[v5.15] kernel panic: System is deadlocked on memory
2 views
Skip to first unread message
syzbot
Apr 28, 2026, 4:51:25 AM (9 days ago) Apr 28
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: b9d57c40a767 Linux 5.15.203
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16c2d21f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=353ae28c40b35af5
dashboard link: https://syzkaller.appspot.com/bug?extid=6479a2996b0d81efac5a
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1b2ee9aebbe3/disk-b9d57c40.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e5742bf875d7/vmlinux-b9d57c40.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5175fafcf12a/bzImage-b9d57c40.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6479a2...@syzkaller.appspotmail.com
kmalloc-256 4859KB 5256KB
kmalloc-192 1794KB 2264KB
kmalloc-128 1645KB 2624KB
kmalloc-96 638KB 1028KB
kmalloc-64 3586KB 4012KB
kmalloc-32 1388KB 1392KB
kmalloc-16 357KB 424KB
kmalloc-8 646KB 701KB
kmem_cache_node 207KB 208KB
kmem_cache 172KB 172KB
Out of memory and no killable processes...
Kernel panic - not syncing: System is deadlocked on memory
CPU: 1 PID: 3950 Comm: sshd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
<TASK>
dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106
panic+0x2e5/0x810 kernel/panic.c:309
out_of_memory+0x10ea/0x1180 mm/oom_kill.c:1150
__alloc_pages_may_oom mm/page_alloc.c:4359 [inline]
__alloc_pages_slowpath+0x1dc5/0x28b0 mm/page_alloc.c:5177
__alloc_pages+0x340/0x480 mm/page_alloc.c:5514
alloc_pages_vma+0x393/0x7c0 mm/mempolicy.c:2146
__read_swap_cache_async+0x1b5/0xa70 mm/swap_state.c:459
read_swap_cache_async mm/swap_state.c:525 [inline]
swap_cluster_readahead+0x6a3/0x7c0 mm/swap_state.c:661
swapin_readahead+0xf1/0xac0 mm/swap_state.c:854
do_swap_page+0x4b6/0x1f40 mm/memory.c:3622
handle_pte_fault mm/memory.c:4654 [inline]
__handle_mm_fault mm/memory.c:4785 [inline]
handle_mm_fault+0x1b16/0x4410 mm/memory.c:4883
do_user_addr_fault+0x489/0xc80 arch/x86/mm/fault.c:1355
handle_page_fault arch/x86/mm/fault.c:1443 [inline]
exc_page_fault+0x60/0x100 arch/x86/mm/fault.c:1496
asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:606
RIP: 0010:do_sys_poll+0xf56/0x11a0 fs/select.c:1025
Code: 8b 74 24 30 4c 8d 76 12 48 8b 54 24 68 48 83 c2 06 45 31 ff 4c 89 f0 48 c1 e8 03 42 0f b6 04 28 84 c0 75 2b 42 0f b7 44 fe 12 <66> 89 02 49 89 d4 44 39 fb 74 3b e8 9a df aa ff 49 ff c7 49 83 c6
RSP: 0000:ffffc90002e2f860 EFLAGS: 00050246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff888027253b80
RDX: 000055d6489dd7e6 RSI: ffffc90002e2fc70 RDI: 0000000000000000
RBP: ffffc90002e2fe10 R08: ffff888078b8af7f R09: 1ffff1100f1715ef
R10: dffffc0000000000 R11: ffffed100f1715f0 R12: 000055d6489dd7f0
R13: dffffc0000000000 R14: ffffc90002e2fc82 R15: 0000000000000000
__do_sys_ppoll fs/select.c:1120 [inline]
__se_sys_ppoll+0x206/0x2a0 fs/select.c:1100
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f9ad4ece407
Code: Unable to access opcode bytes at RIP 0x7f9ad4ece3dd.
RSP: 002b:00007fff087cc510 EFLAGS: 00000202 ORIG_RAX: 000000000000010f
RAX: ffffffffffffffda RBX: 00007f9ad4dda300 RCX: 00007f9ad4ece407
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000055d6489dd7e0
RBP: 0000000000000002 R08: 0000000000000008 R09: 0000000000000000
R10: 00007fff087cc7e0 R11: 0000000000000202 R12: 0000000000000064
R13: 0000000000000000 R14: 000055d622ff1004 R15: 0000000000000002
</TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
----------------
Code disassembly (best guess):
0: 8b 74 24 30 mov 0x30(%rsp),%esi
4: 4c 8d 76 12 lea 0x12(%rsi),%r14
8: 48 8b 54 24 68 mov 0x68(%rsp),%rdx
d: 48 83 c2 06 add $0x6,%rdx
11: 45 31 ff xor %r15d,%r15d
14: 4c 89 f0 mov %r14,%rax
17: 48 c1 e8 03 shr $0x3,%rax
1b: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax
20: 84 c0 test %al,%al
22: 75 2b jne 0x4f
24: 42 0f b7 44 fe 12 movzwl 0x12(%rsi,%r15,8),%eax
* 2a: 66 89 02 mov %ax,(%rdx) <-- trapping instruction
2d: 49 89 d4 mov %rdx,%r12
30: 44 39 fb cmp %r15d,%ebx
33: 74 3b je 0x70
35: e8 9a df aa ff call 0xffaadfd4
3a: 49 ff c7 inc %r15
3d: 49 rex.WB
3e: 83 .byte 0x83
3f: c6 .byte 0xc6
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: b9d57c40a767 Linux 5.15.203
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16c2d21f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=353ae28c40b35af5
dashboard link: https://syzkaller.appspot.com/bug?extid=6479a2996b0d81efac5a
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1b2ee9aebbe3/disk-b9d57c40.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e5742bf875d7/vmlinux-b9d57c40.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5175fafcf12a/bzImage-b9d57c40.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6479a2...@syzkaller.appspotmail.com
kmalloc-256 4859KB 5256KB
kmalloc-192 1794KB 2264KB
kmalloc-128 1645KB 2624KB
kmalloc-96 638KB 1028KB
kmalloc-64 3586KB 4012KB
kmalloc-32 1388KB 1392KB
kmalloc-16 357KB 424KB
kmalloc-8 646KB 701KB
kmem_cache_node 207KB 208KB
kmem_cache 172KB 172KB
Out of memory and no killable processes...
Kernel panic - not syncing: System is deadlocked on memory
CPU: 1 PID: 3950 Comm: sshd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
<TASK>
dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106
panic+0x2e5/0x810 kernel/panic.c:309
out_of_memory+0x10ea/0x1180 mm/oom_kill.c:1150
__alloc_pages_may_oom mm/page_alloc.c:4359 [inline]
__alloc_pages_slowpath+0x1dc5/0x28b0 mm/page_alloc.c:5177
__alloc_pages+0x340/0x480 mm/page_alloc.c:5514
alloc_pages_vma+0x393/0x7c0 mm/mempolicy.c:2146
__read_swap_cache_async+0x1b5/0xa70 mm/swap_state.c:459
read_swap_cache_async mm/swap_state.c:525 [inline]
swap_cluster_readahead+0x6a3/0x7c0 mm/swap_state.c:661
swapin_readahead+0xf1/0xac0 mm/swap_state.c:854
do_swap_page+0x4b6/0x1f40 mm/memory.c:3622
handle_pte_fault mm/memory.c:4654 [inline]
__handle_mm_fault mm/memory.c:4785 [inline]
handle_mm_fault+0x1b16/0x4410 mm/memory.c:4883
do_user_addr_fault+0x489/0xc80 arch/x86/mm/fault.c:1355
handle_page_fault arch/x86/mm/fault.c:1443 [inline]
exc_page_fault+0x60/0x100 arch/x86/mm/fault.c:1496
asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:606
RIP: 0010:do_sys_poll+0xf56/0x11a0 fs/select.c:1025
Code: 8b 74 24 30 4c 8d 76 12 48 8b 54 24 68 48 83 c2 06 45 31 ff 4c 89 f0 48 c1 e8 03 42 0f b6 04 28 84 c0 75 2b 42 0f b7 44 fe 12 <66> 89 02 49 89 d4 44 39 fb 74 3b e8 9a df aa ff 49 ff c7 49 83 c6
RSP: 0000:ffffc90002e2f860 EFLAGS: 00050246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff888027253b80
RDX: 000055d6489dd7e6 RSI: ffffc90002e2fc70 RDI: 0000000000000000
RBP: ffffc90002e2fe10 R08: ffff888078b8af7f R09: 1ffff1100f1715ef
R10: dffffc0000000000 R11: ffffed100f1715f0 R12: 000055d6489dd7f0
R13: dffffc0000000000 R14: ffffc90002e2fc82 R15: 0000000000000000
__do_sys_ppoll fs/select.c:1120 [inline]
__se_sys_ppoll+0x206/0x2a0 fs/select.c:1100
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f9ad4ece407
Code: Unable to access opcode bytes at RIP 0x7f9ad4ece3dd.
RSP: 002b:00007fff087cc510 EFLAGS: 00000202 ORIG_RAX: 000000000000010f
RAX: ffffffffffffffda RBX: 00007f9ad4dda300 RCX: 00007f9ad4ece407
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000055d6489dd7e0
RBP: 0000000000000002 R08: 0000000000000008 R09: 0000000000000000
R10: 00007fff087cc7e0 R11: 0000000000000202 R12: 0000000000000064
R13: 0000000000000000 R14: 000055d622ff1004 R15: 0000000000000002
</TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
----------------
Code disassembly (best guess):
0: 8b 74 24 30 mov 0x30(%rsp),%esi
4: 4c 8d 76 12 lea 0x12(%rsi),%r14
8: 48 8b 54 24 68 mov 0x68(%rsp),%rdx
d: 48 83 c2 06 add $0x6,%rdx
11: 45 31 ff xor %r15d,%r15d
14: 4c 89 f0 mov %r14,%rax
17: 48 c1 e8 03 shr $0x3,%rax
1b: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax
20: 84 c0 test %al,%al
22: 75 2b jne 0x4f
24: 42 0f b7 44 fe 12 movzwl 0x12(%rsi,%r15,8),%eax
* 2a: 66 89 02 mov %ax,(%rdx) <-- trapping instruction
2d: 49 89 d4 mov %rdx,%r12
30: 44 39 fb cmp %r15d,%ebx
33: 74 3b je 0x70
35: e8 9a df aa ff call 0xffaadfd4
3a: 49 ff c7 inc %r15
3d: 49 rex.WB
3e: 83 .byte 0x83
3f: c6 .byte 0xc6
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages