to free 42056kB on behalf of 'syz-executor.1' (4273) because cache 63648kB is below limit 65536kB for oom_score_adj 12 Free memory is -12816kB above reserved ================================= [ INFO: inconsistent lock state ] 4.9.194+ #0 Not tainted --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-R} usage. syz-executor.1/4273 [HC0[0]:SC0[0]:HE1:SE1] takes: (&mm->mmap_sem){+++++?}, at: [<000000003026eb69>] get_cmdline+0xa3/0x2d0 mm/util.c:641 mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897 __alloc_pages_nodemask+0x143/0x1a80 mm/page_alloc.c:3803 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_pages_node include/linux/gfp.h:460 [inline] pmd_alloc_one arch/x86/include/asm/pgalloc.h:88 [inline] __pmd_alloc+0x4a/0x330 mm/memory.c:3742 pmd_alloc include/linux/mm.h:1625 [inline] alloc_new_pmd mm/mremap.c:64 [inline] move_page_tables+0xadb/0xd60 mm/mremap.c:212 shift_arg_pages+0x1ae/0x470 fs/exec.c:642 setup_arg_pages+0x60d/0x7c0 fs/exec.c:754 load_elf_binary+0xa84/0x4a90 fs/binfmt_elf.c:860 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 irq event stamp: 464787 hardirqs last enabled at (464787): [<0000000028e38425>] vprintk_emit+0x25c/0x6f0 kernel/printk/printk.c:1897 hardirqs last disabled at (464786): [<0000000066568e9e>] vprintk_emit+0x6d/0x6f0 kernel/printk/printk.c:1801 softirqs last enabled at (459224): [<000000008b501c21>] __do_softirq+0x474/0x964 kernel/softirq.c:314 softirqs last disabled at (459217): [<000000000ecd1b87>] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (459217): [<000000000ecd1b87>] irq_exit+0x119/0x160 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&mm->mmap_sem); lock(&mm->mmap_sem); *** DEADLOCK *** 1 lock held by syz-executor.1/4273: #0: (shrinker_rwsem){++++..}, at: [<00000000475be59a>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 stack backtrace: CPU: 0 PID: 4273 Comm: syz-executor.1 Not tainted 4.9.194+ #0 ffff88018ad5f060 ffffffff81b67001 00000000000000f0 ffff8801aa1d17c0 ffffffff83cb0990 ffff8801aa1d20b8 ffffffff84252000 ffff88018ad5f0d8 ffffffff81408710 0000000000000000 ffffffff00000001 0000000000000001 Call Trace: [<00000000eea1743b>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000eea1743b>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000c953c805>] print_usage_bug kernel/locking/lockdep.c:2387 [inline] [<00000000c953c805>] print_usage_bug.cold+0x452/0x5a2 kernel/locking/lockdep.c:2354 [<00000000ced7beac>] valid_state kernel/locking/lockdep.c:2400 [inline] [<00000000ced7beac>] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [<00000000ced7beac>] mark_lock+0x6c7/0x12e0 kernel/locking/lockdep.c:3065 [<000000002ff947ef>] mark_irqflags kernel/locking/lockdep.c:2958 [inline] [<000000002ff947ef>] __lock_acquire+0x5be/0x4390 kernel/locking/lockdep.c:3302 [<000000000349db73>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<000000006d1b8bb3>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<000000003026eb69>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<00000000c9100341>] handle_lmk_event+0x169/0x920 drivers/staging/android/lowmemorykiller.c:116 [<0000000081b86fe6>] lowmem_scan+0x6f3/0xb70 drivers/staging/android/lowmemorykiller.c:354 [<0000000091eab47c>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000091eab47c>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<000000002adce79c>] shrink_slab mm/vmscan.c:466 [inline] [<000000002adce79c>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000003987a24>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000003987a24>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000003987a24>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000053f5ad57>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000053f5ad57>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000053f5ad57>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000053f5ad57>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000377aff71>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000377aff71>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000377aff71>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000377aff71>] __vmalloc_area_node mm/vmalloc.c:1648 [inline] [<00000000377aff71>] __vmalloc_node_range+0x25b/0x610 mm/vmalloc.c:1706 [<00000000edf1351d>] __vmalloc_node mm/vmalloc.c:1755 [inline] [<00000000edf1351d>] __vmalloc_node_flags mm/vmalloc.c:1769 [inline] [<00000000edf1351d>] vmalloc+0x5c/0x70 mm/vmalloc.c:1784 [<0000000040dce314>] xt_alloc_table_info+0xc8/0x100 net/netfilter/x_tables.c:997 [<0000000071c32b54>] do_replace net/ipv6/netfilter/ip6_tables.c:1175 [inline] [<0000000071c32b54>] do_ip6t_set_ctl+0x231/0x480 net/ipv6/netfilter/ip6_tables.c:1712 [<00000000367277e3>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [<00000000367277e3>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [<00000000067af9b1>] ipv6_setsockopt net/ipv6/ipv6_sockglue.c:922 [inline] [<00000000067af9b1>] ipv6_setsockopt+0x10b/0x140 net/ipv6/ipv6_sockglue.c:906 [<0000000027fcb378>] tcp_setsockopt net/ipv4/tcp.c:2759 [inline] [<0000000027fcb378>] tcp_setsockopt+0x8a/0xe0 net/ipv4/tcp.c:2753 [<0000000010170e80>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2710 [<0000000092ebbb49>] SYSC_setsockopt net/socket.c:1786 [inline] [<0000000092ebbb49>] SyS_setsockopt+0x159/0x240 net/socket.c:1765 [<000000004d3d24be>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000c4c11ab0>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor.1' (32523) (tgid 32523), adj 1000, to free 51392kB on behalf of 'syz-executor.1' (4277) because cache 64448kB is below limit 65536kB for oom_score_adj 12 Free memory is -13016kB above reserved lowmemorykiller: Killing 'syz-executor.3' (4186) (tgid 4186), adj 1000, to free 40892kB on behalf of 'syz-executor.1' (4270) because cache 61048kB is below limit 65536kB for oom_score_adj 12 Free memory is -13132kB above reserved lowmemorykiller: Killing 'syz-executor.3' (4155) (tgid 4155), adj 1000, to free 40652kB on behalf of 'syz-executor.1' (4270) because cache 60848kB is below limit 65536kB for oom_score_adj 12 Free memory is -7348kB above reserved lowmemorykiller: Killing 'syz-executor.2' (4236) (tgid 4236), adj 1000, to free 40600kB on behalf of 'kswapd0' (33) because cache 61548kB is below limit 65536kB for oom_score_adj 12 Free memory is -2180kB above reserved lowmemorykiller: Killing 'syz-executor.3' (4174) (tgid 4174), adj 1000, to free 39100kB on behalf of 'kswapd0' (33) because cache 60848kB is below limit 65536kB for oom_score_adj 12 Free memory is 1756kB above reserved lowmemorykiller: Killing 'syz-executor.1' (3453) (tgid 3453), adj 1000, to free 37760kB on behalf of 'kswapd0' (33) because cache 60648kB is below limit 65536kB for oom_score_adj 12 Free memory is 796kB above reserved lowmemorykiller: Killing 'syz-executor.4' (3598) (tgid 3598), adj 1000, to free 36008kB on behalf of 'syz-executor.1' (4281) because cache 59848kB is below limit 65536kB for oom_score_adj 12 Free memory is -12992kB above reserved lowmemorykiller: Killing 'syz-executor.1' (32500) (tgid 32500), adj 1000, to free 37864kB on behalf of 'syz-executor.1' (4262) because cache 60648kB is below limit 65536kB for oom_score_adj 12 Free memory is 2324kB above reserved lowmemorykiller: Killing 'syz-executor.3' (4293) (tgid 4293), adj 1000, to free 35964kB on behalf of 'syz-executor.1' (4262) because cache 59348kB is below limit 65536kB for oom_score_adj 12 Free memory is -13160kB above reserved lowmemorykiller: Killing 'syz-executor.1' (26277) (tgid 26277), adj 1000, to free 37100kB on behalf of 'kswapd0' (33) because cache 60048kB is below limit 65536kB for oom_score_adj 12 Free memory is -12720kB above reserved lowmemorykiller: Killing 'syz-executor.1' (4252) (tgid 4244), adj 1000, to free 35952kB on behalf of 'kswapd0' (33) because cache 58648kB is below limit 65536kB for oom_score_adj 12 Free memory is -13184kB above reserved lowmemorykiller: Killing 'syz-executor.1' (4252) (tgid 4244), adj 1000, to free 35056kB on behalf of 'syz-executor.1' (4273) because cache 288kB is below limit 6144kB for oom_score_adj 0 Free memory is -13312kB above reserved lowmemorykiller: Killing 'syz-executor.1' (4252) (tgid 4244), adj 1000, to free 35056kB on behalf of 'syz-executor.4' (3598) because cache 240kB is below limit 6144kB for oom_score_adj 0 Free memory is -13348kB above reserved lowmemorykiller: Killing 'syz-executor.1' (4252) (tgid 4244), adj 1000, to free 35056kB on behalf of 'syz-fuzzer' (2061) because cache 208kB is below limit 6144kB for oom_score_adj 0 Free memory is -13412kB above reserved lowmemorykiller: Killing 'syz-executor.1' (4252) (tgid 4244), adj 1000, to free 35056kB on behalf of 'syz-executor.4' (3598) because cache 208kB is below limit 6144kB for oom_score_adj 0 Free memory is -13412kB above reserved oom_reaper: reaped process 4270 (syz-executor.1), now anon-rss:0kB, file-rss:28kB, shmem-rss:0kB syz-executor.1: vmalloc: allocation failure, allocated 929681408 of 3930906624 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 1 PID: 4270 Comm: syz-executor.1 Not tainted 4.9.194+ #0 ffff8801aa787a08 ffffffff81b67001 1ffff100354f0f43 dffffc0000000000 ffffffff82aab480 0000000000000000 0000000000400000 ffff8801aa787b30 ffffffff815080fc 0000000041b58ab3 ffffffff82e3bc80 ffffffff81431d00 Call Trace: [<00000000eea1743b>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000eea1743b>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000ce571c6d>] warn_alloc.cold+0x76/0x93 mm/page_alloc.c:3069 [<00000000821f5e48>] __vmalloc_area_node mm/vmalloc.c:1665 [inline] [<00000000821f5e48>] __vmalloc_node_range+0x404/0x610 mm/vmalloc.c:1706 [<00000000edf1351d>] __vmalloc_node mm/vmalloc.c:1755 [inline] [<00000000edf1351d>] __vmalloc_node_flags mm/vmalloc.c:1769 [inline] [<00000000edf1351d>] vmalloc+0x5c/0x70 mm/vmalloc.c:1784 [<0000000040dce314>] xt_alloc_table_info+0xc8/0x100 net/netfilter/x_tables.c:997 [<0000000071c32b54>] do_replace net/ipv6/netfilter/ip6_tables.c:1175 [inline] [<0000000071c32b54>] do_ip6t_set_ctl+0x231/0x480 net/ipv6/netfilter/ip6_tables.c:1712 [24768] 0 24768 18179 8714 25 3 0 1000 syz-executor.1 [24779] 0 24779 18212 8716 25 3 0 1000 syz-executor.1 [25818] 0 25818 18146 8711 25 3 0 1000 syz-executor.1 [26052] 0 26052 18278 8720 25 3 0 1000 syz-executor.1 [26258] 0 26258 18179 8749 26 4 0 0 syz-executor.0 [26631] 0 26631 18245 8754 27 4 0 0 syz-executor.0 [25828] 0 25828 18212 8718 25 3 0 1000 syz-executor.1 [25989] 0 25989 18179 8714 25 3 0 1000 syz-executor.1 [26052] 0 26052 18278 8720 25 3 0 1000 syz-executor.1 [26258] 0 26258 18179 8749 26 4 0 0 syz-executor.0 [26631] 0 26631 18245 8754 27 4 0 0 syz-executor.0 [28877] 0 28877 18278 12849 33 4 0 0 syz-executor.0 [28975] 0 28975 18245 8722 25 3 0 0 syz-executor.0 [31112] 0 31112 18245 8803 26 3 0 0 syz-executor.0 [31143] 0 31143 18344 11626 31 3 0 0 syz-executor.0 [31597] 0 31597 18146 8705 24 3 0 0 syz-executor.0 [31603] 0 31603 18146 8714 25 3 0 0 syz-executor.0 [31673] 0 31673 34663 8762 28 4 0 0 syz-executor.0 [31740] 0 31740 34663 8762 28 4 0 0 syz-executor.0 [31742] 0 31742 34663 8762 28 4 0 0 syz-executor.0 [ 471] 0 471 34630 8743 30 4 0 0 syz-executor.0 [ 498] 0 498 34630 8743 30 4 0 0 syz-executor.0 [ 669] 0 669 34663 8763 28 4 0 0 syz-executor.0 [ 743] 0 743 34663 8763 28 4 0 0 syz-executor.0 [ 745] 0 745 34663 8763 28 4 0 0 syz-executor.0 [ 1037] 0 1037 18147 8714 25 3 0 0 syz-executor.0 [ 1043] 0 1043 18146 8713 25 3 0 1000 syz-executor.1 [ 1072] 0 1072 18213 8719 25 3 0 0 syz-executor.0 [ 1083] 0 1083 18245 8724 27 3 0 1000 syz-executor.1 [ 1093] 0 1093 18245 9337 26 3 0 0 syz-executor.0 [ 1126] 0 1126 18312 12819 33 3 0 0 syz-executor.0 [ 1746] 0 1746 18311 12851 34 4 0 0 syz-executor.0 [ 1781] 0 1781 5397 179 16 3 0 -1000 udevd