lowmemorykiller: Killing 'syz-executor.1' (13558) (tgid 13556), adj 1000, to free 35980kB on behalf of 'kworker/u4:11' (11466) because cache 64220kB is below limit 65536kB for oom_score_adj 12 Free memory is -11752kB above reserved ====================================================== [ INFO: possible circular locking dependency detected ] 4.9.191+ #0 Not tainted ------------------------------------------------------- kworker/u4:11/11466 is trying to acquire lock: (&mm->mmap_sem){++++++}, at: [<00000000a7ba468e>] get_cmdline+0xa3/0x2d0 mm/util.c:641 but task is already holding lock: (&sbi->s_journal_flag_rwsem){.+.+.+}, at: [<0000000026986360>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&sbi->s_journal_flag_rwsem){.+.+.+}: lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 filemap_write_and_wait_range mm/filemap.c:580 [inline] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573 ext4_insert_range+0x606/0x1260 fs/ext4/extents.c:5699 ext4_fallocate+0x660/0x2060 fs/ext4/extents.c:4974 vfs_fallocate+0x407/0x6a0 fs/open.c:329 SYSC_fallocate fs/open.c:352 [inline] SyS_fallocate+0x52/0x90 fs/open.c:346 do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 entry_SYSCALL_64_after_swapgs+0x5d/0xdb -> #1 (&ei->i_mmap_sem){++++++}: lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_filemap_fault+0x67/0xa0 fs/ext4/inode.c:5853 __do_fault+0x2a8/0x6c0 mm/memory.c:2855 do_cow_fault mm/memory.c:3236 [inline] do_fault mm/memory.c:3340 [inline] handle_pte_fault mm/memory.c:3547 [inline] __handle_mm_fault mm/memory.c:3634 [inline] handle_mm_fault+0x723/0x2420 mm/memory.c:3671 __do_page_fault+0x3f0/0xa60 arch/x86/mm/fault.c:1401 do_page_fault+0x28/0x30 arch/x86/mm/fault.c:1464 page_fault+0x25/0x30 arch/x86/entry/entry_64.S:956 clear_user+0x79/0xd0 arch/x86/lib/usercopy_64.c:52 padzero fs/binfmt_elf.c:119 [inline] load_elf_binary+0x2f63/0x4a90 fs/binfmt_elf.c:1042 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 -> #0 (&mm->mmap_sem){++++++}: check_prev_add kernel/locking/lockdep.c:1828 [inline] check_prevs_add kernel/locking/lockdep.c:1938 [inline] validate_chain kernel/locking/lockdep.c:2265 [inline] __lock_acquire+0x2d22/0x4390 kernel/locking/lockdep.c:3345 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 get_cmdline+0xa3/0x2d0 mm/util.c:641 handle_lmk_event+0x169/0x920 drivers/staging/android/lowmemorykiller.c:116 lowmem_scan+0x6f3/0xb70 drivers/staging/android/lowmemorykiller.c:354 do_shrink_slab mm/vmscan.c:399 [inline] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 shrink_slab mm/vmscan.c:466 [inline] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 shrink_zones mm/vmscan.c:2751 [inline] do_try_to_free_pages mm/vmscan.c:2793 [inline] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 __perform_reclaim mm/page_alloc.c:3332 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_slab_page mm/slub.c:1408 [inline] allocate_slab mm/slub.c:1557 [inline] new_slab+0x33b/0x3e0 mm/slub.c:1635 new_slab_objects mm/slub.c:2419 [inline] ___slab_alloc.constprop.0+0x361/0x470 mm/slub.c:2576 __slab_alloc.isra.0.constprop.0+0x50/0xa0 mm/slub.c:2618 slab_alloc_node mm/slub.c:2681 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0x212/0x2b0 mm/slub.c:2728 mempool_alloc_slab+0x47/0x60 mm/mempool.c:449 mempool_alloc+0x149/0x360 mm/mempool.c:329 bvec_alloc+0xce/0x2e0 block/bio.c:215 bio_alloc_bioset+0x4f5/0x7d0 block/bio.c:494 bio_alloc include/linux/bio.h:393 [inline] io_submit_init_bio fs/ext4/page-io.c:362 [inline] io_submit_add_bh fs/ext4/page-io.c:387 [inline] ext4_bio_write_page+0x5a6/0xb60 fs/ext4/page-io.c:492 mpage_submit_page+0x138/0x240 fs/ext4/inode.c:2144 mpage_process_page_bufs+0x3b7/0x4a0 fs/ext4/inode.c:2249 mpage_prepare_extent_to_map+0x449/0x9a0 fs/ext4/inode.c:2618 ext4_writepages+0xf2e/0x2de0 fs/ext4/inode.c:2780 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __writeback_single_inode+0xd9/0x1040 fs/fs-writeback.c:1364 writeback_sb_inodes+0x50f/0xea0 fs/fs-writeback.c:1628 __writeback_inodes_wb+0xc3/0x210 fs/fs-writeback.c:1697 wb_writeback+0x637/0xbd0 fs/fs-writeback.c:1806 wb_do_writeback fs/fs-writeback.c:1938 [inline] wb_workfn+0x1c4/0xe70 fs/fs-writeback.c:1974 process_one_work+0x88b/0x1600 kernel/workqueue.c:2114 worker_thread+0x5df/0x11d0 kernel/workqueue.c:2251 kthread+0x278/0x310 kernel/kthread.c:211 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 other info that might help us debug this: Chain exists of: &mm->mmap_sem --> &ei->i_mmap_sem --> &sbi->s_journal_flag_rwsem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sbi->s_journal_flag_rwsem); lock(&ei->i_mmap_sem); lock(&sbi->s_journal_flag_rwsem); lock(&mm->mmap_sem); *** DEADLOCK *** 5 locks held by kworker/u4:11/11466: #0: ("writeback"){++++.+}, at: [<00000000b4a76a5c>] process_one_work+0x790/0x1600 kernel/workqueue.c:2107 #1: ((&(&wb->dwork)->work)){+.+.+.}, at: [<0000000045e7ac7e>] process_one_work+0x7ce/0x1600 kernel/workqueue.c:2111 #2: (&type->s_umount_key#32){++++++}, at: [<00000000c58a7154>] trylock_super+0x20/0xf0 fs/super.c:403 #3: (&sbi->s_journal_flag_rwsem){.+.+.+}, at: [<0000000026986360>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 #4: (shrinker_rwsem){++++..}, at: [<00000000e8b139d4>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 stack backtrace: CPU: 1 PID: 11466 Comm: kworker/u4:11 Not tainted 4.9.191+ #0 Workqueue: writeback wb_workfn (flush-8:0) ffff880189966308 ffffffff81b67171 ffffffff83cb0b40 ffffffff83cb89d0 ffffffff83cb18c0 ffffffff84252000 ffff8801a0574740 ffff880189966360 ffffffff81406f13 ffffffff81078c46 ffffffff84002500 ffff8801a05750b8 Call Trace: [<00000000b150a12b>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000b150a12b>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000cde7b853>] print_circular_bug.cold+0x2f6/0x454 kernel/locking/lockdep.c:1202 [<000000001c57e402>] check_prev_add kernel/locking/lockdep.c:1828 [inline] [<000000001c57e402>] check_prevs_add kernel/locking/lockdep.c:1938 [inline] [<000000001c57e402>] validate_chain kernel/locking/lockdep.c:2265 [inline] [<000000001c57e402>] __lock_acquire+0x2d22/0x4390 kernel/locking/lockdep.c:3345 [<000000002b94d634>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<0000000021d1872d>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<00000000a7ba468e>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<000000006c96f890>] handle_lmk_event+0x169/0x920 drivers/staging/android/lowmemorykiller.c:116 [<0000000041ec1996>] lowmem_scan+0x6f3/0xb70 drivers/staging/android/lowmemorykiller.c:354 [<000000008f4f9e87>] do_shrink_slab mm/vmscan.c:399 [inline] [<000000008f4f9e87>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000826144c5>] shrink_slab mm/vmscan.c:466 [inline] [<00000000826144c5>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000920f12bc>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000920f12bc>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000920f12bc>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000a599eb1b>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000a599eb1b>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000a599eb1b>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000a599eb1b>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000009086cb96>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000009086cb96>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000009086cb96>] alloc_slab_page mm/slub.c:1408 [inline] [<000000009086cb96>] allocate_slab mm/slub.c:1557 [inline] [<000000009086cb96>] new_slab+0x33b/0x3e0 mm/slub.c:1635 [<000000004251aae2>] new_slab_objects mm/slub.c:2419 [inline] [<000000004251aae2>] ___slab_alloc.constprop.0+0x361/0x470 mm/slub.c:2576 [<000000005cd9aaaa>] __slab_alloc.isra.0.constprop.0+0x50/0xa0 mm/slub.c:2618 [<00000000fa7eeaae>] slab_alloc_node mm/slub.c:2681 [inline] [<00000000fa7eeaae>] slab_alloc mm/slub.c:2723 [inline] [<00000000fa7eeaae>] kmem_cache_alloc+0x212/0x2b0 mm/slub.c:2728 [<00000000fcb00c44>] mempool_alloc_slab+0x47/0x60 mm/mempool.c:449 [<000000006c86b3e4>] mempool_alloc+0x149/0x360 mm/mempool.c:329 [<000000007899caa3>] bvec_alloc+0xce/0x2e0 block/bio.c:215 [<00000000d1dc8f07>] bio_alloc_bioset+0x4f5/0x7d0 block/bio.c:494 [<00000000bdddb72d>] bio_alloc include/linux/bio.h:393 [inline] [<00000000bdddb72d>] io_submit_init_bio fs/ext4/page-io.c:362 [inline] [<00000000bdddb72d>] io_submit_add_bh fs/ext4/page-io.c:387 [inline] [<00000000bdddb72d>] ext4_bio_write_page+0x5a6/0xb60 fs/ext4/page-io.c:492 [<000000005755346e>] mpage_submit_page+0x138/0x240 fs/ext4/inode.c:2144 [<00000000d03854d0>] mpage_process_page_bufs+0x3b7/0x4a0 fs/ext4/inode.c:2249 [<0000000031b6e5bd>] mpage_prepare_extent_to_map+0x449/0x9a0 fs/ext4/inode.c:2618 [<00000000ac1f5221>] ext4_writepages+0xf2e/0x2de0 fs/ext4/inode.c:2780 [<0000000026986360>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 [<000000002814bd4d>] __writeback_single_inode+0xd9/0x1040 fs/fs-writeback.c:1364 [<0000000001ef4691>] writeback_sb_inodes+0x50f/0xea0 fs/fs-writeback.c:1628 [<000000005193a1ea>] __writeback_inodes_wb+0xc3/0x210 fs/fs-writeback.c:1697 [<000000006d5dded8>] wb_writeback+0x637/0xbd0 fs/fs-writeback.c:1806 [<000000008652b496>] wb_do_writeback fs/fs-writeback.c:1938 [inline] [<000000008652b496>] wb_workfn+0x1c4/0xe70 fs/fs-writeback.c:1974 [<0000000055d4f6a9>] process_one_work+0x88b/0x1600 kernel/workqueue.c:2114 [<00000000d3db8d6c>] worker_thread+0x5df/0x11d0 kernel/workqueue.c:2251 [<00000000b292bca0>] kthread+0x278/0x310 kernel/kthread.c:211 [<000000006fb06a34>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 lowmemorykiller: Killing 'syz-executor.4' (4014) (tgid 4014), adj 1000, to free 35980kB on behalf of 'syz-executor.0' (13573) because cache 65520kB is below limit 65536kB for oom_score_adj 12 Free memory is -13052kB above reserved syz-executor.1: vmalloc: allocation failure, allocated 4159078400 of 4294975488 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 1 PID: 13558 Comm: syz-executor.1 Not tainted 4.9.191+ #0 ffff88019fab7a08 ffffffff81b67171 1ffff10033f56f43 dffffc0000000000 ffffffff82aab400 0000000000000000 0000000000400000 ffff88019fab7b30 ffffffff8150828c 0000000041b58ab3 ffffffff82e3bbf0 ffffffff81431e90 Call Trace: [<00000000b150a12b>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000b150a12b>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000432830bc>] warn_alloc.cold+0x76/0x93 mm/page_alloc.c:3069 [<000000004c785731>] __vmalloc_area_node mm/vmalloc.c:1665 [inline] [<000000004c785731>] __vmalloc_node_range+0x404/0x610 mm/vmalloc.c:1706 [<000000009443317e>] __vmalloc_node mm/vmalloc.c:1755 [inline] [<000000009443317e>] __vmalloc_node_flags mm/vmalloc.c:1769 [inline] [<000000009443317e>] vmalloc+0x5c/0x70 mm/vmalloc.c:1784 [<00000000831d2d3c>] xt_alloc_table_info+0xc8/0x100 net/netfilter/x_tables.c:997 [<0000000095f316bc>] do_replace net/ipv4/netfilter/ip_tables.c:1146 [inline] [<0000000095f316bc>] do_ipt_set_ctl+0x231/0x470 net/ipv4/netfilter/ip_tables.c:1693 [<000000004f652889>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [<000000004f652889>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [<00000000c7bb4539>] ip_setsockopt net/ipv4/ip_sockglue.c:1247 [inline] [<00000000c7bb4539>] ip_setsockopt+0x8a/0xa0 net/ipv4/ip_sockglue.c:1232 [<000000005226eb65>] tcp_setsockopt net/ipv4/tcp.c:2759 [inline] [<000000005226eb65>] tcp_setsockopt+0x8a/0xe0 net/ipv4/tcp.c:2753 [<00000000b2e86f5c>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2710 [<0000000001cdef41>] SYSC_setsockopt net/socket.c:1786 [inline] [<0000000001cdef41>] SyS_setsockopt+0x159/0x240 net/socket.c:1765 [<00000000b2c596fd>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<000000004dd37ada>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Mem-Info: active_anon:69223 inactive_anon:42 isolated_anon:0 active_file:29 inactive_file:45 isolated_file:0 unevictable:0 dirty:19 writeback:12 unstable:0 slab_reclaimable:5896 slab_unreclaimable:59364 mapped:34848 shmem:52 pagetables:1286 bounce:0 free:353 free_pcp:357 free_cma:0 Node 0 active_anon:276892kB inactive_anon:168kB active_file:116kB inactive_file:180kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:139392kB dirty:76kB writeback:48kB shmem:208kB writeback_tmp:0kB unstable:0kB pages_scanned:32 all_unreclaimable? yes DMA32 free:0kB min:4696kB low:7712kB high:10728kB active_anon:200kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3020092kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:32kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB Normal free:1412kB min:5580kB low:9168kB high:12756kB active_anon:276692kB inactive_anon:168kB active_file:116kB inactive_file:180kB unevictable:0kB writepending:0kB present:4718592kB managed:3589316kB mlocked:0kB slab_reclaimable:23584kB slab_unreclaimable:237456kB kernel_stack:4832kB pagetables:5144kB bounce:0kB free_pcp:1428kB local_pcp:704kB free_cma:0kB DMA32: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313627 pages reserved oom_reaper: reaped process 13558 (syz-executor.1), now anon-rss:0kB, file-rss:24kB, shmem-rss:0kB BUG: Bad rss-counter state mm:00000000601d66af idx:0 val:5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5392 sclass=netlink_route_socket pig=13741 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13751 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13751 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13751 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13751 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13751 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13751 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13751 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13751 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13751 comm=syz-executor.3 device lo entered promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. device lo left promiscuous mode device lo entered promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. device lo left promiscuous mode