================================= [ INFO: inconsistent lock state ] 4.4.174+ #17 Not tainted --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage. kswapd0/28 [HC0[0]:SC0[0]:HE1:SE1] takes: (&sb->s_type->i_mutex_key#10){+.+.?.}, at: [] shmem_fallocate+0x13b/0x9c0 mm/shmem.c:2078 {RECLAIM_FS-ON-W} state was registered at: [] mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2536 [] __lockdep_trace_alloc kernel/locking/lockdep.c:2758 [inline] [] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2773 [] __alloc_pages_nodemask+0x13a/0x14b0 mm/page_alloc.c:3266 [] __alloc_pages include/linux/gfp.h:415 [inline] [] __alloc_pages_node include/linux/gfp.h:428 [inline] [] alloc_pages_node include/linux/gfp.h:442 [inline] [] shmem_alloc_page mm/shmem.c:953 [inline] [] shmem_getpage_gfp+0x6a3/0x1120 mm/shmem.c:1191 [] shmem_getpage mm/shmem.c:130 [inline] [] shmem_write_begin+0xeb/0x190 mm/shmem.c:1509 [] generic_perform_write+0x281/0x540 mm/filemap.c:2591 [] __generic_file_write_iter+0x350/0x540 mm/filemap.c:2716 [] generic_file_write_iter+0x3aa/0x740 mm/filemap.c:2744 [] new_sync_write fs/read_write.c:480 [inline] [] __vfs_write+0x2e8/0x3d0 fs/read_write.c:493 [] vfs_write+0x182/0x4e0 fs/read_write.c:540 [] SYSC_write fs/read_write.c:587 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:579 [] entry_SYSCALL_64_fastpath+0x1e/0x9a irq event stamp: 615037 hardirqs last enabled at (615037): [] __mutex_trylock_slowpath kernel/locking/mutex.c:885 [inline] hardirqs last enabled at (615037): [] mutex_trylock+0x28d/0x500 kernel/locking/mutex.c:908 hardirqs last disabled at (615036): [] __mutex_trylock_slowpath kernel/locking/mutex.c:873 [inline] hardirqs last disabled at (615036): [] mutex_trylock+0xaf/0x500 kernel/locking/mutex.c:908 netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. softirqs last enabled at (614950): [] __do_softirq+0x4da/0xa3f kernel/softirq.c:299 softirqs last disabled at (614785): [] invoke_softirq kernel/softirq.c:350 [inline] softirqs last disabled at (614785): [] irq_exit+0x10a/0x150 kernel/softirq.c:391 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&sb->s_type->i_mutex_key#10); lock(&sb->s_type->i_mutex_key#10); *** DEADLOCK *** 2 locks held by kswapd0/28: #0: (shrinker_rwsem){++++..}, at: [] shrink_slab.part.0+0xb2/0xb30 mm/vmscan.c:431 #1: (ashmem_mutex){+.+.+.}, at: [] ashmem_shrink_scan+0x56/0x4c0 drivers/staging/android/ashmem.c:442 stack backtrace: CPU: 1 PID: 28 Comm: kswapd0 Not tainted 4.4.174+ #17 0000000000000000 f62106737c199f84 ffff8800bba87290 ffffffff81aad1a1 00000000000000f0 ffff8800bb862f80 ffffffff83abfce0 ffffffff84057a80 ffff8800bb8638b8 ffff8800bba87308 ffffffff813ad456 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_usage_bug.cold+0x454/0x592 kernel/locking/lockdep.c:2267 [] valid_state kernel/locking/lockdep.c:2280 [inline] [] mark_lock_irq kernel/locking/lockdep.c:2478 [inline] [] mark_lock+0x6fd/0x1440 kernel/locking/lockdep.c:2933 [] mark_irqflags kernel/locking/lockdep.c:2834 [inline] [] __lock_acquire+0xa27/0x4f50 kernel/locking/lockdep.c:3169 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] shmem_fallocate+0x13b/0x9c0 mm/shmem.c:2078 [] ashmem_shrink_scan drivers/staging/android/ashmem.c:449 [inline] [] ashmem_shrink_scan+0x1c3/0x4c0 drivers/staging/android/ashmem.c:433 [] do_shrink_slab mm/vmscan.c:357 [inline] [] shrink_slab.part.0+0x402/0xb30 mm/vmscan.c:455 [] shrink_slab mm/vmscan.c:425 [inline] [] shrink_zone+0x4bc/0x610 mm/vmscan.c:2448 [] kswapd_shrink_zone mm/vmscan.c:3123 [inline] [] balance_pgdat mm/vmscan.c:3298 [inline] [] kswapd+0xaaf/0x1c60 mm/vmscan.c:3506 [] kthread+0x273/0x310 kernel/kthread.c:211 [] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:537 netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. syz-executor.5: page allocation failure: order:0, mode:0x2200000 CPU: 0 PID: 2117 Comm: syz-executor.5 Not tainted 4.4.174+ #17 0000000000000000 61dac02c5b8b651b ffff8800b88ef2d8 ffffffff81aad1a1 1ffff1001711de5e[ 3133.254869] lowmemorykiller: Killing 'syz-executor.5' (26353) (tgid 26340), adj 1000, to free 52176kB on behalf of 'syz-executor.1' (26412) because cache 50028kB is below limit 65536kB for oom_score_adj 12 Free memory is -1136kB above reserved ffff8801d66b0000 0000000002200000 0000000000000000 0000000000000000 ffff8800b88ef3e8 ffffffff8148c0cb 000002d900000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757 [] __alloc_pages_slowpath mm/page_alloc.c:3241 [inline] [] __alloc_pages_nodemask+0xef5/0x14b0 mm/page_alloc.c:3313 [] __alloc_pages include/linux/gfp.h:415 [inline] [] __alloc_pages_node include/linux/gfp.h:428 [inline] [] alloc_slab_page mm/slub.c:1436 [inline] [] allocate_slab mm/slub.c:1477 [inline] [] new_slab+0x2e5/0x380 mm/slub.c:1549 [] new_slab_objects mm/slub.c:2319 [inline] [] ___slab_alloc.constprop.0+0x323/0x3e0 mm/slub.c:2476 [] __slab_alloc.isra.0.constprop.0+0x50/0xa0 mm/slub.c:2518 [] slab_alloc_node mm/slub.c:2581 [inline] [] slab_alloc mm/slub.c:2623 [inline] [] kmem_cache_alloc+0x214/0x2c0 mm/slub.c:2628 [] kmem_cache_zalloc include/linux/slab.h:610 [inline] [] avc_alloc_node+0x27/0x3c0 security/selinux/avc.c:551 [] avc_insert security/selinux/avc.c:670 [inline] [] avc_compute_av+0x182/0x610 security/selinux/avc.c:976 [] avc_has_perm_noaudit security/selinux/avc.c:1112 [inline] [] avc_has_perm+0x355/0x3a0 security/selinux/avc.c:1146 [] task_has_perm+0x200/0x330 security/selinux/hooks.c:1525 [] selinux_task_wait+0x24/0x30 security/selinux/hooks.c:3763 [] security_task_wait+0x73/0xb0 security/security.c:993 [] wait_consider_task+0x28b/0x35b0 kernel/exit.c:1334 [] do_wait_thread kernel/exit.c:1447 [inline] [] do_wait+0x350/0xa00 kernel/exit.c:1518 [] SYSC_wait4 kernel/exit.c:1649 [inline] [] SyS_wait4+0x144/0x210 kernel/exit.c:1614 [] C_SYSC_wait4 kernel/compat.c:543 [inline] [] compat_SyS_wait4+0x259/0x2a0 kernel/compat.c:536 [] sys32_waitpid+0x28/0x30 arch/x86/ia32/sys_ia32.c:172 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a Mem-Info: active_anon:1135236 inactive_anon:42487 isolated_anon:0 active_file:4981 inactive_file:7549 isolated_file:0 unevictable:270083 dirty:103 writeback:0 unstable:0 slab_reclaimable:7333 slab_unreclaimable:72905 mapped:61234 shmem:47374 pagetables:20646 bounce:0 free:7073 free_pcp:402 free_cma:0 DMA32 free:18644kB min:4696kB low:5868kB high:7044kB active_anon:2070752kB inactive_anon:76168kB active_file:8448kB inactive_file:16260kB unevictable:493176kB isolated(anon):0kB isolated(file):0kB present:3145324kB managed:3021976kB mlocked:0kB dirty:124kB writeback:0kB mapped:111904kB shmem:85352kB slab_reclaimable:13408kB slab_unreclaimable:131304kB kernel_stack:13152kB pagetables:39748kB unstable:0kB bounce:0kB free_pcp:684kB local_pcp:300kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 3504 3504 Normal free:9648kB min:5580kB low:6972kB high:8368kB active_anon:2470192kB inactive_anon:93780kB active_file:11476kB inactive_file:13936kB unevictable:587156kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3588764kB mlocked:0kB dirty:288kB writeback:0kB mapped:133032kB shmem:104144kB slab_reclaimable:15924kB slab_unreclaimable:160316kB kernel_stack:16096kB pagetables:42836kB unstable:0kB bounce:0kB free_pcp:924kB local_pcp:280kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 DMA32: 387*4kB (UME) 241*8kB (UME) 100*16kB (UME) 129*32kB (UME) 100*64kB (UE) 19*128kB (UE) 2*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18548kB Normal: 774*4kB (UMEH) 585*8kB (UH) 3*16kB (H) 10*32kB (UH) 4*64kB (H) 6*128kB (H) 2*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9680kB 329964 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313294 pages reserved SLUB: Unable to allocate memory on node -1 (gfp=0x2008000) cache: avc_node, object size: 72, buffer size: 104, default order: 0, min order: 0 node 0: slabs: 2444, objs: 95316, free: 358 netlink: 49 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. audit_printk_skb: 501 callbacks suppressed audit: type=1400 audit(1573939500.980:7390): avc: denied { create } for pid=26440 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1573939501.220:7391): avc: denied { write } for pid=26440 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1573939501.510:7392): avc: denied { read } for pid=26440 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. nla_parse: 2 callbacks suppressed netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'.