================================= [ INFO: inconsistent lock state ] 4.9.141+ #23 Not tainted --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage. syz-executor.1/17187 [HC0[0]:SC0[0]:HE1:SE1] takes: (&sb->s_type->i_mutex_key#10){+.+.?.}, at: [] inode_lock include/linux/fs.h:766 [inline] (&sb->s_type->i_mutex_key#10){+.+.?.}, at: [] shmem_fallocate+0x13c/0xb10 mm/shmem.c:2676 mark_held_locks+0xc7/0x130 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18e/0x2a0 kernel/locking/lockdep.c:2897 __alloc_pages_nodemask+0x14a/0x1bd0 mm/page_alloc.c:3804 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_pages_node include/linux/gfp.h:460 [inline] shmem_alloc_page mm/shmem.c:1420 [inline] shmem_alloc_and_acct_page mm/shmem.c:1450 [inline] shmem_getpage_gfp+0xc7c/0x18f0 mm/shmem.c:1724 shmem_getpage mm/shmem.c:123 [inline] shmem_write_begin+0xf4/0x1a0 mm/shmem.c:2205 generic_perform_write+0x28a/0x500 mm/filemap.c:2753 __generic_file_write_iter+0x352/0x540 mm/filemap.c:2878 generic_file_write_iter+0x37a/0x620 mm/filemap.c:2906 new_sync_write fs/read_write.c:496 [inline] __vfs_write+0x3d7/0x580 fs/read_write.c:509 vfs_write+0x187/0x520 fs/read_write.c:557 SYSC_write fs/read_write.c:604 [inline] SyS_write+0xd9/0x1c0 fs/read_write.c:596 do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb irq event stamp: 13905 hardirqs last enabled at (13905): [] __mutex_trylock_slowpath kernel/locking/mutex.c:885 [inline] hardirqs last enabled at (13905): [] mutex_trylock+0x258/0x3e0 kernel/locking/mutex.c:908 hardirqs last disabled at (13904): [] __mutex_trylock_slowpath kernel/locking/mutex.c:873 [inline] hardirqs last disabled at (13904): [] mutex_trylock+0xaf/0x3e0 kernel/locking/mutex.c:908 softirqs last enabled at (13734): [] __do_softirq+0x46d/0x964 kernel/softirq.c:314 softirqs last disabled at (13723): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (13723): [] irq_exit+0x11c/0x150 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&sb->s_type->i_mutex_key#10); lock(&sb->s_type->i_mutex_key#10); *** DEADLOCK *** 2 locks held by syz-executor.1/17187: #0: (shrinker_rwsem){++++..}, at: [] shrink_slab.part.8+0xb2/0xa00 mm/vmscan.c:471 #1: (ashmem_mutex){+.+.+.}, at: [] ashmem_shrink_scan+0x55/0x4c0 drivers/staging/android/ashmem.c:455 stack backtrace: CPU: 0 PID: 17187 Comm: syz-executor.1 Not tainted 4.9.141+ #23 ffff88007e256950 ffffffff81b42e79 ffff8801ca7117c0 ffffffff83cacb10 ffff8801ca7120c0 ffff8801ca7120e0 ffffffff84244d40 ffff88007e2569c8 ffffffff81400780 0000000000000000 ffffffff00000001 0000000000000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_usage_bug.cold.40+0x44e/0x57e kernel/locking/lockdep.c:2387 [] valid_state kernel/locking/lockdep.c:2400 [inline] [] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [] mark_lock+0x2f2/0x1290 kernel/locking/lockdep.c:3065 [] mark_irqflags kernel/locking/lockdep.c:2958 [inline] [] __lock_acquire+0x632/0x4a10 kernel/locking/lockdep.c:3302 [] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [] down_write+0x41/0xa0 kernel/locking/rwsem.c:52 [] inode_lock include/linux/fs.h:766 [inline] [] shmem_fallocate+0x13c/0xb10 mm/shmem.c:2676 [] ashmem_shrink_scan+0x1b9/0x4c0 drivers/staging/android/ashmem.c:462 [] do_shrink_slab mm/vmscan.c:398 [inline] [] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501 [] shrink_slab mm/vmscan.c:465 [inline] [] shrink_node+0x1ed/0x740 mm/vmscan.c:2602 [] shrink_zones mm/vmscan.c:2749 [inline] [] do_try_to_free_pages mm/vmscan.c:2791 [inline] [] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002 [] __perform_reclaim mm/page_alloc.c:3324 [inline] [] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline] [] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline] [] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862 [] __alloc_pages include/linux/gfp.h:433 [inline] [] __alloc_pages_node include/linux/gfp.h:446 [inline] [] alloc_pages_node include/linux/gfp.h:460 [inline] [] kmalloc_order+0x2a/0x70 mm/slab_common.c:1043 [] kmalloc_order_trace+0x1f/0x190 mm/slab_common.c:1054 [] kmalloc_large include/linux/slab.h:422 [inline] [] __kmalloc_track_caller+0x190/0x2d0 mm/slub.c:4225 [] __kmalloc_reserve.isra.5+0x33/0xc0 net/core/skbuff.c:138 [] __alloc_skb+0x11a/0x5b0 net/core/skbuff.c:231 [] alloc_skb include/linux/skbuff.h:924 [inline] [] alloc_skb_with_frags+0xaf/0x4e0 net/core/skbuff.c:4707 [] sock_alloc_send_pskb+0x59e/0x740 net/core/sock.c:1893 [] tun_alloc_skb drivers/net/tun.c:1166 [inline] [] tun_get_user+0x53a/0x2460 drivers/net/tun.c:1263 [] tun_chr_write_iter+0xd5/0x190 drivers/net/tun.c:1353 [] do_iter_readv_writev+0x3cb/0x4b0 fs/read_write.c:695 [] compat_do_readv_writev+0x2fc/0x7b0 fs/read_write.c:1089 [] compat_writev+0xe5/0x150 fs/read_write.c:1227 [] do_compat_writev+0xf2/0x1d0 fs/read_write.c:1247 [] C_SYSC_writev fs/read_write.c:1258 [inline] [] compat_SyS_writev+0x26/0x30 fs/read_write.c:1254 [] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 audit_printk_skb: 1595 callbacks suppressed audit: type=1400 audit(1573850947.067:316804): avc: denied { sys_admin } for pid=2086 comm="syz-executor.2" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850947.077:316805): avc: denied { dac_override } for pid=17204 comm="syz-executor.3" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850947.107:316806): avc: denied { sys_admin } for pid=17180 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850947.107:316807): avc: denied { dac_override } for pid=17180 comm="syz-executor.5" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850947.117:316808): avc: denied { net_admin } for pid=17180 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850947.147:316809): avc: denied { dac_override } for pid=17208 comm="syz-executor.4" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 lowmemorykiller: Killing 'syz-executor.1' (14472) (tgid 14472), adj 1000, to free 52196kB on behalf of 'kswapd0' (33) because cache 41432kB is below limit 65536kB for oom_score_adj 12 Free memory is 63444kB above reserved audit: type=1400 audit(1573850947.207:316810): avc: denied { dac_override } for pid=17208 comm="syz-executor.4" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850947.217:316811): avc: denied { create } for pid=17208 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1573850947.217:316812): avc: denied { write } for pid=17208 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1573850947.237:316813): avc: denied { sys_admin } for pid=2083 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pig=17210 comm=syz-executor.4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pig=17272 comm=syz-executor.4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pig=17291 comm=syz-executor.4 audit_printk_skb: 2697 callbacks suppressed audit: type=1400 audit(1573850952.077:317713): avc: denied { net_admin } for pid=2085 comm="syz-executor.3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850952.077:317714): avc: denied { net_raw } for pid=17332 comm="syz-executor.0" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850952.117:317715): avc: denied { net_admin } for pid=2083 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850952.117:317716): avc: denied { net_admin } for pid=2083 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850952.117:317717): avc: denied { net_admin } for pid=2083 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850952.127:317718): avc: denied { dac_override } for pid=17332 comm="syz-executor.0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850952.137:317719): avc: denied { net_admin } for pid=2083 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850952.137:317720): avc: denied { net_admin } for pid=2083 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850952.137:317721): avc: denied { net_admin } for pid=2083 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1573850952.147:317722): avc: denied { net_admin } for pid=2083 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pig=17325 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pig=17317 comm=syz-executor.4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pig=17379 comm=syz-executor.4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pig=17382 comm=syz-executor.1