================================= [ INFO: inconsistent lock state ] 4.9.194+ #0 Not tainted --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-R} usage. syz-executor.5/13571 [HC0[0]:SC0[0]:HE1:SE1] takes: (&mm->mmap_sem){+++++?}, at: [<0000000043bd594a>] get_cmdline+0xa3/0x2d0 mm/util.c:641 mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897 __alloc_pages_nodemask+0x143/0x1a80 mm/page_alloc.c:3803 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_pages_node include/linux/gfp.h:460 [inline] pmd_alloc_one arch/x86/include/asm/pgalloc.h:88 [inline] __pmd_alloc+0x4a/0x330 mm/memory.c:3742 pmd_alloc include/linux/mm.h:1625 [inline] alloc_new_pmd mm/mremap.c:64 [inline] move_page_tables+0xadb/0xd60 mm/mremap.c:212 shift_arg_pages+0x1ae/0x470 fs/exec.c:642 setup_arg_pages+0x60d/0x7c0 fs/exec.c:754 load_elf_binary+0xa84/0x4a90 fs/binfmt_elf.c:860 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 irq event stamp: 13082437 hardirqs last enabled at (13082437): [<00000000dfba08f1>] vprintk_emit+0x25c/0x6f0 kernel/printk/printk.c:1897 hardirqs last disabled at (13082436): [<00000000be59a2f0>] vprintk_emit+0x6d/0x6f0 kernel/printk/printk.c:1801 softirqs last enabled at (13082332): [<00000000118e615a>] __do_softirq+0x474/0x964 kernel/softirq.c:314 softirqs last disabled at (13082321): [<000000008ae1260d>] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (13082321): [<000000008ae1260d>] irq_exit+0x119/0x160 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&mm->mmap_sem); lock(&mm->mmap_sem); *** DEADLOCK *** 1 lock held by syz-executor.5/13571: #0: (shrinker_rwsem){++++..}, at: [<000000004ed4ba2d>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 stack backtrace: CPU: 0 PID: 13571 Comm: syz-executor.5 Not tainted 4.9.194+ #0 ffff8801b0d470f0 ffffffff81b67001 00000000000000f0 ffff8801a73e0000 ffffffff83cb0990 ffff8801a73e08f8 ffffffff84252000 ffff8801b0d47168 ffffffff81408710 0000000000000000 ffffffff00000001 0000000000000001 Call Trace: [<000000003b92eb03>] __dump_stack lib/dump_stack.c:15 [inline] [<000000003b92eb03>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000018d7f20>] print_usage_bug kernel/locking/lockdep.c:2387 [inline] [<00000000018d7f20>] print_usage_bug.cold+0x452/0x5a2 kernel/locking/lockdep.c:2354 [<00000000d568eb4e>] valid_state kernel/locking/lockdep.c:2400 [inline] [<00000000d568eb4e>] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [<00000000d568eb4e>] mark_lock+0x6c7/0x12e0 kernel/locking/lockdep.c:3065 [<000000005316ced6>] mark_irqflags kernel/locking/lockdep.c:2958 [inline] [<000000005316ced6>] __lock_acquire+0x5be/0x4390 kernel/locking/lockdep.c:3302 [<0000000046b0a797>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<0000000094e7f6e3>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<0000000043bd594a>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<00000000a0af79dd>] handle_lmk_event+0x169/0x920 drivers/staging/android/lowmemorykiller.c:116 [<00000000525fab78>] lowmem_scan+0x6f3/0xb70 drivers/staging/android/lowmemorykiller.c:354 [<00000000b35a9729>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000b35a9729>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000e75ce45e>] shrink_slab mm/vmscan.c:466 [inline] [<00000000e75ce45e>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<000000003616ff8b>] shrink_zones mm/vmscan.c:2751 [inline] [<000000003616ff8b>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<000000003616ff8b>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000c9ef4507>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000c9ef4507>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000c9ef4507>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000c9ef4507>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000cc44bf7c>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000cc44bf7c>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000cc44bf7c>] alloc_slab_page mm/slub.c:1408 [inline] [<00000000cc44bf7c>] allocate_slab mm/slub.c:1557 [inline] [<00000000cc44bf7c>] new_slab+0x33b/0x3e0 mm/slub.c:1635 [<000000002141de33>] new_slab_objects mm/slub.c:2419 [inline] [<000000002141de33>] ___slab_alloc.constprop.0+0x361/0x470 mm/slub.c:2576 [<00000000d6c16af7>] __slab_alloc.isra.0.constprop.0+0x50/0xa0 mm/slub.c:2618 [<0000000036124be4>] slab_alloc_node mm/slub.c:2681 [inline] [<0000000036124be4>] slab_alloc mm/slub.c:2723 [inline] [<0000000036124be4>] kmem_cache_alloc+0x212/0x2b0 mm/slub.c:2728 [<00000000268eb839>] getname_flags+0xcc/0x550 fs/namei.c:140 [<00000000806e6d51>] getname+0x1a/0x20 fs/namei.c:211 [<000000008d7c94dc>] do_sys_open+0x246/0x610 fs/open.c:1091 [<00000000e36359a9>] SYSC_open fs/open.c:1115 [inline] [<00000000e36359a9>] SyS_open+0x2d/0x40 fs/open.c:1110 [<0000000033089a5f>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000e196e211>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor.0' (31834) (tgid 31834), adj 1000, to free 53160kB on behalf of 'udevd' (5715) because cache 65240kB is below limit 65536kB for oom_score_adj 12 Free memory is -9188kB above reserved lowmemorykiller: Killing 'syz-executor.0' (31831) (tgid 31831), adj 1000, to free 53048kB on behalf of 'udevd' (5715) because cache 60140kB is below limit 65536kB for oom_score_adj 12 Free memory is -3988kB above reserved lowmemorykiller: Killing 'syz-executor.4' (3357) (tgid 3357), adj 1000, to free 52360kB on behalf of 'syz-executor.0' (7965) because cache 59940kB is below limit 65536kB for oom_score_adj 12 Free memory is -3988kB above reserved lowmemorykiller: Killing 'syz-executor.0' (31834) (tgid 31834), adj 1000, to free 53160kB on behalf of 'syz-executor.1' (3745) because cache 60140kB is below limit 65536kB for oom_score_adj 12 Free memory is -3988kB above reserved lowmemorykiller: Killing 'syz-executor.4' (3498) (tgid 3498), adj 1000, to free 52360kB on behalf of 'syz-executor.1' (3745) because cache 58240kB is below limit 65536kB for oom_score_adj 12 Free memory is 10616kB above reserved lowmemorykiller: Killing 'syz-executor.4' (27540) (tgid 27540), adj 1000, to free 52352kB on behalf of 'syz-executor.1' (3745) because cache 55940kB is below limit 65536kB for oom_score_adj 12 Free memory is 43788kB above reserved lowmemorykiller: Killing 'syz-executor.4' (27540) (tgid 27540), adj 1000, to free 52352kB on behalf of 'syz-executor.0' (7965) because cache 59940kB is below limit 65536kB for oom_score_adj 12 Free memory is -3988kB above reserved devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options lowmemorykiller: Killing 'syz-executor.4' (29428) (tgid 29428), adj 1000, to free 52352kB on behalf of 'kswapd0' (33) because cache 51456kB is below limit 65536kB for oom_score_adj 12 Free memory is -2676kB above reserved lowmemorykiller: Killing 'syz-executor.4' (3322) (tgid 3322), adj 1000, to free 52352kB on behalf of 'kswapd0' (33) because cache 51356kB is below limit 65536kB for oom_score_adj 12 Free memory is -1176kB above reserved devpts: called with bogus options audit_printk_skb: 96 callbacks suppressed audit: type=1400 audit(2000008139.135:6974): avc: denied { create } for pid=8068 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 devpts: called with bogus options devpts: called with bogus options audit: type=1400 audit(2000008139.275:6975): avc: denied { create } for pid=8070 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(2000008139.285:6976): avc: denied { create } for pid=8062 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 selinux_nlmsg_perm: 12 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8079 comm=syz-executor.0 devpts: called with bogus options devpts: called with bogus options audit: type=1400 audit(2000008139.375:6977): avc: denied { create } for pid=8087 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 devpts: called with bogus options audit: type=1400 audit(2000008139.515:6978): avc: denied { create } for pid=8070 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8091 comm=syz-executor.3 audit: type=1400 audit(2000008139.575:6979): avc: denied { create } for pid=8081 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8098 comm=syz-executor.2 lowmemorykiller: Killing 'syz-executor.4' (24452) (tgid 24452), adj 1000, to free 52344kB on behalf of 'kswapd0' (33) because cache 51068kB is below limit 65536kB for oom_score_adj 12 Free memory is -4068kB above reserved lowmemorykiller: Killing 'syz-executor.4' (29567) (tgid 29567), adj 1000, to free 52344kB on behalf of 'kswapd0' (33) because cache 50968kB is below limit 65536kB for oom_score_adj 12 Free memory is -672kB above reserved lowmemorykiller: Killing 'syz-executor.4' (26004) (tgid 26004), adj 1000, to free 51108kB on behalf of 'kswapd0' (33) because cache 50968kB is below limit 65536kB for oom_score_adj 12 Free memory is 16720kB above reserved lowmemorykiller: Killing 'syz-executor.4' (661) (tgid 661), adj 1000, to free 50996kB on behalf of 'kswapd0' (33) because cache 50968kB is below limit 65536kB for oom_score_adj 12 Free memory is 34860kB above reserved devpts: called with bogus options devpts: called with bogus options audit: type=1400 audit(2000008139.705:6980): avc: denied { create } for pid=8102 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(2000008139.875:6981): avc: denied { create } for pid=8097 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8109 comm=syz-executor.5 devpts: called with bogus options audit: type=1400 audit(2000008139.925:6982): avc: denied { create } for pid=8106 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 devpts: called with bogus options audit: type=1400 audit(2000008140.025:6983): avc: denied { create } for pid=8106 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8116 comm=syz-executor.1 devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8134 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8139 comm=syz-executor.2 devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8149 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8158 comm=syz-executor.5 lowmemorykiller: Killing 'syz-executor.4' (31049) (tgid 31049), adj 1000, to free 50240kB on behalf of 'kswapd0' (33) because cache 51292kB is below limit 65536kB for oom_score_adj 12 Free memory is -2592kB above reserved lowmemorykiller: Killing 'syz-executor.4' (29905) (tgid 29905), adj 1000, to free 49796kB on behalf of 'kswapd0' (33) because cache 51292kB is below limit 65536kB for oom_score_adj 12 Free memory is -2748kB above reserved lowmemorykiller: Killing 'syz-executor.4' (25164) (tgid 25164), adj 1000, to free 49728kB on behalf of 'kswapd0' (33) because cache 51292kB is below limit 65536kB for oom_score_adj 12 Free memory is 14796kB above reserved devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8173 comm=syz-executor.1 devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options lowmemorykiller: Killing 'syz-executor.4' (29755) (tgid 29755), adj 1000, to free 49136kB on behalf of 'kswapd0' (33) because cache 51332kB is below limit 65536kB for oom_score_adj 12 Free memory is -6660kB above reserved devpts: called with bogus options lowmemorykiller: Killing 'syz-executor.4' (28653) (tgid 28653), adj 1000, to free 48548kB on behalf of 'kswapd0' (33) because cache 51232kB is below limit 65536kB for oom_score_adj 12 Free memory is -6688kB above reserved lowmemorykiller: Killing 'syz-executor.4' (28134) (tgid 28134), adj 1000, to free 48176kB on behalf of 'kswapd0' (33) because cache 51132kB is below limit 65536kB for oom_score_adj 12 Free memory is -7060kB above reserved lowmemorykiller: Killing 'syz-executor.4' (27501) (tgid 27501), adj 1000, to free 48120kB on behalf of 'kswapd0' (33) because cache 51132kB is below limit 65536kB for oom_score_adj 12 Free memory is 14240kB above reserved devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options lowmemorykiller: Killing 'syz-executor.4' (2625) (tgid 2625), adj 1000, to free 47620kB on behalf of 'kswapd0' (33) because cache 51076kB is below limit 65536kB for oom_score_adj 12 Free memory is -1864kB above reserved lowmemorykiller: Killing 'syz-executor.4' (27368) (tgid 27368), adj 1000, to free 47412kB on behalf of 'kswapd0' (33) because cache 50976kB is below limit 65536kB for oom_score_adj 12 Free memory is -2144kB above reserved lowmemorykiller: Killing 'syz-executor.4' (32750) (tgid 32750), adj 1000, to free 46800kB on behalf of 'kswapd0' (33) because cache 50976kB is below limit 65536kB for oom_score_adj 12 Free memory is -2144kB above reserved lowmemorykiller: Killing 'syz-executor.4' (2708) (tgid 2708), adj 1000, to free 46492kB on behalf of 'kswapd0' (33) because cache 50976kB is below limit 65536kB for oom_score_adj 12 Free memory is 9084kB above reserved devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options lowmemorykiller: Killing 'syz-executor.4' (25401) (tgid 25401), adj 1000, to free 46164kB on behalf of 'kswapd0' (33) because cache 50912kB is below limit 65536kB for oom_score_adj 12 Free memory is -5640kB above reserved lowmemorykiller: Killing 'syz-executor.4' (30615) (tgid 30615), adj 1000, to free 46124kB on behalf of 'kswapd0' (33) because cache 50828kB is below limit 65536kB for oom_score_adj 12 Free memory is -1500kB above reserved lowmemorykiller: Killing 'syz-executor.4' (25046) (tgid 25046), adj 1000, to free 45548kB on behalf of 'kswapd0' (33) because cache 50828kB is below limit 65536kB for oom_score_adj 12 Free memory is 652kB above reserved devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options audit_printk_skb: 129 callbacks suppressed audit: type=1400 audit(2000008144.185:7027): avc: denied { create } for pid=8311 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(2000008144.195:7028): avc: denied { create } for pid=8313 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0