================================= [ INFO: inconsistent lock state ] 4.9.141+ #1 Not tainted --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage. kswapd0/33 [HC0[0]:SC0[0]:HE1:SE1] takes: (&sb->s_type->i_mutex_key#10){+.+.?.}, at: [] inode_lock include/linux/fs.h:766 [inline] (&sb->s_type->i_mutex_key#10){+.+.?.}, at: [] shmem_fallocate+0x13c/0xb10 mm/shmem.c:2676 mark_held_locks+0xc7/0x130 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18e/0x2a0 kernel/locking/lockdep.c:2897 __alloc_pages_nodemask+0x14a/0x1bd0 mm/page_alloc.c:3804 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_pages_node include/linux/gfp.h:460 [inline] shmem_alloc_page mm/shmem.c:1420 [inline] shmem_alloc_and_acct_page mm/shmem.c:1450 [inline] shmem_getpage_gfp+0xc7c/0x18f0 mm/shmem.c:1724 shmem_getpage mm/shmem.c:123 [inline] shmem_write_begin+0xf4/0x1a0 mm/shmem.c:2205 generic_perform_write+0x28a/0x500 mm/filemap.c:2753 __generic_file_write_iter+0x352/0x540 mm/filemap.c:2878 generic_file_write_iter+0x37a/0x620 mm/filemap.c:2906 new_sync_write fs/read_write.c:496 [inline] __vfs_write+0x3d7/0x580 fs/read_write.c:509 vfs_write+0x187/0x520 fs/read_write.c:557 SYSC_write fs/read_write.c:604 [inline] SyS_write+0xd9/0x1c0 fs/read_write.c:596 do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb irq event stamp: 10655 hardirqs last enabled at (10655): [] __mutex_trylock_slowpath kernel/locking/mutex.c:885 [inline] hardirqs last enabled at (10655): [] mutex_trylock+0x258/0x3e0 kernel/locking/mutex.c:908 hardirqs last disabled at (10654): [] __mutex_trylock_slowpath kernel/locking/mutex.c:873 [inline] hardirqs last disabled at (10654): [] mutex_trylock+0xaf/0x3e0 kernel/locking/mutex.c:908 softirqs last enabled at (3042): [] __do_softirq+0x46d/0x964 kernel/softirq.c:314 softirqs last disabled at (3035): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (3035): [] irq_exit+0x11c/0x150 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&sb->s_type->i_mutex_key#10); lock(&sb->s_type->i_mutex_key#10); *** DEADLOCK *** lowmemorykiller: Killing 'syz-executor.5' (8994) (tgid 8994), adj 1000, to free 52488kB on behalf of 'syz-executor.0' (13611) because cache 65480kB is below limit 65536kB for oom_score_adj 12 Free memory is -13156kB above reserved lowmemorykiller: Killing 'syz-executor.1' (3921) (tgid 3921), adj 1000, to free 52396kB on behalf of 'syz-executor.0' (13611) because cache 64980kB is below limit 65536kB for oom_score_adj 12 Free memory is -13256kB above reserved lowmemorykiller: Killing 'syz-executor.1' (3947) (tgid 3947), adj 1000, to free 52396kB on behalf of 'syz-executor.0' (13611) because cache 64480kB is below limit 65536kB for oom_score_adj 12 Free memory is -13124kB above reserved 2 locks held by kswapd0/33: #0: (shrinker_rwsem){++++..}, at: [] shrink_slab.part.8+0xb2/0xa00 mm/vmscan.c:471 #1: (ashmem_mutex){+.+.+.}, at: [] ashmem_shrink_scan+0x55/0x4c0 drivers/staging/android/ashmem.c:455 stack backtrace: CPU: 1 PID: 33 Comm: kswapd0 Not tainted 4.9.141+ #1 ffff8801d841f380 ffffffff81b42e79 ffff8801d8410000 ffffffff83cac600 ffff8801d8410900 ffff8801d8410920 ffffffff84244d40 ffff8801d841f3f8 ffffffff81400780 0000000000000000 ffffffff00000001 0000000000000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_usage_bug.cold.40+0x44e/0x57e kernel/locking/lockdep.c:2387 [] valid_state kernel/locking/lockdep.c:2400 [inline] [] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [] mark_lock+0x2f2/0x1290 kernel/locking/lockdep.c:3065 [] mark_irqflags kernel/locking/lockdep.c:2958 [inline] [] __lock_acquire+0x632/0x4a10 kernel/locking/lockdep.c:3302 [] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [] down_write+0x41/0xa0 kernel/locking/rwsem.c:52 [] inode_lock include/linux/fs.h:766 [inline] [] shmem_fallocate+0x13c/0xb10 mm/shmem.c:2676 [] ashmem_shrink_scan+0x1b9/0x4c0 drivers/staging/android/ashmem.c:462 [] do_shrink_slab mm/vmscan.c:398 [inline] [] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501 [] shrink_slab mm/vmscan.c:465 [inline] [] shrink_node+0x1ed/0x740 mm/vmscan.c:2602 [] kswapd_shrink_node mm/vmscan.c:3202 [inline] [] balance_pgdat mm/vmscan.c:3319 [inline] [] kswapd+0x7e9/0x13b0 mm/vmscan.c:3512 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 lowmemorykiller: Killing 'syz-executor.2' (3104) (tgid 3104), adj 1000, to free 52392kB on behalf of 'syz-executor.0' (13611) because cache 64080kB is below limit 65536kB for oom_score_adj 12 Free memory is -13244kB above reserved lowmemorykiller: Killing 'syz-executor.3' (2723) (tgid 2723), adj 1000, to free 52388kB on behalf of 'syz-executor.0' (13611) because cache 63512kB is below limit 65536kB for oom_score_adj 12 Free memory is -13076kB above reserved lowmemorykiller: Killing 'syz-executor.5' (8883) (tgid 8883), adj 1000, to free 52384kB on behalf of 'syz-executor.0' (13611) because cache 63112kB is below limit 65536kB for oom_score_adj 12 Free memory is -13144kB above reserved lowmemorykiller: Killing 'syz-executor.4' (13208) (tgid 13208), adj 1000, to free 52384kB on behalf of 'syz-executor.0' (13611) because cache 62612kB is below limit 65536kB for oom_score_adj 12 Free memory is -13012kB above reserved lowmemorykiller: Killing 'syz-executor.1' (4680) (tgid 4680), adj 1000, to free 52364kB on behalf of 'syz-executor.0' (13611) because cache 62112kB is below limit 65536kB for oom_score_adj 12 Free memory is -13108kB above reserved lowmemorykiller: Killing 'syz-executor.0' (5045) (tgid 5045), adj 1000, to free 52348kB on behalf of 'syz-executor.0' (13611) because cache 61612kB is below limit 65536kB for oom_score_adj 12 Free memory is -13216kB above reserved lowmemorykiller: Killing 'syz-executor.3' (3080) (tgid 3080), adj 1000, to free 52340kB on behalf of 'syz-executor.0' (13611) because cache 61012kB is below limit 65536kB for oom_score_adj 12 Free memory is -12984kB above reserved lowmemorykiller: Killing 'syz-executor.5' (12213) (tgid 12213), adj 1000, to free 52332kB on behalf of 'syz-executor.0' (13611) because cache 60712kB is below limit 65536kB for oom_score_adj 12 Free memory is -13128kB above reserved lowmemorykiller: Killing 'syz-executor.4' (11233) (tgid 11233), adj 1000, to free 52328kB on behalf of 'syz-executor.0' (13611) because cache 60312kB is below limit 65536kB for oom_score_adj 12 Free memory is -13020kB above reserved lowmemorykiller: Killing 'syz-executor.4' (11241) (tgid 11241), adj 1000, to free 52328kB on behalf of 'syz-executor.0' (13611) because cache 59912kB is below limit 65536kB for oom_score_adj 12 Free memory is -13120kB above reserved lowmemorykiller: Killing 'syz-executor.1' (3264) (tgid 3264), adj 1000, to free 52144kB on behalf of 'syz-executor.0' (13611) because cache 59512kB is below limit 65536kB for oom_score_adj 12 Free memory is -13212kB above reserved lowmemorykiller: Killing 'syz-executor.5' (12126) (tgid 12126), adj 1000, to free 51932kB on behalf of 'syz-executor.0' (13611) because cache 59012kB is below limit 65536kB for oom_score_adj 12 Free memory is -13004kB above reserved lowmemorykiller: Killing 'syz-executor.0' (2766) (tgid 2766), adj 1000, to free 51600kB on behalf of 'syz-executor.0' (13611) because cache 58512kB is below limit 65536kB for oom_score_adj 12 Free memory is -11944kB above reserved binder: 13626:13628 ioctl 40046205 fffffffffffffffe returned -22 audit: type=1400 audit(1552720013.532:21608): avc: denied { net_admin } for pid=2102 comm="syz-executor.4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1552720013.572:21609): avc: denied { read } for pid=13742 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1552720013.572:21610): avc: denied { sys_admin } for pid=13778 comm="syz-executor.3" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1552720013.622:21611): avc: denied { dac_override } for pid=13742 comm="syz-executor.5" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1552720014.272:21612): avc: denied { sys_admin } for pid=2101 comm="syz-executor.0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1552720014.272:21613): avc: denied { call } for pid=13816 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 13816:13818 got transaction with invalid offset (0, min 0 max 0) or object. binder: 13816:13818 transaction failed 29201/-22, size 0-8 line 3199 binder: 13816:13818 got transaction with invalid offset (0, min 0 max 0) or object. binder: 13816:13818 transaction failed 29201/-22, size 0-8 line 3199 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1552720014.272:21614): avc: denied { net_admin } for pid=2103 comm="syz-executor.2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1552720014.302:21615): avc: denied { create } for pid=13821 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1552720014.302:21616): avc: denied { write } for pid=13821 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1552720014.322:21617): avc: denied { read } for pid=13821 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pig=13930 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pig=13994 comm=syz-executor.3 input: syz0 as /devices/virtual/input/input63 input: syz0 as /devices/virtual/input/input64 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=186 sclass=netlink_route_socket pig=14110 comm=syz-executor.4 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.