Free memory is -7672kB above reserved lowmemorykiller: Killing 'syz-executor327' (3089) (tgid 3089), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4016) because cache 35968kB is below limit 65536kB for oom_score_adj 12 Free memory is -13360kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4016, name: syz-executor327 3 locks held by syz-executor327/4016: #0: (&mm->mmap_sem){++++++}, at: [<000000009228b039>] __mm_populate+0x20c/0x300 mm/gup.c:1134 #1: (shrinker_rwsem){++++..}, at: [<0000000071eb6947>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 #2: (rcu_read_lock){......}, at: [<000000008493ff8c>] lowmem_scan+0x242/0xb50 drivers/staging/android/lowmemorykiller.c:272 Preemption disabled at: [<00000000be276d45>] spin_lock include/linux/spinlock.h:302 [inline] [<00000000be276d45>] task_lock include/linux/sched.h:3217 [inline] [<00000000be276d45>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 1 PID: 4016 Comm: syz-executor327 Not tainted 4.9.177+ #9 ffff8800133df018 ffffffff81b56f41 0000000000000000 0000000000000001 ffff8800133b4740 ffffffff810d0b50 ffff8800133b4740 ffff8800133df050 ffffffff813ffb2c ffff8800133b4740 ffffffff82a39900 0000000000000387 Call Trace: [<0000000040d76cde>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000040d76cde>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000ed214736>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<00000000590fae88>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<00000000313e3561>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c5e39e9d>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000db216ee4>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000093077aa2>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000093077aa2>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000dba610e5>] shrink_slab mm/vmscan.c:466 [inline] [<00000000dba610e5>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000676ce845>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000676ce845>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000676ce845>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000b267db91>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000b267db91>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000b267db91>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000b267db91>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000bcb0dbd4>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000bcb0dbd4>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000bcb0dbd4>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000bcb0dbd4>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000bcb0dbd4>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000bcb0dbd4>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000c3d10fed>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000f4faf615>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000007dd291b2>] do_read_fault mm/memory.c:3202 [inline] [<000000007dd291b2>] do_fault mm/memory.c:3338 [inline] [<000000007dd291b2>] handle_pte_fault mm/memory.c:3547 [inline] [<000000007dd291b2>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000007dd291b2>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fb34a256>] faultin_page mm/gup.c:386 [inline] [<00000000fb34a256>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000ca95cc96>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<00000000ce6bc7ca>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000002713312e>] mm_populate include/linux/mm.h:2052 [inline] [<000000002713312e>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001377ea9b>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001377ea9b>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<000000000a90436c>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<000000000a90436c>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000db07583c>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000f7a882a9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb ================================= [ INFO: inconsistent lock state ] 4.9.177+ #9 Tainted: G W --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-R} usage. syz-executor327/4016 [HC0[0]:SC0[0]:HE1:SE1] takes: (&mm->mmap_sem){+++++?}, at: [<000000005f8140f9>] get_cmdline+0xa3/0x2d0 mm/util.c:641 mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897 __alloc_pages_nodemask+0x143/0x1a80 mm/page_alloc.c:3803 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_pages_node include/linux/gfp.h:460 [inline] pmd_alloc_one arch/x86/include/asm/pgalloc.h:88 [inline] __pmd_alloc+0x4a/0x330 mm/memory.c:3742 pmd_alloc include/linux/mm.h:1597 [inline] alloc_new_pmd mm/mremap.c:64 [inline] move_page_tables+0xadb/0xd60 mm/mremap.c:212 shift_arg_pages+0x1ae/0x470 fs/exec.c:642 setup_arg_pages+0x60d/0x7c0 fs/exec.c:754 load_elf_binary+0xa84/0x4a90 fs/binfmt_elf.c:860 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 irq event stamp: 14149 hardirqs last enabled at (14149): [<0000000054dba038>] dump_stack+0x100/0x120 lib/dump_stack.c:56 hardirqs last disabled at (14148): [<000000006adf1de5>] dump_stack+0x2c/0x120 lib/dump_stack.c:38 softirqs last enabled at (13390): [<00000000788c94e6>] __do_softirq+0x474/0x964 kernel/softirq.c:314 softirqs last disabled at (13373): [<00000000ac039944>] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (13373): [<00000000ac039944>] irq_exit+0x119/0x160 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&mm->mmap_sem); lock(&mm->mmap_sem); *** DEADLOCK *** 4 locks held by syz-executor327/4016: #0: (&mm->mmap_sem){+++++?}, at: [<000000009228b039>] __mm_populate+0x20c/0x300 mm/gup.c:1134 #1: (shrinker_rwsem){++++..}, at: [<0000000071eb6947>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 #2: (rcu_read_lock){......}, at: [<000000008493ff8c>] lowmem_scan+0x242/0xb50 drivers/staging/android/lowmemorykiller.c:272 #3: (lmk_event_lock){+.+.-.}, at: [<00000000fa25d900>] spin_lock include/linux/spinlock.h:302 [inline] #3: (lmk_event_lock){+.+.-.}, at: [<00000000fa25d900>] handle_lmk_event+0xfb/0x8a0 drivers/staging/android/lowmemorykiller.c:114 stack backtrace: CPU: 1 PID: 4016 Comm: syz-executor327 Tainted: G W 4.9.177+ #9 ffff8800133ded60 ffffffff81b56f41 00000000000000f0 ffff8800133b4740 ffffffff83cad5b0 ffff8800133b50b0 ffffffff8424eec0 ffff8800133dedd8 ffffffff81406569 0000000000000000 ffffffff00000001 0000000000000001 Call Trace: [<0000000040d76cde>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000040d76cde>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<0000000044f87c18>] print_usage_bug kernel/locking/lockdep.c:2387 [inline] [<0000000044f87c18>] print_usage_bug.cold+0x452/0x5a2 kernel/locking/lockdep.c:2354 [<00000000ac20e49e>] valid_state kernel/locking/lockdep.c:2400 [inline] [<00000000ac20e49e>] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [<00000000ac20e49e>] mark_lock+0x6c7/0x12e0 kernel/locking/lockdep.c:3065 [<00000000f0676606>] mark_irqflags kernel/locking/lockdep.c:2958 [inline] [<00000000f0676606>] __lock_acquire+0x5c3/0x4350 kernel/locking/lockdep.c:3302 [<0000000073e136d7>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<000000004ba2481d>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<000000005f8140f9>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<00000000bbdfb2b4>] handle_lmk_event+0x13c/0x8a0 drivers/staging/android/lowmemorykiller.c:128 [<00000000db216ee4>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000093077aa2>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000093077aa2>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000dba610e5>] shrink_slab mm/vmscan.c:466 [inline] [<00000000dba610e5>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000676ce845>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000676ce845>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000676ce845>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000b267db91>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000b267db91>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000b267db91>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000b267db91>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000bcb0dbd4>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000bcb0dbd4>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000bcb0dbd4>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000bcb0dbd4>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000bcb0dbd4>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000bcb0dbd4>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000c3d10fed>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000f4faf615>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000007dd291b2>] do_read_fault mm/memory.c:3202 [inline] [<000000007dd291b2>] do_fault mm/memory.c:3338 [inline] [<000000007dd291b2>] handle_pte_fault mm/memory.c:3547 [inline] [<000000007dd291b2>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000007dd291b2>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fb34a256>] faultin_page mm/gup.c:386 [inline] [<00000000fb34a256>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000ca95cc96>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<00000000ce6bc7ca>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000002713312e>] mm_populate include/linux/mm.h:2052 [inline] [<000000002713312e>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001377ea9b>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001377ea9b>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<000000000a90436c>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<000000000a90436c>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000db07583c>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000f7a882a9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor327' (3095) (tgid 3095), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4016) because cache 35768kB is below limit 65536kB for oom_score_adj 12 Free memory is -12064kB above reserved lowmemorykiller: Killing 'syz-executor327' (3107) (tgid 3107), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4024) because cache 35612kB is below limit 65536kB for oom_score_adj 12 Free memory is -13328kB above reserved lowmemorykiller: Killing 'syz-executor327' (3110) (tgid 3110), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4024) because cache 35612kB is below limit 65536kB for oom_score_adj 12 Free memory is -13328kB above reserved lowmemorykiller: Killing 'syz-executor327' (3113) (tgid 3113), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4030) because cache 35404kB is below limit 65536kB for oom_score_adj 12 Free memory is -13364kB above reserved lowmemorykiller: Killing 'syz-executor327' (3122) (tgid 3122), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4030) because cache 35304kB is below limit 65536kB for oom_score_adj 12 Free memory is -13364kB above reserved lowmemorykiller: Killing 'syz-executor327' (3128) (tgid 3128), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4036) because cache 34920kB is below limit 65536kB for oom_score_adj 12 Free memory is -13340kB above reserved lowmemorykiller: Killing 'syz-executor327' (3137) (tgid 3137), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4036) because cache 34920kB is below limit 65536kB for oom_score_adj 12 Free memory is -2340kB above reserved lowmemorykiller: Killing 'syz-executor327' (3185) (tgid 3185), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4036) because cache 34720kB is below limit 65536kB for oom_score_adj 12 Free memory is 6960kB above reserved lowmemorykiller: Killing 'syz-executor327' (3194) (tgid 3194), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4045) because cache 34720kB is below limit 65536kB for oom_score_adj 12 Free memory is -13260kB above reserved lowmemorykiller: Killing 'syz-executor327' (3221) (tgid 3221), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4045) because cache 34620kB is below limit 65536kB for oom_score_adj 12 Free memory is -3860kB above reserved lowmemorykiller: Killing 'syz-executor327' (3272) (tgid 3272), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4045) because cache 34520kB is below limit 65536kB for oom_score_adj 12 Free memory is 4840kB above reserved lowmemorykiller: Killing 'syz-executor327' (3278) (tgid 3278), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4045) because cache 34520kB is below limit 65536kB for oom_score_adj 12 Free memory is 9520kB above reserved lowmemorykiller: Killing 'syz-executor327' (3287) (tgid 3287), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4057) because cache 34680kB is below limit 65536kB for oom_score_adj 12 Free memory is -13276kB above reserved lowmemorykiller: Killing 'syz-executor327' (3290) (tgid 3290), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4057) because cache 34580kB is below limit 65536kB for oom_score_adj 12 Free memory is -9376kB above reserved lowmemorykiller: Killing 'syz-executor327' (3302) (tgid 3302), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4057) because cache 34680kB is below limit 65536kB for oom_score_adj 12 Free memory is -3884kB above reserved lowmemorykiller: Killing 'syz-executor327' (3305) (tgid 3305), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4057) because cache 34680kB is below limit 65536kB for oom_score_adj 12 Free memory is -3884kB above reserved lowmemorykiller: Killing 'syz-executor327' (3314) (tgid 3314), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4057) because cache 34480kB is below limit 65536kB for oom_score_adj 12 Free memory is 12900kB above reserved lowmemorykiller: Killing 'syz-executor327' (3317) (tgid 3317), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4057) because cache 34580kB is below limit 65536kB for oom_score_adj 12 Free memory is 23000kB above reserved lowmemorykiller: Killing 'syz-executor327' (3321) (tgid 3321), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4057) because cache 34580kB is below limit 65536kB for oom_score_adj 12 Free memory is 38200kB above reserved lowmemorykiller: Killing 'syz-executor327' (3329) (tgid 3329), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4057) because cache 34380kB is below limit 65536kB for oom_score_adj 12 Free memory is 38200kB above reserved lowmemorykiller: Killing 'syz-executor327' (3332) (tgid 3332), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4057) because cache 34480kB is below limit 65536kB for oom_score_adj 12 Free memory is 48508kB above reserved lowmemorykiller: Killing 'syz-executor327' (3350) (tgid 3350), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4090) because cache 34396kB is below limit 65536kB for oom_score_adj 12 Free memory is -13364kB above reserved lowmemorykiller: Killing 'syz-executor327' (3353) (tgid 3353), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4090) because cache 34296kB is below limit 65536kB for oom_score_adj 12 Free memory is -3864kB above reserved lowmemorykiller: Killing 'syz-executor327' (3356) (tgid 3356), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4090) because cache 34296kB is below limit 65536kB for oom_score_adj 12 Free memory is 4836kB above reserved lowmemorykiller: Killing 'syz-executor327' (3359) (tgid 3359), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4090) because cache 34096kB is below limit 65536kB for oom_score_adj 12 Free memory is 4836kB above reserved lowmemorykiller: Killing 'syz-executor327' (3368) (tgid 3368), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4102) because cache 34216kB is below limit 65536kB for oom_score_adj 12 Free memory is -13316kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4102, name: syz-executor327 INFO: lockdep is turned off. Preemption disabled at: [<00000000be276d45>] spin_lock include/linux/spinlock.h:302 [inline] [<00000000be276d45>] task_lock include/linux/sched.h:3217 [inline] [<00000000be276d45>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4102 Comm: syz-executor327 Tainted: G W 4.9.177+ #9 ffff880000d67018 ffffffff81b56f41 0000000000000000 0000000000000001 ffff880000d58000 ffffffff810d0b50 ffff880000d58000 ffff880000d67050 ffffffff813ffb2c ffff880000d58000 ffffffff82a39900 0000000000000387 Call Trace: [<0000000040d76cde>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000040d76cde>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000ed214736>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<00000000590fae88>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<00000000313e3561>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c5e39e9d>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000db216ee4>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000093077aa2>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000093077aa2>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000dba610e5>] shrink_slab mm/vmscan.c:466 [inline] [<00000000dba610e5>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000676ce845>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000676ce845>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000676ce845>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000b267db91>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000b267db91>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000b267db91>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000b267db91>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000bcb0dbd4>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000bcb0dbd4>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000bcb0dbd4>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000bcb0dbd4>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000bcb0dbd4>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000bcb0dbd4>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000c3d10fed>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000f4faf615>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000007dd291b2>] do_read_fault mm/memory.c:3202 [inline] [<000000007dd291b2>] do_fault mm/memory.c:3338 [inline] [<000000007dd291b2>] handle_pte_fault mm/memory.c:3547 [inline] [<000000007dd291b2>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000007dd291b2>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fb34a256>] faultin_page mm/gup.c:386 [inline] [<00000000fb34a256>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000ca95cc96>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<00000000ce6bc7ca>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000002713312e>] mm_populate include/linux/mm.h:2052 [inline] [<000000002713312e>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001377ea9b>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001377ea9b>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<000000000a90436c>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<000000000a90436c>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000db07583c>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000f7a882a9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor327' (3374) (tgid 3374), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4102) because cache 34216kB is below limit 65536kB for oom_score_adj 12 Free memory is -13316kB above reserved lowmemorykiller: Killing 'syz-executor327' (3383) (tgid 3383), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4108) because cache 34080kB is below limit 65536kB for oom_score_adj 12 Free memory is -13348kB above reserved lowmemorykiller: Killing 'syz-executor327' (3392) (tgid 3392), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4108) because cache 33980kB is below limit 65536kB for oom_score_adj 12 Free memory is -13384kB above reserved lowmemorykiller: Killing 'syz-executor327' (3413) (tgid 3413), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4108) because cache 33880kB is below limit 65536kB for oom_score_adj 12 Free memory is -13384kB above reserved lowmemorykiller: Killing 'syz-executor327' (3416) (tgid 3416), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4117) because cache 33536kB is below limit 65536kB for oom_score_adj 12 Free memory is -13344kB above reserved lowmemorykiller: Killing 'syz-executor327' (3419) (tgid 3419), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4117) because cache 33336kB is below limit 65536kB for oom_score_adj 12 Free memory is -13396kB above reserved lowmemorykiller: Killing 'syz-executor327' (3422) (tgid 3422), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4117) because cache 33336kB is below limit 65536kB for oom_score_adj 12 Free memory is -13396kB above reserved lowmemorykiller: Killing 'syz-executor327' (3446) (tgid 3446), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4126) because cache 32884kB is below limit 65536kB for oom_score_adj 12 Free memory is -13348kB above reserved lowmemorykiller: Killing 'syz-executor327' (3464) (tgid 3464), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4126) because cache 32784kB is below limit 65536kB for oom_score_adj 12 Free memory is -13388kB above reserved lowmemorykiller: Killing 'syz-executor327' (3479) (tgid 3479), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4126) because cache 32784kB is below limit 65536kB for oom_score_adj 12 Free memory is -13088kB above reserved lowmemorykiller: Killing 'syz-executor327' (3482) (tgid 3482), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4126) because cache 32584kB is below limit 65536kB for oom_score_adj 12 Free memory is -3012kB above reserved lowmemorykiller: Killing 'syz-executor327' (3503) (tgid 3503), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4126) because cache 32584kB is below limit 65536kB for oom_score_adj 12 Free memory is 14372kB above reserved lowmemorykiller: Killing 'syz-executor327' (3506) (tgid 3506), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4141) because cache 32628kB is below limit 65536kB for oom_score_adj 12 Free memory is -13312kB above reserved lowmemorykiller: Killing 'syz-executor327' (3515) (tgid 3515), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4141) because cache 32528kB is below limit 65536kB for oom_score_adj 12 Free memory is -9236kB above reserved lowmemorykiller: Killing 'syz-executor327' (3524) (tgid 3524), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4141) because cache 32528kB is below limit 65536kB for oom_score_adj 12 Free memory is -4044kB above reserved lowmemorykiller: Killing 'syz-executor327' (3542) (tgid 3542), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4141) because cache 32428kB is below limit 65536kB for oom_score_adj 12 Free memory is 4856kB above reserved lowmemorykiller: Killing 'syz-executor327' (3551) (tgid 3551), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4153) because cache 32500kB is below limit 65536kB for oom_score_adj 12 Free memory is -13428kB above reserved lowmemorykiller: Killing 'syz-executor327' (3557) (tgid 3557), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4153) because cache 32400kB is below limit 65536kB for oom_score_adj 12 Free memory is -10328kB above reserved lowmemorykiller: Killing 'syz-executor327' (3569) (tgid 3569), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4153) because cache 32300kB is below limit 65536kB for oom_score_adj 12 Free memory is -3352kB above reserved lowmemorykiller: Killing 'syz-executor327' (3572) (tgid 3572), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4153) because cache 32400kB is below limit 65536kB for oom_score_adj 12 Free memory is 5748kB above reserved lowmemorykiller: Killing 'syz-executor327' (3584) (tgid 3584), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4153) because cache 32400kB is below limit 65536kB for oom_score_adj 12 Free memory is 13448kB above reserved lowmemorykiller: Killing 'syz-executor327' (3587) (tgid 3587), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4168) because cache 32372kB is below limit 65536kB for oom_score_adj 12 Free memory is -13452kB above reserved lowmemorykiller: Killing 'syz-executor327' (3605) (tgid 3605), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4168) because cache 32272kB is below limit 65536kB for oom_score_adj 12 Free memory is -10752kB above reserved lowmemorykiller: Killing 'syz-executor327' (3608) (tgid 3608), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4168) because cache 32172kB is below limit 65536kB for oom_score_adj 12 Free memory is -2452kB above reserved lowmemorykiller: Killing 'syz-executor327' (3620) (tgid 3620), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4168) because cache 32172kB is below limit 65536kB for oom_score_adj 12 Free memory is 4448kB above reserved lowmemorykiller: Killing 'syz-executor327' (3623) (tgid 3623), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4180) because cache 32244kB is below limit 65536kB for oom_score_adj 12 Free memory is -13340kB above reserved lowmemorykiller: Killing 'syz-executor327' (3635) (tgid 3635), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4180) because cache 32244kB is below limit 65536kB for oom_score_adj 12 Free memory is -10140kB above reserved lowmemorykiller: Killing 'syz-executor327' (3650) (tgid 3650), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4180) because cache 32144kB is below limit 65536kB for oom_score_adj 12 Free memory is -3040kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4180, name: syz-executor327 INFO: lockdep is turned off. Preemption disabled at: [<00000000be276d45>] spin_lock include/linux/spinlock.h:302 [inline] [<00000000be276d45>] task_lock include/linux/sched.h:3217 [inline] [<00000000be276d45>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4180 Comm: syz-executor327 Tainted: G W 4.9.177+ #9 ffff880000e9f018 ffffffff81b56f41 0000000000000000 0000000000000001 ffff880000e90000 ffffffff810d0b50 ffff880000e90000 ffff880000e9f050 ffffffff813ffb2c ffff880000e90000 ffffffff82a39900 0000000000000387 Call Trace: [<0000000040d76cde>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000040d76cde>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000ed214736>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<00000000590fae88>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<00000000313e3561>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c5e39e9d>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000db216ee4>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000093077aa2>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000093077aa2>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000dba610e5>] shrink_slab mm/vmscan.c:466 [inline] [<00000000dba610e5>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000676ce845>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000676ce845>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000676ce845>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000b267db91>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000b267db91>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000b267db91>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000b267db91>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000bcb0dbd4>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000bcb0dbd4>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000bcb0dbd4>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000bcb0dbd4>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000bcb0dbd4>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000bcb0dbd4>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000c3d10fed>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000f4faf615>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000007dd291b2>] do_read_fault mm/memory.c:3202 [inline] [<000000007dd291b2>] do_fault mm/memory.c:3338 [inline] [<000000007dd291b2>] handle_pte_fault mm/memory.c:3547 [inline] [<000000007dd291b2>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000007dd291b2>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fb34a256>] faultin_page mm/gup.c:386 [inline] [<00000000fb34a256>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000ca95cc96>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<00000000ce6bc7ca>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000002713312e>] mm_populate include/linux/mm.h:2052 [inline] [<000000002713312e>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001377ea9b>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001377ea9b>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<000000000a90436c>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<000000000a90436c>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000db07583c>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000f7a882a9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor327' (3656) (tgid 3656), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4180) because cache 31944kB is below limit 65536kB for oom_score_adj 12 Free memory is 360kB above reserved lowmemorykiller: Killing 'syz-executor327' (3662) (tgid 3662), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4180) because cache 31944kB is below limit 65536kB for oom_score_adj 12 Free memory is 15552kB above reserved lowmemorykiller: Killing 'syz-executor327' (3671) (tgid 3671), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4195) because cache 31992kB is below limit 65536kB for oom_score_adj 12 Free memory is -13244kB above reserved lowmemorykiller: Killing 'syz-executor327' (3674) (tgid 3674), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4195) because cache 31892kB is below limit 65536kB for oom_score_adj 12 Free memory is -13244kB above reserved lowmemorykiller: Killing 'syz-executor327' (3680) (tgid 3680), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4201) because cache 31740kB is below limit 65536kB for oom_score_adj 12 Free memory is -13296kB above reserved lowmemorykiller: Killing 'syz-executor327' (3683) (tgid 3683), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4201) because cache 31640kB is below limit 65536kB for oom_score_adj 12 Free memory is -9796kB above reserved lowmemorykiller: Killing 'syz-executor327' (3686) (tgid 3686), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4201) because cache 31640kB is below limit 65536kB for oom_score_adj 12 Free memory is -3096kB above reserved lowmemorykiller: Killing 'syz-executor327' (3689) (tgid 3689), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4201) because cache 31640kB is below limit 65536kB for oom_score_adj 12 Free memory is 5704kB above reserved lowmemorykiller: Killing 'syz-executor327' (3695) (tgid 3695), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4201) because cache 31540kB is below limit 65536kB for oom_score_adj 12 Free memory is 10504kB above reserved lowmemorykiller: Killing 'syz-executor327' (3704) (tgid 3704), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4201) because cache 31540kB is below limit 65536kB for oom_score_adj 12 Free memory is 31280kB above reserved lowmemorykiller: Killing 'syz-executor327' (3707) (tgid 3707), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4201) because cache 31540kB is below limit 65536kB for oom_score_adj 12 Free memory is 32580kB above reserved lowmemorykiller: Killing 'syz-executor327' (3710) (tgid 3710), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4201) because cache 31440kB is below limit 65536kB for oom_score_adj 12 Free memory is 48180kB above reserved lowmemorykiller: Killing 'syz-executor327' (3716) (tgid 3716), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4225) because cache 31488kB is below limit 65536kB for oom_score_adj 12 Free memory is -13360kB above reserved lowmemorykiller: Killing 'syz-executor327' (3722) (tgid 3722), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4225) because cache 31488kB is below limit 65536kB for oom_score_adj 12 Free memory is -8460kB above reserved lowmemorykiller: Killing 'syz-executor327' (3725) (tgid 3725), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4231) because cache 31188kB is below limit 65536kB for oom_score_adj 12 Free memory is -13392kB above reserved lowmemorykiller: Killing 'syz-executor327' (3728) (tgid 3728), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4231) because cache 31188kB is below limit 65536kB for oom_score_adj 12 Free memory is -9992kB above reserved lowmemorykiller: Killing 'syz-executor327' (3731) (tgid 3731), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4237) because cache 30960kB is below limit 65536kB for oom_score_adj 12 Free memory is -13372kB above reserved lowmemorykiller: Killing 'syz-executor327' (3734) (tgid 3734), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4237) because cache 30660kB is below limit 65536kB for oom_score_adj 12 Free memory is -13340kB above reserved lowmemorykiller: Killing 'syz-executor327' (3737) (tgid 3737), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4237) because cache 30660kB is below limit 65536kB for oom_score_adj 12 Free memory is -13340kB above reserved lowmemorykiller: Killing 'syz-executor327' (3740) (tgid 3740), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4237) because cache 30760kB is below limit 65536kB for oom_score_adj 12 Free memory is -2440kB above reserved lowmemorykiller: Killing 'syz-executor327' (3743) (tgid 3743), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4237) because cache 30860kB is below limit 65536kB for oom_score_adj 12 Free memory is 17844kB above reserved lowmemorykiller: Killing 'syz-executor327' (3746) (tgid 3746), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4237) because cache 30760kB is below limit 65536kB for oom_score_adj 12 Free memory is 31068kB above reserved lowmemorykiller: Killing 'syz-executor327' (3752) (tgid 3752), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4237) because cache 30660kB is below limit 65536kB for oom_score_adj 12 Free memory is 41060kB above reserved lowmemorykiller: Killing 'syz-executor327' (3755) (tgid 3755), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4258) because cache 30556kB is below limit 65536kB for oom_score_adj 12 Free memory is -13284kB above reserved lowmemorykiller: Killing 'syz-executor327' (3758) (tgid 3758), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4258) because cache 30256kB is below limit 65536kB for oom_score_adj 12 Free memory is -13252kB above reserved lowmemorykiller: Killing 'syz-executor327' (3767) (tgid 3767), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4258) because cache 30356kB is below limit 65536kB for oom_score_adj 12 Free memory is -652kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4258, name: syz-executor327 INFO: lockdep is turned off. Preemption disabled at: [<00000000be276d45>] spin_lock include/linux/spinlock.h:302 [inline] [<00000000be276d45>] task_lock include/linux/sched.h:3217 [inline] [<00000000be276d45>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 1 PID: 4258 Comm: syz-executor327 Tainted: G W 4.9.177+ #9 ffff8801d10ff018 ffffffff81b56f41 0000000000000000 0000000000000001 ffff8801c5b95f00 ffffffff810d0b50 ffff8801c5b95f00 ffff8801d10ff050 ffffffff813ffb2c ffff8801c5b95f00 ffffffff82a39900 0000000000000387 Call Trace: [<0000000040d76cde>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000040d76cde>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000ed214736>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<00000000590fae88>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<00000000313e3561>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c5e39e9d>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000db216ee4>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000093077aa2>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000093077aa2>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000dba610e5>] shrink_slab mm/vmscan.c:466 [inline] [<00000000dba610e5>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000676ce845>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000676ce845>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000676ce845>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000b267db91>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000b267db91>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000b267db91>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000b267db91>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000bcb0dbd4>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000bcb0dbd4>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000bcb0dbd4>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000bcb0dbd4>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000bcb0dbd4>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000bcb0dbd4>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000c3d10fed>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000f4faf615>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000007dd291b2>] do_read_fault mm/memory.c:3202 [inline] [<000000007dd291b2>] do_fault mm/memory.c:3338 [inline] [<000000007dd291b2>] handle_pte_fault mm/memory.c:3547 [inline] [<000000007dd291b2>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000007dd291b2>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fb34a256>] faultin_page mm/gup.c:386 [inline] [<00000000fb34a256>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000ca95cc96>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<00000000ce6bc7ca>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000002713312e>] mm_populate include/linux/mm.h:2052 [inline] [<000000002713312e>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001377ea9b>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001377ea9b>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<000000000a90436c>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<000000000a90436c>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000db07583c>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000f7a882a9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor327' (3773) (tgid 3773), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4258) because cache 30356kB is below limit 65536kB for oom_score_adj 12 Free memory is 3548kB above reserved lowmemorykiller: Killing 'syz-executor327' (3776) (tgid 3776), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4270) because cache 30156kB is below limit 65536kB for oom_score_adj 12 Free memory is -13324kB above reserved lowmemorykiller: Killing 'syz-executor327' (3785) (tgid 3785), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4270) because cache 30156kB is below limit 65536kB for oom_score_adj 12 Free memory is -6424kB above reserved lowmemorykiller: Killing 'syz-executor327' (3791) (tgid 3791), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4276) because cache 29940kB is below limit 65536kB for oom_score_adj 12 Free memory is -13344kB above reserved lowmemorykiller: Killing 'syz-executor327' (3797) (tgid 3797), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4276) because cache 29940kB is below limit 65536kB for oom_score_adj 12 Free memory is -2944kB above reserved lowmemorykiller: Killing 'syz-executor327' (3800) (tgid 3800), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4282) because cache 29596kB is below limit 65536kB for oom_score_adj 12 Free memory is -13276kB above reserved lowmemorykiller: Killing 'syz-executor327' (3803) (tgid 3803), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4282) because cache 29596kB is below limit 65536kB for oom_score_adj 12 Free memory is -13276kB above reserved lowmemorykiller: Killing 'syz-executor327' (3809) (tgid 3809), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4288) because cache 29272kB is below limit 65536kB for oom_score_adj 12 Free memory is -13328kB above reserved lowmemorykiller: Killing 'syz-executor327' (3812) (tgid 3812), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4288) because cache 29272kB is below limit 65536kB for oom_score_adj 12 Free memory is -4940kB above reserved lowmemorykiller: Killing 'syz-executor327' (3815) (tgid 3815), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4294) because cache 29060kB is below limit 65536kB for oom_score_adj 12 Free memory is -13356kB above reserved lowmemorykiller: Killing 'syz-executor327' (3818) (tgid 3818), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4294) because cache 29060kB is below limit 65536kB for oom_score_adj 12 Free memory is -7456kB above reserved lowmemorykiller: Killing 'syz-executor327' (3824) (tgid 3824), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4294) because cache 29060kB is below limit 65536kB for oom_score_adj 12 Free memory is 1244kB above reserved lowmemorykiller: Killing 'syz-executor327' (3830) (tgid 3830), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4294) because cache 28960kB is below limit 65536kB for oom_score_adj 12 Free memory is 2844kB above reserved lowmemorykiller: Killing 'syz-executor327' (3833) (tgid 3833), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4294) because cache 28960kB is below limit 65536kB for oom_score_adj 12 Free memory is 14844kB above reserved lowmemorykiller: Killing 'syz-executor327' (3836) (tgid 3836), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4294) because cache 28860kB is below limit 65536kB for oom_score_adj 12 Free memory is 30908kB above reserved lowmemorykiller: Killing 'syz-executor327' (3839) (tgid 3839), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4294) because cache 28860kB is below limit 65536kB for oom_score_adj 12 Free memory is 40508kB above reserved lowmemorykiller: Killing 'syz-executor327' (3842) (tgid 3842), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4294) because cache 28860kB is below limit 65536kB for oom_score_adj 12 Free memory is 40508kB above reserved lowmemorykiller: Killing 'syz-executor327' (3860) (tgid 3860), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4294) because cache 28860kB is below limit 65536kB for oom_score_adj 12 Free memory is 44908kB above reserved lowmemorykiller: Killing 'syz-executor327' (3863) (tgid 3863), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4321) because cache 28844kB is below limit 65536kB for oom_score_adj 12 Free memory is -13356kB above reserved lowmemorykiller: Killing 'syz-executor327' (3869) (tgid 3869), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4321) because cache 28544kB is below limit 65536kB for oom_score_adj 12 Free memory is -13288kB above reserved lowmemorykiller: Killing 'syz-executor327' (3872) (tgid 3872), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4321) because cache 28644kB is below limit 65536kB for oom_score_adj 12 Free memory is -2112kB above reserved lowmemorykiller: Killing 'syz-executor327' (3878) (tgid 3878), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4321) because cache 28644kB is below limit 65536kB for oom_score_adj 12 Free memory is -812kB above reserved lowmemorykiller: Killing 'syz-executor327' (3881) (tgid 3881), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4321) because cache 28644kB is below limit 65536kB for oom_score_adj 12 Free memory is 15376kB above reserved lowmemorykiller: Killing 'syz-executor327' (3893) (tgid 3893), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4321) because cache 28544kB is below limit 65536kB for oom_score_adj 12 Free memory is 16676kB above reserved lowmemorykiller: Killing 'syz-executor327' (3896) (tgid 3896), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4321) because cache 28544kB is below limit 65536kB for oom_score_adj 12 Free memory is 31952kB above reserved lowmemorykiller: Killing 'syz-executor327' (3899) (tgid 3899), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4321) because cache 28644kB is below limit 65536kB for oom_score_adj 12 Free memory is 33352kB above reserved lowmemorykiller: Killing 'syz-executor327' (3902) (tgid 3902), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4321) because cache 28544kB is below limit 65536kB for oom_score_adj 12 Free memory is 38448kB above reserved lowmemorykiller: Killing 'syz-executor327' (3911) (tgid 3911), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4321) because cache 28544kB is below limit 65536kB for oom_score_adj 12 Free memory is 43948kB above reserved lowmemorykiller: Killing 'syz-executor327' (3914) (tgid 3914), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4321) because cache 28444kB is below limit 65536kB for oom_score_adj 12 Free memory is 62648kB above reserved lowmemorykiller: Killing 'syz-executor327' (3920) (tgid 3920), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4354) because cache 28408kB is below limit 65536kB for oom_score_adj 12 Free memory is -13320kB above reserved lowmemorykiller: Killing 'syz-executor327' (3926) (tgid 3926), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4354) because cache 28408kB is below limit 65536kB for oom_score_adj 12 Free memory is -10520kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4354, name: syz-executor327 INFO: lockdep is turned off. Preemption disabled at: [<00000000be276d45>] spin_lock include/linux/spinlock.h:302 [inline] [<00000000be276d45>] task_lock include/linux/sched.h:3217 [inline] [<00000000be276d45>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4354 Comm: syz-executor327 Tainted: G W 4.9.177+ #9 ffff8801cc887018 ffffffff81b56f41 0000000000000000 0000000000000001 ffff8801518997c0 ffffffff810d0b50 ffff8801518997c0 ffff8801cc887050 ffffffff813ffb2c ffff8801518997c0 ffffffff82a39900 0000000000000387 Call Trace: [<0000000040d76cde>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000040d76cde>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000ed214736>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<00000000590fae88>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<00000000313e3561>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c5e39e9d>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000db216ee4>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000093077aa2>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000093077aa2>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000dba610e5>] shrink_slab mm/vmscan.c:466 [inline] [<00000000dba610e5>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000676ce845>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000676ce845>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000676ce845>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000b267db91>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000b267db91>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000b267db91>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000b267db91>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000bcb0dbd4>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000bcb0dbd4>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000bcb0dbd4>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000bcb0dbd4>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000bcb0dbd4>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000bcb0dbd4>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000c3d10fed>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000f4faf615>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000007dd291b2>] do_read_fault mm/memory.c:3202 [inline] [<000000007dd291b2>] do_fault mm/memory.c:3338 [inline] [<000000007dd291b2>] handle_pte_fault mm/memory.c:3547 [inline] [<000000007dd291b2>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000007dd291b2>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fb34a256>] faultin_page mm/gup.c:386 [inline] [<00000000fb34a256>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000ca95cc96>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<00000000ce6bc7ca>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000002713312e>] mm_populate include/linux/mm.h:2052 [inline] [<000000002713312e>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001377ea9b>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001377ea9b>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<000000000a90436c>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<000000000a90436c>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000db07583c>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000f7a882a9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor327' (3929) (tgid 3929), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4354) because cache 28408kB is below limit 65536kB for oom_score_adj 12 Free memory is -2828kB above reserved lowmemorykiller: Killing 'syz-executor327' (3941) (tgid 3941), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4363) because cache 28208kB is below limit 65536kB for oom_score_adj 12 Free memory is -13284kB above reserved lowmemorykiller: Killing 'syz-executor327' (3947) (tgid 3947), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4363) because cache 28008kB is below limit 65536kB for oom_score_adj 12 Free memory is -13372kB above reserved lowmemorykiller: Killing 'syz-executor327' (3953) (tgid 3953), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4363) because cache 28008kB is below limit 65536kB for oom_score_adj 12 Free memory is -13372kB above reserved lowmemorykiller: Killing 'syz-executor327' (3956) (tgid 3956), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4363) because cache 28008kB is below limit 65536kB for oom_score_adj 12 Free memory is -7396kB above reserved lowmemorykiller: Killing 'syz-executor327' (3959) (tgid 3959), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4363) because cache 28008kB is below limit 65536kB for oom_score_adj 12 Free memory is -4496kB above reserved lowmemorykiller: Killing 'syz-executor327' (3965) (tgid 3965), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4363) because cache 28008kB is below limit 65536kB for oom_score_adj 12 Free memory is 7396kB above reserved lowmemorykiller: Killing 'syz-executor327' (3968) (tgid 3968), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4363) because cache 28008kB is below limit 65536kB for oom_score_adj 12 Free memory is 8696kB above reserved lowmemorykiller: Killing 'syz-executor327' (3971) (tgid 3971), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4363) because cache 28008kB is below limit 65536kB for oom_score_adj 12 Free memory is 11276kB above reserved lowmemorykiller: Killing 'syz-executor327' (3974) (tgid 3974), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4363) because cache 27808kB is below limit 65536kB for oom_score_adj 12 Free memory is 27376kB above reserved lowmemorykiller: Killing 'syz-executor327' (3983) (tgid 3983), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4363) because cache 27808kB is below limit 65536kB for oom_score_adj 12 Free memory is 56676kB above reserved lowmemorykiller: Killing 'syz-executor327' (3989) (tgid 3989), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4393) because cache 27808kB is below limit 65536kB for oom_score_adj 12 Free memory is -13260kB above reserved lowmemorykiller: Killing 'syz-executor327' (3995) (tgid 3995), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4393) because cache 27808kB is below limit 65536kB for oom_score_adj 12 Free memory is -10960kB above reserved lowmemorykiller: Killing 'syz-executor327' (3998) (tgid 3998), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4393) because cache 27808kB is below limit 65536kB for oom_score_adj 12 Free memory is -4160kB above reserved lowmemorykiller: Killing 'syz-executor327' (4007) (tgid 4007), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4393) because cache 27708kB is below limit 65536kB for oom_score_adj 12 Free memory is 2140kB above reserved lowmemorykiller: Killing 'syz-executor327' (4010) (tgid 4010), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4393) because cache 27608kB is below limit 65536kB for oom_score_adj 12 Free memory is 5040kB above reserved lowmemorykiller: Killing 'syz-executor327' (4013) (tgid 4013), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4393) because cache 27608kB is below limit 65536kB for oom_score_adj 12 Free memory is 11240kB above reserved lowmemorykiller: Killing 'syz-executor327' (4019) (tgid 4019), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4393) because cache 27608kB is below limit 65536kB for oom_score_adj 12 Free memory is 20540kB above reserved lowmemorykiller: Killing 'syz-executor327' (4022) (tgid 4022), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4393) because cache 27608kB is below limit 65536kB for oom_score_adj 12 Free memory is 21940kB above reserved lowmemorykiller: Killing 'syz-executor327' (4025) (tgid 4025), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4393) because cache 27608kB is below limit 65536kB for oom_score_adj 12 Free memory is 36956kB above reserved lowmemorykiller: Killing 'syz-executor327' (4028) (tgid 4028), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4393) because cache 27608kB is below limit 65536kB for oom_score_adj 12 Free memory is 51156kB above reserved lowmemorykiller: Killing 'syz-executor327' (4031) (tgid 4031), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4423) because cache 27608kB is below limit 65536kB for oom_score_adj 12 Free memory is -13312kB above reserved lowmemorykiller: Killing 'syz-executor327' (4034) (tgid 4034), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4423) because cache 27608kB is below limit 65536kB for oom_score_adj 12 Free memory is -8520kB above reserved lowmemorykiller: Killing 'syz-executor327' (4037) (tgid 4037), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4429) because cache 27408kB is below limit 65536kB for oom_score_adj 12 Free memory is -13312kB above reserved lowmemorykiller: Killing 'syz-executor327' (4040) (tgid 4040), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4432) because cache 27212kB is below limit 65536kB for oom_score_adj 12 Free memory is -13324kB above reserved lowmemorykiller: Killing 'syz-executor327' (4043) (tgid 4043), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4432) because cache 27212kB is below limit 65536kB for oom_score_adj 12 Free memory is -2924kB above reserved lowmemorykiller: Killing 'syz-executor327' (4046) (tgid 4046), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4432) because cache 27212kB is below limit 65536kB for oom_score_adj 12 Free memory is 5468kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4432, name: syz-executor327 INFO: lockdep is turned off. Preemption disabled at: [<00000000be276d45>] spin_lock include/linux/spinlock.h:302 [inline] [<00000000be276d45>] task_lock include/linux/sched.h:3217 [inline] [<00000000be276d45>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4432 Comm: syz-executor327 Tainted: G W 4.9.177+ #9 ffff8800133ef018 ffffffff81b56f41 0000000000000000 0000000000000001 ffff880000f9df00 ffffffff810d0b50 ffff880000f9df00 ffff8800133ef050 ffffffff813ffb2c ffff880000f9df00 ffffffff82a39900 0000000000000387 Call Trace: [<0000000040d76cde>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000040d76cde>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000ed214736>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<00000000590fae88>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<00000000313e3561>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c5e39e9d>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000db216ee4>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000093077aa2>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000093077aa2>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000dba610e5>] shrink_slab mm/vmscan.c:466 [inline] [<00000000dba610e5>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000676ce845>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000676ce845>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000676ce845>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000b267db91>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000b267db91>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000b267db91>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000b267db91>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000bcb0dbd4>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000bcb0dbd4>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000bcb0dbd4>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000bcb0dbd4>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000bcb0dbd4>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000bcb0dbd4>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000c3d10fed>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000f4faf615>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000007dd291b2>] do_read_fault mm/memory.c:3202 [inline] [<000000007dd291b2>] do_fault mm/memory.c:3338 [inline] [<000000007dd291b2>] handle_pte_fault mm/memory.c:3547 [inline] [<000000007dd291b2>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000007dd291b2>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fb34a256>] faultin_page mm/gup.c:386 [inline] [<00000000fb34a256>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000ca95cc96>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<00000000ce6bc7ca>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000002713312e>] mm_populate include/linux/mm.h:2052 [inline] [<000000002713312e>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001377ea9b>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001377ea9b>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<000000000a90436c>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<000000000a90436c>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000db07583c>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000f7a882a9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor327' (4049) (tgid 4049), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4441) because cache 27012kB is below limit 65536kB for oom_score_adj 12 Free memory is -13292kB above reserved lowmemorykiller: Killing 'syz-executor327' (4052) (tgid 4052), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4441) because cache 27012kB is below limit 65536kB for oom_score_adj 12 Free memory is -2292kB above reserved lowmemorykiller: Killing 'syz-executor327' (4055) (tgid 4055), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4441) because cache 27012kB is below limit 65536kB for oom_score_adj 12 Free memory is 4808kB above reserved lowmemorykiller: Killing 'syz-executor327' (4058) (tgid 4058), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4450) because cache 26816kB is below limit 65536kB for oom_score_adj 12 Free memory is -13352kB above reserved lowmemorykiller: Killing 'syz-executor327' (4061) (tgid 4061), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4450) because cache 26616kB is below limit 65536kB for oom_score_adj 12 Free memory is -13292kB above reserved lowmemorykiller: Killing 'syz-executor327' (4064) (tgid 4064), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4450) because cache 26616kB is below limit 65536kB for oom_score_adj 12 Free memory is 5020kB above reserved lowmemorykiller: Killing 'syz-executor327' (4067) (tgid 4067), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4459) because cache 26432kB is below limit 65536kB for oom_score_adj 12 Free memory is -13256kB above reserved lowmemorykiller: Killing 'syz-executor327' (4070) (tgid 4070), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4459) because cache 26432kB is below limit 65536kB for oom_score_adj 12 Free memory is -10580kB above reserved lowmemorykiller: Killing 'syz-executor327' (4073) (tgid 4073), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4459) because cache 26432kB is below limit 65536kB for oom_score_adj 12 Free memory is -2180kB above reserved lowmemorykiller: Killing 'syz-executor327' (4078) (tgid 4078), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4468) because cache 26236kB is below limit 65536kB for oom_score_adj 12 Free memory is -13436kB above reserved lowmemorykiller: Killing 'syz-executor327' (4082) (tgid 4082), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4468) because cache 26236kB is below limit 65536kB for oom_score_adj 12 Free memory is -6936kB above reserved lowmemorykiller: Killing 'syz-executor327' (4088) (tgid 4088), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4468) because cache 26236kB is below limit 65536kB for oom_score_adj 12 Free memory is 1564kB above reserved lowmemorykiller: Killing 'syz-executor327' (4091) (tgid 4091), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4477) because cache 26060kB is below limit 65536kB for oom_score_adj 12 Free memory is -13536kB above reserved lowmemorykiller: Killing 'syz-executor327' (4094) (tgid 4094), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4477) because cache 25860kB is below limit 65536kB for oom_score_adj 12 Free memory is -13268kB above reserved lowmemorykiller: Killing 'syz-executor327' (4097) (tgid 4097), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4477) because cache 25860kB is below limit 65536kB for oom_score_adj 12 Free memory is 3808kB above reserved lowmemorykiller: Killing 'syz-executor327' (4100) (tgid 4100), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4486) because cache 25684kB is below limit 65536kB for oom_score_adj 12 Free memory is -13392kB above reserved lowmemorykiller: Killing 'syz-executor327' (4103) (tgid 4103), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4486) because cache 25584kB is below limit 65536kB for oom_score_adj 12 Free memory is -13392kB above reserved lowmemorykiller: Killing 'syz-executor327' (4106) (tgid 4106), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4492) because cache 25312kB is below limit 65536kB for oom_score_adj 12 Free memory is -13404kB above reserved lowmemorykiller: Killing 'syz-executor327' (4109) (tgid 4109), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4492) because cache 25312kB is below limit 65536kB for oom_score_adj 12 Free memory is -10604kB above reserved lowmemorykiller: Killing 'syz-executor327' (4112) (tgid 4112), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4492) because cache 25312kB is below limit 65536kB for oom_score_adj 12 Free memory is -9004kB above reserved lowmemorykiller: Killing 'syz-executor327' (4115) (tgid 4115), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4492) because cache 25312kB is below limit 65536kB for oom_score_adj 12 Free memory is 5272kB above reserved lowmemorykiller: Killing 'syz-executor327' (4118) (tgid 4118), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4492) because cache 25212kB is below limit 65536kB for oom_score_adj 12 Free memory is 9372kB above reserved lowmemorykiller: Killing 'syz-executor327' (4121) (tgid 4121), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4492) because cache 25212kB is below limit 65536kB for oom_score_adj 12 Free memory is 9372kB above reserved lowmemorykiller: Killing 'syz-executor327' (4124) (tgid 4124), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4492) because cache 25112kB is below limit 65536kB for oom_score_adj 12 Free memory is 35272kB above reserved lowmemorykiller: Killing 'syz-executor327' (4127) (tgid 4127), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4492) because cache 25112kB is below limit 65536kB for oom_score_adj 12 Free memory is 36672kB above reserved lowmemorykiller: Killing 'syz-executor327' (4130) (tgid 4130), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4492) because cache 25112kB is below limit 65536kB for oom_score_adj 12 Free memory is 50972kB above reserved lowmemorykiller: Killing 'syz-executor327' (4133) (tgid 4133), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4492) because cache 25112kB is below limit 65536kB for oom_score_adj 12 Free memory is 62872kB above reserved lowmemorykiller: Killing 'syz-executor327' (4136) (tgid 4136), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4522) because cache 25128kB is below limit 65536kB for oom_score_adj 12 Free memory is -13396kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4522, name: syz-executor327 INFO: lockdep is turned off. Preemption disabled at: [<00000000be276d45>] spin_lock include/linux/spinlock.h:302 [inline] [<00000000be276d45>] task_lock include/linux/sched.h:3217 [inline] [<00000000be276d45>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4522 Comm: syz-executor327 Tainted: G W 4.9.177+ #9 ffff880085167018 ffffffff81b56f41 0000000000000000 0000000000000001 ffff880085158000 ffffffff810d0b50 ffff880085158000 ffff880085167050 ffffffff813ffb2c ffff880085158000 ffffffff82a39900 0000000000000387 Call Trace: [<0000000040d76cde>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000040d76cde>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000ed214736>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<00000000590fae88>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<00000000313e3561>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000c5e39e9d>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000db216ee4>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<0000000093077aa2>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000093077aa2>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000dba610e5>] shrink_slab mm/vmscan.c:466 [inline] [<00000000dba610e5>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000676ce845>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000676ce845>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000676ce845>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000b267db91>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000b267db91>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000b267db91>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000b267db91>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000bcb0dbd4>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000bcb0dbd4>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000bcb0dbd4>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000bcb0dbd4>] shmem_alloc_page mm/shmem.c:1437 [inline] [<00000000bcb0dbd4>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<00000000bcb0dbd4>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000c3d10fed>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000f4faf615>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000007dd291b2>] do_read_fault mm/memory.c:3202 [inline] [<000000007dd291b2>] do_fault mm/memory.c:3338 [inline] [<000000007dd291b2>] handle_pte_fault mm/memory.c:3547 [inline] [<000000007dd291b2>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000007dd291b2>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000fb34a256>] faultin_page mm/gup.c:386 [inline] [<00000000fb34a256>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000ca95cc96>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<00000000ce6bc7ca>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000002713312e>] mm_populate include/linux/mm.h:2052 [inline] [<000000002713312e>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001377ea9b>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001377ea9b>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<000000000a90436c>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<000000000a90436c>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000db07583c>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000f7a882a9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor327' (4139) (tgid 4139), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4522) because cache 24928kB is below limit 65536kB for oom_score_adj 12 Free memory is -13348kB above reserved lowmemorykiller: Killing 'syz-executor327' (4142) (tgid 4142), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4522) because cache 24928kB is below limit 65536kB for oom_score_adj 12 Free memory is -12848kB above reserved lowmemorykiller: Killing 'syz-executor327' (4145) (tgid 4145), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4522) because cache 24928kB is below limit 65536kB for oom_score_adj 12 Free memory is 4628kB above reserved lowmemorykiller: Killing 'syz-executor327' (4148) (tgid 4148), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4522) because cache 24928kB is below limit 65536kB for oom_score_adj 12 Free memory is 6228kB above reserved lowmemorykiller: Killing 'syz-executor327' (4151) (tgid 4151), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4537) because cache 24760kB is below limit 65536kB for oom_score_adj 12 Free memory is -13324kB above reserved lowmemorykiller: Killing 'syz-executor327' (4154) (tgid 4154), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4537) because cache 24760kB is below limit 65536kB for oom_score_adj 12 Free memory is -4724kB above reserved lowmemorykiller: Killing 'syz-executor327' (4157) (tgid 4157), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4537) because cache 24560kB is below limit 65536kB for oom_score_adj 12 Free memory is -4724kB above reserved lowmemorykiller: Killing 'syz-executor327' (4160) (tgid 4160), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4546) because cache 24576kB is below limit 65536kB for oom_score_adj 12 Free memory is -13316kB above reserved lowmemorykiller: Killing 'syz-executor327' (4163) (tgid 4163), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4546) because cache 24376kB is below limit 65536kB for oom_score_adj 12 Free memory is -13388kB above reserved lowmemorykiller: Killing 'syz-executor327' (4166) (tgid 4166), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4546) because cache 24376kB is below limit 65536kB for oom_score_adj 12 Free memory is -13288kB above reserved lowmemorykiller: Killing 'syz-executor327' (4169) (tgid 4169), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4546) because cache 24476kB is below limit 65536kB for oom_score_adj 12 Free memory is -4564kB above reserved lowmemorykiller: Killing 'syz-executor327' (4172) (tgid 4172), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4546) because cache 24376kB is below limit 65536kB for oom_score_adj 12 Free memory is 12832kB above reserved lowmemorykiller: Killing 'syz-executor327' (4175) (tgid 4175), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4546) because cache 24376kB is below limit 65536kB for oom_score_adj 12 Free memory is 34432kB above reserved lowmemorykiller: Killing 'syz-executor327' (4178) (tgid 4178), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4546) because cache 24376kB is below limit 65536kB for oom_score_adj 12 Free memory is 43732kB above reserved lowmemorykiller: Killing 'syz-executor327' (4181) (tgid 4181), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4546) because cache 24376kB is below limit 65536kB for oom_score_adj 12 Free memory is 53716kB above reserved lowmemorykiller: Killing 'syz-executor327' (4184) (tgid 4184), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4570) because cache 24224kB is below limit 65536kB for oom_score_adj 12 Free memory is -13428kB above reserved lowmemorykiller: Killing 'syz-executor327' (4187) (tgid 4187), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4570) because cache 24024kB is below limit 65536kB for oom_score_adj 12 Free memory is -13268kB above reserved lowmemorykiller: Killing 'syz-executor327' (4190) (tgid 4190), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4570) because cache 24024kB is below limit 65536kB for oom_score_adj 12 Free memory is -13268kB above reserved lowmemorykiller: Killing 'syz-executor327' (4193) (tgid 4193), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4570) because cache 24024kB is below limit 65536kB for oom_score_adj 12 Free memory is -5892kB above reserved lowmemorykiller: Killing 'syz-executor327' (4196) (tgid 4196), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4570) because cache 24024kB is below limit 65536kB for oom_score_adj 12 Free memory is -4592kB above reserved lowmemorykiller: Killing 'syz-executor327' (4199) (tgid 4199), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4570) because cache 23824kB is below limit 65536kB for oom_score_adj 12 Free memory is 4208kB above reserved lowmemorykiller: Killing 'syz-executor327' (4202) (tgid 4202), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4588) because cache 23824kB is below limit 65536kB for oom_score_adj 12 Free memory is -13280kB above reserved lowmemorykiller: Killing 'syz-executor327' (4205) (tgid 4205), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4588) because cache 23924kB is below limit 65536kB for oom_score_adj 12 Free memory is -2380kB above reserved lowmemorykiller: Killing 'syz-executor327' (4208) (tgid 4208), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4588) because cache 23824kB is below limit 65536kB for oom_score_adj 12 Free memory is -2380kB above reserved lowmemorykiller: Killing 'syz-executor327' (4211) (tgid 4211), adj 1000, to free 12176kB on behalf of 'syz-executor327' (4597) because