INFO: task hung in get_info
15 views
Skip to first unread message
syzbot
May 14, 2019, 7:31:06 AM5/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 62872f95 Merge 4.4.174 into android-4.4
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=1799eff0a00000
kernel config: https://syzkaller.appspot.com/x/.config?x=47bc4dd423780c4a
dashboard link: https://syzkaller.appspot.com/bug?extid=a6d57abf2307325f5791
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
userspace arch: i386
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a6d57a...@syzkaller.appspotmail.com
Free memory is -1232kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'getty' (17488) because
cache 1744kB is below limit 6144kB for oom_score_adj 0
Free memory is -1232kB above reserved
INFO: task syz-executor.5:2141 blocked for more than 140 seconds.
Not tainted 4.4.174+ #17
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'syz-fuzzer' (2096) because
cache 1732kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'getty' (17488) because
cache 1732kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D ffff8800a6c97648 24904 2141 2127 0x20020000
ffff8800a6c97648 ffff8800b55b97c0 67176d03bc3a6be6 ffff8800b55b97c0
0000000000000000 ffff8800b55ba000 ffff8801db61f180 ffff8801db61f1a8
ffff8801db61e898 ffff880099f24740 ffff8800b55b97c0 ffffed0014d92001
Call Trace:
[<ffffffff82709b79>] schedule+0x99/0x1d0 kernel/sched/core.c:3355
[<ffffffff8270a333>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3388
[<ffffffff8270c492>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<ffffffff8270c492>] mutex_lock_nested+0x3c2/0xb80
kernel/locking/mutex.c:621
[<ffffffff8236affb>] xt_compat_lock+0x2b/0x30 net/netfilter/x_tables.c:1047
[<ffffffff8251f3f0>] get_info+0x3c0/0x4b0
net/ipv6/netfilter/ip6_tables.c:1124
[<ffffffff82521d69>] compat_do_ipt_get_ctl
net/ipv4/netfilter/ip_tables.c:1840 [inline]
[<ffffffff82521d69>] compat_do_ipt_get_ctl+0x389/0x890
net/ipv4/netfilter/ip_tables.c:1831
[<ffffffff822fd1be>] compat_nf_sockopt net/netfilter/nf_sockopt.c:138
[inline]
[<ffffffff822fd1be>] compat_nf_getsockopt+0x8e/0x130
net/netfilter/nf_sockopt.c:162
[<ffffffff823d66ca>] compat_ip_getsockopt net/ipv4/ip_sockglue.c:1562
[inline]
[<ffffffff823d66ca>] compat_ip_getsockopt+0x14a/0x1c0
net/ipv4/ip_sockglue.c:1541
[<ffffffff823e35f9>] inet_csk_compat_getsockopt+0x99/0x120
net/ipv4/inet_connection_sock.c:901
[<ffffffff823f8b30>] compat_tcp_getsockopt+0x40/0x80 net/ipv4/tcp.c:2958
[<ffffffff821debf4>] compat_sock_common_getsockopt+0xb4/0x150
net/core/sock.c:2633
[<ffffffff822ac9c5>] C_SYSC_getsockopt net/compat.c:509 [inline]
[<ffffffff822ac9c5>] compat_SyS_getsockopt+0x155/0x540 net/compat.c:492
[<ffffffff822ad593>] C_SYSC_socketcall net/compat.c:843 [inline]
[<ffffffff822ad593>] compat_SyS_socketcall+0x523/0x630 net/compat.c:774
[<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330
[inline]
[<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90
arch/x86/entry/common.c:397
[<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'cron' (1982) because
cache 1660kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'init' (17492) because
cache 1612kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
init: page allocation failure: order:0, mode:0x2200000
CPU: 1 PID: 1 Comm: init Not tainted 4.4.174+ #17
0000000000000000 242f2ef2e5c18194 ffff8801da5ff608 ffffffff81aad1a1
1ffff1003b4bfec4 ffff8801da5f0000 0000000002200000 0000000000000000
0000000000000000 ffff8801da5ff718 ffffffff8148c0cb ffff880100000000
Call Trace:
[<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff8148c0cb>] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757
[<ffffffff813d0ff5>] __alloc_pages_slowpath mm/page_alloc.c:3241 [inline]
[<ffffffff813d0ff5>] __alloc_pages_nodemask+0xef5/0x14b0
mm/page_alloc.c:3313
[<ffffffff8147d9e5>] __alloc_pages include/linux/gfp.h:415 [inline]
[<ffffffff8147d9e5>] __alloc_pages_node include/linux/gfp.h:428 [inline]
[<ffffffff8147d9e5>] alloc_slab_page mm/slub.c:1436 [inline]
[<ffffffff8147d9e5>] allocate_slab mm/slub.c:1477 [inline]
[<ffffffff8147d9e5>] new_slab+0x2e5/0x380 mm/slub.c:1549
[<ffffffff8147fc63>] new_slab_objects mm/slub.c:2319 [inline]
[<ffffffff8147fc63>] ___slab_alloc.constprop.0+0x323/0x3e0 mm/slub.c:2476
[<ffffffff8147fd70>] __slab_alloc.isra.0.constprop.0+0x50/0xa0
mm/slub.c:2518
[<ffffffff8147ffd4>] slab_alloc_node mm/slub.c:2581 [inline]
[<ffffffff8147ffd4>] slab_alloc mm/slub.c:2623 [inline]
[<ffffffff8147ffd4>] kmem_cache_alloc+0x214/0x2c0 mm/slub.c:2628
[<ffffffff81953367>] kmem_cache_zalloc include/linux/slab.h:610 [inline]
[<ffffffff81953367>] avc_alloc_node+0x27/0x3c0 security/selinux/avc.c:551
[<ffffffff81954992>] avc_insert security/selinux/avc.c:670 [inline]
[<ffffffff81954992>] avc_compute_av+0x182/0x610 security/selinux/avc.c:976
[<ffffffff819566e5>] avc_has_perm_noaudit security/selinux/avc.c:1112
[inline]
[<ffffffff819566e5>] avc_has_perm+0x355/0x3a0 security/selinux/avc.c:1146
[<ffffffff8196ceb8>] inode_has_perm.isra.0+0x108/0x160
security/selinux/hooks.c:1614
[<ffffffff8196d6d5>] path_has_perm security/selinux/hooks.c:1644 [inline]
[<ffffffff8196d6d5>] selinux_inode_getattr+0x155/0x1d0
security/selinux/hooks.c:2945
[<ffffffff8194d6a2>] security_inode_getattr+0xf2/0x140
security/security.c:620
[<ffffffff814a517d>] vfs_getattr+0x1d/0x50 fs/stat.c:69
[<ffffffff814a51eb>] vfs_fstat+0x3b/0x70 fs/stat.c:83
[<ffffffff814a680d>] SYSC_newfstat fs/stat.c:307 [inline]
[<ffffffff814a680d>] SyS_newfstat+0x8d/0x100 fs/stat.c:304
[<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
Mem-Info:
active_anon:259804 inactive_anon:1081361 isolated_anon:0
active_file:228 inactive_file:175 isolated_file:0
unevictable:2513 dirty:0 writeback:0 unstable:0
slab_reclaimable:9139 slab_unreclaimable:76387
mapped:70937 shmem:1090454 pagetables:32491 bounce:0
free:7047 free_pcp:94 free_cma:0
DMA32 free:18596kB min:4696kB low:5868kB high:7044kB active_anon:481524kB
inactive_anon:1988508kB active_file:420kB inactive_file:360kB
unevictable:5060kB isolated(anon):0kB isolated(file):0kB present:3145324kB
managed:3021976kB mlocked:0kB dirty:0kB writeback:0kB mapped:131424kB
shmem:2005760kB slab_reclaimable:16880kB slab_unreclaimable:141784kB
kernel_stack:20224kB pagetables:58652kB unstable:0kB bounce:0kB
free_pcp:216kB local_pcp:96kB free_cma:0kB writeback_tmp:0kB
pages_scanned:360 all_unreclaimable? no
lowmem_reserve[]: 0 3504 3504
Normal free:9592kB min:5580kB low:6972kB high:8368kB active_anon:557692kB
inactive_anon:2336936kB active_file:492kB inactive_file:340kB
unevictable:4992kB isolated(anon):0kB isolated(file):0kB present:4718592kB
managed:3588764kB mlocked:0kB dirty:0kB writeback:0kB mapped:152324kB
shmem:2356056kB slab_reclaimable:19676kB slab_unreclaimable:163764kB
kernel_stack:25760kB pagetables:71312kB unstable:0kB bounce:0kB
free_pcp:160kB local_pcp:32kB free_cma:0kB writeback_tmp:0kB
pages_scanned:416 all_unreclaimable? no
lowmem_reserve[]: 0 0 0
DMA32: 3137*4kB (UM) 736*8kB (UME) 10*16kB (UM) 0*32kB 0*64kB 0*128kB
0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18596kB
Normal: 1874*4kB (UMH) 72*8kB (UMH) 35*16kB (UH) 22*32kB (UH) 4*64kB (H)
0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9592kB
1093370 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
313294 pages reserved
SLUB: Unable to allocate memory on node -1 (gfp=0x2008000)
cache: avc_node, object size: 72, buffer size: 104, default order: 0, min
order: 0
node 0: slabs: 1582, objs: 61698, free: 0
1 lock held by syz-executor.5/2141:
#0: (&xt[i].compat_mutex){+.+.+.}, at: [<ffffffff8236affb>]
xt_compat_lock+0x2b/0x30 net/netfilter/x_tables.c:1047
Sending NMI to all CPUs:
NMI backtrace for cpu 0
CPU: 0 PID: 20 Comm: khungtaskd Not tainted 4.4.174+ #17
task: ffff8801da6c4740 task.stack: ffff8801d9ef0000
RIP: 0010:[<ffffffff8109b617>] [<ffffffff8109b617>] _flat_send_IPI_mask
arch/x86/kernel/apic/apic_flat_64.c:62 [inline]
RIP: 0010:[<ffffffff8109b617>] [<ffffffff8109b617>]
flat_send_IPI_mask+0xf7/0x1b0 arch/x86/kernel/apic/apic_flat_64.c:69
RSP: 0018:ffff8801d9ef7c88 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000c00 RCX: 0000000000000000
RDX: 0000000000000c00 RSI: 0000000000000000 RDI: ffffffffff5fc300
RBP: ffff8801d9ef7cb8 R08: 0000000000000018 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000246
R13: 0000000003000000 R14: ffffffff82e5f2e0 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004333dd CR3: 00000001d8184000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
0000000000000001 ffffffff82e5f2e0 ffffffff831a6ac0 fffffbfff0634c34
000000000001b6c0 0000000000000008 ffff8801d9ef7cd8 ffffffff81092bee
0000000000000008 ffffffff82924260 ffff8801d9ef7d30 ffffffff81ab8252
Call Trace:
[<ffffffff81092bee>] nmi_raise_cpu_backtrace+0x5e/0x80
arch/x86/kernel/apic/hw_nmi.c:33
[<ffffffff81ab8252>] nmi_trigger_all_cpu_backtrace.cold+0xa1/0xae
lib/nmi_backtrace.c:85
[<ffffffff81092ca4>] arch_trigger_all_cpu_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:38
[<ffffffff813b4762>] trigger_all_cpu_backtrace include/linux/nmi.h:44
[inline]
[<ffffffff813b4762>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff813b4762>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff813b4762>] watchdog.cold+0xd3/0xee kernel/hung_task.c:238
[<ffffffff811342c3>] kthread+0x273/0x310 kernel/kthread.c:211
[<ffffffff82718fc5>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:537
Code: 00 c3 5f ff 80 e6 10 75 e1 41 c1 e5 18 44 89 2c 25 10 c3 5f ff 44 89
fa 09 da 80 cf 04 41 83 ff 02 0f 44 d3 89 14 25 00 c3 5f ff <41> f7 c4 00
02 00 00 75 1e 4c 89 e7 57 9d 0f 1f 44 00 00 e8 f1
NMI backtrace for cpu 1
CPU: 1 PID: 17488 Comm: getty Not tainted 4.4.174+ #17
task: ffff880100e5af80 task.stack: ffff880100ea0000
RIP: 0010:[<ffffffff812001cb>] [<ffffffff812001cb>] separate_irq_context
kernel/locking/lockdep.c:2861 [inline]
RIP: 0010:[<ffffffff812001cb>] [<ffffffff812001cb>]
__lock_acquire+0xc1b/0x4f50 kernel/locking/lockdep.c:3204
RSP: 0018:ffff880100ea7120 EFLAGS: 00000006
RAX: 228118010803a01d RBX: 000000000000006c RCX: 0000000000000000
RDX: 0000000000000019 RSI: ffff880100e5b848 RDI: ffff880100e5b834
RBP: ffff880100ea72a0 R08: 0000000000000005 R09: ffff880100e5b930
R10: ffffffff82836880 R11: 0000000000000000 R12: ffff880100e5af80
R13: ffff880100e5b910 R14: ffff880100e5b8e8 R15: 0000000000000000
FS: 00007f2400b75700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc28c0c372c CR3: 00000000083de000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
0000000000000000 0000000000000000 ffff880100ea72c0 ffffffff811fffff
ffff880100e5b900 ffff880100e5b840 ffff880100e5b908 0000000000000000
ffff880100e5b928 ffff880100e5b840 ffff880100e5b930 1ffff10000000000
Call Trace:
[<ffffffff81205f6e>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff82717c98>] __raw_spin_lock include/linux/spinlock_api_smp.h:144
[inline]
[<ffffffff82717c98>] _raw_spin_lock+0x38/0x50 kernel/locking/spinlock.c:151
[<ffffffff813c28d2>] spin_lock include/linux/spinlock.h:302 [inline]
[<ffffffff813c28d2>] task_lock include/linux/sched.h:2969 [inline]
[<ffffffff813c28d2>] find_lock_task_mm+0xf2/0x280 mm/oom_kill.c:109
[<ffffffff8211e7cb>] lowmem_scan+0x45b/0xbf0
drivers/staging/android/lowmemorykiller.c:132
[<ffffffff813ee8e2>] do_shrink_slab mm/vmscan.c:357 [inline]
[<ffffffff813ee8e2>] shrink_slab.part.0+0x402/0xb30 mm/vmscan.c:455
[<ffffffff813f742c>] shrink_slab mm/vmscan.c:425 [inline]
[<ffffffff813f742c>] shrink_zone+0x4bc/0x610 mm/vmscan.c:2448
[<ffffffff813f7bef>] shrink_zones mm/vmscan.c:2603 [inline]
[<ffffffff813f7bef>] do_try_to_free_pages mm/vmscan.c:2653 [inline]
[<ffffffff813f7bef>] try_to_free_pages+0x66f/0x1260 mm/vmscan.c:2861
[<ffffffff813d09af>] __perform_reclaim mm/page_alloc.c:2915 [inline]
[<ffffffff813d09af>] __alloc_pages_direct_reclaim mm/page_alloc.c:2936
[inline]
[<ffffffff813d09af>] __alloc_pages_slowpath mm/page_alloc.c:3201 [inline]
[<ffffffff813d09af>] __alloc_pages_nodemask+0x8af/0x14b0
mm/page_alloc.c:3313
[<ffffffff813dc242>] __alloc_pages include/linux/gfp.h:415 [inline]
[<ffffffff813dc242>] __alloc_pages_node include/linux/gfp.h:428 [inline]
[<ffffffff813dc242>] alloc_pages_node include/linux/gfp.h:442 [inline]
[<ffffffff813dc242>] __page_cache_alloc include/linux/pagemap.h:226
[inline]
[<ffffffff813dc242>] page_cache_alloc_readahead
include/linux/pagemap.h:242 [inline]
[<ffffffff813dc242>] __do_page_cache_readahead+0x222/0x840
mm/readahead.c:184
[<ffffffff813bf6de>] ra_submit mm/internal.h:55 [inline]
[<ffffffff813bf6de>] do_sync_mmap_readahead mm/filemap.c:1917 [inline]
[<ffffffff813bf6de>] filemap_fault+0x74e/0xc10 mm/filemap.c:1994
[<ffffffff81665ed2>] ext4_filemap_fault+0x72/0xa0 fs/ext4/inode.c:5558
[<ffffffff8142e82a>] __do_fault+0x1ca/0x350 mm/memory.c:2822
[<ffffffff8143b9cc>] do_read_fault mm/memory.c:3012 [inline]
[<ffffffff8143b9cc>] do_fault mm/memory.c:3177 [inline]
[<ffffffff8143b9cc>] handle_pte_fault mm/memory.c:3346 [inline]
[<ffffffff8143b9cc>] __handle_mm_fault mm/memory.c:3474 [inline]
[<ffffffff8143b9cc>] handle_mm_fault+0x1cfc/0x3140 mm/memory.c:3503
[<ffffffff810aaa4e>] __do_page_fault+0x28e/0x7f0 arch/x86/mm/fault.c:1243
[<ffffffff810ab008>] do_page_fault+0x28/0x30 arch/x86/mm/fault.c:1306
[<ffffffff82719e35>] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:1064
Code: 00 00 41 0f b6 4d 21 41 83 e6 03 41 c1 e6 05 83 e1 9f 41 09 ce 85 d2
45 88 75 21 74 77 48 8b 74 24 70 48 8d 14 92 4c 8d 74 d6 d8 <48> ba 00 00
00 00 00 fc ff df 49 8d 7e 21 48 89 f9 48 c1 e9 03
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'getty' (17489) because
cache 1612kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'rs:main Q:Reg' (1929) because
cache 1612kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'getty' (17490) because
cache 1268kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'cron' (1982) because
cache 1268kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'rsyslogd' (1931) because
cache 840kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'rs:main Q:Reg' (1929) because
cache 840kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'rsyslogd' (1931) because
cache 1240kB is below limit 6144kB for oom_score_adj 0
Free memory is -1044kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'init' (17492) because
cache 1240kB is below limit 6144kB for oom_score_adj 0
Free memory is -1044kB above reserved
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 62872f95 Merge 4.4.174 into android-4.4
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=1799eff0a00000
kernel config: https://syzkaller.appspot.com/x/.config?x=47bc4dd423780c4a
dashboard link: https://syzkaller.appspot.com/bug?extid=a6d57abf2307325f5791
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
userspace arch: i386
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a6d57a...@syzkaller.appspotmail.com
Free memory is -1232kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'getty' (17488) because
cache 1744kB is below limit 6144kB for oom_score_adj 0
Free memory is -1232kB above reserved
INFO: task syz-executor.5:2141 blocked for more than 140 seconds.
Not tainted 4.4.174+ #17
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'syz-fuzzer' (2096) because
cache 1732kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'getty' (17488) because
cache 1732kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D ffff8800a6c97648 24904 2141 2127 0x20020000
ffff8800a6c97648 ffff8800b55b97c0 67176d03bc3a6be6 ffff8800b55b97c0
0000000000000000 ffff8800b55ba000 ffff8801db61f180 ffff8801db61f1a8
ffff8801db61e898 ffff880099f24740 ffff8800b55b97c0 ffffed0014d92001
Call Trace:
[<ffffffff82709b79>] schedule+0x99/0x1d0 kernel/sched/core.c:3355
[<ffffffff8270a333>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3388
[<ffffffff8270c492>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<ffffffff8270c492>] mutex_lock_nested+0x3c2/0xb80
kernel/locking/mutex.c:621
[<ffffffff8236affb>] xt_compat_lock+0x2b/0x30 net/netfilter/x_tables.c:1047
[<ffffffff8251f3f0>] get_info+0x3c0/0x4b0
net/ipv6/netfilter/ip6_tables.c:1124
[<ffffffff82521d69>] compat_do_ipt_get_ctl
net/ipv4/netfilter/ip_tables.c:1840 [inline]
[<ffffffff82521d69>] compat_do_ipt_get_ctl+0x389/0x890
net/ipv4/netfilter/ip_tables.c:1831
[<ffffffff822fd1be>] compat_nf_sockopt net/netfilter/nf_sockopt.c:138
[inline]
[<ffffffff822fd1be>] compat_nf_getsockopt+0x8e/0x130
net/netfilter/nf_sockopt.c:162
[<ffffffff823d66ca>] compat_ip_getsockopt net/ipv4/ip_sockglue.c:1562
[inline]
[<ffffffff823d66ca>] compat_ip_getsockopt+0x14a/0x1c0
net/ipv4/ip_sockglue.c:1541
[<ffffffff823e35f9>] inet_csk_compat_getsockopt+0x99/0x120
net/ipv4/inet_connection_sock.c:901
[<ffffffff823f8b30>] compat_tcp_getsockopt+0x40/0x80 net/ipv4/tcp.c:2958
[<ffffffff821debf4>] compat_sock_common_getsockopt+0xb4/0x150
net/core/sock.c:2633
[<ffffffff822ac9c5>] C_SYSC_getsockopt net/compat.c:509 [inline]
[<ffffffff822ac9c5>] compat_SyS_getsockopt+0x155/0x540 net/compat.c:492
[<ffffffff822ad593>] C_SYSC_socketcall net/compat.c:843 [inline]
[<ffffffff822ad593>] compat_SyS_socketcall+0x523/0x630 net/compat.c:774
[<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330
[inline]
[<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90
arch/x86/entry/common.c:397
[<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'cron' (1982) because
cache 1660kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'init' (17492) because
cache 1612kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
init: page allocation failure: order:0, mode:0x2200000
CPU: 1 PID: 1 Comm: init Not tainted 4.4.174+ #17
0000000000000000 242f2ef2e5c18194 ffff8801da5ff608 ffffffff81aad1a1
1ffff1003b4bfec4 ffff8801da5f0000 0000000002200000 0000000000000000
0000000000000000 ffff8801da5ff718 ffffffff8148c0cb ffff880100000000
Call Trace:
[<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff8148c0cb>] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757
[<ffffffff813d0ff5>] __alloc_pages_slowpath mm/page_alloc.c:3241 [inline]
[<ffffffff813d0ff5>] __alloc_pages_nodemask+0xef5/0x14b0
mm/page_alloc.c:3313
[<ffffffff8147d9e5>] __alloc_pages include/linux/gfp.h:415 [inline]
[<ffffffff8147d9e5>] __alloc_pages_node include/linux/gfp.h:428 [inline]
[<ffffffff8147d9e5>] alloc_slab_page mm/slub.c:1436 [inline]
[<ffffffff8147d9e5>] allocate_slab mm/slub.c:1477 [inline]
[<ffffffff8147d9e5>] new_slab+0x2e5/0x380 mm/slub.c:1549
[<ffffffff8147fc63>] new_slab_objects mm/slub.c:2319 [inline]
[<ffffffff8147fc63>] ___slab_alloc.constprop.0+0x323/0x3e0 mm/slub.c:2476
[<ffffffff8147fd70>] __slab_alloc.isra.0.constprop.0+0x50/0xa0
mm/slub.c:2518
[<ffffffff8147ffd4>] slab_alloc_node mm/slub.c:2581 [inline]
[<ffffffff8147ffd4>] slab_alloc mm/slub.c:2623 [inline]
[<ffffffff8147ffd4>] kmem_cache_alloc+0x214/0x2c0 mm/slub.c:2628
[<ffffffff81953367>] kmem_cache_zalloc include/linux/slab.h:610 [inline]
[<ffffffff81953367>] avc_alloc_node+0x27/0x3c0 security/selinux/avc.c:551
[<ffffffff81954992>] avc_insert security/selinux/avc.c:670 [inline]
[<ffffffff81954992>] avc_compute_av+0x182/0x610 security/selinux/avc.c:976
[<ffffffff819566e5>] avc_has_perm_noaudit security/selinux/avc.c:1112
[inline]
[<ffffffff819566e5>] avc_has_perm+0x355/0x3a0 security/selinux/avc.c:1146
[<ffffffff8196ceb8>] inode_has_perm.isra.0+0x108/0x160
security/selinux/hooks.c:1614
[<ffffffff8196d6d5>] path_has_perm security/selinux/hooks.c:1644 [inline]
[<ffffffff8196d6d5>] selinux_inode_getattr+0x155/0x1d0
security/selinux/hooks.c:2945
[<ffffffff8194d6a2>] security_inode_getattr+0xf2/0x140
security/security.c:620
[<ffffffff814a517d>] vfs_getattr+0x1d/0x50 fs/stat.c:69
[<ffffffff814a51eb>] vfs_fstat+0x3b/0x70 fs/stat.c:83
[<ffffffff814a680d>] SYSC_newfstat fs/stat.c:307 [inline]
[<ffffffff814a680d>] SyS_newfstat+0x8d/0x100 fs/stat.c:304
[<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
Mem-Info:
active_anon:259804 inactive_anon:1081361 isolated_anon:0
active_file:228 inactive_file:175 isolated_file:0
unevictable:2513 dirty:0 writeback:0 unstable:0
slab_reclaimable:9139 slab_unreclaimable:76387
mapped:70937 shmem:1090454 pagetables:32491 bounce:0
free:7047 free_pcp:94 free_cma:0
DMA32 free:18596kB min:4696kB low:5868kB high:7044kB active_anon:481524kB
inactive_anon:1988508kB active_file:420kB inactive_file:360kB
unevictable:5060kB isolated(anon):0kB isolated(file):0kB present:3145324kB
managed:3021976kB mlocked:0kB dirty:0kB writeback:0kB mapped:131424kB
shmem:2005760kB slab_reclaimable:16880kB slab_unreclaimable:141784kB
kernel_stack:20224kB pagetables:58652kB unstable:0kB bounce:0kB
free_pcp:216kB local_pcp:96kB free_cma:0kB writeback_tmp:0kB
pages_scanned:360 all_unreclaimable? no
lowmem_reserve[]: 0 3504 3504
Normal free:9592kB min:5580kB low:6972kB high:8368kB active_anon:557692kB
inactive_anon:2336936kB active_file:492kB inactive_file:340kB
unevictable:4992kB isolated(anon):0kB isolated(file):0kB present:4718592kB
managed:3588764kB mlocked:0kB dirty:0kB writeback:0kB mapped:152324kB
shmem:2356056kB slab_reclaimable:19676kB slab_unreclaimable:163764kB
kernel_stack:25760kB pagetables:71312kB unstable:0kB bounce:0kB
free_pcp:160kB local_pcp:32kB free_cma:0kB writeback_tmp:0kB
pages_scanned:416 all_unreclaimable? no
lowmem_reserve[]: 0 0 0
DMA32: 3137*4kB (UM) 736*8kB (UME) 10*16kB (UM) 0*32kB 0*64kB 0*128kB
0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18596kB
Normal: 1874*4kB (UMH) 72*8kB (UMH) 35*16kB (UH) 22*32kB (UH) 4*64kB (H)
0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9592kB
1093370 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
313294 pages reserved
SLUB: Unable to allocate memory on node -1 (gfp=0x2008000)
cache: avc_node, object size: 72, buffer size: 104, default order: 0, min
order: 0
node 0: slabs: 1582, objs: 61698, free: 0
1 lock held by syz-executor.5/2141:
#0: (&xt[i].compat_mutex){+.+.+.}, at: [<ffffffff8236affb>]
xt_compat_lock+0x2b/0x30 net/netfilter/x_tables.c:1047
Sending NMI to all CPUs:
NMI backtrace for cpu 0
CPU: 0 PID: 20 Comm: khungtaskd Not tainted 4.4.174+ #17
task: ffff8801da6c4740 task.stack: ffff8801d9ef0000
RIP: 0010:[<ffffffff8109b617>] [<ffffffff8109b617>] _flat_send_IPI_mask
arch/x86/kernel/apic/apic_flat_64.c:62 [inline]
RIP: 0010:[<ffffffff8109b617>] [<ffffffff8109b617>]
flat_send_IPI_mask+0xf7/0x1b0 arch/x86/kernel/apic/apic_flat_64.c:69
RSP: 0018:ffff8801d9ef7c88 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000c00 RCX: 0000000000000000
RDX: 0000000000000c00 RSI: 0000000000000000 RDI: ffffffffff5fc300
RBP: ffff8801d9ef7cb8 R08: 0000000000000018 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000246
R13: 0000000003000000 R14: ffffffff82e5f2e0 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004333dd CR3: 00000001d8184000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
0000000000000001 ffffffff82e5f2e0 ffffffff831a6ac0 fffffbfff0634c34
000000000001b6c0 0000000000000008 ffff8801d9ef7cd8 ffffffff81092bee
0000000000000008 ffffffff82924260 ffff8801d9ef7d30 ffffffff81ab8252
Call Trace:
[<ffffffff81092bee>] nmi_raise_cpu_backtrace+0x5e/0x80
arch/x86/kernel/apic/hw_nmi.c:33
[<ffffffff81ab8252>] nmi_trigger_all_cpu_backtrace.cold+0xa1/0xae
lib/nmi_backtrace.c:85
[<ffffffff81092ca4>] arch_trigger_all_cpu_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:38
[<ffffffff813b4762>] trigger_all_cpu_backtrace include/linux/nmi.h:44
[inline]
[<ffffffff813b4762>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff813b4762>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff813b4762>] watchdog.cold+0xd3/0xee kernel/hung_task.c:238
[<ffffffff811342c3>] kthread+0x273/0x310 kernel/kthread.c:211
[<ffffffff82718fc5>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:537
Code: 00 c3 5f ff 80 e6 10 75 e1 41 c1 e5 18 44 89 2c 25 10 c3 5f ff 44 89
fa 09 da 80 cf 04 41 83 ff 02 0f 44 d3 89 14 25 00 c3 5f ff <41> f7 c4 00
02 00 00 75 1e 4c 89 e7 57 9d 0f 1f 44 00 00 e8 f1
NMI backtrace for cpu 1
CPU: 1 PID: 17488 Comm: getty Not tainted 4.4.174+ #17
task: ffff880100e5af80 task.stack: ffff880100ea0000
RIP: 0010:[<ffffffff812001cb>] [<ffffffff812001cb>] separate_irq_context
kernel/locking/lockdep.c:2861 [inline]
RIP: 0010:[<ffffffff812001cb>] [<ffffffff812001cb>]
__lock_acquire+0xc1b/0x4f50 kernel/locking/lockdep.c:3204
RSP: 0018:ffff880100ea7120 EFLAGS: 00000006
RAX: 228118010803a01d RBX: 000000000000006c RCX: 0000000000000000
RDX: 0000000000000019 RSI: ffff880100e5b848 RDI: ffff880100e5b834
RBP: ffff880100ea72a0 R08: 0000000000000005 R09: ffff880100e5b930
R10: ffffffff82836880 R11: 0000000000000000 R12: ffff880100e5af80
R13: ffff880100e5b910 R14: ffff880100e5b8e8 R15: 0000000000000000
FS: 00007f2400b75700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc28c0c372c CR3: 00000000083de000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
0000000000000000 0000000000000000 ffff880100ea72c0 ffffffff811fffff
ffff880100e5b900 ffff880100e5b840 ffff880100e5b908 0000000000000000
ffff880100e5b928 ffff880100e5b840 ffff880100e5b930 1ffff10000000000
Call Trace:
[<ffffffff81205f6e>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff82717c98>] __raw_spin_lock include/linux/spinlock_api_smp.h:144
[inline]
[<ffffffff82717c98>] _raw_spin_lock+0x38/0x50 kernel/locking/spinlock.c:151
[<ffffffff813c28d2>] spin_lock include/linux/spinlock.h:302 [inline]
[<ffffffff813c28d2>] task_lock include/linux/sched.h:2969 [inline]
[<ffffffff813c28d2>] find_lock_task_mm+0xf2/0x280 mm/oom_kill.c:109
[<ffffffff8211e7cb>] lowmem_scan+0x45b/0xbf0
drivers/staging/android/lowmemorykiller.c:132
[<ffffffff813ee8e2>] do_shrink_slab mm/vmscan.c:357 [inline]
[<ffffffff813ee8e2>] shrink_slab.part.0+0x402/0xb30 mm/vmscan.c:455
[<ffffffff813f742c>] shrink_slab mm/vmscan.c:425 [inline]
[<ffffffff813f742c>] shrink_zone+0x4bc/0x610 mm/vmscan.c:2448
[<ffffffff813f7bef>] shrink_zones mm/vmscan.c:2603 [inline]
[<ffffffff813f7bef>] do_try_to_free_pages mm/vmscan.c:2653 [inline]
[<ffffffff813f7bef>] try_to_free_pages+0x66f/0x1260 mm/vmscan.c:2861
[<ffffffff813d09af>] __perform_reclaim mm/page_alloc.c:2915 [inline]
[<ffffffff813d09af>] __alloc_pages_direct_reclaim mm/page_alloc.c:2936
[inline]
[<ffffffff813d09af>] __alloc_pages_slowpath mm/page_alloc.c:3201 [inline]
[<ffffffff813d09af>] __alloc_pages_nodemask+0x8af/0x14b0
mm/page_alloc.c:3313
[<ffffffff813dc242>] __alloc_pages include/linux/gfp.h:415 [inline]
[<ffffffff813dc242>] __alloc_pages_node include/linux/gfp.h:428 [inline]
[<ffffffff813dc242>] alloc_pages_node include/linux/gfp.h:442 [inline]
[<ffffffff813dc242>] __page_cache_alloc include/linux/pagemap.h:226
[inline]
[<ffffffff813dc242>] page_cache_alloc_readahead
include/linux/pagemap.h:242 [inline]
[<ffffffff813dc242>] __do_page_cache_readahead+0x222/0x840
mm/readahead.c:184
[<ffffffff813bf6de>] ra_submit mm/internal.h:55 [inline]
[<ffffffff813bf6de>] do_sync_mmap_readahead mm/filemap.c:1917 [inline]
[<ffffffff813bf6de>] filemap_fault+0x74e/0xc10 mm/filemap.c:1994
[<ffffffff81665ed2>] ext4_filemap_fault+0x72/0xa0 fs/ext4/inode.c:5558
[<ffffffff8142e82a>] __do_fault+0x1ca/0x350 mm/memory.c:2822
[<ffffffff8143b9cc>] do_read_fault mm/memory.c:3012 [inline]
[<ffffffff8143b9cc>] do_fault mm/memory.c:3177 [inline]
[<ffffffff8143b9cc>] handle_pte_fault mm/memory.c:3346 [inline]
[<ffffffff8143b9cc>] __handle_mm_fault mm/memory.c:3474 [inline]
[<ffffffff8143b9cc>] handle_mm_fault+0x1cfc/0x3140 mm/memory.c:3503
[<ffffffff810aaa4e>] __do_page_fault+0x28e/0x7f0 arch/x86/mm/fault.c:1243
[<ffffffff810ab008>] do_page_fault+0x28/0x30 arch/x86/mm/fault.c:1306
[<ffffffff82719e35>] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:1064
Code: 00 00 41 0f b6 4d 21 41 83 e6 03 41 c1 e6 05 83 e1 9f 41 09 ce 85 d2
45 88 75 21 74 77 48 8b 74 24 70 48 8d 14 92 4c 8d 74 d6 d8 <48> ba 00 00
00 00 00 fc ff df 49 8d 7e 21 48 89 f9 48 c1 e9 03
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'getty' (17489) because
cache 1612kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'rs:main Q:Reg' (1929) because
cache 1612kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'getty' (17490) because
cache 1268kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'cron' (1982) because
cache 1268kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'rsyslogd' (1931) because
cache 840kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'rs:main Q:Reg' (1929) because
cache 840kB is below limit 6144kB for oom_score_adj 0
Free memory is -1240kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'rsyslogd' (1931) because
cache 1240kB is below limit 6144kB for oom_score_adj 0
Free memory is -1044kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (17451) (tgid 17442), adj 1000,
to free 51364kB on behalf of 'init' (17492) because
cache 1240kB is below limit 6144kB for oom_score_adj 0
Free memory is -1044kB above reserved
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Feb 8, 2020, 11:02:07 PM2/8/20
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages