Free memory is -6776kB above reserved lowmemorykiller: Killing 'syz-executor831' (2078) (tgid 2078), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3689) because cache 39436kB is below limit 65536kB for oom_score_adj 12 Free memory is -13224kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 3689, name: syz-executor831 3 locks held by syz-executor831/3689: #0: (&mm->mmap_sem){++++++}, at: [<00000000e26c22b0>] __mm_populate+0x20c/0x300 mm/gup.c:1143 #1: (shrinker_rwsem){++++..}, at: [<00000000c602aa00>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 #2: (rcu_read_lock){......}, at: [<00000000aee98f46>] lowmem_scan+0x242/0xb50 drivers/staging/android/lowmemorykiller.c:272 Preemption disabled at: [<0000000071e6de5f>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000071e6de5f>] task_lock include/linux/sched.h:3217 [inline] [<0000000071e6de5f>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 3689 Comm: syz-executor831 Not tainted 4.9.184+ #5 ffff88001127f018 ffffffff81b580a1 0000000000000000 0000000000000001 ffff8800112397c0 ffffffff810d0ca0 ffff8800112397c0 ffff88001127f050 ffffffff8140040c ffff8800112397c0 ffffffff82a39900 0000000000000387 Call Trace: [<000000002fd63b38>] __dump_stack lib/dump_stack.c:15 [inline] [<000000002fd63b38>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000debae92a>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<0000000037f78384>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<000000000514e9b7>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c1f8082b>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000b5d06e7a>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000065251831>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000065251831>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000083c74872>] shrink_slab mm/vmscan.c:466 [inline] [<0000000083c74872>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<000000003b5f1ee5>] shrink_zones mm/vmscan.c:2751 [inline] [<000000003b5f1ee5>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<000000003b5f1ee5>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000015fe08a8>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000015fe08a8>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000015fe08a8>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000015fe08a8>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000a638cbde>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000a638cbde>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000a638cbde>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000a638cbde>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000a638cbde>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000a638cbde>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<0000000020a65291>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002513a8a4>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000003ffc07fa>] do_read_fault mm/memory.c:3202 [inline] [<000000003ffc07fa>] do_fault mm/memory.c:3338 [inline] [<000000003ffc07fa>] handle_pte_fault mm/memory.c:3547 [inline] [<000000003ffc07fa>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000003ffc07fa>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fa81dfca>] faultin_page mm/gup.c:395 [inline] [<00000000fa81dfca>] __get_user_pages+0x3c7/0x10b0 mm/gup.c:597 [<00000000212c2f4a>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1115 [<000000004388c4dc>] __mm_populate+0x1b9/0x300 mm/gup.c:1163 [<0000000063ef8500>] mm_populate include/linux/mm.h:2056 [inline] [<0000000063ef8500>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<0000000037e8c063>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<0000000037e8c063>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000096ce140>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000096ce140>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<0000000004a565b6>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<000000008974863c>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb ================================= [ INFO: inconsistent lock state ] 4.9.184+ #5 Tainted: G W --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-R} usage. syz-executor831/3689 [HC0[0]:SC0[0]:HE1:SE1] takes: (&mm->mmap_sem){+++++?}, at: [<0000000061002ddf>] get_cmdline+0xa3/0x2d0 mm/util.c:641 mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897 __alloc_pages_nodemask+0x143/0x1a80 mm/page_alloc.c:3803 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_pages_node include/linux/gfp.h:460 [inline] pmd_alloc_one arch/x86/include/asm/pgalloc.h:88 [inline] __pmd_alloc+0x4a/0x330 mm/memory.c:3742 pmd_alloc include/linux/mm.h:1601 [inline] alloc_new_pmd mm/mremap.c:64 [inline] move_page_tables+0xadb/0xd60 mm/mremap.c:212 shift_arg_pages+0x1ae/0x470 fs/exec.c:642 setup_arg_pages+0x60d/0x7c0 fs/exec.c:754 load_elf_binary+0xa84/0x4a90 fs/binfmt_elf.c:860 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 irq event stamp: 15439 hardirqs last enabled at (15439): [<000000001e7d37f6>] dump_stack+0x100/0x120 lib/dump_stack.c:56 hardirqs last disabled at (15438): [<00000000e8f9aa81>] dump_stack+0x2c/0x120 lib/dump_stack.c:38 softirqs last enabled at (6942): [<000000000b63bfda>] __do_softirq+0x474/0x964 kernel/softirq.c:314 softirqs last disabled at (6919): [<0000000043f97112>] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (6919): [<0000000043f97112>] irq_exit+0x119/0x160 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&mm->mmap_sem); lock(&mm->mmap_sem); *** DEADLOCK *** 4 locks held by syz-executor831/3689: #0: (&mm->mmap_sem){+++++?}, at: [<00000000e26c22b0>] __mm_populate+0x20c/0x300 mm/gup.c:1143 #1: (shrinker_rwsem){++++..}, at: [<00000000c602aa00>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 #2: (rcu_read_lock){......}, at: [<00000000aee98f46>] lowmem_scan+0x242/0xb50 drivers/staging/android/lowmemorykiller.c:272 #3: (lmk_event_lock){+.+.-.}, at: [<000000002f9957af>] spin_lock include/linux/spinlock.h:302 [inline] #3: (lmk_event_lock){+.+.-.}, at: [<000000002f9957af>] handle_lmk_event+0xfb/0x8a0 drivers/staging/android/lowmemorykiller.c:114 stack backtrace: CPU: 0 PID: 3689 Comm: syz-executor831 Tainted: G W 4.9.184+ #5 ffff88001127ed60 ffffffff81b580a1 00000000000000f0 ffff8800112397c0 ffffffff83cad760 ffff88001123a130 ffffffff8424eec0 ffff88001127edd8 ffffffff81406e49 0000000000000000 ffffffff00000001 0000000000000001 Call Trace: [<000000002fd63b38>] __dump_stack lib/dump_stack.c:15 [inline] [<000000002fd63b38>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000024514e0>] print_usage_bug kernel/locking/lockdep.c:2387 [inline] [<00000000024514e0>] print_usage_bug.cold+0x452/0x5a2 kernel/locking/lockdep.c:2354 [<0000000072195bbd>] valid_state kernel/locking/lockdep.c:2400 [inline] [<0000000072195bbd>] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [<0000000072195bbd>] mark_lock+0x6c7/0x12e0 kernel/locking/lockdep.c:3065 [<00000000f7a28fcf>] mark_irqflags kernel/locking/lockdep.c:2958 [inline] [<00000000f7a28fcf>] __lock_acquire+0x5c3/0x4350 kernel/locking/lockdep.c:3302 [<000000004feb7352>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<000000001405c064>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<0000000061002ddf>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<00000000de8567c1>] handle_lmk_event+0x13c/0x8a0 drivers/staging/android/lowmemorykiller.c:128 [<00000000b5d06e7a>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000065251831>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000065251831>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000083c74872>] shrink_slab mm/vmscan.c:466 [inline] [<0000000083c74872>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<000000003b5f1ee5>] shrink_zones mm/vmscan.c:2751 [inline] [<000000003b5f1ee5>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<000000003b5f1ee5>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000015fe08a8>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000015fe08a8>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000015fe08a8>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000015fe08a8>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000a638cbde>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000a638cbde>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000a638cbde>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000a638cbde>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000a638cbde>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000a638cbde>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<0000000020a65291>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002513a8a4>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000003ffc07fa>] do_read_fault mm/memory.c:3202 [inline] [<000000003ffc07fa>] do_fault mm/memory.c:3338 [inline] [<000000003ffc07fa>] handle_pte_fault mm/memory.c:3547 [inline] [<000000003ffc07fa>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000003ffc07fa>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fa81dfca>] faultin_page mm/gup.c:395 [inline] [<00000000fa81dfca>] __get_user_pages+0x3c7/0x10b0 mm/gup.c:597 [<00000000212c2f4a>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1115 [<000000004388c4dc>] __mm_populate+0x1b9/0x300 mm/gup.c:1163 [<0000000063ef8500>] mm_populate include/linux/mm.h:2056 [inline] [<0000000063ef8500>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<0000000037e8c063>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<0000000037e8c063>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000096ce140>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000096ce140>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<0000000004a565b6>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<000000008974863c>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor831' (2081) (tgid 2081), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3689) because cache 39236kB is below limit 65536kB for oom_score_adj 12 Free memory is -13272kB above reserved lowmemorykiller: Killing 'syz-executor831' (2087) (tgid 2087), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3689) because cache 39036kB is below limit 65536kB for oom_score_adj 12 Free memory is 8852kB above reserved lowmemorykiller: Killing 'syz-executor831' (2099) (tgid 2099), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3697) because cache 38952kB is below limit 65536kB for oom_score_adj 12 Free memory is -13348kB above reserved lowmemorykiller: Killing 'syz-executor831' (2105) (tgid 2105), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3697) because cache 38952kB is below limit 65536kB for oom_score_adj 12 Free memory is -10148kB above reserved lowmemorykiller: Killing 'syz-executor831' (2111) (tgid 2111), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3697) because cache 38752kB is below limit 65536kB for oom_score_adj 12 Free memory is -5248kB above reserved lowmemorykiller: Killing 'syz-executor831' (2114) (tgid 2114), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3697) because cache 38752kB is below limit 65536kB for oom_score_adj 12 Free memory is -848kB above reserved lowmemorykiller: Killing 'syz-executor831' (2117) (tgid 2117), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3697) because cache 38852kB is below limit 65536kB for oom_score_adj 12 Free memory is 12752kB above reserved lowmemorykiller: Killing 'syz-executor831' (2120) (tgid 2120), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3712) because cache 38760kB is below limit 65536kB for oom_score_adj 12 Free memory is -13304kB above reserved lowmemorykiller: Killing 'syz-executor831' (2129) (tgid 2129), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3712) because cache 38560kB is below limit 65536kB for oom_score_adj 12 Free memory is -13320kB above reserved lowmemorykiller: Killing 'syz-executor831' (2141) (tgid 2141), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3712) because cache 38360kB is below limit 65536kB for oom_score_adj 12 Free memory is -13360kB above reserved lowmemorykiller: Killing 'syz-executor831' (2144) (tgid 2144), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3712) because cache 38360kB is below limit 65536kB for oom_score_adj 12 Free memory is -12884kB above reserved lowmemorykiller: Killing 'syz-executor831' (2153) (tgid 2153), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3712) because cache 38260kB is below limit 65536kB for oom_score_adj 12 Free memory is -12384kB above reserved lowmemorykiller: Killing 'syz-executor831' (2156) (tgid 2156), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3727) because cache 38208kB is below limit 65536kB for oom_score_adj 12 Free memory is -13332kB above reserved lowmemorykiller: Killing 'syz-executor831' (2159) (tgid 2159), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3727) because cache 38108kB is below limit 65536kB for oom_score_adj 12 Free memory is -13332kB above reserved lowmemorykiller: Killing 'syz-executor831' (2170) (tgid 2170), adj 1000, to free 12172kB on behalf of 'syz-executor831' (2072) because cache 38008kB is below limit 65536kB for oom_score_adj 12 Free memory is -11956kB above reserved lowmemorykiller: Killing 'syz-executor831' (2177) (tgid 2177), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3736) because cache 37248kB is below limit 65536kB for oom_score_adj 12 Free memory is -13260kB above reserved lowmemorykiller: Killing 'syz-executor831' (2183) (tgid 2183), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3736) because cache 37248kB is below limit 65536kB for oom_score_adj 12 Free memory is -7060kB above reserved lowmemorykiller: Killing 'syz-executor831' (2186) (tgid 2186), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3736) because cache 36948kB is below limit 65536kB for oom_score_adj 12 Free memory is -6960kB above reserved lowmemorykiller: Killing 'syz-executor831' (2189) (tgid 2189), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3736) because cache 36948kB is below limit 65536kB for oom_score_adj 12 Free memory is -160kB above reserved lowmemorykiller: Killing 'syz-executor831' (2192) (tgid 2192), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3736) because cache 36948kB is below limit 65536kB for oom_score_adj 12 Free memory is 540kB above reserved lowmemorykiller: Killing 'syz-executor831' (2195) (tgid 2195), adj 1000, to free 12172kB on behalf of 'syz-executor831' (2072) because cache 36948kB is below limit 65536kB for oom_score_adj 12 Free memory is -12664kB above reserved lowmemorykiller: Killing 'syz-executor831' (2222) (tgid 2222), adj 1000, to free 12172kB on behalf of 'syz-executor831' (2072) because cache 36108kB is below limit 65536kB for oom_score_adj 12 Free memory is -12352kB above reserved lowmemorykiller: Killing 'syz-executor831' (2237) (tgid 2237), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3760) because cache 32104kB is below limit 65536kB for oom_score_adj 12 Free memory is -13428kB above reserved lowmemorykiller: Killing 'syz-executor831' (2240) (tgid 2240), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3760) because cache 32104kB is below limit 65536kB for oom_score_adj 12 Free memory is -11028kB above reserved lowmemorykiller: Killing 'syz-executor831' (2243) (tgid 2243), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3760) because cache 31904kB is below limit 65536kB for oom_score_adj 12 Free memory is -3228kB above reserved lowmemorykiller: Killing 'syz-executor831' (2246) (tgid 2246), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3760) because cache 31904kB is below limit 65536kB for oom_score_adj 12 Free memory is 2872kB above reserved lowmemorykiller: Killing 'syz-executor831' (2249) (tgid 2249), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3760) because cache 32004kB is below limit 65536kB for oom_score_adj 12 Free memory is 8972kB above reserved lowmemorykiller: Killing 'syz-executor831' (2255) (tgid 2255), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3760) because cache 31804kB is below limit 65536kB for oom_score_adj 12 Free memory is 18272kB above reserved lowmemorykiller: Killing 'syz-executor831' (2258) (tgid 2258), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3778) because cache 31852kB is below limit 65536kB for oom_score_adj 12 Free memory is -13436kB above reserved lowmemorykiller: Killing 'syz-executor831' (2261) (tgid 2261), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3778) because cache 31752kB is below limit 65536kB for oom_score_adj 12 Free memory is -5536kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 3778, name: syz-executor831 INFO: lockdep is turned off. Preemption disabled at: [<0000000071e6de5f>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000071e6de5f>] task_lock include/linux/sched.h:3217 [inline] [<0000000071e6de5f>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 3778 Comm: syz-executor831 Tainted: G W 4.9.184+ #5 ffff8801d3ea7018 ffffffff81b580a1 0000000000000000 0000000000000001 ffff8801cf4517c0 ffffffff810d0ca0 ffff8801cf4517c0 ffff8801d3ea7050 ffffffff8140040c ffff8801cf4517c0 ffffffff82a39900 0000000000000387 Call Trace: [<000000002fd63b38>] __dump_stack lib/dump_stack.c:15 [inline] [<000000002fd63b38>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000debae92a>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<0000000037f78384>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<000000000514e9b7>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c1f8082b>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000b5d06e7a>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000065251831>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000065251831>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000083c74872>] shrink_slab mm/vmscan.c:466 [inline] [<0000000083c74872>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<000000003b5f1ee5>] shrink_zones mm/vmscan.c:2751 [inline] [<000000003b5f1ee5>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<000000003b5f1ee5>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000015fe08a8>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000015fe08a8>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000015fe08a8>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000015fe08a8>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000a638cbde>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000a638cbde>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000a638cbde>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000a638cbde>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000a638cbde>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000a638cbde>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<0000000020a65291>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002513a8a4>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000003ffc07fa>] do_read_fault mm/memory.c:3202 [inline] [<000000003ffc07fa>] do_fault mm/memory.c:3338 [inline] [<000000003ffc07fa>] handle_pte_fault mm/memory.c:3547 [inline] [<000000003ffc07fa>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000003ffc07fa>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fa81dfca>] faultin_page mm/gup.c:395 [inline] [<00000000fa81dfca>] __get_user_pages+0x3c7/0x10b0 mm/gup.c:597 [<00000000212c2f4a>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1115 [<000000004388c4dc>] __mm_populate+0x1b9/0x300 mm/gup.c:1163 [<0000000063ef8500>] mm_populate include/linux/mm.h:2056 [inline] [<0000000063ef8500>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<0000000037e8c063>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<0000000037e8c063>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000096ce140>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000096ce140>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<0000000004a565b6>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<000000008974863c>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor831' (2264) (tgid 2264), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3784) because cache 31552kB is below limit 65536kB for oom_score_adj 12 Free memory is -13372kB above reserved lowmemorykiller: Killing 'syz-executor831' (2267) (tgid 2267), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3784) because cache 31352kB is below limit 65536kB for oom_score_adj 12 Free memory is -13248kB above reserved lowmemorykiller: Killing 'syz-executor831' (2270) (tgid 2270), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3784) because cache 31152kB is below limit 65536kB for oom_score_adj 12 Free memory is -13248kB above reserved lowmemorykiller: Killing 'syz-executor831' (2276) (tgid 2276), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3793) because cache 30968kB is below limit 65536kB for oom_score_adj 12 Free memory is -13428kB above reserved lowmemorykiller: Killing 'syz-executor831' (2279) (tgid 2279), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3793) because cache 30768kB is below limit 65536kB for oom_score_adj 12 Free memory is -13232kB above reserved lowmemorykiller: Killing 'syz-executor831' (2285) (tgid 2285), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3793) because cache 30768kB is below limit 65536kB for oom_score_adj 12 Free memory is -13232kB above reserved lowmemorykiller: Killing 'syz-executor831' (2291) (tgid 2291), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3802) because cache 29972kB is below limit 65536kB for oom_score_adj 12 Free memory is -13436kB above reserved lowmemorykiller: Killing 'syz-executor831' (2297) (tgid 2297), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3802) because cache 29972kB is below limit 65536kB for oom_score_adj 12 Free memory is -13436kB above reserved lowmemorykiller: Killing 'syz-executor831' (2300) (tgid 2300), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3808) because cache 29640kB is below limit 65536kB for oom_score_adj 12 Free memory is -13316kB above reserved lowmemorykiller: Killing 'syz-executor831' (2306) (tgid 2306), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3808) because cache 29440kB is below limit 65536kB for oom_score_adj 12 Free memory is -13280kB above reserved lowmemorykiller: Killing 'syz-executor831' (2309) (tgid 2309), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3808) because cache 29440kB is below limit 65536kB for oom_score_adj 12 Free memory is -13280kB above reserved lowmemorykiller: Killing 'syz-executor831' (2324) (tgid 2324), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3817) because cache 28756kB is below limit 65536kB for oom_score_adj 12 Free memory is -13432kB above reserved lowmemorykiller: Killing 'syz-executor831' (2327) (tgid 2327), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3817) because cache 28556kB is below limit 65536kB for oom_score_adj 12 Free memory is -13312kB above reserved lowmemorykiller: Killing 'syz-executor831' (2333) (tgid 2333), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3817) because cache 28556kB is below limit 65536kB for oom_score_adj 12 Free memory is -13312kB above reserved lowmemorykiller: Killing 'syz-executor831' (2345) (tgid 2345), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3817) because cache 28556kB is below limit 65536kB for oom_score_adj 12 Free memory is -10012kB above reserved lowmemorykiller: Killing 'syz-executor831' (2348) (tgid 2348), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3817) because cache 28556kB is below limit 65536kB for oom_score_adj 12 Free memory is 7572kB above reserved lowmemorykiller: Killing 'syz-executor831' (2354) (tgid 2354), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3817) because cache 28456kB is below limit 65536kB for oom_score_adj 12 Free memory is 21880kB above reserved lowmemorykiller: Killing 'syz-executor831' (2357) (tgid 2357), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3817) because cache 28556kB is below limit 65536kB for oom_score_adj 12 Free memory is 33780kB above reserved lowmemorykiller: Killing 'syz-executor831' (2360) (tgid 2360), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3817) because cache 28456kB is below limit 65536kB for oom_score_adj 12 Free memory is 40480kB above reserved lowmemorykiller: Killing 'syz-executor831' (2366) (tgid 2366), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3817) because cache 28456kB is below limit 65536kB for oom_score_adj 12 Free memory is 58280kB above reserved lowmemorykiller: Killing 'syz-executor831' (2387) (tgid 2387), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3844) because cache 28344kB is below limit 65536kB for oom_score_adj 12 Free memory is -13396kB above reserved lowmemorykiller: Killing 'syz-executor831' (2390) (tgid 2390), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3844) because cache 28344kB is below limit 65536kB for oom_score_adj 12 Free memory is -5596kB above reserved lowmemorykiller: Killing 'syz-executor831' (2402) (tgid 2402), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3844) because cache 28344kB is below limit 65536kB for oom_score_adj 12 Free memory is 1892kB above reserved lowmemorykiller: Killing 'syz-executor831' (2408) (tgid 2408), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3844) because cache 28344kB is below limit 65536kB for oom_score_adj 12 Free memory is 6692kB above reserved lowmemorykiller: Killing 'syz-executor831' (2411) (tgid 2411), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3844) because cache 28344kB is below limit 65536kB for oom_score_adj 12 Free memory is 17568kB above reserved lowmemorykiller: Killing 'syz-executor831' (2417) (tgid 2417), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3859) because cache 28144kB is below limit 65536kB for oom_score_adj 12 Free memory is -13420kB above reserved lowmemorykiller: Killing 'syz-executor831' (2429) (tgid 2429), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3859) because cache 28144kB is below limit 65536kB for oom_score_adj 12 Free memory is -2820kB above reserved lowmemorykiller: Killing 'syz-executor831' (2432) (tgid 2432), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3859) because cache 28144kB is below limit 65536kB for oom_score_adj 12 Free memory is 4880kB above reserved lowmemorykiller: Killing 'syz-executor831' (2441) (tgid 2441), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3859) because cache 28144kB is below limit 65536kB for oom_score_adj 12 Free memory is 7980kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 3859, name: syz-executor831 INFO: lockdep is turned off. Preemption disabled at: [<0000000071e6de5f>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000071e6de5f>] task_lock include/linux/sched.h:3217 [inline] [<0000000071e6de5f>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 3859 Comm: syz-executor831 Tainted: G W 4.9.184+ #5 ffff8801cbae7018 ffffffff81b580a1 0000000000000000 0000000000000001 ffff8801cf542f80 ffffffff810d0ca0 ffff8801cf542f80 ffff8801cbae7050 ffffffff8140040c ffff8801cf542f80 ffffffff82a39900 0000000000000387 Call Trace: [<000000002fd63b38>] __dump_stack lib/dump_stack.c:15 [inline] [<000000002fd63b38>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000debae92a>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<0000000037f78384>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<000000000514e9b7>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c1f8082b>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000b5d06e7a>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000065251831>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000065251831>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000083c74872>] shrink_slab mm/vmscan.c:466 [inline] [<0000000083c74872>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<000000003b5f1ee5>] shrink_zones mm/vmscan.c:2751 [inline] [<000000003b5f1ee5>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<000000003b5f1ee5>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000015fe08a8>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000015fe08a8>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000015fe08a8>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000015fe08a8>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000a638cbde>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000a638cbde>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000a638cbde>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000a638cbde>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000a638cbde>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000a638cbde>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<0000000020a65291>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002513a8a4>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000003ffc07fa>] do_read_fault mm/memory.c:3202 [inline] [<000000003ffc07fa>] do_fault mm/memory.c:3338 [inline] [<000000003ffc07fa>] handle_pte_fault mm/memory.c:3547 [inline] [<000000003ffc07fa>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000003ffc07fa>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fa81dfca>] faultin_page mm/gup.c:395 [inline] [<00000000fa81dfca>] __get_user_pages+0x3c7/0x10b0 mm/gup.c:597 [<00000000212c2f4a>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1115 [<000000004388c4dc>] __mm_populate+0x1b9/0x300 mm/gup.c:1163 [<0000000063ef8500>] mm_populate include/linux/mm.h:2056 [inline] [<0000000063ef8500>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<0000000037e8c063>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<0000000037e8c063>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000096ce140>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000096ce140>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<0000000004a565b6>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<000000008974863c>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor831' (2447) (tgid 2447), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3859) because cache 28144kB is below limit 65536kB for oom_score_adj 12 Free memory is 15564kB above reserved lowmemorykiller: Killing 'syz-executor831' (2468) (tgid 2468), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3859) because cache 28044kB is below limit 65536kB for oom_score_adj 12 Free memory is 17064kB above reserved lowmemorykiller: Killing 'syz-executor831' (2471) (tgid 2471), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3877) because cache 27944kB is below limit 65536kB for oom_score_adj 12 Free memory is -13356kB above reserved lowmemorykiller: Killing 'syz-executor831' (2477) (tgid 2477), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3877) because cache 27744kB is below limit 65536kB for oom_score_adj 12 Free memory is -13260kB above reserved lowmemorykiller: Killing 'syz-executor831' (2483) (tgid 2483), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3877) because cache 27744kB is below limit 65536kB for oom_score_adj 12 Free memory is -13260kB above reserved lowmemorykiller: Killing 'syz-executor831' (2486) (tgid 2486), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3886) because cache 27544kB is below limit 65536kB for oom_score_adj 12 Free memory is -13344kB above reserved lowmemorykiller: Killing 'syz-executor831' (2501) (tgid 2501), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3886) because cache 27348kB is below limit 65536kB for oom_score_adj 12 Free memory is -13380kB above reserved lowmemorykiller: Killing 'syz-executor831' (2513) (tgid 2513), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3886) because cache 27348kB is below limit 65536kB for oom_score_adj 12 Free memory is -2104kB above reserved lowmemorykiller: Killing 'syz-executor831' (2516) (tgid 2516), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3886) because cache 27348kB is below limit 65536kB for oom_score_adj 12 Free memory is 5796kB above reserved lowmemorykiller: Killing 'syz-executor831' (2525) (tgid 2525), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3886) because cache 27348kB is below limit 65536kB for oom_score_adj 12 Free memory is 12296kB above reserved lowmemorykiller: Killing 'syz-executor831' (2528) (tgid 2528), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3886) because cache 27348kB is below limit 65536kB for oom_score_adj 12 Free memory is 20096kB above reserved lowmemorykiller: Killing 'syz-executor831' (2546) (tgid 2546), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3886) because cache 27348kB is below limit 65536kB for oom_score_adj 12 Free memory is 25696kB above reserved lowmemorykiller: Killing 'syz-executor831' (2549) (tgid 2549), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3886) because cache 27348kB is below limit 65536kB for oom_score_adj 12 Free memory is 38896kB above reserved lowmemorykiller: Killing 'syz-executor831' (2558) (tgid 2558), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3886) because cache 27348kB is below limit 65536kB for oom_score_adj 12 Free memory is 47088kB above reserved lowmemorykiller: Killing 'syz-executor831' (2570) (tgid 2570), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3886) because cache 27248kB is below limit 65536kB for oom_score_adj 12 Free memory is 54972kB above reserved lowmemorykiller: Killing 'syz-executor831' (2588) (tgid 2588), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3916) because cache 27152kB is below limit 65536kB for oom_score_adj 12 Free memory is -13336kB above reserved lowmemorykiller: Killing 'syz-executor831' (2600) (tgid 2600), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3916) because cache 27152kB is below limit 65536kB for oom_score_adj 12 Free memory is -11140kB above reserved lowmemorykiller: Killing 'syz-executor831' (2603) (tgid 2603), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3922) because cache 26956kB is below limit 65536kB for oom_score_adj 12 Free memory is -13416kB above reserved lowmemorykiller: Killing 'syz-executor831' (2609) (tgid 2609), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3922) because cache 26756kB is below limit 65536kB for oom_score_adj 12 Free memory is -13304kB above reserved lowmemorykiller: Killing 'syz-executor831' (2612) (tgid 2612), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3922) because cache 26756kB is below limit 65536kB for oom_score_adj 12 Free memory is -13304kB above reserved lowmemorykiller: Killing 'syz-executor831' (2615) (tgid 2615), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3922) because cache 26356kB is below limit 65536kB for oom_score_adj 12 Free memory is -8156kB above reserved lowmemorykiller: Killing 'syz-executor831' (2633) (tgid 2633), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3922) because cache 26356kB is below limit 65536kB for oom_score_adj 12 Free memory is -7756kB above reserved lowmemorykiller: Killing 'syz-executor831' (2651) (tgid 2651), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3937) because cache 26376kB is below limit 65536kB for oom_score_adj 12 Free memory is -13376kB above reserved lowmemorykiller: Killing 'syz-executor831' (2654) (tgid 2654), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3937) because cache 26276kB is below limit 65536kB for oom_score_adj 12 Free memory is -13300kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 3937, name: syz-executor831 INFO: lockdep is turned off. Preemption disabled at: [<0000000071e6de5f>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000071e6de5f>] task_lock include/linux/sched.h:3217 [inline] [<0000000071e6de5f>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 3937 Comm: syz-executor831 Tainted: G W 4.9.184+ #5 ffff8801ccaef018 ffffffff81b580a1 0000000000000000 0000000000000001 ffff8801ccae0000 ffffffff810d0ca0 ffff8801ccae0000 ffff8801ccaef050 ffffffff8140040c ffff8801ccae0000 ffffffff82a39900 0000000000000387 Call Trace: [<000000002fd63b38>] __dump_stack lib/dump_stack.c:15 [inline] [<000000002fd63b38>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000debae92a>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<0000000037f78384>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<000000000514e9b7>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c1f8082b>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000b5d06e7a>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000065251831>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000065251831>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000083c74872>] shrink_slab mm/vmscan.c:466 [inline] [<0000000083c74872>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<000000003b5f1ee5>] shrink_zones mm/vmscan.c:2751 [inline] [<000000003b5f1ee5>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<000000003b5f1ee5>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000015fe08a8>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000015fe08a8>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000015fe08a8>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000015fe08a8>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000a638cbde>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000a638cbde>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000a638cbde>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000a638cbde>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000a638cbde>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000a638cbde>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<0000000020a65291>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002513a8a4>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000003ffc07fa>] do_read_fault mm/memory.c:3202 [inline] [<000000003ffc07fa>] do_fault mm/memory.c:3338 [inline] [<000000003ffc07fa>] handle_pte_fault mm/memory.c:3547 [inline] [<000000003ffc07fa>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000003ffc07fa>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fa81dfca>] faultin_page mm/gup.c:395 [inline] [<00000000fa81dfca>] __get_user_pages+0x3c7/0x10b0 mm/gup.c:597 [<00000000212c2f4a>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1115 [<000000004388c4dc>] __mm_populate+0x1b9/0x300 mm/gup.c:1163 [<0000000063ef8500>] mm_populate include/linux/mm.h:2056 [inline] [<0000000063ef8500>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<0000000037e8c063>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<0000000037e8c063>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000096ce140>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000096ce140>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<0000000004a565b6>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<000000008974863c>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor831' (2657) (tgid 2657), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3937) because cache 26276kB is below limit 65536kB for oom_score_adj 12 Free memory is -7400kB above reserved lowmemorykiller: Killing 'syz-executor831' (2663) (tgid 2663), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3937) because cache 26176kB is below limit 65536kB for oom_score_adj 12 Free memory is 1200kB above reserved lowmemorykiller: Killing 'syz-executor831' (2678) (tgid 2678), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3949) because cache 25976kB is below limit 65536kB for oom_score_adj 12 Free memory is -13228kB above reserved lowmemorykiller: Killing 'syz-executor831' (2681) (tgid 2681), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3949) because cache 25976kB is below limit 65536kB for oom_score_adj 12 Free memory is -4728kB above reserved lowmemorykiller: Killing 'syz-executor831' (2684) (tgid 2684), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3955) because cache 25776kB is below limit 65536kB for oom_score_adj 12 Free memory is -13256kB above reserved lowmemorykiller: Killing 'syz-executor831' (2696) (tgid 2696), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3955) because cache 25600kB is below limit 65536kB for oom_score_adj 12 Free memory is -13292kB above reserved lowmemorykiller: Killing 'syz-executor831' (2699) (tgid 2699), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3955) because cache 25700kB is below limit 65536kB for oom_score_adj 12 Free memory is -5716kB above reserved lowmemorykiller: Killing 'syz-executor831' (2702) (tgid 2702), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3955) because cache 25600kB is below limit 65536kB for oom_score_adj 12 Free memory is 3284kB above reserved lowmemorykiller: Killing 'syz-executor831' (2708) (tgid 2708), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3955) because cache 25600kB is below limit 65536kB for oom_score_adj 12 Free memory is 8584kB above reserved lowmemorykiller: Killing 'syz-executor831' (2711) (tgid 2711), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3955) because cache 25600kB is below limit 65536kB for oom_score_adj 12 Free memory is 17080kB above reserved lowmemorykiller: Killing 'syz-executor831' (2717) (tgid 2717), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3955) because cache 25600kB is below limit 65536kB for oom_score_adj 12 Free memory is 25980kB above reserved lowmemorykiller: Killing 'syz-executor831' (2720) (tgid 2720), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3955) because cache 25600kB is below limit 65536kB for oom_score_adj 12 Free memory is 36280kB above reserved lowmemorykiller: Killing 'syz-executor831' (2723) (tgid 2723), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3955) because cache 25500kB is below limit 65536kB for oom_score_adj 12 Free memory is 39380kB above reserved lowmemorykiller: Killing 'syz-executor831' (2732) (tgid 2732), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3955) because cache 25524kB is below limit 65536kB for oom_score_adj 12 Free memory is 58568kB above reserved lowmemorykiller: Killing 'syz-executor831' (2735) (tgid 2735), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3985) because cache 25436kB is below limit 65536kB for oom_score_adj 12 Free memory is -13272kB above reserved lowmemorykiller: Killing 'syz-executor831' (2741) (tgid 2741), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3985) because cache 25436kB is below limit 65536kB for oom_score_adj 12 Free memory is -6392kB above reserved lowmemorykiller: Killing 'syz-executor831' (2744) (tgid 2744), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3985) because cache 25436kB is below limit 65536kB for oom_score_adj 12 Free memory is 1408kB above reserved lowmemorykiller: Killing 'syz-executor831' (2747) (tgid 2747), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3985) because cache 25436kB is below limit 65536kB for oom_score_adj 12 Free memory is 7108kB above reserved lowmemorykiller: Killing 'syz-executor831' (2750) (tgid 2750), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3985) because cache 25436kB is below limit 65536kB for oom_score_adj 12 Free memory is 16584kB above reserved lowmemorykiller: Killing 'syz-executor831' (2756) (tgid 2756), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3985) because cache 25436kB is below limit 65536kB for oom_score_adj 12 Free memory is 24484kB above reserved lowmemorykiller: Killing 'syz-executor831' (2759) (tgid 2759), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3985) because cache 25436kB is below limit 65536kB for oom_score_adj 12 Free memory is 32184kB above reserved lowmemorykiller: Killing 'syz-executor831' (2765) (tgid 2765), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3985) because cache 25336kB is below limit 65536kB for oom_score_adj 12 Free memory is 39984kB above reserved lowmemorykiller: Killing 'syz-executor831' (2768) (tgid 2768), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3985) because cache 25336kB is below limit 65536kB for oom_score_adj 12 Free memory is 47484kB above reserved lowmemorykiller: Killing 'syz-executor831' (2780) (tgid 2780), adj 1000, to free 12172kB on behalf of 'syz-executor831' (3985) because cache 25336kB is below limit 65536kB for oom_score_adj 12 Free memory is 59664kB above reserved lowmemorykiller: Killing 'syz-executor831' (2792) (tgid 2792), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4015) because cache 25252kB is below limit 65536kB for oom_score_adj 12 Free memory is -13216kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4015, name: syz-executor831 INFO: lockdep is turned off. Preemption disabled at: [<0000000071e6de5f>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000071e6de5f>] task_lock include/linux/sched.h:3217 [inline] [<0000000071e6de5f>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 1 PID: 4015 Comm: syz-executor831 Tainted: G W 4.9.184+ #5 ffff88014f3e7018 ffffffff81b580a1 0000000000000000 0000000000000001 ffff8801d2ff0000 ffffffff810d0ca0 ffff8801d2ff0000 ffff88014f3e7050 ffffffff8140040c ffff8801d2ff0000 ffffffff82a39900 0000000000000387 Call Trace: [<000000002fd63b38>] __dump_stack lib/dump_stack.c:15 [inline] [<000000002fd63b38>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000debae92a>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<0000000037f78384>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<000000000514e9b7>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c1f8082b>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000b5d06e7a>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000065251831>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000065251831>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000083c74872>] shrink_slab mm/vmscan.c:466 [inline] [<0000000083c74872>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<000000003b5f1ee5>] shrink_zones mm/vmscan.c:2751 [inline] [<000000003b5f1ee5>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<000000003b5f1ee5>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000015fe08a8>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000015fe08a8>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000015fe08a8>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000015fe08a8>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000a638cbde>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000a638cbde>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000a638cbde>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000a638cbde>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000a638cbde>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000a638cbde>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<0000000020a65291>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002513a8a4>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000003ffc07fa>] do_read_fault mm/memory.c:3202 [inline] [<000000003ffc07fa>] do_fault mm/memory.c:3338 [inline] [<000000003ffc07fa>] handle_pte_fault mm/memory.c:3547 [inline] [<000000003ffc07fa>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000003ffc07fa>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fa81dfca>] faultin_page mm/gup.c:395 [inline] [<00000000fa81dfca>] __get_user_pages+0x3c7/0x10b0 mm/gup.c:597 [<00000000212c2f4a>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1115 [<000000004388c4dc>] __mm_populate+0x1b9/0x300 mm/gup.c:1163 [<0000000063ef8500>] mm_populate include/linux/mm.h:2056 [inline] [<0000000063ef8500>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<0000000037e8c063>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<0000000037e8c063>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000096ce140>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000096ce140>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<0000000004a565b6>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<000000008974863c>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor831' (2801) (tgid 2801), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4015) because cache 25052kB is below limit 65536kB for oom_score_adj 12 Free memory is -13292kB above reserved lowmemorykiller: Killing 'syz-executor831' (2804) (tgid 2804), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4015) because cache 25052kB is below limit 65536kB for oom_score_adj 12 Free memory is -13292kB above reserved lowmemorykiller: Killing 'syz-executor831' (2807) (tgid 2807), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4024) because cache 24700kB is below limit 65536kB for oom_score_adj 12 Free memory is -13288kB above reserved lowmemorykiller: Killing 'syz-executor831' (2813) (tgid 2813), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4024) because cache 24500kB is below limit 65536kB for oom_score_adj 12 Free memory is -13276kB above reserved lowmemorykiller: Killing 'syz-executor831' (2816) (tgid 2816), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4024) because cache 24500kB is below limit 65536kB for oom_score_adj 12 Free memory is -13276kB above reserved lowmemorykiller: Killing 'syz-executor831' (2828) (tgid 2828), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4033) because cache 24012kB is below limit 65536kB for oom_score_adj 12 Free memory is -13272kB above reserved lowmemorykiller: Killing 'syz-executor831' (2837) (tgid 2837), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4033) because cache 23812kB is below limit 65536kB for oom_score_adj 12 Free memory is -13212kB above reserved lowmemorykiller: Killing 'syz-executor831' (2849) (tgid 2849), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4033) because cache 23812kB is below limit 65536kB for oom_score_adj 12 Free memory is -13212kB above reserved lowmemorykiller: Killing 'syz-executor831' (2861) (tgid 2861), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4033) because cache 23512kB is below limit 65536kB for oom_score_adj 12 Free memory is -13304kB above reserved lowmemorykiller: Killing 'syz-executor831' (2876) (tgid 2876), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4033) because cache 23512kB is below limit 65536kB for oom_score_adj 12 Free memory is -13304kB above reserved lowmemorykiller: Killing 'syz-executor831' (2879) (tgid 2879), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4033) because cache 23512kB is below limit 65536kB for oom_score_adj 12 Free memory is -5528kB above reserved lowmemorykiller: Killing 'syz-executor831' (2885) (tgid 2885), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4033) because cache 23512kB is below limit 65536kB for oom_score_adj 12 Free memory is 14172kB above reserved lowmemorykiller: Killing 'syz-executor831' (2888) (tgid 2888), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4033) because cache 23512kB is below limit 65536kB for oom_score_adj 12 Free memory is 34964kB above reserved lowmemorykiller: Killing 'syz-executor831' (2891) (tgid 2891), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4033) because cache 23512kB is below limit 65536kB for oom_score_adj 12 Free memory is 38140kB above reserved lowmemorykiller: Killing 'syz-executor831' (2894) (tgid 2894), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4033) because cache 23512kB is below limit 65536kB for oom_score_adj 12 Free memory is 46040kB above reserved lowmemorykiller: Killing 'syz-executor831' (2900) (tgid 2900), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4033) because cache 23512kB is below limit 65536kB for oom_score_adj 12 Free memory is 54040kB above reserved lowmemorykiller: Killing 'syz-executor831' (2903) (tgid 2903), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4033) because cache 23512kB is below limit 65536kB for oom_score_adj 12 Free memory is 62036kB above reserved lowmemorykiller: Killing 'syz-executor831' (2909) (tgid 2909), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4069) because cache 23348kB is below limit 65536kB for oom_score_adj 12 Free memory is -13264kB above reserved lowmemorykiller: Killing 'syz-executor831' (2918) (tgid 2918), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4069) because cache 23348kB is below limit 65536kB for oom_score_adj 12 Free memory is -9964kB above reserved lowmemorykiller: Killing 'syz-executor831' (2921) (tgid 2921), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4069) because cache 23348kB is below limit 65536kB for oom_score_adj 12 Free memory is -3064kB above reserved lowmemorykiller: Killing 'syz-executor831' (2924) (tgid 2924), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4069) because cache 23348kB is below limit 65536kB for oom_score_adj 12 Free memory is 3336kB above reserved lowmemorykiller: Killing 'syz-executor831' (2927) (tgid 2927), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4069) because cache 23348kB is below limit 65536kB for oom_score_adj 12 Free memory is 13836kB above reserved lowmemorykiller: Killing 'syz-executor831' (2930) (tgid 2930), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4069) because cache 23348kB is below limit 65536kB for oom_score_adj 12 Free memory is 19924kB above reserved lowmemorykiller: Killing 'syz-executor831' (2933) (tgid 2933), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4069) because cache 23348kB is below limit 65536kB for oom_score_adj 12 Free memory is 31924kB above reserved lowmemorykiller: Killing 'syz-executor831' (2939) (tgid 2939), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4069) because cache 23348kB is below limit 65536kB for oom_score_adj 12 Free memory is 35124kB above reserved lowmemorykiller: Killing 'syz-executor831' (2942) (tgid 2942), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4069) because cache 23248kB is below limit 65536kB for oom_score_adj 12 Free memory is 51524kB above reserved lowmemorykiller: Killing 'syz-executor831' (2945) (tgid 2945), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4096) because cache 23184kB is below limit 65536kB for oom_score_adj 12 Free memory is -13344kB above reserved lowmemorykiller: Killing 'syz-executor831' (2948) (tgid 2948), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4096) because cache 23184kB is below limit 65536kB for oom_score_adj 12 Free memory is -8344kB above reserved lowmemorykiller: Killing 'syz-executor831' (2954) (tgid 2954), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4096) because cache 23184kB is below limit 65536kB for oom_score_adj 12 Free memory is -744kB above reserved lowmemorykiller: Killing 'syz-executor831' (2975) (tgid 2975), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4096) because cache 23184kB is below limit 65536kB for oom_score_adj 12 Free memory is 6232kB above reserved lowmemorykiller: Killing 'syz-executor831' (2978) (tgid 2978), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4096) because cache 23184kB is below limit 65536kB for oom_score_adj 12 Free memory is 14224kB above reserved lowmemorykiller: Killing 'syz-executor831' (2990) (tgid 2990), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4096) because cache 23184kB is below limit 65536kB for oom_score_adj 12 Free memory is 21724kB above reserved lowmemorykiller: Killing 'syz-executor831' (2996) (tgid 2996), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4096) because cache 23184kB is below limit 65536kB for oom_score_adj 12 Free memory is 29524kB above reserved lowmemorykiller: Killing 'syz-executor831' (3014) (tgid 3014), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4096) because cache 23184kB is below limit 65536kB for oom_score_adj 12 Free memory is 37124kB above reserved lowmemorykiller: Killing 'syz-executor831' (3047) (tgid 3047), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4096) because cache 23084kB is below limit 65536kB for oom_score_adj 12 Free memory is 44900kB above reserved lowmemorykiller: Killing 'syz-executor831' (3053) (tgid 3053), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4096) because cache 23184kB is below limit 65536kB for oom_score_adj 12 Free memory is 52300kB above reserved lowmemorykiller: Killing 'syz-executor831' (3056) (tgid 3056), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4096) because cache 22984kB is below limit 65536kB for oom_score_adj 12 Free memory is 60100kB above reserved lowmemorykiller: Killing 'syz-executor831' (3059) (tgid 3059), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4129) because cache 23020kB is below limit 65536kB for oom_score_adj 12 Free memory is -13408kB above reserved lowmemorykiller: Killing 'syz-executor831' (3062) (tgid 3062), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4129) because cache 23020kB is below limit 65536kB for oom_score_adj 12 Free memory is -10808kB above reserved lowmemorykiller: Killing 'syz-executor831' (3065) (tgid 3065), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4129) because cache 23020kB is below limit 65536kB for oom_score_adj 12 Free memory is -4328kB above reserved lowmemorykiller: Killing 'syz-executor831' (3077) (tgid 3077), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4129) because cache 23020kB is below limit 65536kB for oom_score_adj 12 Free memory is 1660kB above reserved lowmemorykiller: Killing 'syz-executor831' (3083) (tgid 3083), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4129) because cache 23020kB is below limit 65536kB for oom_score_adj 12 Free memory is 9260kB above reserved lowmemorykiller: Killing 'syz-executor831' (3089) (tgid 3089), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4129) because cache 23020kB is below limit 65536kB for oom_score_adj 12 Free memory is 13560kB above reserved lowmemorykiller: Killing 'syz-executor831' (3095) (tgid 3095), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4129) because cache 23020kB is below limit 65536kB for oom_score_adj 12 Free memory is 24460kB above reserved lowmemorykiller: Killing 'syz-executor831' (3101) (tgid 3101), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4129) because cache 23020kB is below limit 65536kB for oom_score_adj 12 Free memory is 27060kB above reserved lowmemorykiller: Killing 'syz-executor831' (3113) (tgid 3113), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4129) because cache 22920kB is below limit 65536kB for oom_score_adj 12 Free memory is 34760kB above reserved lowmemorykiller: Killing 'syz-executor831' (3125) (tgid 3125), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4129) because cache 23020kB is below limit 65536kB for oom_score_adj 12 Free memory is 42060kB above reserved lowmemorykiller: Killing 'syz-executor831' (3140) (tgid 3140), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4129) because cache 22820kB is below limit 65536kB for oom_score_adj 12 Free memory is 61960kB above reserved lowmemorykiller: Killing 'syz-executor831' (3143) (tgid 3143), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4168) because cache 22856kB is below limit 65536kB for oom_score_adj 12 Free memory is -13396kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4168, name: syz-executor831 INFO: lockdep is turned off. Preemption disabled at: [<0000000071e6de5f>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000071e6de5f>] task_lock include/linux/sched.h:3217 [inline] [<0000000071e6de5f>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 1 PID: 4168 Comm: syz-executor831 Tainted: G W 4.9.184+ #5 ffff880093867018 ffffffff81b580a1 0000000000000000 0000000000000001 ffff8800938017c0 ffffffff810d0ca0 ffff8800938017c0 ffff880093867050 ffffffff8140040c ffff8800938017c0 ffffffff82a39900 0000000000000387 Call Trace: [<000000002fd63b38>] __dump_stack lib/dump_stack.c:15 [inline] [<000000002fd63b38>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000debae92a>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<0000000037f78384>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<000000000514e9b7>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c1f8082b>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000b5d06e7a>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000065251831>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000065251831>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000083c74872>] shrink_slab mm/vmscan.c:466 [inline] [<0000000083c74872>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<000000003b5f1ee5>] shrink_zones mm/vmscan.c:2751 [inline] [<000000003b5f1ee5>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<000000003b5f1ee5>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000015fe08a8>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000015fe08a8>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000015fe08a8>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000015fe08a8>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000a638cbde>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000a638cbde>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000a638cbde>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000a638cbde>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000a638cbde>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000a638cbde>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<0000000020a65291>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002513a8a4>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000003ffc07fa>] do_read_fault mm/memory.c:3202 [inline] [<000000003ffc07fa>] do_fault mm/memory.c:3338 [inline] [<000000003ffc07fa>] handle_pte_fault mm/memory.c:3547 [inline] [<000000003ffc07fa>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000003ffc07fa>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fa81dfca>] faultin_page mm/gup.c:395 [inline] [<00000000fa81dfca>] __get_user_pages+0x3c7/0x10b0 mm/gup.c:597 [<00000000212c2f4a>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1115 [<000000004388c4dc>] __mm_populate+0x1b9/0x300 mm/gup.c:1163 [<0000000063ef8500>] mm_populate include/linux/mm.h:2056 [inline] [<0000000063ef8500>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<0000000037e8c063>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<0000000037e8c063>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000096ce140>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000096ce140>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<0000000004a565b6>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<000000008974863c>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor831' (3146) (tgid 3146), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4168) because cache 22656kB is below limit 65536kB for oom_score_adj 12 Free memory is -13368kB above reserved lowmemorykiller: Killing 'syz-executor831' (3155) (tgid 3155), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4168) because cache 22656kB is below limit 65536kB for oom_score_adj 12 Free memory is -13368kB above reserved lowmemorykiller: Killing 'syz-executor831' (3158) (tgid 3158), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4177) because cache 22368kB is below limit 65536kB for oom_score_adj 12 Free memory is -13468kB above reserved lowmemorykiller: Killing 'syz-executor831' (3164) (tgid 3164), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4177) because cache 22368kB is below limit 65536kB for oom_score_adj 12 Free memory is -8668kB above reserved lowmemorykiller: Killing 'syz-executor831' (3167) (tgid 3167), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4177) because cache 22368kB is below limit 65536kB for oom_score_adj 12 Free memory is -1068kB above reserved lowmemorykiller: Killing 'syz-executor831' (3170) (tgid 3170), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4177) because cache 22368kB is below limit 65536kB for oom_score_adj 12 Free memory is 5208kB above reserved lowmemorykiller: Killing 'syz-executor831' (3173) (tgid 3173), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4177) because cache 22368kB is below limit 65536kB for oom_score_adj 12 Free memory is 15108kB above reserved lowmemorykiller: Killing 'syz-executor831' (3188) (tgid 3188), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4177) because cache 22368kB is below limit 65536kB for oom_score_adj 12 Free memory is 23308kB above reserved lowmemorykiller: Killing 'syz-executor831' (3194) (tgid 3194), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4177) because cache 22368kB is below limit 65536kB for oom_score_adj 12 Free memory is 31708kB above reserved lowmemorykiller: Killing 'syz-executor831' (3200) (tgid 3200), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4177) because cache 22368kB is below limit 65536kB for oom_score_adj 12 Free memory is 39408kB above reserved lowmemorykiller: Killing 'syz-executor831' (3203) (tgid 3203), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4177) because cache 22368kB is below limit 65536kB for oom_score_adj 12 Free memory is 47708kB above reserved lowmemorykiller: Killing 'syz-executor831' (3212) (tgid 3212), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4204) because cache 22212kB is below limit 65536kB for oom_score_adj 12 Free memory is -13404kB above reserved lowmemorykiller: Killing 'syz-executor831' (3245) (tgid 3245), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4204) because cache 22112kB is below limit 65536kB for oom_score_adj 12 Free memory is -13280kB above reserved lowmemorykiller: Killing 'syz-executor831' (3257) (tgid 3257), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4204) because cache 22112kB is below limit 65536kB for oom_score_adj 12 Free memory is -3580kB above reserved lowmemorykiller: Killing 'syz-executor831' (3263) (tgid 3263), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4204) because cache 22112kB is below limit 65536kB for oom_score_adj 12 Free memory is -3180kB above reserved lowmemorykiller: Killing 'syz-executor831' (3271) (tgid 3271), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4216) because cache 21900kB is below limit 65536kB for oom_score_adj 12 Free memory is -13264kB above reserved lowmemorykiller: Killing 'syz-executor831' (3284) (tgid 3284), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4216) because cache 21900kB is below limit 65536kB for oom_score_adj 12 Free memory is -11464kB above reserved lowmemorykiller: Killing 'syz-executor831' (3287) (tgid 3287), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4216) because cache 21900kB is below limit 65536kB for oom_score_adj 12 Free memory is -1964kB above reserved lowmemorykiller: Killing 'syz-executor831' (3290) (tgid 3290), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4216) because cache 21900kB is below limit 65536kB for oom_score_adj 12 Free memory is 4836kB above reserved lowmemorykiller: Killing 'syz-executor831' (3296) (tgid 3296), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4228) because cache 21744kB is below limit 65536kB for oom_score_adj 12 Free memory is -13344kB above reserved lowmemorykiller: Killing 'syz-executor831' (3305) (tgid 3305), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4228) because cache 21744kB is below limit 65536kB for oom_score_adj 12 Free memory is -9344kB above reserved lowmemorykiller: Killing 'syz-executor831' (3314) (tgid 3314), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4228) because cache 21744kB is below limit 65536kB for oom_score_adj 12 Free memory is -1144kB above reserved lowmemorykiller: Killing 'syz-executor831' (3317) (tgid 3317), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4228) because cache 21744kB is below limit 65536kB for oom_score_adj 12 Free memory is 7056kB above reserved lowmemorykiller: Killing 'syz-executor831' (3323) (tgid 3323), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4228) because cache 21744kB is below limit 65536kB for oom_score_adj 12 Free memory is 11156kB above reserved lowmemorykiller: Killing 'syz-executor831' (3326) (tgid 3326), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4228) because cache 21744kB is below limit 65536kB for oom_score_adj 12 Free memory is 16656kB above reserved lowmemorykiller: Killing 'syz-executor831' (3329) (tgid 3329), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4228) because cache 21744kB is below limit 65536kB for oom_score_adj 12 Free memory is 22940kB above reserved lowmemorykiller: Killing 'syz-executor831' (3347) (tgid 3347), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4228) because cache 21744kB is below limit 65536kB for oom_score_adj 12 Free memory is 25140kB above reserved lowmemorykiller: Killing 'syz-executor831' (3356) (tgid 3356), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4252) because cache 21588kB is below limit 65536kB for oom_score_adj 12 Free memory is -13396kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4252, name: syz-executor831 INFO: lockdep is turned off. Preemption disabled at: [<0000000071e6de5f>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000071e6de5f>] task_lock include/linux/sched.h:3217 [inline] [<0000000071e6de5f>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4252 Comm: syz-executor831 Tainted: G W 4.9.184+ #5 ffff880093a0f018 ffffffff81b580a1 0000000000000000 0000000000000001 ffff8800939917c0 ffffffff810d0ca0 ffff8800939917c0 ffff880093a0f050 ffffffff8140040c ffff8800939917c0 ffffffff82a39900 0000000000000387 Call Trace: [<000000002fd63b38>] __dump_stack lib/dump_stack.c:15 [inline] [<000000002fd63b38>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000debae92a>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<0000000037f78384>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<000000000514e9b7>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c1f8082b>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000b5d06e7a>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000065251831>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000065251831>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000083c74872>] shrink_slab mm/vmscan.c:466 [inline] [<0000000083c74872>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<000000003b5f1ee5>] shrink_zones mm/vmscan.c:2751 [inline] [<000000003b5f1ee5>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<000000003b5f1ee5>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000015fe08a8>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000015fe08a8>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000015fe08a8>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000015fe08a8>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000a638cbde>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000a638cbde>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000a638cbde>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000a638cbde>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000a638cbde>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000a638cbde>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<0000000020a65291>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002513a8a4>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000003ffc07fa>] do_read_fault mm/memory.c:3202 [inline] [<000000003ffc07fa>] do_fault mm/memory.c:3338 [inline] [<000000003ffc07fa>] handle_pte_fault mm/memory.c:3547 [inline] [<000000003ffc07fa>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000003ffc07fa>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fa81dfca>] faultin_page mm/gup.c:395 [inline] [<00000000fa81dfca>] __get_user_pages+0x3c7/0x10b0 mm/gup.c:597 [<00000000212c2f4a>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1115 [<000000004388c4dc>] __mm_populate+0x1b9/0x300 mm/gup.c:1163 [<0000000063ef8500>] mm_populate include/linux/mm.h:2056 [inline] [<0000000063ef8500>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<0000000037e8c063>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<0000000037e8c063>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000096ce140>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000096ce140>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<0000000004a565b6>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<000000008974863c>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor831' (3374) (tgid 3374), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4252) because cache 21432kB is below limit 65536kB for oom_score_adj 12 Free memory is -13280kB above reserved lowmemorykiller: Killing 'syz-executor831' (3389) (tgid 3389), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4252) because cache 21432kB is below limit 65536kB for oom_score_adj 12 Free memory is -13280kB above reserved lowmemorykiller: Killing 'syz-executor831' (3398) (tgid 3398), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4261) because cache 21128kB is below limit 65536kB for oom_score_adj 12 Free memory is -13324kB above reserved lowmemorykiller: Killing 'syz-executor831' (3404) (tgid 3404), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4261) because cache 21128kB is below limit 65536kB for oom_score_adj 12 Free memory is -11024kB above reserved lowmemorykiller: Killing 'syz-executor831' (3407) (tgid 3407), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4261) because cache 21128kB is below limit 65536kB for oom_score_adj 12 Free memory is -9624kB above reserved lowmemorykiller: Killing 'syz-executor831' (3410) (tgid 3410), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4270) because cache 20928kB is below limit 65536kB for oom_score_adj 12 Free memory is -13256kB above reserved lowmemorykiller: Killing 'syz-executor831' (3443) (tgid 3443), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4270) because cache 20928kB is below limit 65536kB for oom_score_adj 12 Free memory is -2256kB above reserved lowmemorykiller: Killing 'syz-executor831' (3449) (tgid 3449), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4270) because cache 20928kB is below limit 65536kB for oom_score_adj 12 Free memory is 4344kB above reserved lowmemorykiller: Killing 'syz-executor831' (3473) (tgid 3473), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4270) because cache 20928kB is below limit 65536kB for oom_score_adj 12 Free memory is 8528kB above reserved lowmemorykiller: Killing 'syz-executor831' (3476) (tgid 3476), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4270) because cache 20928kB is below limit 65536kB for oom_score_adj 12 Free memory is 12128kB above reserved lowmemorykiller: Killing 'syz-executor831' (3479) (tgid 3479), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4270) because cache 20928kB is below limit 65536kB for oom_score_adj 12 Free memory is 18028kB above reserved lowmemorykiller: Killing 'syz-executor831' (3482) (tgid 3482), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4270) because cache 20928kB is below limit 65536kB for oom_score_adj 12 Free memory is 24628kB above reserved lowmemorykiller: Killing 'syz-executor831' (3485) (tgid 3485), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4270) because cache 20928kB is below limit 65536kB for oom_score_adj 12 Free memory is 29728kB above reserved lowmemorykiller: Killing 'syz-executor831' (3491) (tgid 3491), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4270) because cache 20928kB is below limit 65536kB for oom_score_adj 12 Free memory is 37828kB above reserved lowmemorykiller: Killing 'syz-executor831' (3500) (tgid 3500), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4270) because cache 20828kB is below limit 65536kB for oom_score_adj 12 Free memory is 46008kB above reserved lowmemorykiller: Killing 'syz-executor831' (3506) (tgid 3506), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4300) because cache 20876kB is below limit 65536kB for oom_score_adj 12 Free memory is -13356kB above reserved lowmemorykiller: Killing 'syz-executor831' (3512) (tgid 3512), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4300) because cache 20776kB is below limit 65536kB for oom_score_adj 12 Free memory is -13308kB above reserved lowmemorykiller: Killing 'syz-executor831' (3521) (tgid 3521), adj 1000, to free 12172kB on behalf of 'syz-executor831' (4300) because cache 20776kB is below limit 65536kB for oom_score_adj 12