lowmemorykiller: Killing 'syz-executor.3' (8405) (tgid 8405), adj 1000, to free 52396kB on behalf of 'kworker/u4:16' (14518) because cache 64756kB is below limit 65536kB for oom_score_adj 12 Free memory is -12372kB above reserved ====================================================== [ INFO: possible circular locking dependency detected ] 4.9.194+ #0 Not tainted ------------------------------------------------------- kworker/u4:16/14518 is trying to acquire lock: (&mm->mmap_sem){++++++}, at: [<0000000066e39a6b>] get_cmdline+0xa3/0x2d0 mm/util.c:641 but task is already holding lock: (&sbi->s_journal_flag_rwsem){.+.+.+}, at: [<000000004351aa64>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&sbi->s_journal_flag_rwsem){.+.+.+}: lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 filemap_write_and_wait_range mm/filemap.c:580 [inline] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573 ext4_insert_range+0x606/0x1260 fs/ext4/extents.c:5699 ext4_fallocate+0x660/0x2060 fs/ext4/extents.c:4974 vfs_fallocate+0x407/0x6a0 fs/open.c:329 SYSC_fallocate fs/open.c:352 [inline] SyS_fallocate+0x52/0x90 fs/open.c:346 do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 entry_SYSCALL_64_after_swapgs+0x5d/0xdb -> #1 (&ei->i_mmap_sem){++++++}: lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_filemap_fault+0x67/0xa0 fs/ext4/inode.c:5853 __do_fault+0x2a8/0x6c0 mm/memory.c:2855 do_cow_fault mm/memory.c:3236 [inline] do_fault mm/memory.c:3340 [inline] handle_pte_fault mm/memory.c:3547 [inline] __handle_mm_fault mm/memory.c:3634 [inline] handle_mm_fault+0x723/0x2420 mm/memory.c:3671 __do_page_fault+0x3f0/0xa60 arch/x86/mm/fault.c:1401 do_page_fault+0x28/0x30 arch/x86/mm/fault.c:1464 page_fault+0x25/0x30 arch/x86/entry/entry_64.S:956 clear_user+0x79/0xd0 arch/x86/lib/usercopy_64.c:52 padzero fs/binfmt_elf.c:119 [inline] load_elf_binary+0x2f63/0x4a90 fs/binfmt_elf.c:1042 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 -> #0 (&mm->mmap_sem){++++++}: check_prev_add kernel/locking/lockdep.c:1828 [inline] check_prevs_add kernel/locking/lockdep.c:1938 [inline] validate_chain kernel/locking/lockdep.c:2265 [inline] __lock_acquire+0x2d22/0x4390 kernel/locking/lockdep.c:3345 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 get_cmdline+0xa3/0x2d0 mm/util.c:641 handle_lmk_event+0x169/0x920 drivers/staging/android/lowmemorykiller.c:116 lowmem_scan+0x6f3/0xb70 drivers/staging/android/lowmemorykiller.c:354 do_shrink_slab mm/vmscan.c:399 [inline] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 shrink_slab mm/vmscan.c:466 [inline] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 shrink_zones mm/vmscan.c:2751 [inline] do_try_to_free_pages mm/vmscan.c:2793 [inline] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 __perform_reclaim mm/page_alloc.c:3332 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_slab_page mm/slub.c:1408 [inline] allocate_slab mm/slub.c:1557 [inline] new_slab+0x33b/0x3e0 mm/slub.c:1635 new_slab_objects mm/slub.c:2419 [inline] ___slab_alloc.constprop.0+0x361/0x470 mm/slub.c:2576 __slab_alloc.isra.0.constprop.0+0x50/0xa0 mm/slub.c:2618 slab_alloc_node mm/slub.c:2681 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0x212/0x2b0 mm/slub.c:2728 mempool_alloc_slab+0x47/0x60 mm/mempool.c:449 mempool_alloc+0x149/0x360 mm/mempool.c:329 bvec_alloc+0xce/0x2e0 block/bio.c:215 bio_alloc_bioset+0x4f5/0x7d0 block/bio.c:494 bio_alloc include/linux/bio.h:393 [inline] io_submit_init_bio fs/ext4/page-io.c:362 [inline] io_submit_add_bh fs/ext4/page-io.c:387 [inline] ext4_bio_write_page+0x5a6/0xb60 fs/ext4/page-io.c:492 mpage_submit_page+0x138/0x240 fs/ext4/inode.c:2144 mpage_process_page_bufs+0x3b7/0x4a0 fs/ext4/inode.c:2249 mpage_prepare_extent_to_map+0x449/0x9a0 fs/ext4/inode.c:2618 ext4_writepages+0xf2e/0x2de0 fs/ext4/inode.c:2780 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __writeback_single_inode+0xd9/0x1040 fs/fs-writeback.c:1364 writeback_sb_inodes+0x50f/0xea0 fs/fs-writeback.c:1628 __writeback_inodes_wb+0xc3/0x210 fs/fs-writeback.c:1697 wb_writeback+0x637/0xbd0 fs/fs-writeback.c:1806 wb_do_writeback fs/fs-writeback.c:1938 [inline] wb_workfn+0x1c4/0xe70 fs/fs-writeback.c:1974 process_one_work+0x88b/0x1600 kernel/workqueue.c:2114 worker_thread+0x5df/0x11d0 kernel/workqueue.c:2251 kthread+0x278/0x310 kernel/kthread.c:211 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 other info that might help us debug this: Chain exists of: &mm->mmap_sem --> &ei->i_mmap_sem --> &sbi->s_journal_flag_rwsem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sbi->s_journal_flag_rwsem); lock(&ei->i_mmap_sem); lock(&sbi->s_journal_flag_rwsem); lock(&mm->mmap_sem); *** DEADLOCK *** 5 locks held by kworker/u4:16/14518: #0: ("writeback"){++++.+}, at: [<0000000080cfa1f8>] process_one_work+0x790/0x1600 kernel/workqueue.c:2107 #1: ((&(&wb->dwork)->work)){+.+.+.}, at: [<000000000404b0a0>] process_one_work+0x7ce/0x1600 kernel/workqueue.c:2111 #2: (&type->s_umount_key#32){++++++}, at: [<000000006222c7a3>] trylock_super+0x20/0xf0 fs/super.c:403 #3: (&sbi->s_journal_flag_rwsem){.+.+.+}, at: [<000000004351aa64>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 #4: (shrinker_rwsem){++++..}, at: [<00000000592e3a97>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 stack backtrace: CPU: 1 PID: 14518 Comm: kworker/u4:16 Not tainted 4.9.194+ #0 Workqueue: writeback wb_workfn (flush-8:0) ffff8801a9c76308 ffffffff81b67001 ffffffff83cb0b40 ffffffff83cb9090 ffffffff83cb18c0 ffffffff84252000 ffff8801a059c740 ffff8801a9c76360 ffffffff81406d83 ffffffff81078ba6 ffffffff84002300 ffff8801a059d0b8 Call Trace: [<0000000050a6cd63>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000050a6cd63>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<000000009f5a6797>] print_circular_bug.cold+0x2f6/0x454 kernel/locking/lockdep.c:1202 [<000000005c4af308>] check_prev_add kernel/locking/lockdep.c:1828 [inline] [<000000005c4af308>] check_prevs_add kernel/locking/lockdep.c:1938 [inline] [<000000005c4af308>] validate_chain kernel/locking/lockdep.c:2265 [inline] [<000000005c4af308>] __lock_acquire+0x2d22/0x4390 kernel/locking/lockdep.c:3345 [<00000000f7f59e82>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<00000000f0f333e1>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<0000000066e39a6b>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<00000000bdfde478>] handle_lmk_event+0x169/0x920 drivers/staging/android/lowmemorykiller.c:116 [<0000000039928f08>] lowmem_scan+0x6f3/0xb70 drivers/staging/android/lowmemorykiller.c:354 [<00000000e92b9909>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000e92b9909>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000028352fe9>] shrink_slab mm/vmscan.c:466 [inline] [<0000000028352fe9>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000f4144f4c>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000f4144f4c>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000f4144f4c>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<000000001319feb4>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<000000001319feb4>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<000000001319feb4>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<000000001319feb4>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<0000000028e1369b>] __alloc_pages include/linux/gfp.h:433 [inline] [<0000000028e1369b>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<0000000028e1369b>] alloc_slab_page mm/slub.c:1408 [inline] [<0000000028e1369b>] allocate_slab mm/slub.c:1557 [inline] [<0000000028e1369b>] new_slab+0x33b/0x3e0 mm/slub.c:1635 [<00000000ff22c1f7>] new_slab_objects mm/slub.c:2419 [inline] [<00000000ff22c1f7>] ___slab_alloc.constprop.0+0x361/0x470 mm/slub.c:2576 [<00000000df1396cf>] __slab_alloc.isra.0.constprop.0+0x50/0xa0 mm/slub.c:2618 [<00000000323d161b>] slab_alloc_node mm/slub.c:2681 [inline] [<00000000323d161b>] slab_alloc mm/slub.c:2723 [inline] [<00000000323d161b>] kmem_cache_alloc+0x212/0x2b0 mm/slub.c:2728 [<0000000064ffd7e2>] mempool_alloc_slab+0x47/0x60 mm/mempool.c:449 [<00000000781a4dee>] mempool_alloc+0x149/0x360 mm/mempool.c:329 [<00000000d2657de3>] bvec_alloc+0xce/0x2e0 block/bio.c:215 [<0000000066c8d701>] bio_alloc_bioset+0x4f5/0x7d0 block/bio.c:494 [<0000000049c2bf2a>] bio_alloc include/linux/bio.h:393 [inline] [<0000000049c2bf2a>] io_submit_init_bio fs/ext4/page-io.c:362 [inline] [<0000000049c2bf2a>] io_submit_add_bh fs/ext4/page-io.c:387 [inline] [<0000000049c2bf2a>] ext4_bio_write_page+0x5a6/0xb60 fs/ext4/page-io.c:492 [<00000000f971acfd>] mpage_submit_page+0x138/0x240 fs/ext4/inode.c:2144 [<0000000040ff9cdf>] mpage_process_page_bufs+0x3b7/0x4a0 fs/ext4/inode.c:2249 [<00000000802ece63>] mpage_prepare_extent_to_map+0x449/0x9a0 fs/ext4/inode.c:2618 [<00000000d98fb786>] ext4_writepages+0xf2e/0x2de0 fs/ext4/inode.c:2780 [<000000004351aa64>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 [<00000000f6c3f1ad>] __writeback_single_inode+0xd9/0x1040 fs/fs-writeback.c:1364 [<0000000014db9f87>] writeback_sb_inodes+0x50f/0xea0 fs/fs-writeback.c:1628 [<00000000861c22b0>] __writeback_inodes_wb+0xc3/0x210 fs/fs-writeback.c:1697 [<00000000449324b1>] wb_writeback+0x637/0xbd0 fs/fs-writeback.c:1806 [<0000000032abc41b>] wb_do_writeback fs/fs-writeback.c:1938 [inline] [<0000000032abc41b>] wb_workfn+0x1c4/0xe70 fs/fs-writeback.c:1974 [<000000001cd43b2a>] process_one_work+0x88b/0x1600 kernel/workqueue.c:2114 [<0000000077905bc3>] worker_thread+0x5df/0x11d0 kernel/workqueue.c:2251 [<00000000f7ed0942>] kthread+0x278/0x310 kernel/kthread.c:211 [<000000000d8fa3bb>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 lowmemorykiller: Killing 'syz-executor.4' (15857) (tgid 15857), adj 1000, to free 51392kB on behalf of 'kworker/u4:16' (14518) because cache 56656kB is below limit 65536kB for oom_score_adj 12 Free memory is -12864kB above reserved lowmemorykiller: Killing 'syz-executor.5' (11170) (tgid 11170), adj 1000, to free 51384kB on behalf of 'kworker/u4:16' (14518) because cache 56256kB is below limit 65536kB for oom_score_adj 12 Free memory is -11464kB above reserved lowmemorykiller: Killing 'syz-executor.4' (15852) (tgid 15852), adj 1000, to free 39724kB on behalf of 'syz-executor.2' (11192) because cache 50656kB is below limit 65536kB for oom_score_adj 12 Free memory is -12464kB above reserved lowmemorykiller: Killing 'syz-executor.4' (15868) (tgid 15868), adj 1000, to free 38700kB on behalf of 'syz-executor.2' (11192) because cache 44156kB is below limit 65536kB for oom_score_adj 12 Free memory is -12532kB above reserved lowmemorykiller: Killing 'syz-executor.5' (11148) (tgid 11148), adj 1000, to free 36556kB on behalf of 'syz-executor.2' (11192) because cache 43656kB is below limit 65536kB for oom_score_adj 12 Free memory is -13120kB above reserved lowmemorykiller: Killing 'syz-executor.2' (6785) (tgid 6785), adj 1000, to free 36204kB on behalf of 'syz-executor.2' (11192) because cache 43356kB is below limit 65536kB for oom_score_adj 12 Free memory is -13120kB above reserved lowmemorykiller: Killing 'syz-executor.3' (8470) (tgid 8470), adj 1000, to free 36064kB on behalf of 'syz-executor.2' (11192) because cache 43156kB is below limit 65536kB for oom_score_adj 12 Free memory is -12856kB above reserved lowmemorykiller: Killing 'syz-executor.3' (8530) (tgid 8530), adj 1000, to free 36064kB on behalf of 'syz-executor.2' (11192) because cache 42056kB is below limit 65536kB for oom_score_adj 12 Free memory is -12420kB above reserved lowmemorykiller: Killing 'syz-executor.3' (6012) (tgid 6012), adj 1000, to free 36004kB on behalf of 'syz-executor.2' (11192) because cache 41556kB is below limit 65536kB for oom_score_adj 12 Free memory is -13056kB above reserved lowmemorykiller: Killing 'syz-executor.2' (11180) (tgid 11175), adj 1000, to free 35988kB on behalf of 'syz-executor.2' (11192) because cache 39656kB is below limit 65536kB for oom_score_adj 12 Free memory is -10976kB above reserved lowmemorykiller: Killing 'syz-executor.4' (15716) (tgid 15716), adj 1000, to free 35960kB on behalf of 'kswapd0' (33) because cache -18208kB is below limit 6144kB for oom_score_adj 0 Free memory is -13164kB above reserved lowmemorykiller: Killing 'syz-executor.4' (15716) (tgid 15716), adj 1000, to free 35960kB on behalf of 'syz-executor.2' (11192) because cache -18208kB is below limit 6144kB for oom_score_adj 0 Free memory is -13164kB above reserved oom_reaper: reaped process 11192 (syz-executor.2), now anon-rss:0kB, file-rss:16kB, shmem-rss:0kB syz-executor.2: vmalloc: allocation failure, allocated 2516156416 of 4259258368 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 1 PID: 11192 Comm: syz-executor.2 Not tainted 4.9.194+ #0 ffff8801a292f910 ffffffff81b67001 1ffff10034525f24 dffffc0000000000 ffffffff82aab480 0000000000000000 0000000000400000 ffff8801a292fa38 ffffffff815080fc 0000000041b58ab3 ffffffff82e3bc80 ffffffff81431d00 Call Trace: [<0000000050a6cd63>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000050a6cd63>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<0000000033e6514a>] warn_alloc.cold+0x76/0x93 mm/page_alloc.c:3069 [<00000000d3d983d6>] __vmalloc_area_node mm/vmalloc.c:1665 [inline] [<00000000d3d983d6>] __vmalloc_node_range+0x404/0x610 mm/vmalloc.c:1706 [<0000000007e56ac8>] __vmalloc_node mm/vmalloc.c:1755 [inline] [<0000000007e56ac8>] __vmalloc_node_flags mm/vmalloc.c:1769 [inline] [<0000000007e56ac8>] vmalloc+0x5c/0x70 mm/vmalloc.c:1784 [<00000000bbd613f9>] xt_alloc_table_info+0xc8/0x100 net/netfilter/x_tables.c:997 [<00000000cc4b2dda>] do_replace.isra.0+0x111/0x480 net/ipv4/netfilter/arp_tables.c:979 [<00000000b9aa38bb>] do_arpt_set_ctl+0x108/0x150 net/ipv4/netfilter/arp_tables.c:1469 [<00000000f178c266>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [<00000000f178c266>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [<000000009c7c56ed>] ip_setsockopt net/ipv4/ip_sockglue.c:1247 [inline] [<000000009c7c56ed>] ip_setsockopt+0x8a/0xa0 net/ipv4/ip_sockglue.c:1232 [<000000000a94005d>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2114 [<0000000026986ff3>] ipv6_setsockopt+0xa4/0x140 net/ipv6/ipv6_sockglue.c:912 [<000000009fdb8368>] tcp_setsockopt net/ipv4/tcp.c:2759 [inline] [<000000009fdb8368>] tcp_setsockopt+0x8a/0xe0 net/ipv4/tcp.c:2753 [<0000000052878f7b>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2710 [<00000000f2f95249>] SYSC_setsockopt net/socket.c:1786 [inline] [<00000000f2f95249>] SyS_setsockopt+0x159/0x240 net/socket.c:1765 [<00000000b2f6d34c>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000c369455e>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Mem-Info: active_anon:119595 inactive_anon:9425 isolated_anon:0 active_file:41 inactive_file:46 isolated_file:0 unevictable:9501 dirty:0 writeback:0 unstable:0 slab_reclaimable:5690 slab_unreclaimable:64714 mapped:57133 shmem:3196 pagetables:3698 bounce:0 free:335 free_pcp:353 free_cma:0 Node 0 active_anon:478380kB inactive_anon:37700kB active_file:164kB inactive_file:184kB unevictable:38004kB isolated(anon):0kB isolated(file):0kB mapped:228532kB dirty:0kB writeback:0kB shmem:12784kB writeback_tmp:0kB unstable:0kB pages_scanned:14 all_unreclaimable? no DMA32 free:60kB min:4696kB low:7712kB high:10728kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3020092kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB Normal free:1280kB min:5580kB low:9168kB high:12756kB active_anon:478380kB inactive_anon:37700kB active_file:164kB inactive_file:184kB unevictable:38004kB writepending:0kB present:4718592kB managed:3589316kB mlocked:38004kB slab_reclaimable:22760kB slab_unreclaimable:258856kB kernel_stack:8640kB pagetables:14792kB bounce:0kB free_pcp:1292kB local_pcp:568kB free_cma:0kB DMA32: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313627 pages reserved ODEBUG: Out of memory. ODEBUG disabled ip6_tunnel:  xmit: Local address not yet configured! ip6_tunnel:  xmit: Local address not yet configured! ip6_tunnel: E xmit: Local address not yet configured! ip6_tunnel: † xmit: Local address not yet configured! BUG: Bad rss-counter state mm:000000001f5dd760 idx:0 val:4 ip6_tunnel: D xmit: Local address not yet configured! ip6_tunnel: $ xmit: Local address not yet configured! ip6_tunnel: [ xmit: Local address not yet configured! ip6_tunnel: # xmit: Local address not yet configured!