Process accounting resumed
======================================================
WARNING: possible circular locking dependency detected
4.19.43 #13 Not tainted
------------------------------------------------------
syz-executor.3/5080 is trying to acquire lock:
0000000092b9b4ca (&ovl_i_mutex_key[depth]){+.+.}, at: inode_lock include/linux/fs.h:747 [inline]
0000000092b9b4ca (&ovl_i_mutex_key[depth]){+.+.}, at: ovl_write_iter+0x148/0xc20 fs/overlayfs/file.c:231

but task is already holding lock:
00000000efa86f9b (&acct->lock#2){+.+.}, at: acct_get kernel/acct.c:161 [inline]
00000000efa86f9b (&acct->lock#2){+.+.}, at: slow_acct_process kernel/acct.c:577 [inline]
00000000efa86f9b (&acct->lock#2){+.+.}, at: acct_process+0x2e5/0x61e kernel/acct.c:605

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&acct->lock#2){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:925 [inline]
       __mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
       acct_pin_kill+0x27/0x100 kernel/acct.c:173
       pin_kill+0x18f/0x860 fs/fs_pin.c:50
       acct_on+0x574/0x790 kernel/acct.c:254
       __do_sys_acct kernel/acct.c:286 [inline]
       __se_sys_acct kernel/acct.c:273 [inline]
       __x64_sys_acct+0xae/0x200 kernel/acct.c:273
       do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #1 (sb_writers#4){.+.+}:
       percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
       percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
       __sb_start_write+0x20b/0x360 fs/super.c:1387
       sb_start_write include/linux/fs.h:1578 [inline]
       mnt_want_write+0x3f/0xc0 fs/namespace.c:360
       ovl_want_write+0x76/0xa0 fs/overlayfs/util.c:24
       ovl_link+0x7c/0x2d5 fs/overlayfs/dir.c:674
       vfs_link+0x7a4/0xb60 fs/namei.c:4240
       do_linkat+0x550/0x770 fs/namei.c:4308
       __do_sys_link fs/namei.c:4337 [inline]
       __se_sys_link fs/namei.c:4335 [inline]
       __x64_sys_link+0x61/0x80 fs/namei.c:4335
       do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&ovl_i_mutex_key[depth]){+.+.}:
       lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900
       down_write+0x38/0x90 kernel/locking/rwsem.c:70
       inode_lock include/linux/fs.h:747 [inline]
       ovl_write_iter+0x148/0xc20 fs/overlayfs/file.c:231
       call_write_iter include/linux/fs.h:1820 [inline]
       new_sync_write fs/read_write.c:474 [inline]
       __vfs_write+0x58e/0x820 fs/read_write.c:487
       __kernel_write+0x110/0x390 fs/read_write.c:506
       do_acct_process+0xd37/0x1150 kernel/acct.c:520
       slow_acct_process kernel/acct.c:579 [inline]
       acct_process+0x568/0x61e kernel/acct.c:605
       do_exit+0x17c0/0x2fa0 kernel/exit.c:866
       do_group_exit+0x135/0x370 kernel/exit.c:979
       __do_sys_exit_group kernel/exit.c:990 [inline]
       __se_sys_exit_group kernel/exit.c:988 [inline]
       __x64_sys_exit_group+0x44/0x50 kernel/exit.c:988
       do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

Chain exists of:
  &ovl_i_mutex_key[depth] --> sb_writers#4 --> &acct->lock#2

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&acct->lock#2);
                               lock(sb_writers#4);
                               lock(&acct->lock#2);
  lock(&ovl_i_mutex_key[depth]);

 *** DEADLOCK ***

2 locks held by syz-executor.3/5080:
 #0: 00000000efa86f9b (&acct->lock#2){+.+.}, at: acct_get kernel/acct.c:161 [inline]
 #0: 00000000efa86f9b (&acct->lock#2){+.+.}, at: slow_acct_process kernel/acct.c:577 [inline]
 #0: 00000000efa86f9b (&acct->lock#2){+.+.}, at: acct_process+0x2e5/0x61e kernel/acct.c:605
 #1: 000000009cfc7ede (sb_writers#16){.+.+}, at: file_start_write_trylock include/linux/fs.h:2780 [inline]
 #1: 000000009cfc7ede (sb_writers#16){.+.+}, at: do_acct_process+0xf37/0x1150 kernel/acct.c:517

stack backtrace:
CPU: 1 PID: 5080 Comm: syz-executor.3 Not tainted 4.19.43 #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1221
 check_prev_add kernel/locking/lockdep.c:1861 [inline]
 check_prevs_add kernel/locking/lockdep.c:1974 [inline]
 validate_chain kernel/locking/lockdep.c:2415 [inline]
 __lock_acquire+0x2e6d/0x48f0 kernel/locking/lockdep.c:3411
 lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900
 down_write+0x38/0x90 kernel/locking/rwsem.c:70
 inode_lock include/linux/fs.h:747 [inline]
 ovl_write_iter+0x148/0xc20 fs/overlayfs/file.c:231
 call_write_iter include/linux/fs.h:1820 [inline]
 new_sync_write fs/read_write.c:474 [inline]
 __vfs_write+0x58e/0x820 fs/read_write.c:487
kobject: 'loop4' (0000000079afbca6): kobject_uevent_env
 __kernel_write+0x110/0x390 fs/read_write.c:506
 do_acct_process+0xd37/0x1150 kernel/acct.c:520
kobject: 'loop4' (0000000079afbca6): fill_kobj_path: path = '/devices/virtual/block/loop4'
 slow_acct_process kernel/acct.c:579 [inline]
 acct_process+0x568/0x61e kernel/acct.c:605
 do_exit+0x17c0/0x2fa0 kernel/exit.c:866
 do_group_exit+0x135/0x370 kernel/exit.c:979
 __do_sys_exit_group kernel/exit.c:990 [inline]
 __se_sys_exit_group kernel/exit.c:988 [inline]
 __x64_sys_exit_group+0x44/0x50 kernel/exit.c:988
 do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458da9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffccd2a8f58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000458da9
RDX: 0000000000412b61 RSI: fffffffffffffff7 RDI: 0000000000000000
RBP: 0000000000000000 R08: 000000009e597005 R09: 00007ffccd2a8fb0
R10: ffffffff8100a4ef R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffccd2a8fb0 R14: 0000000000000000 R15: 00007ffccd2a8fc0
kobject: 'loop5' (00000000dc42e836): kobject_uevent_env
kobject: 'loop5' (00000000dc42e836): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop0' (00000000fbe73470): kobject_uevent_env
kobject: 'loop0' (00000000fbe73470): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop2' (00000000093b91df): kobject_uevent_env
kobject: 'loop2' (00000000093b91df): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop3' (00000000bb237ec8): kobject_uevent_env
kobject: 'loop3' (00000000bb237ec8): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop0' (00000000fbe73470): kobject_uevent_env
kobject: 'loop0' (00000000fbe73470): fill_kobj_path: path = '/devices/virtual/block/loop0'
overlayfs: failed to resolve './file1': -2
overlayfs: failed to resolve './file1': -2
kobject: 'loop0' (00000000fbe73470): kobject_uevent_env
kobject: 'loop0' (00000000fbe73470): fill_kobj_path: path = '/devices/virtual/block/loop0'
Process accounting resumed
kobject: 'loop5' (00000000dc42e836): kobject_uevent_env
kobject: 'loop5' (00000000dc42e836): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop4' (0000000079afbca6): kobject_uevent_env
kobject: 'loop4' (0000000079afbca6): fill_kobj_path: path = '/devices/virtual/block/loop4'
Process accounting resumed
kobject: 'loop0' (00000000fbe73470): kobject_uevent_env
kobject: 'loop0' (00000000fbe73470): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop2' (00000000093b91df): kobject_uevent_env
Process accounting resumed
kobject: 'loop2' (00000000093b91df): fill_kobj_path: path = '/devices/virtual/block/loop2'
Process accounting resumed
kobject: 'loop3' (00000000bb237ec8): kobject_uevent_env
kobject: 'loop3' (00000000bb237ec8): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000dc42e836): kobject_uevent_env
kobject: 'loop5' (00000000dc42e836): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop4' (0000000079afbca6): kobject_uevent_env
kobject: 'loop4' (0000000079afbca6): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop0' (00000000fbe73470): kobject_uevent_env
kobject: 'loop0' (00000000fbe73470): fill_kobj_path: path = '/devices/virtual/block/loop0'
Process accounting resumed
kobject: 'loop3' (00000000bb237ec8): kobject_uevent_env
kobject: 'loop3' (00000000bb237ec8): fill_kobj_path: path = '/devices/virtual/block/loop3'
Process accounting resumed
kobject: 'loop2' (00000000093b91df): kobject_uevent_env
kobject: 'loop2' (00000000093b91df): fill_kobj_path: path = '/devices/virtual/block/loop2'
Process accounting resumed
kobject: 'loop4' (0000000079afbca6): kobject_uevent_env
kobject: 'loop4' (0000000079afbca6): fill_kobj_path: path = '/devices/virtual/block/loop4'
Process accounting resumed
syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000
overlayfs: failed to resolve './file1': -2
syz-executor.3 cpuset=syz3 mems_allowed=0-1
CPU: 0 PID: 5154 Comm: syz-executor.3 Not tainted 4.19.43 #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 dump_header+0x15e/0x929 mm/oom_kill.c:441
 oom_kill_process.cold+0x10/0x6f5 mm/oom_kill.c:954
 out_of_memory mm/oom_kill.c:1129 [inline]
 out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062
 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1397
 memory_max_write+0x169/0x300 mm/memcontrol.c:5556
kobject: 'loop2' (00000000093b91df): kobject_uevent_env
 cgroup_file_write+0x245/0x7a0 kernel/cgroup/cgroup.c:3460
kobject: 'loop2' (00000000093b91df): fill_kobj_path: path = '/devices/virtual/block/loop2'
 kernfs_fop_write+0x2ba/0x480 fs/kernfs/file.c:316
 __vfs_write+0x116/0x820 fs/read_write.c:485
 vfs_write+0x20c/0x560 fs/read_write.c:549
 ksys_write+0x14f/0x2d0 fs/read_write.c:599
 __do_sys_write fs/read_write.c:611 [inline]
 __se_sys_write fs/read_write.c:608 [inline]
 __x64_sys_write+0x73/0xb0 fs/read_write.c:608
 do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458da9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f2820b71c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2820b726d4
R13: 00000000004c892a R14: 00000000004df3a8 R15: 00000000ffffffff
Process accounting resumed
Task in /syz3 killed as a result of limit of /syz3
memory: usage 15184kB, limit 0kB, failcnt 0
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
kobject: 'loop4' (0000000079afbca6): kobject_uevent_env
kobject: 'loop4' (0000000079afbca6): fill_kobj_path: path = '/devices/virtual/block/loop4'
Memory cgroup stats for /syz3: cache:84KB rss:10956KB rss_huge:10240KB shmem:36KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:10880KB inactive_file:0KB active_file:0KB unevictable:0KB
kobject: 'loop5' (00000000dc42e836): kobject_uevent_env
kobject: 'loop5' (00000000dc42e836): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop0' (00000000fbe73470): kobject_uevent_env
Memory cgroup out of memory: Kill process 30689 (syz-executor.3) score 9532000 or sacrifice child
kobject: 'loop0' (00000000fbe73470): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop4' (0000000079afbca6): kobject_uevent_env
Killed process 30689 (syz-executor.3) total-vm:72716kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB
kobject: 'loop4' (0000000079afbca6): fill_kobj_path: path = '/devices/virtual/block/loop4'
Process accounting resumed
oom_reaper: reaped process 30689 (syz-executor.3), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB
syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000
kobject: 'loop5' (00000000dc42e836): kobject_uevent_env
kobject: 'loop5' (00000000dc42e836): fill_kobj_path: path = '/devices/virtual/block/loop5'
syz-executor.3 cpuset=syz3 mems_allowed=0-1
CPU: 1 PID: 5154 Comm: syz-executor.3 Not tainted 4.19.43 #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 dump_header+0x15e/0x929 mm/oom_kill.c:441
 oom_kill_process.cold+0x10/0x6f5 mm/oom_kill.c:954
 out_of_memory mm/oom_kill.c:1129 [inline]
 out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062
 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1397
 memory_max_write+0x169/0x300 mm/memcontrol.c:5556
 cgroup_file_write+0x245/0x7a0 kernel/cgroup/cgroup.c:3460
 kernfs_fop_write+0x2ba/0x480 fs/kernfs/file.c:316
 __vfs_write+0x116/0x820 fs/read_write.c:485
 vfs_write+0x20c/0x560 fs/read_write.c:549
 ksys_write+0x14f/0x2d0 fs/read_write.c:599
 __do_sys_write fs/read_write.c:611 [inline]
 __se_sys_write fs/read_write.c:608 [inline]
 __x64_sys_write+0x73/0xb0 fs/read_write.c:608
 do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458da9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f2820b71c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2820b726d4
R13: 00000000004c892a R14: 00000000004df3a8 R15: 00000000ffffffff
kobject: 'loop5' (00000000dc42e836): kobject_uevent_env
kobject: 'loop5' (00000000dc42e836): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop4' (0000000079afbca6): kobject_uevent_env
kobject: 'loop4' (0000000079afbca6): fill_kobj_path: path = '/devices/virtual/block/loop4'
Task in /syz3 killed as a result of limit of /syz3
kobject: 'loop2' (00000000093b91df): kobject_uevent_env
kobject: 'loop2' (00000000093b91df): fill_kobj_path: path = '/devices/virtual/block/loop2'
memory: usage 12820kB, limit 0kB, failcnt 8
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /syz3: cache:84KB rss:8824KB rss_huge:8192KB shmem:36KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:8712KB inactive_file:0KB active_file:0KB unevictable:0KB
Memory cgroup out of memory: Kill process 30726 (syz-executor.3) score 9531000 or sacrifice child
Killed process 30726 (syz-executor.3) total-vm:72584kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB
kobject: 'loop5' (00000000dc42e836): kobject_uevent_env
kobject: 'loop5' (00000000dc42e836): fill_kobj_path: path = '/devices/virtual/block/loop5'
syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000
syz-executor.3 cpuset=syz3 mems_allowed=0-1
CPU: 1 PID: 5153 Comm: syz-executor.3 Not tainted 4.19.43 #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
kobject: 'loop0' (00000000fbe73470): kobject_uevent_env
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 dump_header+0x15e/0x929 mm/oom_kill.c:441
 oom_kill_process.cold+0x10/0x6f5 mm/oom_kill.c:954
kobject: 'loop0' (00000000fbe73470): fill_kobj_path: path = '/devices/virtual/block/loop0'
 out_of_memory mm/oom_kill.c:1129 [inline]
 out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062
 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1397
 mem_cgroup_oom mm/memcontrol.c:1723 [inline]
 try_charge+0x1028/0x15b0 mm/memcontrol.c:2285
 mem_cgroup_try_charge+0x24d/0x5e0 mm/memcontrol.c:5953
 mem_cgroup_try_charge_delay+0x1f/0xa0 mm/memcontrol.c:5968
 do_anonymous_page mm/memory.c:3181 [inline]
 handle_pte_fault mm/memory.c:4038 [inline]
 __handle_mm_fault+0x1e55/0x3f80 mm/memory.c:4164
 handle_mm_fault+0x43f/0xb30 mm/memory.c:4201
 __do_page_fault+0x62a/0xe90 arch/x86/mm/fault.c:1395
 do_page_fault+0x71/0x581 arch/x86/mm/fault.c:1470
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1165
RIP: 0033:0x4107bf
Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
RSP: 002b:00007ffccd2a8ce0 EFLAGS: 00010206
RAX: 00007f2820b31000 RBX: 0000000000020000 RCX: 0000000000458dfa
RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
RBP: 00007ffccd2a8dc0 R08: ffffffffffffffff R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffccd2a8eb0
R13: 00007f2820b51700 R14: 0000000000000001 R15: 000000000073bfac
Task in /syz3 killed as a result of limit of /syz3
memory: usage 10492kB, limit 0kB, failcnt 8
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /syz3: cache:84KB rss:6616KB rss_huge:6144KB shmem:36KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:6552KB inactive_file:0KB active_file:0KB unevictable:0KB
Memory cgroup out of memory: Kill process 30748 (syz-executor.3) score 9531000 or sacrifice child
Killed process 30748 (syz-executor.3) total-vm:72584kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB
oom_reaper: reaped process 30748 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000
syz-executor.3 cpuset=syz3 mems_allowed=0-1
CPU: 1 PID: 5153 Comm: syz-executor.3 Not tainted 4.19.43 #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 dump_header+0x15e/0x929 mm/oom_kill.c:441
 oom_kill_process.cold+0x10/0x6f5 mm/oom_kill.c:954
 out_of_memory mm/oom_kill.c:1129 [inline]
 out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062
 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1397
 mem_cgroup_oom mm/memcontrol.c:1723 [inline]
 try_charge+0x1028/0x15b0 mm/memcontrol.c:2285
 mem_cgroup_try_charge+0x24d/0x5e0 mm/memcontrol.c:5953
 mem_cgroup_try_charge_delay+0x1f/0xa0 mm/memcontrol.c:5968
 do_anonymous_page mm/memory.c:3181 [inline]
 handle_pte_fault mm/memory.c:4038 [inline]
 __handle_mm_fault+0x1e55/0x3f80 mm/memory.c:4164
 handle_mm_fault+0x43f/0xb30 mm/memory.c:4201
 __do_page_fault+0x62a/0xe90 arch/x86/mm/fault.c:1395
 do_page_fault+0x71/0x581 arch/x86/mm/fault.c:1470
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1165
RIP: 0033:0x4107bf
Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
RSP: 002b:00007ffccd2a8ce0 EFLAGS: 00010206
RAX: 00007f2820b31000 RBX: 0000000000020000 RCX: 0000000000458dfa
RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
RBP: 00007ffccd2a8dc0 R08: ffffffffffffffff R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffccd2a8eb0
R13: 00007f2820b51700 R14: 0000000000000001 R15: 000000000073bfac
Task in /syz3 killed as a result of limit of /syz3
memory: usage 8156kB, limit 0kB, failcnt 38
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /syz3: cache:84KB rss:4448KB rss_huge:4096KB shmem:36KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4392KB inactive_file:0KB active_file:0KB unevictable:0KB
Memory cgroup out of memory: Kill process 30776 (syz-executor.3) score 9531000 or sacrifice child
Killed process 30776 (syz-executor.3) total-vm:72584kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB
oom_reaper: reaped process 30776 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000
syz-executor.3 cpuset=syz3 mems_allowed=0-1
CPU: 0 PID: 5154 Comm: syz-executor.3 Not tainted 4.19.43 #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 dump_header+0x15e/0x929 mm/oom_kill.c:441
 oom_kill_process.cold+0x10/0x6f5 mm/oom_kill.c:954
 out_of_memory mm/oom_kill.c:1129 [inline]
 out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062
 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1397
 memory_max_write+0x169/0x300 mm/memcontrol.c:5556
 cgroup_file_write+0x245/0x7a0 kernel/cgroup/cgroup.c:3460
 kernfs_fop_write+0x2ba/0x480 fs/kernfs/file.c:316
 __vfs_write+0x116/0x820 fs/read_write.c:485
 vfs_write+0x20c/0x560 fs/read_write.c:549
 ksys_write+0x14f/0x2d0 fs/read_write.c:599
 __do_sys_write fs/read_write.c:611 [inline]
 __se_sys_write fs/read_write.c:608 [inline]
 __x64_sys_write+0x73/0xb0 fs/read_write.c:608
 do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458da9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f2820b71c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2820b726d4
R13: 00000000004c892a R14: 00000000004df3a8 R15: 00000000ffffffff
Task in /syz3 killed as a result of limit of /syz3
memory: usage 5804kB, limit 0kB, failcnt 164
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /syz3: cache:84KB rss:2268KB rss_huge:2048KB shmem:36KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2208KB inactive_file:0KB active_file:0KB unevictable:0KB
Memory cgroup out of memory: Kill process 5153 (syz-executor.3) score 9279000 or sacrifice child
Killed process 5153 (syz-executor.3) total-vm:72584kB, anon-rss:2168kB, file-rss:34816kB, shmem-rss:0kB
oom_reaper: reaped process 5153 (syz-executor.3), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB
kobject: 'loop3' (00000000bb237ec8): kobject_uevent_env
syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0
kobject: 'loop3' (00000000bb237ec8): fill_kobj_path: path = '/devices/virtual/block/loop3'
syz-executor.3 cpuset=syz3 mems_allowed=0-1
CPU: 1 PID: 7662 Comm: syz-executor.3 Not tainted 4.19.43 #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 dump_header+0x15e/0x929 mm/oom_kill.c:441
 oom_kill_process.cold+0x10/0x6f5 mm/oom_kill.c:954
 out_of_memory mm/oom_kill.c:1129 [inline]
 out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062
 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1397
 mem_cgroup_oom mm/memcontrol.c:1723 [inline]
 try_charge+0x1028/0x15b0 mm/memcontrol.c:2285
 memcg_kmem_charge_memcg+0x7c/0x130 mm/memcontrol.c:2615
 memcg_kmem_charge+0x136/0x300 mm/memcontrol.c:2648
 __alloc_pages_nodemask+0x3c6/0x760 mm/page_alloc.c:4413
 __alloc_pages include/linux/gfp.h:473 [inline]
 __alloc_pages_node include/linux/gfp.h:486 [inline]
 alloc_pages_node include/linux/gfp.h:500 [inline]
 alloc_thread_stack_node kernel/fork.c:241 [inline]
 dup_task_struct kernel/fork.c:806 [inline]
 copy_process.part.0+0x3e0/0x7970 kernel/fork.c:1707
 copy_process kernel/fork.c:1664 [inline]
 _do_fork+0x257/0xfe0 kernel/fork.c:2175
 __do_sys_clone kernel/fork.c:2282 [inline]
 __se_sys_clone kernel/fork.c:2276 [inline]
 __x64_sys_clone+0xbf/0x150 kernel/fork.c:2276
 do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45737a
Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
RSP: 002b:00007ffccd2a8f30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffccd2a8f30 RCX: 000000000045737a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffccd2a8f70 R08: 0000000000000001 R09: 00000000026c5940
R10: 00000000026c5c10 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffccd2a8fc0
kobject: 'loop4' (0000000079afbca6): kobject_uevent_env
kobject: 'loop4' (0000000079afbca6): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop5' (00000000dc42e836): kobject_uevent_env
kobject: 'loop5' (00000000dc42e836): fill_kobj_path: path = '/devices/virtual/block/loop5'
Task in /syz3 killed as a result of limit of /syz3
memory: usage 3468kB, limit 0kB, failcnt 181
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /syz3: cache:84KB rss:120KB rss_huge:0KB shmem:36KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:72KB inactive_file:0KB active_file:4KB unevictable:0KB
Memory cgroup out of memory: Kill process 7662 (syz-executor.3) score 8989000 or sacrifice child
Killed process 7662 (syz-executor.3) total-vm:72320kB, anon-rss:120kB, file-rss:35712kB, shmem-rss:0kB
oom_reaper: reaped process 7662 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000
syz-executor.4 cpuset=syz4 mems_allowed=0-1
CPU: 0 PID: 5213 Comm: syz-executor.4 Not tainted 4.19.43 #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 dump_header+0x15e/0x929 mm/oom_kill.c:441
 oom_kill_process.cold+0x10/0x6f5 mm/oom_kill.c:954
 out_of_memory mm/oom_kill.c:1129 [inline]
 out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062
 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1397
 memory_max_write+0x169/0x300 mm/memcontrol.c:5556
 cgroup_file_write+0x245/0x7a0 kernel/cgroup/cgroup.c:3460
 kernfs_fop_write+0x2ba/0x480 fs/kernfs/file.c:316
 __vfs_write+0x116/0x820 fs/read_write.c:485
 vfs_write+0x20c/0x560 fs/read_write.c:549
 ksys_write+0x14f/0x2d0 fs/read_write.c:599
 __do_sys_write fs/read_write.c:611 [inline]
 __se_sys_write fs/read_write.c:608 [inline]
 __x64_sys_write+0x73/0xb0 fs/read_write.c:608
 do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458da9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fabb75efc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabb75f06d4
R13: 00000000004c892a R14: 00000000004df3a8 R15: 00000000ffffffff
kobject: 'loop0' (00000000fbe73470): kobject_uevent_env
Task in /syz4 killed as a result of limit of /syz4
memory: usage 5340kB, limit 0kB, failcnt 0
kobject: 'loop0' (00000000fbe73470): fill_kobj_path: path = '/devices/virtual/block/loop0'
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kobject: 'loop2' (00000000093b91df): kobject_uevent_env
kobject: 'loop2' (00000000093b91df): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop5' (00000000dc42e836): kobject_uevent_env
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /syz4: cache:48KB rss:2244KB rss_huge:2048KB shmem:20KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2204KB inactive_file:12KB active_file:12KB unevictable:0KB
kobject: 'loop5' (00000000dc42e836): fill_kobj_path: path = '/devices/virtual/block/loop5'
Memory cgroup out of memory: Kill process 5212 (syz-executor.4) score 9275000 or sacrifice child
Killed process 5213 (syz-executor.4) total-vm:72452kB, anon-rss:2204kB, file-rss:35780kB, shmem-rss:0kB
kobject: 'batman_adv' (0000000013565561): kobject_uevent_env
kobject: 'loop4' (0000000079afbca6): kobject_uevent_env
kobject: 'batman_adv' (0000000013565561): kobject_uevent_env: filter function caused the event to drop!
kobject: 'loop4' (0000000079afbca6): fill_kobj_path: path = '/devices/virtual/block/loop4'
syz-executor.4 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0
kobject: 'batman_adv' (0000000013565561): kobject_cleanup, parent           (null)
kobject: 'batman_adv' (0000000013565561): calling ktype release
kobject: (0000000013565561): dynamic_kobj_release
kobject: 'batman_adv': free name
kobject: 'rx-0' (000000000b9e4ee4): kobject_cleanup, parent 00000000f2fc26c4
kobject: 'rx-0' (000000000b9e4ee4): auto cleanup 'remove' event
kobject: 'rx-0' (000000000b9e4ee4): kobject_uevent_env
kobject: 'rx-0' (000000000b9e4ee4): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/rx-0'
syz-executor.4 cpuset=
kobject: 'rx-0' (000000000b9e4ee4): auto cleanup kobject_del
kobject: 'rx-0' (000000000b9e4ee4): calling ktype release
syz4
kobject: 'rx-0': free name
 mems_allowed=0-1
kobject: 'tx-0' (000000008c2d06b0): kobject_cleanup, parent 00000000f2fc26c4
CPU: 0 PID: 7666 Comm: syz-executor.4 Not tainted 4.19.43 #13
kobject: 'tx-0' (000000008c2d06b0): auto cleanup 'remove' event
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 dump_header+0x15e/0x929 mm/oom_kill.c:441
kobject: 'tx-0' (000000008c2d06b0): kobject_uevent_env
 oom_kill_process.cold+0x10/0x6f5 mm/oom_kill.c:954
 out_of_memory mm/oom_kill.c:1129 [inline]
 out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062
 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1397
kobject: 'tx-0' (000000008c2d06b0): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/tx-0'
kobject: 'tx-0' (000000008c2d06b0): auto cleanup kobject_del
 mem_cgroup_oom mm/memcontrol.c:1723 [inline]
 try_charge+0x1028/0x15b0 mm/memcontrol.c:2285
kobject: 'tx-0' (000000008c2d06b0): calling ktype release
 memcg_kmem_charge_memcg+0x7c/0x130 mm/memcontrol.c:2615
kobject: 'tx-0': free name
kobject: 'queues' (00000000f2fc26c4): kobject_cleanup, parent           (null)
 memcg_charge_slab mm/slab.h:284 [inline]
 kmem_getpages mm/slab.c:1418 [inline]
 cache_grow_begin+0x25f/0x8c0 mm/slab.c:2682
kobject: 'queues' (00000000f2fc26c4): calling ktype release
kobject: 'queues' (00000000f2fc26c4): kset_release
 fallback_alloc+0x1fd/0x2d0 mm/slab.c:3224
 ____cache_alloc_node+0x1be/0x1e0 mm/slab.c:3292
 __do_cache_alloc mm/slab.c:3361 [inline]
 slab_alloc mm/slab.c:3389 [inline]
 kmem_cache_alloc+0x1f3/0x700 mm/slab.c:3557
kobject: 'queues': free name
kobject: 'syz_tun' (0000000081b6328d): kobject_uevent_env
 sk_prot_alloc+0x67/0x2e0 net/core/sock.c:1463
kobject: 'syz_tun' (0000000081b6328d): fill_kobj_path: path = '/devices/virtual/net/syz_tun'
 sk_alloc+0x39/0xf70 net/core/sock.c:1523
 inet6_create net/ipv6/af_inet6.c:183 [inline]
 inet6_create+0x360/0xf80 net/ipv6/af_inet6.c:110
 __sock_create+0x3e6/0x750 net/socket.c:1276
 sock_create net/socket.c:1316 [inline]
 __sys_socket+0x103/0x220 net/socket.c:1346
 __do_sys_socket net/socket.c:1355 [inline]
 __se_sys_socket net/socket.c:1353 [inline]
 __x64_sys_socket+0x73/0xb0 net/socket.c:1353
 do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45b917
Code: 00 00 00 49 89 ca b8 36 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffdcf2128c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 000000000070eb00 RCX: 000000000045b917
RDX: 0000000000000006 RSI: 0000000000000001 RDI: 000000000000000a
RBP: 0000000000000e1e R08: 0000000000006000 R09: 0000000000004000
R10: 00007ffdcf2129f0 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdcf213090 R14: 0000000000000029 R15: 00007ffdcf2130a0
kobject: 'loop2' (00000000093b91df): kobject_uevent_env
kobject: 'loop2' (00000000093b91df): fill_kobj_path: path = '/devices/virtual/block/loop2'
Task in /syz4 killed as a result of limit of /syz4
memory: usage 3004kB, limit 0kB, failcnt 12
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kobject: 'syz_tun' (0000000081b6328d): kobject_cleanup, parent           (null)
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /syz4: cache:48KB rss:124KB rss_huge:0KB shmem:20KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:68KB inactive_file:12KB active_file:4KB unevictable:0KB
kobject: 'syz_tun' (0000000081b6328d): calling ktype release
kobject: 'loop0' (00000000fbe73470): kobject_uevent_env
kobject: 'loop0' (00000000fbe73470): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop5' (00000000dc42e836): kobject_uevent_env
kobject: 'syz_tun': free name
Memory cgroup out of memory: Kill process 7666 (syz-executor.4) score 8985000 or sacrifice child
kobject: 'loop5' (00000000dc42e836): fill_kobj_path: path = '/devices/virtual/block/loop5'
Killed process 7666 (syz-executor.4) total-vm:72320kB, anon-rss:112kB, file-rss:35712kB, shmem-rss:0kB
oom_reaper: reaped process 7666 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
syz-executor.5 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0
syz-executor.5 cpuset=syz5 mems_allowed=0-1
CPU: 1 PID: 7671 Comm: syz-executor.5 Not tainted 4.19.43 #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 dump_header+0x15e/0x929 mm/oom_kill.c:441
 oom_kill_process.cold+0x10/0x6f5 mm/oom_kill.c:954
 out_of_memory mm/oom_kill.c:1129 [inline]
 out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062
 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1397
 mem_cgroup_oom mm/memcontrol.c:1723 [inline]
 try_charge+0x1028/0x15b0 mm/memcontrol.c:2285
 memcg_kmem_charge_memcg+0x7c/0x130 mm/memcontrol.c:2615
 memcg_charge_slab mm/slab.h:284 [inline]
 kmem_getpages mm/slab.c:1418 [inline]
 cache_grow_begin+0x25f/0x8c0 mm/slab.c:2682
 fallback_alloc+0x1fd/0x2d0 mm/slab.c:3224
 ____cache_alloc_node+0x1be/0x1e0 mm/slab.c:3292
 slab_alloc_node mm/slab.c:3332 [inline]
 kmem_cache_alloc_node_trace+0xec/0x720 mm/slab.c:3666
 __do_kmalloc_node mm/slab.c:3688 [inline]
 __kmalloc_node+0x3d/0x80 mm/slab.c:3696
 kmalloc_node include/linux/slab.h:557 [inline]
 kvmalloc_node+0x68/0x100 mm/util.c:423
 kvmalloc include/linux/mm.h:577 [inline]
 xt_alloc_table_info+0x41/0xa0 net/netfilter/x_tables.c:1181
 do_replace net/ipv6/netfilter/ip6_tables.c:1145 [inline]
 do_ip6t_set_ctl+0x25a/0x498 net/ipv6/netfilter/ip6_tables.c:1684
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x7d/0xd0 net/netfilter/nf_sockopt.c:115
 ipv6_setsockopt net/ipv6/ipv6_sockglue.c:938 [inline]
 ipv6_setsockopt+0x144/0x170 net/ipv6/ipv6_sockglue.c:922
 tcp_setsockopt net/ipv4/tcp.c:3062 [inline]
 tcp_setsockopt+0x95/0xf0 net/ipv4/tcp.c:3056
 sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:3044
 __sys_setsockopt+0x180/0x280 net/socket.c:1901
 __do_sys_setsockopt net/socket.c:1912 [inline]
 __se_sys_setsockopt net/socket.c:1909 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1909
 do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45b8fa
Code: 49 89 ca b8 37 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 49 89 ca b8 36 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007fff9bce6808 EFLAGS: 00000202 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fff9bce6830 RCX: 000000000045b8fa
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 0000000000710cc0 R08: 00000000000002e8 R09: 0000000000004000
R10: 000000000070ffa0 R11: 0000000000000202 R12: 0000000000000003
R13: 0000000000000000 R14: 0000000000000029 R15: 000000000070ff40
Task in /syz5 killed as a result of limit of /syz5
kobject: 'rx-0' (000000009f567e95): kobject_cleanup, parent 00000000c3f4bd17
memory: usage 21424kB, limit 0kB, failcnt 12
kobject: 'rx-0' (000000009f567e95): auto cleanup 'remove' event
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kobject: 'rx-0' (000000009f567e95): kobject_uevent_env
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
kobject: 'rx-0' (000000009f567e95): kobject_uevent_env: uevent_suppress caused the event to drop!
Memory cgroup stats for /syz5: cache:20KB rss:2352KB rss_huge:2048KB shmem:36KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2264KB inactive_file:4KB active_file:8KB unevictable:0KB
kobject: 'rx-0' (000000009f567e95): auto cleanup kobject_del
kobject: 'rx-0' (000000009f567e95): calling ktype release
Memory cgroup out of memory: Kill process 25555 (syz-executor.5) score 9534000 or sacrifice child
kobject: 'rx-0': free name
kobject: 'tx-0' (000000003b9fbf60): kobject_cleanup, parent 00000000c3f4bd17
Killed process 25555 (syz-executor.5) total-vm:72584kB, anon-rss:2216kB, file-rss:35792kB, shmem-rss:0kB
kobject: 'tx-0' (000000003b9fbf60): auto cleanup 'remove' event
kobject: 'tx-0' (000000003b9fbf60): kobject_uevent_env
kobject: 'tx-0' (000000003b9fbf60): kobject_uevent_env: uevent_suppress caused the event to drop!
syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0
kobject: 'tx-0' (000000003b9fbf60): auto cleanup kobject_del
kobject: 'tx-0' (000000003b9fbf60): calling ktype release
syz-executor.0 cpuset=syz0 mems_allowed=0-1
CPU: 1 PID: 7654 Comm: syz-executor.0 Not tainted 4.19.43 #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 dump_header+0x15e/0x929 mm/oom_kill.c:441
 oom_kill_process.cold+0x10/0x6f5 mm/oom_kill.c:954
 out_of_memory mm/oom_kill.c:1129 [inline]
 out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062
 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1397
 mem_cgroup_oom mm/memcontrol.c:1723 [inline]
 try_charge+0x1028/0x15b0 mm/memcontrol.c:2285
 memcg_kmem_charge_memcg+0x7c/0x130 mm/memcontrol.c:2615
 memcg_kmem_charge+0x136/0x300 mm/memcontrol.c:2648
 __alloc_pages_nodemask+0x3c6/0x760 mm/page_alloc.c:4413
kobject: 'tx-0': free name
 __alloc_pages include/linux/gfp.h:473 [inline]
 __alloc_pages_node include/linux/gfp.h:486 [inline]
 alloc_pages_node include/linux/gfp.h:500 [inline]
 alloc_thread_stack_node kernel/fork.c:241 [inline]
 dup_task_struct kernel/fork.c:806 [inline]
 copy_process.part.0+0x3e0/0x7970 kernel/fork.c:1707
kobject: 'queues' (00000000c3f4bd17): kobject_cleanup, parent           (null)
kobject: 'queues' (00000000c3f4bd17): calling ktype release
kobject: 'queues' (00000000c3f4bd17): kset_release
kobject: 'queues': free name
kobject: 'ip6gre0' (00000000d639615e): kobject_uevent_env
 copy_process kernel/fork.c:1664 [inline]
 _do_fork+0x257/0xfe0 kernel/fork.c:2175
kobject: 'ip6gre0' (00000000d639615e): kobject_uevent_env: uevent_suppress caused the event to drop!
kobject: 'batman_adv' (00000000391883c7): kobject_uevent_env
 __do_sys_clone kernel/fork.c:2282 [inline]
 __se_sys_clone kernel/fork.c:2276 [inline]
 __x64_sys_clone+0xbf/0x150 kernel/fork.c:2276
 do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
kobject: 'batman_adv' (00000000391883c7): kobject_uevent_env: filter function caused the event to drop!
RIP: 0033:0x45737a
Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
RSP: 002b:00007ffed78d1e20 EFLAGS: 00000246
kobject: 'batman_adv' (00000000391883c7): kobject_cleanup, parent           (null)
 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffed78d1e20 RCX: 000000000045737a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffed78d1e60 R08: 0000000000000001 R09: 0000000002a21940
R10: 0000000002a21c10 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffed78d1eb0
Task in 
kobject: 'batman_adv' (00000000391883c7): calling ktype release
/syz0
kobject: (00000000391883c7): dynamic_kobj_release
 killed as a result of limit of 
kobject: 'batman_adv': free name
/syz0
kobject: 'rx-0' (00000000a06a5cc0): kobject_cleanup, parent 00000000dc85ee73
kobject: 'rx-0' (00000000a06a5cc0): auto cleanup 'remove' event
memory: usage 19960kB, limit 0kB, failcnt 8
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
kobject: 'rx-0' (00000000a06a5cc0): kobject_uevent_env
Memory cgroup stats for 
kobject: 'rx-0' (00000000a06a5cc0): kobject_uevent_env: uevent_suppress caused the event to drop!
/syz0
kobject: 'rx-0' (00000000a06a5cc0): auto cleanup kobject_del
:
kobject: 'rx-0' (00000000a06a5cc0): calling ktype release
 cache:0KB
kobject: 'rx-0': free name
 rss:15236KB
kobject: 'tx-0' (00000000d7a460ba): kobject_cleanup, parent 00000000dc85ee73
 rss_huge:14336KB
kobject: 'tx-0' (00000000d7a460ba): auto cleanup 'remove' event
 shmem:0KB
kobject: 'tx-0' (00000000d7a460ba): kobject_uevent_env
 mapped_file:0KB
kobject: 'tx-0' (00000000d7a460ba): kobject_uevent_env: uevent_suppress caused the event to drop!
 dirty:0KB
kobject: 'tx-0' (00000000d7a460ba): auto cleanup kobject_del
 writeback:0KB swap:0KB inactive_anon:0KB
kobject: 'tx-0' (00000000d7a460ba): calling ktype release
 active_anon:15152KB inactive_file:0KB
kobject: 'tx-0': free name
 active_file:12KB unevictable:0KB
Memory cgroup out of memory: Kill process 1608 (syz-executor.0) score 9551000 or sacrifice child
Killed process 1608 (syz-executor.0) total-vm:72584kB, anon-rss:2200kB, file-rss:35872kB, shmem-rss:0kB
kobject: 'queues' (00000000dc85ee73): kobject_cleanup, parent           (null)
oom_reaper: reaped process 1608 (syz-executor.0), now anon-rss:0kB, file-rss:34912kB, shmem-rss:0kB
kobject: 'queues' (00000000dc85ee73): calling ktype release
syz-executor.5 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0
kobject: 'queues' (00000000dc85ee73): kset_release
kobject: 'queues': free name
kobject: 'ip6gretap0' (00000000fac18fac): kobject_uevent_env
syz-executor.5 cpuset=
kobject: 'ip6gretap0' (00000000fac18fac): kobject_uevent_env: uevent_suppress caused the event to drop!
syz5 mems_allowed=0-1
CPU: 0 PID: 7671 Comm: syz-executor.5 Not tainted 4.19.43 #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 dump_header+0x15e/0x929 mm/oom_kill.c:441
 oom_kill_process.cold+0x10/0x6f5 mm/oom_kill.c:954
 out_of_memory mm/oom_kill.c:1129 [inline]
 out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062
 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1397
 mem_cgroup_oom mm/memcontrol.c:1723 [inline]
 try_charge+0x1028/0x15b0 mm/memcontrol.c:2285
 memcg_kmem_charge_memcg+0x7c/0x130 mm/memcontrol.c:2615
 memcg_charge_slab mm/slab.h:284 [inline]
 kmem_getpages mm/slab.c:1418 [inline]
 cache_grow_begin+0x25f/0x8c0 mm/slab.c:2682
 fallback_alloc+0x1fd/0x2d0 mm/slab.c:3224
 ____cache_alloc_node+0x1be/0x1e0 mm/slab.c:3292
 slab_alloc_node mm/slab.c:3332 [inline]
 kmem_cache_alloc_node_trace+0xec/0x720 mm/slab.c:3666
 __do_kmalloc_node mm/slab.c:3688 [inline]
 __kmalloc_node+0x3d/0x80 mm/slab.c:3696
 kmalloc_node include/linux/slab.h:557 [inline]
 kvmalloc_node+0x68/0x100 mm/util.c:423
 kvmalloc include/linux/mm.h:577 [inline]
 xt_alloc_table_info+0x41/0xa0 net/netfilter/x_tables.c:1181
 do_replace net/ipv6/netfilter/ip6_tables.c:1145 [inline]
 do_ip6t_set_ctl+0x25a/0x498 net/ipv6/netfilter/ip6_tables.c:1684
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x7d/0xd0 net/netfilter/nf_sockopt.c:115
 ipv6_setsockopt net/ipv6/ipv6_sockglue.c:938 [inline]
 ipv6_setsockopt+0x144/0x170 net/ipv6/ipv6_sockglue.c:922
 tcp_setsockopt net/ipv4/tcp.c:3062 [inline]
 tcp_setsockopt+0x95/0xf0 net/ipv4/tcp.c:3056
 sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:3044
 __sys_setsockopt+0x180/0x280 net/socket.c:1901
 __do_sys_setsockopt net/socket.c:1912 [inline]
 __se_sys_setsockopt net/socket.c:1909 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1909
 do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45b8fa
Code: 49 89 ca b8 37 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 49 89 ca b8 36 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007fff9bce6808 EFLAGS: 00000202 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fff9bce6830 RCX: 000000000045b8fa
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 0000000000710cc0 R08: 00000000000002e8 R09: 0000000000004000
R10: 000000000070ffa0 R11: 0000000000000202 R12: 0000000000000003
R13: 0000000000000000 R14: 0000000000000029 R15: 000000000070ff40
Task in /syz5 killed as a result of limit of /syz5
kobject: 'loop2' (00000000093b91df): kobject_uevent_env
memory: usage 19068kB, limit 0kB, failcnt 19
kobject: 'loop2' (00000000093b91df): fill_kobj_path: path = '/devices/virtual/block/loop2'
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /syz5: cache:20KB rss:196KB rss_huge:0KB shmem:36KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:72KB inactive_file:4KB active_file:4KB unevictable:0KB
Memory cgroup out of memory: Kill process 7671 (syz-executor.5) score 8987000 or sacrifice child
Killed process 7671 (syz-executor.5) total-vm:72320kB, anon-rss:116kB, file-rss:35712kB, shmem-rss:0kB
oom_reaper: reaped process 7671 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0
syz-executor.0 cpuset=syz0 mems_allowed=0-1
CPU: 0 PID: 7654 Comm: syz-executor.0 Not tainted 4.19.43 #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 dump_header+0x15e/0x929 mm/oom_kill.c:441
 oom_kill_process.cold+0x10/0x6f5 mm/oom_kill.c:954
 out_of_memory mm/oom_kill.c:1129 [inline]
 out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062
 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1397
 mem_cgroup_oom mm/memcontrol.c:1723 [inline]
 try_charge+0x1028/0x15b0 mm/memcontrol.c:2285
 memcg_kmem_charge_memcg+0x7c/0x130 mm/memcontrol.c:2615
 memcg_kmem_charge+0x136/0x300 mm/memcontrol.c:2648
 __alloc_pages_nodemask+0x3c6/0x760 mm/page_alloc.c:4413
 __alloc_pages include/linux/gfp.h:473 [inline]
 __alloc_pages_node include/linux/gfp.h:486 [inline]
 alloc_pages_node include/linux/gfp.h:500 [inline]
 alloc_thread_stack_node kernel/fork.c:241 [inline]
 dup_task_struct kernel/fork.c:806 [inline]
 copy_process.part.0+0x3e0/0x7970 kernel/fork.c:1707
 copy_process kernel/fork.c:1664 [inline]
 _do_fork+0x257/0xfe0 kernel/fork.c:2175
 __do_sys_clone kernel/fork.c:2282 [inline]
 __se_sys_clone kernel/fork.c:2276 [inline]
 __x64_sys_clone+0xbf/0x150 kernel/fork.c:2276
 do_syscall_64+0x103/0x630 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45737a
Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
RSP: 002b:00007ffed78d1e20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffed78d1e20 RCX: 000000000045737a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffed78d1e60 R08: 0000000000000001 R09: 0000000002a21940
R10: 0000000002a21c10 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffed78d1eb0
Task in /syz0 killed as a result of limit of /syz0
kobject: 'batman_adv' (0000000012bbbe0b): kobject_uevent_env
memory: usage 17624kB, limit 0kB, failcnt 16
kobject: 'batman_adv' (0000000012bbbe0b): kobject_uevent_env: filter function caused the event to drop!
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kobject: 'batman_adv' (0000000012bbbe0b): kobject_cleanup, parent           (null)
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /syz0
kobject: 'batman_adv' (0000000012bbbe0b): calling ktype release
:
kobject: (0000000012bbbe0b): dynamic_kobj_release
 cache:0KB rss:13096KB rss_huge:12288KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB
kobject: 'batman_adv': free name
 active_anon:12988KB inactive_file:0KB active_file:4KB unevictable:0KB
kobject: 'rx-0' (00000000cc092bdb): kobject_cleanup, parent 00000000be738da6
Memory cgroup out of memory: Kill process 1630 (syz-executor.0) score 9546000 or sacrifice child
kobject: 'rx-0' (00000000cc092bdb): auto cleanup 'remove' event
Killed process 1630 (syz-executor.0) total-vm:72584kB, anon-rss:2200kB, file-rss:35852kB, shmem-rss:0kB
kobject: 'rx-0' (00000000cc092bdb): kobject_uevent_env
oom_reaper: reaped process 1630 (syz-executor.0), now anon-rss:0kB, file-rss:34892kB, shmem-rss:0kB
kobject: 'rx-0' (00000000cc092bdb): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/rx-0'
syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0
kobject: 'rx-0' (00000000cc092bdb): auto cleanup kobject_del
kobject: 'rx-0' (00000000cc092bdb): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (00000000705a112a): kobject_cleanup, parent 00000000be738da6
kobject: 'tx-0' (00000000705a112a): auto cleanup 'remove' event
kobject: 'tx-0' (00000000705a112a): kobject_uevent_env
kobject: 'tx-0' (00000000705a112a): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/tx-0'
kobject: 'tx-0' (00000000705a112a): auto cleanup kobject_del
kobject: 'tx-0' (00000000705a112a): calling ktype release
kobject: 'tx-0': free name
syz-executor.0 cpuset=
kobject: 'queues' (00000000be738da6): kobject_cleanup, parent           (null)
syz0
kobject: 'queues' (00000000be738da6): calling ktype release
 mems_allowed=0-1
kobject: 'queues' (00000000be738da6): kset_release
CPU: 0 PID: 7654 Comm: syz-executor.0 Not tainted 4.19.43 #13
kobject: 'queues': free name