:0 free:24260 free_pcp:63 free_cma:0 Node 0 active_anon:561316kB inactive_anon:736kB active_file:72kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196620kB dirty:0kB writeback:0kB shmem:972kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 200704kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB schedule+0xfe/0x460 kernel/sched/core.c:3516 lowmem_reserve[]: 0 2818 6321 6321 Node 0 DMA32 free:43912kB min:30052kB low:37564kB high:45076kB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888768kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 3503 3503 Node 0 Normal free:36972kB min:37364kB low:46704kB high:56044kB active_anon:561312kB inactive_anon:736kB active_file:72kB inactive_file:56kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8768kB pagetables:9124kB bounce:0kB free_pcp:484kB local_pcp:232kB free_cma:0kB __lock_sock+0x1fb/0x350 net/core/sock.c:2252 lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB lock_sock_nested+0xfe/0x120 net/core/sock.c:2774 lock_sock include/net/sock.h:1492 [inline] sctp_wait_for_connect+0x3ae/0x640 net/sctp/socket.c:8642 Node 0 DMA32: 4*4kB (ME) 3*8kB (ME) 6*16kB (UME) 4*32kB (ME) 6*64kB (UME) 6*128kB (ME) 6*256kB (UME) 6*512kB (UME) 5*1024kB (UME) 2*2048kB (ME) 7*4096kB (M) = 43912kB sctp_sendmsg_to_asoc+0x1627/0x1a20 net/sctp/socket.c:1967 Node 0 Normal: 4213*4kB (UME) 1457*8kB (UME) 382*16kB (UME) 56*32kB (M) 1*64kB (U) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 36988kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB sctp_sendmsg+0x13c2/0x1da0 net/sctp/socket.c:2113 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 275 total pagecache pages inet_sendmsg+0x1a1/0x690 net/ipv4/af_inet.c:798 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 __sys_sendto+0x3d7/0x670 net/socket.c:1788 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 342856 pages reserved 0 pages cma reserved Unreclaimable slab info: __do_sys_sendto net/socket.c:1800 [inline] __se_sys_sendto net/socket.c:1796 [inline] __ia32_sys_sendto+0xdf/0x1a0 net/socket.c:1796 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline] do_fast_syscall_32+0x34d/0xfb2 arch/x86/entry/common.c:397 Name Used Total pid_3 1KB 7KB pid_2 130KB 168KB TIPC 11KB 14KB entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7fa9a29 Code: Bad RIP value. rds_connection 1KB 3KB RSP: 002b:00000000f5fa50cc EFLAGS: 00000296 ORIG_RAX: 0000000000000171 SCTPv6 16KB 24KB RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000000 RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000002005ffe4 RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Showing all locks held in the system: sctp_chunk 1108241KB 1108241KB 1 lock held by khungtaskd/979: sctp_bind_bucket 5KB 11KB #0: 000000008c2995d5 (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424 kernel/locking/lockdep.c:4379 DCCPv6 17KB 21KB 2 locks held by rs:main Q:Reg/5794: 5 locks held by rsyslogd/5796: 2 locks held by getty/5886: #0: 000000003006b0ca (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 DCCP 16KB 20KB #1: 000000000b9d2082 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5887: #0: 000000006fa4c629 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 dccp_bind_bucket 1KB 4KB #1: 000000008e4e9773 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 bridge_fdb_cache 10KB 23KB 2 locks held by getty/5888: #0: 00000000032aa566 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 000000001d8ed732 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5889: #0: 00000000b2b73d2c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 0000000059ebda6a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 fib6_nodes 88KB 112KB 2 locks held by getty/5890: ip6_dst_cache 330KB 337KB #0: 00000000a620ba69 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 00000000930a9c94 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 ip6_mrt_cache 0KB 4KB 2 locks held by getty/5891: #0: 00000000acc77da4 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 000000002af506ca (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 RAWv6 78KB 78KB 2 locks held by getty/5892: #0: 000000000c8c351f (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 000000009a5d2938 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 UDPv6 3KB 3KB 2 locks held by syz-fuzzer/5908: #0: 0000000060716878 (&mm->mmap_sem){++++}, at: do_user_addr_fault arch/x86/mm/fault.c:1351 [inline] #0: 0000000060716878 (&mm->mmap_sem){++++}, at: __do_page_fault+0x3da/0xe60 arch/x86/mm/fault.c:1489 #1: 000000000c412751 (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7a/0xad fs/ext4/inode.c:6291 2 locks held by syz-fuzzer/5913: TCPv6 23KB 29KB #0: 0000000060716878 (&mm->mmap_sem){++++}, at: do_user_addr_fault arch/x86/mm/fault.c:1351 [inline] #0: 0000000060716878 (&mm->mmap_sem){++++}, at: __do_page_fault+0x3da/0xe60 arch/x86/mm/fault.c:1489 nf_conntrack 28KB 131KB sd_ext_cdb 0KB 3KB scsi_sense_cache 1056KB 1060KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB #1: 000000000c412751 (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7a/0xad fs/ext4/inode.c:6291 sgpool-64 4KB 6KB sgpool-32 2KB 7KB 2 locks held by syz-fuzzer/5921: sgpool-16 1KB 3KB sgpool-8 0KB 3KB mqueue_inode_cache 11KB 14KB #0: 0000000060716878 (&mm->mmap_sem){++++}, at: do_user_addr_fault arch/x86/mm/fault.c:1351 [inline] #0: 0000000060716878 (&mm->mmap_sem){++++}, at: __do_page_fault+0x3da/0xe60 arch/x86/mm/fault.c:1489 bio_post_read_ctx 14KB 15KB bio-2 14KB 15KB jfs_mp 7KB 7KB #1: 000000000c412751 (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7a/0xad fs/ext4/inode.c:6291 nfs_commit_data 3KB 7KB nfs_write_data 32KB 32KB ext4_system_zone 0KB 3KB userfaultfd_ctx_cache 1KB 7KB 3 locks held by syz-executor4/25873: bio-1 1KB 3KB #0: 0000000017156722 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1492 [inline] #0: 0000000017156722 (sk_lock-AF_INET6){+.+.}, at: sctp_sendmsg+0x1425/0x1da0 net/sctp/socket.c:2052 #1: 00000000491a8325 (&rq->lock){-.-.}, at: idle_balance kernel/sched/fair.c:9644 [inline] #1: 00000000491a8325 (&rq->lock){-.-.}, at: pick_next_task_fair+0x1333/0x1b30 kernel/sched/fair.c:6723 pid_namespace 5KB 15KB #2: 00000000491a8325 (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1126 [inline] #2: 00000000491a8325 (&rq->lock){-.-.}, at: attach_tasks kernel/sched/fair.c:7314 [inline] #2: 00000000491a8325 (&rq->lock){-.-.}, at: load_balance+0x124d/0x39a0 kernel/sched/fair.c:8710 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 979 Comm: khungtaskd Not tainted 4.20.0-rc2+ #237 posix_timers_cache 17KB 45KB Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 rpc_buffers 17KB 19KB nmi_cpu_backtrace.cold.2+0x5c/0xa1 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1e8/0x22a lib/nmi_backtrace.c:62 rpc_tasks 2KB 3KB arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 UNIX 19KB 21KB trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0xb51/0x1060 kernel/hung_task.c:289 tcp_bind_bucket 13KB 40KB inet_peer_cache 62KB 68KB xfrm_state 2KB 4KB ip_fib_trie 13KB 19KB ip_fib_alias 60KB 79KB ip_dst_cache 586KB 844KB RAW 46KB 57KB UDP 17KB 39KB TCP 8KB 11KB hugetlbfs_inode_cache 2KB 7KB fscache_cookie_jar 1KB 7KB eventpoll_pwq 26KB 43KB eventpoll_epi 49KB 82KB inotify_inode_mark 45KB 74KB request_queue 164KB 164KB kthread+0x35a/0x440 kernel/kthread.c:246 blkdev_ioc 6KB 19KB bio-0 1188KB 1188KB ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 biovec-max 1633KB 1633KB Sending NMI from CPU 0 to CPUs 1: biovec-64 1968KB 1968KB INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 2.012 msecs NMI backtrace for cpu 1 CPU: 1 PID: 5796 Comm: rsyslogd Not tainted 4.20.0-rc2+ #237 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:rcu_dynticks_curr_cpu_in_eqs+0x69/0x170 kernel/rcu/tree.c:290 Code: 89 48 c7 45 90 e0 6d 6a 81 c7 00 f1 f1 f1 f1 c7 40 04 04 f2 f2 f2 65 48 8b 04 25 28 00 00 00 48 89 45 d8 31 c0 e8 87 33 29 02 <89> c0 48 8d 3c c5 20 b0 24 89 48 89 fa 48 c1 ea 03 42 80 3c 32 00 RSP: 0000:ffff8881daf06dc0 EFLAGS: 00000086 RAX: 0000000000000001 RBX: 1ffff1103b5e0db9 RCX: ffffffff83939f8a RDX: 0000000000000100 RSI: ffffffff83939f98 RDI: 0000000000000005 RBP: ffff8881daf06e48 R08: ffff8881c53f8540 R09: ffffed103b5e5b67 R10: ffffed103b5e5b67 R11: ffff8881daf2db3b R12: 000000000002da80 R13: ffff8881daf06e28 R14: dffffc0000000000 R15: 0000000000000001 FS: 00007ff316669700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000411946 CR3: 00000001ccb6f000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rcu_is_watching+0x10/0x30 kernel/rcu/tree.c:906 rcu_read_lock_held+0x87/0xc0 kernel/rcu/update.c:277 select_idle_sibling+0xb31/0xdb0 kernel/sched/fair.c:6147 select_task_rq_fair+0x6b1/0x30b0 kernel/sched/fair.c:6358 select_task_rq kernel/sched/core.c:1536 [inline] try_to_wake_up+0x4e7/0x1490 kernel/sched/core.c:2041 wake_up_process+0x10/0x20 kernel/sched/core.c:2129 process_timeout+0x31/0x40 kernel/time/timer.c:1733 call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 __do_softirq+0x308/0xb7e kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x17f/0x1c0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1061 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:804 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:761 [inline] RIP: 0010:console_trylock_spinning kernel/printk/printk.c:1688 [inline] RIP: 0010:vprintk_emit+0x87d/0x990 kernel/printk/printk.c:1921 Code: 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 de 00 00 00 48 83 3d 63 3b ec 07 00 74 34 e8 cc c7 19 00 48 8b bd 90 fe ff ff 57 9d <0f> 1f 44 00 00 e9 aa fe ff ff e8 b4 c7 19 00 0f 0b e8 ad c7 19 00 RSP: 0000:ffff8881c6585fc0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 RAX: ffff8881c53f8540 RBX: 1ffff11038cb0bfe RCX: 1ffff11038a7f1cb RDX: 0000000000000000 RSI: ffffffff8165c014 RDI: 0000000000000293 RBP: ffff8881c6586138 R08: ffff8881c53f8e58 R09: 0000000000000006 R10: 0000000000000000 R11: ffff8881c53f8540 R12: 0000000000000200 R13: 0000000000000000 R14: ffffed1038cb0c12 R15: ffff8881c6586110 vprintk_default+0x28/0x30 kernel/printk/printk.c:1964 vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398 printk+0xa7/0xcf kernel/printk/printk.c:1997 dump_unreclaimable_slab.cold.22+0xd8/0xe6 mm/slab_common.c:1392 dump_header+0x7cc/0xf72 mm/oom_kill.c:447 oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953 out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120 __alloc_pages_may_oom mm/page_alloc.c:3519 [inline] __alloc_pages_slowpath+0x2354/0x2e10 mm/page_alloc.c:4240 ? __might_sleep+0x Lost 96 message(s)!