Free memory is -6404kB above reserved lowmemorykiller: Killing 'syz-executor349' (2712) (tgid 2712), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4005) because cache 35484kB is below limit 65536kB for oom_score_adj 12 Free memory is -13232kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4005, name: syz-executor349 3 locks held by syz-executor349/4005: #0: (&mm->mmap_sem){++++++}, at: [<0000000086903c5c>] __mm_populate+0x20c/0x300 mm/gup.c:1134 #1: (shrinker_rwsem){++++..}, at: [<0000000070aa4362>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 #2: (rcu_read_lock){......}, at: [<00000000ed148e9e>] lowmem_scan+0x242/0xb50 drivers/staging/android/lowmemorykiller.c:272 Preemption disabled at: [<000000000c8d0a39>] spin_lock include/linux/spinlock.h:302 [inline] [<000000000c8d0a39>] task_lock include/linux/sched.h:3217 [inline] [<000000000c8d0a39>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4005 Comm: syz-executor349 Not tainted 4.9.180+ #3 ffff8801693bf018 ffffffff81b577f1 0000000000000000 0000000000000001 ffff8801ca448000 ffffffff810d0c30 ffff8801ca448000 ffff8801693bf050 ffffffff8140008c ffff8801ca448000 ffffffff82a39900 0000000000000387 Call Trace: [<000000009008e4eb>] __dump_stack lib/dump_stack.c:15 [inline] [<000000009008e4eb>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a0d2e3b9>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<000000000119c2f0>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<0000000047b65586>] mmput+0x28/0x370 kernel/fork.c:903 [<0000000022e259e3>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000f888656>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000bcd5c8e9>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000bcd5c8e9>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000022967d18>] shrink_slab mm/vmscan.c:466 [inline] [<0000000022967d18>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000058245e5c>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000058245e5c>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000058245e5c>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000073e9d0c7>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000073e9d0c7>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000073e9d0c7>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000073e9d0c7>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<0000000025172c26>] __alloc_pages include/linux/gfp.h:433 [inline] [<0000000025172c26>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<0000000025172c26>] alloc_pages_node include/linux/gfp.h:460 [inline] [<0000000025172c26>] shmem_alloc_page mm/shmem.c:1437 [inline] [<0000000025172c26>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<0000000025172c26>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000a0e6cf02>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000bfa644d8>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000009f14b650>] do_read_fault mm/memory.c:3202 [inline] [<000000009f14b650>] do_fault mm/memory.c:3338 [inline] [<000000009f14b650>] handle_pte_fault mm/memory.c:3547 [inline] [<000000009f14b650>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000009f14b650>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<000000002a2b8531>] faultin_page mm/gup.c:386 [inline] [<000000002a2b8531>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000284b4907>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000019059f29>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<00000000acf2a9f3>] mm_populate include/linux/mm.h:2052 [inline] [<00000000acf2a9f3>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000003c9be058>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000003c9be058>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000039e65ba>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000039e65ba>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<000000002c526076>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000bd7bf8ca>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor349' (2715) (tgid 2715), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4005) because cache 35384kB is below limit 65536kB for oom_score_adj 12 Free memory is -7856kB above reserved lowmemorykiller: Killing 'syz-executor349' (2724) (tgid 2724), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4005) because cache 35284kB is below limit 65536kB for oom_score_adj 12 Free memory is 64kB above reserved ================================= [ INFO: inconsistent lock state ] 4.9.180+ #3 Tainted: G W --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-R} usage. syz-executor349/4005 [HC0[0]:SC0[0]:HE1:SE1] takes: (&mm->mmap_sem){+++++?}, at: [<000000007958973d>] get_cmdline+0xa3/0x2d0 mm/util.c:641 mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897 __alloc_pages_nodemask+0x143/0x1a80 mm/page_alloc.c:3803 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_pages_node include/linux/gfp.h:460 [inline] pmd_alloc_one arch/x86/include/asm/pgalloc.h:88 [inline] __pmd_alloc+0x4a/0x330 mm/memory.c:3742 pmd_alloc include/linux/mm.h:1597 [inline] alloc_new_pmd mm/mremap.c:64 [inline] move_page_tables+0xadb/0xd60 mm/mremap.c:212 shift_arg_pages+0x1ae/0x470 fs/exec.c:642 setup_arg_pages+0x60d/0x7c0 fs/exec.c:754 load_elf_binary+0xa84/0x4a90 fs/binfmt_elf.c:860 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 irq event stamp: 12321 hardirqs last enabled at (12321): [<00000000c283ecdd>] restore_regs_and_iret+0x0/0x1d hardirqs last disabled at (12320): [<00000000da65efd6>] preempt_schedule_irq+0x6a/0xa0 kernel/sched/core.c:3705 softirqs last enabled at (11754): [<00000000a4029444>] __do_softirq+0x474/0x964 kernel/softirq.c:314 softirqs last disabled at (11743): [<000000000fe207ff>] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (11743): [<000000000fe207ff>] irq_exit+0x119/0x160 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&mm->mmap_sem); lock(&mm->mmap_sem); *** DEADLOCK *** 4 locks held by syz-executor349/4005: #0: (&mm->mmap_sem){+++++?}, at: [<0000000086903c5c>] __mm_populate+0x20c/0x300 mm/gup.c:1134 #1: (shrinker_rwsem){++++..}, at: [<0000000070aa4362>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 #2: (rcu_read_lock){......}, at: [<00000000ed148e9e>] lowmem_scan+0x242/0xb50 drivers/staging/android/lowmemorykiller.c:272 #3: (lmk_event_lock){+.+.-.}, at: [<000000007209474a>] spin_lock include/linux/spinlock.h:302 [inline] #3: (lmk_event_lock){+.+.-.}, at: [<000000007209474a>] handle_lmk_event+0xfb/0x8a0 drivers/staging/android/lowmemorykiller.c:114 stack backtrace: CPU: 0 PID: 4005 Comm: syz-executor349 Tainted: G W 4.9.180+ #3 ffff8801693bed60 ffffffff81b577f1 00000000000000f0 ffff8801ca448000 ffffffff83cad760 ffff8801ca448970 ffffffff8424eec0 ffff8801693bedd8 ffffffff81406ac9 0000000000000000 ffffffff00000001 0000000000000001 Call Trace: [<000000009008e4eb>] __dump_stack lib/dump_stack.c:15 [inline] [<000000009008e4eb>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000b4ab6566>] print_usage_bug kernel/locking/lockdep.c:2387 [inline] [<00000000b4ab6566>] print_usage_bug.cold+0x452/0x5a2 kernel/locking/lockdep.c:2354 [<00000000b2eb2dd4>] valid_state kernel/locking/lockdep.c:2400 [inline] [<00000000b2eb2dd4>] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [<00000000b2eb2dd4>] mark_lock+0x6c7/0x12e0 kernel/locking/lockdep.c:3065 [<000000001d6f0fb8>] mark_irqflags kernel/locking/lockdep.c:2958 [inline] [<000000001d6f0fb8>] __lock_acquire+0x5c3/0x4350 kernel/locking/lockdep.c:3302 [<00000000e0928f0a>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<000000000c1c595c>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<000000007958973d>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<00000000f9c7a24d>] handle_lmk_event+0x13c/0x8a0 drivers/staging/android/lowmemorykiller.c:128 [<000000000f888656>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000bcd5c8e9>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000bcd5c8e9>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000022967d18>] shrink_slab mm/vmscan.c:466 [inline] [<0000000022967d18>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000058245e5c>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000058245e5c>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000058245e5c>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000073e9d0c7>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000073e9d0c7>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000073e9d0c7>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000073e9d0c7>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<0000000025172c26>] __alloc_pages include/linux/gfp.h:433 [inline] [<0000000025172c26>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<0000000025172c26>] alloc_pages_node include/linux/gfp.h:460 [inline] [<0000000025172c26>] shmem_alloc_page mm/shmem.c:1437 [inline] [<0000000025172c26>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<0000000025172c26>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000a0e6cf02>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000bfa644d8>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000009f14b650>] do_read_fault mm/memory.c:3202 [inline] [<000000009f14b650>] do_fault mm/memory.c:3338 [inline] [<000000009f14b650>] handle_pte_fault mm/memory.c:3547 [inline] [<000000009f14b650>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000009f14b650>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<000000002a2b8531>] faultin_page mm/gup.c:386 [inline] [<000000002a2b8531>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000284b4907>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000019059f29>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<00000000acf2a9f3>] mm_populate include/linux/mm.h:2052 [inline] [<00000000acf2a9f3>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000003c9be058>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000003c9be058>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000039e65ba>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000039e65ba>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<000000002c526076>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000bd7bf8ca>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor349' (2727) (tgid 2727), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4017) because cache 35280kB is below limit 65536kB for oom_score_adj 12 Free memory is -13296kB above reserved lowmemorykiller: Killing 'syz-executor349' (2730) (tgid 2730), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4017) because cache 35180kB is below limit 65536kB for oom_score_adj 12 Free memory is -13256kB above reserved lowmemorykiller: Killing 'syz-executor349' (2733) (tgid 2733), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4017) because cache 34980kB is below limit 65536kB for oom_score_adj 12 Free memory is -13256kB above reserved lowmemorykiller: Killing 'syz-executor349' (2745) (tgid 2745), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4026) because cache 34576kB is below limit 65536kB for oom_score_adj 12 Free memory is -13360kB above reserved lowmemorykiller: Killing 'syz-executor349' (2751) (tgid 2751), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4026) because cache 34476kB is below limit 65536kB for oom_score_adj 12 Free memory is -2260kB above reserved lowmemorykiller: Killing 'syz-executor349' (2754) (tgid 2754), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4026) because cache 34376kB is below limit 65536kB for oom_score_adj 12 Free memory is 9440kB above reserved lowmemorykiller: Killing 'syz-executor349' (2760) (tgid 2760), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4026) because cache 34476kB is below limit 65536kB for oom_score_adj 12 Free memory is 15440kB above reserved lowmemorykiller: Killing 'syz-executor349' (2763) (tgid 2763), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4026) because cache 34476kB is below limit 65536kB for oom_score_adj 12 Free memory is 27160kB above reserved lowmemorykiller: Killing 'syz-executor349' (2790) (tgid 2790), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4041) because cache 34364kB is below limit 65536kB for oom_score_adj 12 Free memory is -13288kB above reserved lowmemorykiller: Killing 'syz-executor349' (2793) (tgid 2793), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4041) because cache 34264kB is below limit 65536kB for oom_score_adj 12 Free memory is -9088kB above reserved lowmemorykiller: Killing 'syz-executor349' (2799) (tgid 2799), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4041) because cache 34164kB is below limit 65536kB for oom_score_adj 12 Free memory is 204kB above reserved lowmemorykiller: Killing 'syz-executor349' (2802) (tgid 2802), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4041) because cache 34264kB is below limit 65536kB for oom_score_adj 12 Free memory is 8004kB above reserved lowmemorykiller: Killing 'syz-executor349' (2808) (tgid 2808), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4053) because cache 34224kB is below limit 65536kB for oom_score_adj 12 Free memory is -13272kB above reserved lowmemorykiller: Killing 'syz-executor349' (2814) (tgid 2814), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4053) because cache 34124kB is below limit 65536kB for oom_score_adj 12 Free memory is -2172kB above reserved lowmemorykiller: Killing 'syz-executor349' (2820) (tgid 2820), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4053) because cache 34124kB is below limit 65536kB for oom_score_adj 12 Free memory is 9528kB above reserved lowmemorykiller: Killing 'syz-executor349' (2832) (tgid 2832), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4053) because cache 34124kB is below limit 65536kB for oom_score_adj 12 Free memory is 16128kB above reserved lowmemorykiller: Killing 'syz-executor349' (2835) (tgid 2835), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4053) because cache 34124kB is below limit 65536kB for oom_score_adj 12 Free memory is 27744kB above reserved lowmemorykiller: Killing 'syz-executor349' (2853) (tgid 2853), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4053) because cache 34124kB is below limit 65536kB for oom_score_adj 12 Free memory is 40320kB above reserved lowmemorykiller: Killing 'syz-executor349' (2856) (tgid 2856), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4053) because cache 34124kB is below limit 65536kB for oom_score_adj 12 Free memory is 41696kB above reserved lowmemorykiller: Killing 'syz-executor349' (2859) (tgid 2859), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4074) because cache 34024kB is below limit 65536kB for oom_score_adj 12 Free memory is -13328kB above reserved lowmemorykiller: Killing 'syz-executor349' (2865) (tgid 2865), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4074) because cache 33924kB is below limit 65536kB for oom_score_adj 12 Free memory is -8428kB above reserved lowmemorykiller: Killing 'syz-executor349' (2871) (tgid 2871), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4074) because cache 33924kB is below limit 65536kB for oom_score_adj 12 Free memory is 872kB above reserved lowmemorykiller: Killing 'syz-executor349' (2877) (tgid 2877), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4074) because cache 33924kB is below limit 65536kB for oom_score_adj 12 Free memory is 11872kB above reserved lowmemorykiller: Killing 'syz-executor349' (2880) (tgid 2880), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4086) because cache 33888kB is below limit 65536kB for oom_score_adj 12 Free memory is -13288kB above reserved lowmemorykiller: Killing 'syz-executor349' (2889) (tgid 2889), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4086) because cache 33788kB is below limit 65536kB for oom_score_adj 12 Free memory is -2188kB above reserved lowmemorykiller: Killing 'syz-executor349' (2895) (tgid 2895), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4086) because cache 33788kB is below limit 65536kB for oom_score_adj 12 Free memory is 9512kB above reserved lowmemorykiller: Killing 'syz-executor349' (2898) (tgid 2898), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4086) because cache 33788kB is below limit 65536kB for oom_score_adj 12 Free memory is 14412kB above reserved lowmemorykiller: Killing 'syz-executor349' (2907) (tgid 2907), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4098) because cache 33752kB is below limit 65536kB for oom_score_adj 12 Free memory is -13340kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4098, name: syz-executor349 INFO: lockdep is turned off. Preemption disabled at: [<000000000c8d0a39>] spin_lock include/linux/spinlock.h:302 [inline] [<000000000c8d0a39>] task_lock include/linux/sched.h:3217 [inline] [<000000000c8d0a39>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 1 PID: 4098 Comm: syz-executor349 Tainted: G W 4.9.180+ #3 ffff8801ca5b7018 ffffffff81b577f1 0000000000000000 0000000000000001 ffff8801cb475f00 ffffffff810d0c30 ffff8801cb475f00 ffff8801ca5b7050 ffffffff8140008c ffff8801cb475f00 ffffffff82a39900 0000000000000387 Call Trace: [<000000009008e4eb>] __dump_stack lib/dump_stack.c:15 [inline] [<000000009008e4eb>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a0d2e3b9>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<000000000119c2f0>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<0000000047b65586>] mmput+0x28/0x370 kernel/fork.c:903 [<0000000022e259e3>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000f888656>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000bcd5c8e9>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000bcd5c8e9>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000022967d18>] shrink_slab mm/vmscan.c:466 [inline] [<0000000022967d18>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000058245e5c>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000058245e5c>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000058245e5c>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000073e9d0c7>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000073e9d0c7>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000073e9d0c7>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000073e9d0c7>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<0000000025172c26>] __alloc_pages include/linux/gfp.h:433 [inline] [<0000000025172c26>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<0000000025172c26>] alloc_pages_node include/linux/gfp.h:460 [inline] [<0000000025172c26>] shmem_alloc_page mm/shmem.c:1437 [inline] [<0000000025172c26>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<0000000025172c26>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000a0e6cf02>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000bfa644d8>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000009f14b650>] do_read_fault mm/memory.c:3202 [inline] [<000000009f14b650>] do_fault mm/memory.c:3338 [inline] [<000000009f14b650>] handle_pte_fault mm/memory.c:3547 [inline] [<000000009f14b650>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000009f14b650>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<000000002a2b8531>] faultin_page mm/gup.c:386 [inline] [<000000002a2b8531>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000284b4907>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000019059f29>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<00000000acf2a9f3>] mm_populate include/linux/mm.h:2052 [inline] [<00000000acf2a9f3>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000003c9be058>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000003c9be058>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000039e65ba>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000039e65ba>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<000000002c526076>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000bd7bf8ca>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor349' (2913) (tgid 2913), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4098) because cache 33752kB is below limit 65536kB for oom_score_adj 12 Free memory is -13340kB above reserved lowmemorykiller: Killing 'syz-executor349' (2937) (tgid 2937), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4098) because cache 33552kB is below limit 65536kB for oom_score_adj 12 Free memory is -6940kB above reserved lowmemorykiller: Killing 'syz-executor349' (2943) (tgid 2943), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4098) because cache 33552kB is below limit 65536kB for oom_score_adj 12 Free memory is 1660kB above reserved lowmemorykiller: Killing 'syz-executor349' (2967) (tgid 2967), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4098) because cache 33652kB is below limit 65536kB for oom_score_adj 12 Free memory is 7060kB above reserved lowmemorykiller: Killing 'syz-executor349' (2973) (tgid 2973), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4113) because cache 33516kB is below limit 65536kB for oom_score_adj 12 Free memory is -13392kB above reserved lowmemorykiller: Killing 'syz-executor349' (2979) (tgid 2979), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4113) because cache 33416kB is below limit 65536kB for oom_score_adj 12 Free memory is -6792kB above reserved lowmemorykiller: Killing 'syz-executor349' (2982) (tgid 2982), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4113) because cache 33416kB is below limit 65536kB for oom_score_adj 12 Free memory is 2588kB above reserved lowmemorykiller: Killing 'syz-executor349' (2985) (tgid 2985), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4113) because cache 33416kB is below limit 65536kB for oom_score_adj 12 Free memory is 12080kB above reserved lowmemorykiller: Killing 'syz-executor349' (2997) (tgid 2997), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4125) because cache 33420kB is below limit 65536kB for oom_score_adj 12 Free memory is -13372kB above reserved lowmemorykiller: Killing 'syz-executor349' (3006) (tgid 3006), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4125) because cache 33320kB is below limit 65536kB for oom_score_adj 12 Free memory is -2872kB above reserved lowmemorykiller: Killing 'syz-executor349' (3018) (tgid 3018), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4125) because cache 33220kB is below limit 65536kB for oom_score_adj 12 Free memory is 6428kB above reserved lowmemorykiller: Killing 'syz-executor349' (3021) (tgid 3021), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4125) because cache 33220kB is below limit 65536kB for oom_score_adj 12 Free memory is 15928kB above reserved lowmemorykiller: Killing 'syz-executor349' (3027) (tgid 3027), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4137) because cache 33284kB is below limit 65536kB for oom_score_adj 12 Free memory is -13412kB above reserved lowmemorykiller: Killing 'syz-executor349' (3033) (tgid 3033), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4137) because cache 33284kB is below limit 65536kB for oom_score_adj 12 Free memory is -4912kB above reserved lowmemorykiller: Killing 'syz-executor349' (3036) (tgid 3036), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4137) because cache 33084kB is below limit 65536kB for oom_score_adj 12 Free memory is 4688kB above reserved lowmemorykiller: Killing 'syz-executor349' (3042) (tgid 3042), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4137) because cache 33084kB is below limit 65536kB for oom_score_adj 12 Free memory is 13868kB above reserved lowmemorykiller: Killing 'syz-executor349' (3045) (tgid 3045), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4149) because cache 33156kB is below limit 65536kB for oom_score_adj 12 Free memory is -13368kB above reserved lowmemorykiller: Killing 'syz-executor349' (3057) (tgid 3057), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4149) because cache 33056kB is below limit 65536kB for oom_score_adj 12 Free memory is -9368kB above reserved lowmemorykiller: Killing 'syz-executor349' (3063) (tgid 3063), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4155) because cache 33028kB is below limit 65536kB for oom_score_adj 12 Free memory is -13372kB above reserved lowmemorykiller: Killing 'syz-executor349' (3075) (tgid 3075), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4155) because cache 33028kB is below limit 65536kB for oom_score_adj 12 Free memory is -7472kB above reserved lowmemorykiller: Killing 'syz-executor349' (3081) (tgid 3081), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4161) because cache 32828kB is below limit 65536kB for oom_score_adj 12 Free memory is -13316kB above reserved lowmemorykiller: Killing 'syz-executor349' (3087) (tgid 3087), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4161) because cache 32728kB is below limit 65536kB for oom_score_adj 12 Free memory is -2816kB above reserved lowmemorykiller: Killing 'syz-executor349' (3096) (tgid 3096), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4161) because cache 32728kB is below limit 65536kB for oom_score_adj 12 Free memory is 6384kB above reserved lowmemorykiller: Killing 'syz-executor349' (3102) (tgid 3102), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4161) because cache 32728kB is below limit 65536kB for oom_score_adj 12 Free memory is 15156kB above reserved lowmemorykiller: Killing 'syz-executor349' (3120) (tgid 3120), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4161) because cache 32628kB is below limit 65536kB for oom_score_adj 12 Free memory is 23956kB above reserved lowmemorykiller: Killing 'syz-executor349' (3135) (tgid 3135), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4176) because cache 32700kB is below limit 65536kB for oom_score_adj 12 Free memory is -13256kB above reserved lowmemorykiller: Killing 'syz-executor349' (3138) (tgid 3138), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4176) because cache 32600kB is below limit 65536kB for oom_score_adj 12 Free memory is -8456kB above reserved lowmemorykiller: Killing 'syz-executor349' (3144) (tgid 3144), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4176) because cache 32600kB is below limit 65536kB for oom_score_adj 12 Free memory is 744kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4176, name: syz-executor349 INFO: lockdep is turned off. Preemption disabled at: [<000000000c8d0a39>] spin_lock include/linux/spinlock.h:302 [inline] [<000000000c8d0a39>] task_lock include/linux/sched.h:3217 [inline] [<000000000c8d0a39>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4176 Comm: syz-executor349 Tainted: G W 4.9.180+ #3 ffff8800099f7018 ffffffff81b577f1 0000000000000000 0000000000000001 ffff8800099e8000 ffffffff810d0c30 ffff8800099e8000 ffff8800099f7050 ffffffff8140008c ffff8800099e8000 ffffffff82a39900 0000000000000387 Call Trace: [<000000009008e4eb>] __dump_stack lib/dump_stack.c:15 [inline] [<000000009008e4eb>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a0d2e3b9>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<000000000119c2f0>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<0000000047b65586>] mmput+0x28/0x370 kernel/fork.c:903 [<0000000022e259e3>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000f888656>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000bcd5c8e9>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000bcd5c8e9>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000022967d18>] shrink_slab mm/vmscan.c:466 [inline] [<0000000022967d18>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000058245e5c>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000058245e5c>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000058245e5c>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000073e9d0c7>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000073e9d0c7>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000073e9d0c7>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000073e9d0c7>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<0000000025172c26>] __alloc_pages include/linux/gfp.h:433 [inline] [<0000000025172c26>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<0000000025172c26>] alloc_pages_node include/linux/gfp.h:460 [inline] [<0000000025172c26>] shmem_alloc_page mm/shmem.c:1437 [inline] [<0000000025172c26>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<0000000025172c26>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000a0e6cf02>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000bfa644d8>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000009f14b650>] do_read_fault mm/memory.c:3202 [inline] [<000000009f14b650>] do_fault mm/memory.c:3338 [inline] [<000000009f14b650>] handle_pte_fault mm/memory.c:3547 [inline] [<000000009f14b650>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000009f14b650>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<000000002a2b8531>] faultin_page mm/gup.c:386 [inline] [<000000002a2b8531>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000284b4907>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000019059f29>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<00000000acf2a9f3>] mm_populate include/linux/mm.h:2052 [inline] [<00000000acf2a9f3>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000003c9be058>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000003c9be058>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000039e65ba>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000039e65ba>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<000000002c526076>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000bd7bf8ca>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor349' (3147) (tgid 3147), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4185) because cache 32672kB is below limit 65536kB for oom_score_adj 12 Free memory is -13192kB above reserved lowmemorykiller: Killing 'syz-executor349' (3150) (tgid 3150), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4185) because cache 32572kB is below limit 65536kB for oom_score_adj 12 Free memory is -2208kB above reserved lowmemorykiller: Killing 'syz-executor349' (3159) (tgid 3159), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4185) because cache 32472kB is below limit 65536kB for oom_score_adj 12 Free memory is 6092kB above reserved lowmemorykiller: Killing 'syz-executor349' (3165) (tgid 3165), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4185) because cache 32572kB is below limit 65536kB for oom_score_adj 12 Free memory is 13192kB above reserved lowmemorykiller: Killing 'syz-executor349' (3168) (tgid 3168), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4185) because cache 32572kB is below limit 65536kB for oom_score_adj 12 Free memory is 21092kB above reserved lowmemorykiller: Killing 'syz-executor349' (3186) (tgid 3186), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4200) because cache 32544kB is below limit 65536kB for oom_score_adj 12 Free memory is -13292kB above reserved lowmemorykiller: Killing 'syz-executor349' (3189) (tgid 3189), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4200) because cache 32416kB is below limit 65536kB for oom_score_adj 12 Free memory is -5040kB above reserved lowmemorykiller: Killing 'syz-executor349' (3192) (tgid 3192), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4206) because cache 32388kB is below limit 65536kB for oom_score_adj 12 Free memory is -13292kB above reserved lowmemorykiller: Killing 'syz-executor349' (3207) (tgid 3207), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4206) because cache 32388kB is below limit 65536kB for oom_score_adj 12 Free memory is -13292kB above reserved lowmemorykiller: Killing 'syz-executor349' (3210) (tgid 3210), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4209) because cache 31988kB is below limit 65536kB for oom_score_adj 12 Free memory is -13336kB above reserved lowmemorykiller: Killing 'syz-executor349' (3225) (tgid 3225), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4215) because cache 31456kB is below limit 65536kB for oom_score_adj 12 Free memory is -13344kB above reserved lowmemorykiller: Killing 'syz-executor349' (3234) (tgid 3234), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4215) because cache 31356kB is below limit 65536kB for oom_score_adj 12 Free memory is -13280kB above reserved lowmemorykiller: Killing 'syz-executor349' (3243) (tgid 3243), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4215) because cache 31356kB is below limit 65536kB for oom_score_adj 12 Free memory is -12680kB above reserved lowmemorykiller: Killing 'syz-executor349' (3246) (tgid 3246), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4224) because cache 30728kB is below limit 65536kB for oom_score_adj 12 Free memory is -13236kB above reserved lowmemorykiller: Killing 'syz-executor349' (3258) (tgid 3258), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4224) because cache 30328kB is below limit 65536kB for oom_score_adj 12 Free memory is -13320kB above reserved lowmemorykiller: Killing 'syz-executor349' (3264) (tgid 3264), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4224) because cache 30328kB is below limit 65536kB for oom_score_adj 12 Free memory is 8536kB above reserved lowmemorykiller: Killing 'syz-executor349' (3267) (tgid 3267), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4233) because cache 30156kB is below limit 65536kB for oom_score_adj 12 Free memory is -13360kB above reserved lowmemorykiller: Killing 'syz-executor349' (3273) (tgid 3273), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4233) because cache 29956kB is below limit 65536kB for oom_score_adj 12 Free memory is -13400kB above reserved lowmemorykiller: Killing 'syz-executor349' (3288) (tgid 3288), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4233) because cache 29956kB is below limit 65536kB for oom_score_adj 12 Free memory is -13400kB above reserved lowmemorykiller: Killing 'syz-executor349' (3294) (tgid 3294), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4233) because cache 29756kB is below limit 65536kB for oom_score_adj 12 Free memory is 8500kB above reserved lowmemorykiller: Killing 'syz-executor349' (3300) (tgid 3300), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4245) because cache 29724kB is below limit 65536kB for oom_score_adj 12 Free memory is -13372kB above reserved lowmemorykiller: Killing 'syz-executor349' (3303) (tgid 3303), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4245) because cache 29524kB is below limit 65536kB for oom_score_adj 12 Free memory is -13320kB above reserved lowmemorykiller: Killing 'syz-executor349' (3309) (tgid 3309), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4245) because cache 29524kB is below limit 65536kB for oom_score_adj 12 Free memory is -13320kB above reserved lowmemorykiller: Killing 'syz-executor349' (3315) (tgid 3315), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4254) because cache 29088kB is below limit 65536kB for oom_score_adj 12 Free memory is -13404kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4254, name: syz-executor349 INFO: lockdep is turned off. Preemption disabled at: [<000000000c8d0a39>] spin_lock include/linux/spinlock.h:302 [inline] [<000000000c8d0a39>] task_lock include/linux/sched.h:3217 [inline] [<000000000c8d0a39>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 1 PID: 4254 Comm: syz-executor349 Tainted: G W 4.9.180+ #3 ffff880009b47018 ffffffff81b577f1 0000000000000000 0000000000000001 ffff88006d2817c0 ffffffff810d0c30 ffff88006d2817c0 ffff880009b47050 ffffffff8140008c ffff88006d2817c0 ffffffff82a39900 0000000000000387 Call Trace: [<000000009008e4eb>] __dump_stack lib/dump_stack.c:15 [inline] [<000000009008e4eb>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a0d2e3b9>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<000000000119c2f0>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<0000000047b65586>] mmput+0x28/0x370 kernel/fork.c:903 [<0000000022e259e3>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000f888656>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000bcd5c8e9>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000bcd5c8e9>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000022967d18>] shrink_slab mm/vmscan.c:466 [inline] [<0000000022967d18>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000058245e5c>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000058245e5c>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000058245e5c>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000073e9d0c7>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000073e9d0c7>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000073e9d0c7>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000073e9d0c7>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<0000000025172c26>] __alloc_pages include/linux/gfp.h:433 [inline] [<0000000025172c26>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<0000000025172c26>] alloc_pages_node include/linux/gfp.h:460 [inline] [<0000000025172c26>] shmem_alloc_page mm/shmem.c:1437 [inline] [<0000000025172c26>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<0000000025172c26>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000a0e6cf02>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000bfa644d8>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000009f14b650>] do_read_fault mm/memory.c:3202 [inline] [<000000009f14b650>] do_fault mm/memory.c:3338 [inline] [<000000009f14b650>] handle_pte_fault mm/memory.c:3547 [inline] [<000000009f14b650>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000009f14b650>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<000000002a2b8531>] faultin_page mm/gup.c:386 [inline] [<000000002a2b8531>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000284b4907>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000019059f29>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<00000000acf2a9f3>] mm_populate include/linux/mm.h:2052 [inline] [<00000000acf2a9f3>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000003c9be058>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000003c9be058>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000039e65ba>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000039e65ba>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<000000002c526076>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000bd7bf8ca>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor349' (3318) (tgid 3318), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4254) because cache 28888kB is below limit 65536kB for oom_score_adj 12 Free memory is -13356kB above reserved lowmemorykiller: Killing 'syz-executor349' (3324) (tgid 3324), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4254) because cache 28788kB is below limit 65536kB for oom_score_adj 12 Free memory is -13356kB above reserved lowmemorykiller: Killing 'syz-executor349' (3330) (tgid 3330), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4254) because cache 28588kB is below limit 65536kB for oom_score_adj 12 Free memory is -13344kB above reserved lowmemorykiller: Killing 'syz-executor349' (3336) (tgid 3336), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4266) because cache 28152kB is below limit 65536kB for oom_score_adj 12 Free memory is -13256kB above reserved lowmemorykiller: Killing 'syz-executor349' (3339) (tgid 3339), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4266) because cache 27952kB is below limit 65536kB for oom_score_adj 12 Free memory is -13404kB above reserved lowmemorykiller: Killing 'syz-executor349' (3345) (tgid 3345), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4266) because cache 28052kB is below limit 65536kB for oom_score_adj 12 Free memory is -13404kB above reserved lowmemorykiller: Killing 'syz-executor349' (3351) (tgid 3351), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4275) because cache 27600kB is below limit 65536kB for oom_score_adj 12 Free memory is -13328kB above reserved lowmemorykiller: Killing 'syz-executor349' (3369) (tgid 3369), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4275) because cache 27400kB is below limit 65536kB for oom_score_adj 12 Free memory is -13400kB above reserved lowmemorykiller: Killing 'syz-executor349' (3393) (tgid 3393), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4275) because cache 27400kB is below limit 65536kB for oom_score_adj 12 Free memory is -2024kB above reserved lowmemorykiller: Killing 'syz-executor349' (3405) (tgid 3405), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4275) because cache 27400kB is below limit 65536kB for oom_score_adj 12 Free memory is 6652kB above reserved lowmemorykiller: Killing 'syz-executor349' (3420) (tgid 3420), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4275) because cache 27400kB is below limit 65536kB for oom_score_adj 12 Free memory is 11452kB above reserved lowmemorykiller: Killing 'syz-executor349' (3435) (tgid 3435), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4275) because cache 27400kB is below limit 65536kB for oom_score_adj 12 Free memory is 22052kB above reserved lowmemorykiller: Killing 'syz-executor349' (3450) (tgid 3450), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4275) because cache 27500kB is below limit 65536kB for oom_score_adj 12 Free memory is 29828kB above reserved lowmemorykiller: Killing 'syz-executor349' (3453) (tgid 3453), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4275) because cache 27400kB is below limit 65536kB for oom_score_adj 12 Free memory is 39004kB above reserved lowmemorykiller: Killing 'syz-executor349' (3459) (tgid 3459), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4275) because cache 27300kB is below limit 65536kB for oom_score_adj 12 Free memory is 42304kB above reserved lowmemorykiller: Killing 'syz-executor349' (3468) (tgid 3468), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4275) because cache 27300kB is below limit 65536kB for oom_score_adj 12 Free memory is 51304kB above reserved lowmemorykiller: Killing 'syz-executor349' (3477) (tgid 3477), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4305) because cache 27208kB is below limit 65536kB for oom_score_adj 12 Free memory is -13352kB above reserved lowmemorykiller: Killing 'syz-executor349' (3486) (tgid 3486), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4305) because cache 27208kB is below limit 65536kB for oom_score_adj 12 Free memory is -11252kB above reserved lowmemorykiller: Killing 'syz-executor349' (3492) (tgid 3492), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4305) because cache 27208kB is below limit 65536kB for oom_score_adj 12 Free memory is -1968kB above reserved lowmemorykiller: Killing 'syz-executor349' (3498) (tgid 3498), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4305) because cache 27208kB is below limit 65536kB for oom_score_adj 12 Free memory is 2432kB above reserved lowmemorykiller: Killing 'syz-executor349' (3510) (tgid 3510), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4305) because cache 27208kB is below limit 65536kB for oom_score_adj 12 Free memory is 10116kB above reserved lowmemorykiller: Killing 'syz-executor349' (3513) (tgid 3513), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4305) because cache 27208kB is below limit 65536kB for oom_score_adj 12 Free memory is 17716kB above reserved lowmemorykiller: Killing 'syz-executor349' (3531) (tgid 3531), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4305) because cache 27208kB is below limit 65536kB for oom_score_adj 12 Free memory is 36416kB above reserved lowmemorykiller: Killing 'syz-executor349' (3534) (tgid 3534), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4305) because cache 27108kB is below limit 65536kB for oom_score_adj 12 Free memory is 43516kB above reserved lowmemorykiller: Killing 'syz-executor349' (3546) (tgid 3546), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4305) because cache 27108kB is below limit 65536kB for oom_score_adj 12 Free memory is 50816kB above reserved lowmemorykiller: Killing 'syz-executor349' (3561) (tgid 3561), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4305) because cache 27008kB is below limit 65536kB for oom_score_adj 12 Free memory is 58604kB above reserved lowmemorykiller: Killing 'syz-executor349' (3567) (tgid 3567), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4335) because cache 27012kB is below limit 65536kB for oom_score_adj 12 Free memory is -13272kB above reserved lowmemorykiller: Killing 'syz-executor349' (3582) (tgid 3582), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4335) because cache 27012kB is below limit 65536kB for oom_score_adj 12 Free memory is -8572kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4335, name: syz-executor349 INFO: lockdep is turned off. Preemption disabled at: [<000000000c8d0a39>] spin_lock include/linux/spinlock.h:302 [inline] [<000000000c8d0a39>] task_lock include/linux/sched.h:3217 [inline] [<000000000c8d0a39>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 1 PID: 4335 Comm: syz-executor349 Tainted: G W 4.9.180+ #3 ffff88005ec6f018 ffffffff81b577f1 0000000000000000 0000000000000001 ffff88005ec397c0 ffffffff810d0c30 ffff88005ec397c0 ffff88005ec6f050 ffffffff8140008c ffff88005ec397c0 ffffffff82a39900 0000000000000387 Call Trace: [<000000009008e4eb>] __dump_stack lib/dump_stack.c:15 [inline] [<000000009008e4eb>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a0d2e3b9>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<000000000119c2f0>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<0000000047b65586>] mmput+0x28/0x370 kernel/fork.c:903 [<0000000022e259e3>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000f888656>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000bcd5c8e9>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000bcd5c8e9>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000022967d18>] shrink_slab mm/vmscan.c:466 [inline] [<0000000022967d18>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000058245e5c>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000058245e5c>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000058245e5c>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000073e9d0c7>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000073e9d0c7>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000073e9d0c7>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000073e9d0c7>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<0000000025172c26>] __alloc_pages include/linux/gfp.h:433 [inline] [<0000000025172c26>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<0000000025172c26>] alloc_pages_node include/linux/gfp.h:460 [inline] [<0000000025172c26>] shmem_alloc_page mm/shmem.c:1437 [inline] [<0000000025172c26>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<0000000025172c26>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000a0e6cf02>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000bfa644d8>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000009f14b650>] do_read_fault mm/memory.c:3202 [inline] [<000000009f14b650>] do_fault mm/memory.c:3338 [inline] [<000000009f14b650>] handle_pte_fault mm/memory.c:3547 [inline] [<000000009f14b650>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000009f14b650>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<000000002a2b8531>] faultin_page mm/gup.c:386 [inline] [<000000002a2b8531>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000284b4907>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000019059f29>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<00000000acf2a9f3>] mm_populate include/linux/mm.h:2052 [inline] [<00000000acf2a9f3>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000003c9be058>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000003c9be058>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000039e65ba>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000039e65ba>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<000000002c526076>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000bd7bf8ca>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor349' (3588) (tgid 3588), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4341) because cache 26816kB is below limit 65536kB for oom_score_adj 12 Free memory is -13372kB above reserved lowmemorykiller: Killing 'syz-executor349' (3591) (tgid 3591), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4341) because cache 26816kB is below limit 65536kB for oom_score_adj 12 Free memory is -5772kB above reserved lowmemorykiller: Killing 'syz-executor349' (3597) (tgid 3597), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4341) because cache 26816kB is below limit 65536kB for oom_score_adj 12 Free memory is 3528kB above reserved lowmemorykiller: Killing 'syz-executor349' (3603) (tgid 3603), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4341) because cache 26816kB is below limit 65536kB for oom_score_adj 12 Free memory is 8528kB above reserved lowmemorykiller: Killing 'syz-executor349' (3612) (tgid 3612), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4341) because cache 26816kB is below limit 65536kB for oom_score_adj 12 Free memory is 21728kB above reserved lowmemorykiller: Killing 'syz-executor349' (3615) (tgid 3615), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4341) because cache 26816kB is below limit 65536kB for oom_score_adj 12 Free memory is 29228kB above reserved lowmemorykiller: Killing 'syz-executor349' (3618) (tgid 3618), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4341) because cache 26816kB is below limit 65536kB for oom_score_adj 12 Free memory is 46532kB above reserved lowmemorykiller: Killing 'syz-executor349' (3627) (tgid 3627), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4341) because cache 26716kB is below limit 65536kB for oom_score_adj 12 Free memory is 57628kB above reserved lowmemorykiller: Killing 'syz-executor349' (3636) (tgid 3636), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4365) because cache 26620kB is below limit 65536kB for oom_score_adj 12 Free memory is -13352kB above reserved lowmemorykiller: Killing 'syz-executor349' (3642) (tgid 3642), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4365) because cache 26620kB is below limit 65536kB for oom_score_adj 12 Free memory is -7852kB above reserved lowmemorykiller: Killing 'syz-executor349' (3645) (tgid 3645), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4365) because cache 26620kB is below limit 65536kB for oom_score_adj 12 Free memory is 1444kB above reserved lowmemorykiller: Killing 'syz-executor349' (3648) (tgid 3648), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4365) because cache 26620kB is below limit 65536kB for oom_score_adj 12 Free memory is 10644kB above reserved lowmemorykiller: Killing 'syz-executor349' (3657) (tgid 3657), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4365) because cache 26620kB is below limit 65536kB for oom_score_adj 12 Free memory is 21244kB above reserved lowmemorykiller: Killing 'syz-executor349' (3660) (tgid 3660), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4365) because cache 26620kB is below limit 65536kB for oom_score_adj 12 Free memory is 30420kB above reserved lowmemorykiller: Killing 'syz-executor349' (3663) (tgid 3663), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4365) because cache 26620kB is below limit 65536kB for oom_score_adj 12 Free memory is 38172kB above reserved lowmemorykiller: Killing 'syz-executor349' (3678) (tgid 3678), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4365) because cache 26520kB is below limit 65536kB for oom_score_adj 12 Free memory is 47472kB above reserved lowmemorykiller: Killing 'syz-executor349' (3684) (tgid 3684), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4365) because cache 26420kB is below limit 65536kB for oom_score_adj 12 Free memory is 47472kB above reserved lowmemorykiller: Killing 'syz-executor349' (3687) (tgid 3687), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4392) because cache 26420kB is below limit 65536kB for oom_score_adj 12 Free memory is -13304kB above reserved lowmemorykiller: Killing 'syz-executor349' (3693) (tgid 3693), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4392) because cache 26420kB is below limit 65536kB for oom_score_adj 12 Free memory is -9404kB above reserved lowmemorykiller: Killing 'syz-executor349' (3696) (tgid 3696), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4392) because cache 26420kB is below limit 65536kB for oom_score_adj 12 Free memory is -4kB above reserved lowmemorykiller: Killing 'syz-executor349' (3699) (tgid 3699), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4392) because cache 26420kB is below limit 65536kB for oom_score_adj 12 Free memory is 11580kB above reserved lowmemorykiller: Killing 'syz-executor349' (3708) (tgid 3708), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4404) because cache 26232kB is below limit 65536kB for oom_score_adj 12 Free memory is -13276kB above reserved lowmemorykiller: Killing 'syz-executor349' (3711) (tgid 3711), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4404) because cache 26232kB is below limit 65536kB for oom_score_adj 12 Free memory is -6776kB above reserved lowmemorykiller: Killing 'syz-executor349' (3717) (tgid 3717), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4410) because cache 26044kB is below limit 65536kB for oom_score_adj 12 Free memory is -13296kB above reserved lowmemorykiller: Killing 'syz-executor349' (3723) (tgid 3723), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4410) because cache 25944kB is below limit 65536kB for oom_score_adj 12 Free memory is -13348kB above reserved lowmemorykiller: Killing 'syz-executor349' (3726) (tgid 3726), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4410) because cache 25944kB is below limit 65536kB for oom_score_adj 12 Free memory is -13348kB above reserved lowmemorykiller: Killing 'syz-executor349' (3732) (tgid 3732), adj 1000, to free 12172kB on behalf of 'syz-executor349' (2085) because cache 25644kB is below limit 65536kB for oom_score_adj 12 Free memory is -9880kB above reserved lowmemorykiller: Killing 'syz-executor349' (3735) (tgid 3735), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4422) because cache 25460kB is below limit 65536kB for oom_score_adj 12 Free memory is -13348kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4422, name: syz-executor349 INFO: lockdep is turned off. Preemption disabled at: [<000000000c8d0a39>] spin_lock include/linux/spinlock.h:302 [inline] [<000000000c8d0a39>] task_lock include/linux/sched.h:3217 [inline] [<000000000c8d0a39>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 1 PID: 4422 Comm: syz-executor349 Tainted: G W 4.9.180+ #3 ffff8801ca227018 ffffffff81b577f1 0000000000000000 0000000000000001 ffff8801cb9b2f80 ffffffff810d0c30 ffff8801cb9b2f80 ffff8801ca227050 ffffffff8140008c ffff8801cb9b2f80 ffffffff82a39900 0000000000000387 Call Trace: [<000000009008e4eb>] __dump_stack lib/dump_stack.c:15 [inline] [<000000009008e4eb>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a0d2e3b9>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<000000000119c2f0>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<0000000047b65586>] mmput+0x28/0x370 kernel/fork.c:903 [<0000000022e259e3>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000f888656>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000bcd5c8e9>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000bcd5c8e9>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000022967d18>] shrink_slab mm/vmscan.c:466 [inline] [<0000000022967d18>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000058245e5c>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000058245e5c>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000058245e5c>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000073e9d0c7>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000073e9d0c7>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000073e9d0c7>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000073e9d0c7>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<0000000025172c26>] __alloc_pages include/linux/gfp.h:433 [inline] [<0000000025172c26>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<0000000025172c26>] alloc_pages_node include/linux/gfp.h:460 [inline] [<0000000025172c26>] shmem_alloc_page mm/shmem.c:1437 [inline] [<0000000025172c26>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<0000000025172c26>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000a0e6cf02>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000bfa644d8>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000009f14b650>] do_read_fault mm/memory.c:3202 [inline] [<000000009f14b650>] do_fault mm/memory.c:3338 [inline] [<000000009f14b650>] handle_pte_fault mm/memory.c:3547 [inline] [<000000009f14b650>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000009f14b650>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<000000002a2b8531>] faultin_page mm/gup.c:386 [inline] [<000000002a2b8531>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000284b4907>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000019059f29>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<00000000acf2a9f3>] mm_populate include/linux/mm.h:2052 [inline] [<00000000acf2a9f3>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000003c9be058>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000003c9be058>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000039e65ba>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000039e65ba>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<000000002c526076>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000bd7bf8ca>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor349' (3744) (tgid 3744), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4422) because cache 25276kB is below limit 65536kB for oom_score_adj 12 Free memory is -13400kB above reserved lowmemorykiller: Killing 'syz-executor349' (3747) (tgid 3747), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4422) because cache 25276kB is below limit 65536kB for oom_score_adj 12 Free memory is 4600kB above reserved lowmemorykiller: Killing 'syz-executor349' (3750) (tgid 3750), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4431) because cache 25096kB is below limit 65536kB for oom_score_adj 12 Free memory is -13332kB above reserved lowmemorykiller: Killing 'syz-executor349' (3753) (tgid 3753), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4431) because cache 25096kB is below limit 65536kB for oom_score_adj 12 Free memory is -9332kB above reserved lowmemorykiller: Killing 'syz-executor349' (3756) (tgid 3756), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4431) because cache 25096kB is below limit 65536kB for oom_score_adj 12 Free memory is -4932kB above reserved lowmemorykiller: Killing 'syz-executor349' (3765) (tgid 3765), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4440) because cache 24912kB is below limit 65536kB for oom_score_adj 12 Free memory is -13292kB above reserved lowmemorykiller: Killing 'syz-executor349' (3768) (tgid 3768), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4440) because cache 24912kB is below limit 65536kB for oom_score_adj 12 Free memory is -13292kB above reserved lowmemorykiller: Killing 'syz-executor349' (3771) (tgid 3771), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4440) because cache 24712kB is below limit 65536kB for oom_score_adj 12 Free memory is -13080kB above reserved lowmemorykiller: Killing 'syz-executor349' (3774) (tgid 3774), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4440) because cache 24712kB is below limit 65536kB for oom_score_adj 12 Free memory is 4296kB above reserved lowmemorykiller: Killing 'syz-executor349' (3777) (tgid 3777), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4440) because cache 24712kB is below limit 65536kB for oom_score_adj 12 Free memory is 19896kB above reserved lowmemorykiller: Killing 'syz-executor349' (3780) (tgid 3780), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4440) because cache 24712kB is below limit 65536kB for oom_score_adj 12 Free memory is 31396kB above reserved lowmemorykiller: Killing 'syz-executor349' (3789) (tgid 3789), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4440) because cache 24712kB is below limit 65536kB for oom_score_adj 12 Free memory is 42196kB above reserved lowmemorykiller: Killing 'syz-executor349' (3798) (tgid 3798), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4440) because cache 24612kB is below limit 65536kB for oom_score_adj 12 Free memory is 53696kB above reserved lowmemorykiller: Killing 'syz-executor349' (3801) (tgid 3801), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4464) because cache 24544kB is below limit 65536kB for oom_score_adj 12 Free memory is -13308kB above reserved lowmemorykiller: Killing 'syz-executor349' (3807) (tgid 3807), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4464) because cache 24544kB is below limit 65536kB for oom_score_adj 12 Free memory is -5908kB above reserved lowmemorykiller: Killing 'syz-executor349' (3810) (tgid 3810), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4464) because cache 24544kB is below limit 65536kB for oom_score_adj 12 Free memory is 3292kB above reserved lowmemorykiller: Killing 'syz-executor349' (3813) (tgid 3813), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4464) because cache 24544kB is below limit 65536kB for oom_score_adj 12 Free memory is 7384kB above reserved lowmemorykiller: Killing 'syz-executor349' (3819) (tgid 3819), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4464) because cache 24544kB is below limit 65536kB for oom_score_adj 12 Free memory is 20364kB above reserved lowmemorykiller: Killing 'syz-executor349' (3822) (tgid 3822), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4464) because cache 24544kB is below limit 65536kB for oom_score_adj 12 Free memory is 29652kB above reserved lowmemorykiller: Killing 'syz-executor349' (3831) (tgid 3831), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4464) because cache 24544kB is below limit 65536kB for oom_score_adj 12 Free memory is 40852kB above reserved lowmemorykiller: Killing 'syz-executor349' (3837) (tgid 3837), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4464) because cache 24444kB is below limit 65536kB for oom_score_adj 12 Free memory is 44052kB above reserved lowmemorykiller: Killing 'syz-executor349' (3840) (tgid 3840), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4488) because cache 24344kB is below limit 65536kB for oom_score_adj 12 Free memory is -13268kB above reserved lowmemorykiller: Killing 'syz-executor349' (3843) (tgid 3843), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4488) because cache 24344kB is below limit 65536kB for oom_score_adj 12 Free memory is -13268kB above reserved lowmemorykiller: Killing 'syz-executor349' (3852) (tgid 3852), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4494) because cache 24008kB is below limit 65536kB for oom_score_adj 12 Free memory is -13232kB above reserved lowmemorykiller: Killing 'syz-executor349' (3855) (tgid 3855), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4494) because cache 24008kB is below limit 65536kB for oom_score_adj 12 Free memory is -2132kB above reserved lowmemorykiller: Killing 'syz-executor349' (3858) (tgid 3858), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4494) because cache 24008kB is below limit 65536kB for oom_score_adj 12 Free memory is 5860kB above reserved lowmemorykiller: Killing 'syz-executor349' (3861) (tgid 3861), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4503) because cache 23856kB is below limit 65536kB for oom_score_adj 12 Free memory is -13268kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4503, name: syz-executor349 INFO: lockdep is turned off. Preemption disabled at: [<000000000c8d0a39>] spin_lock include/linux/spinlock.h:302 [inline] [<000000000c8d0a39>] task_lock include/linux/sched.h:3217 [inline] [<000000000c8d0a39>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4503 Comm: syz-executor349 Tainted: G W 4.9.180+ #3 ffff8801cbbc7018 ffffffff81b577f1 0000000000000000 0000000000000001 ffff8801ca95df00 ffffffff810d0c30 ffff8801ca95df00 ffff8801cbbc7050 ffffffff8140008c ffff8801ca95df00 ffffffff82a39900 0000000000000387 Call Trace: [<000000009008e4eb>] __dump_stack lib/dump_stack.c:15 [inline] [<000000009008e4eb>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a0d2e3b9>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<000000000119c2f0>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<0000000047b65586>] mmput+0x28/0x370 kernel/fork.c:903 [<0000000022e259e3>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000f888656>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000bcd5c8e9>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000bcd5c8e9>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000022967d18>] shrink_slab mm/vmscan.c:466 [inline] [<0000000022967d18>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000058245e5c>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000058245e5c>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000058245e5c>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000073e9d0c7>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000073e9d0c7>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000073e9d0c7>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000073e9d0c7>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<0000000025172c26>] __alloc_pages include/linux/gfp.h:433 [inline] [<0000000025172c26>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<0000000025172c26>] alloc_pages_node include/linux/gfp.h:460 [inline] [<0000000025172c26>] shmem_alloc_page mm/shmem.c:1437 [inline] [<0000000025172c26>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<0000000025172c26>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000a0e6cf02>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000bfa644d8>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000009f14b650>] do_read_fault mm/memory.c:3202 [inline] [<000000009f14b650>] do_fault mm/memory.c:3338 [inline] [<000000009f14b650>] handle_pte_fault mm/memory.c:3547 [inline] [<000000009f14b650>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000009f14b650>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<000000002a2b8531>] faultin_page mm/gup.c:386 [inline] [<000000002a2b8531>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000284b4907>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000019059f29>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<00000000acf2a9f3>] mm_populate include/linux/mm.h:2052 [inline] [<00000000acf2a9f3>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000003c9be058>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000003c9be058>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000039e65ba>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000039e65ba>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<000000002c526076>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000bd7bf8ca>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor349' (3864) (tgid 3864), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4503) because cache 23756kB is below limit 65536kB for oom_score_adj 12 Free memory is -13300kB above reserved lowmemorykiller: Killing 'syz-executor349' (3867) (tgid 3867), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4503) because cache 23688kB is below limit 65536kB for oom_score_adj 12 Free memory is -924kB above reserved lowmemorykiller: Killing 'syz-executor349' (3876) (tgid 3876), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4503) because cache 23688kB is below limit 65536kB for oom_score_adj 12 Free memory is 5896kB above reserved lowmemorykiller: Killing 'syz-executor349' (3882) (tgid 3882), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4503) because cache 23688kB is below limit 65536kB for oom_score_adj 12 Free memory is 18380kB above reserved lowmemorykiller: Killing 'syz-executor349' (3885) (tgid 3885), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4503) because cache 23688kB is below limit 65536kB for oom_score_adj 12 Free memory is 27580kB above reserved lowmemorykiller: Killing 'syz-executor349' (3891) (tgid 3891), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4503) because cache 23688kB is below limit 65536kB for oom_score_adj 12 Free memory is 33780kB above reserved lowmemorykiller: Killing 'syz-executor349' (3894) (tgid 3894), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4503) because cache 23688kB is below limit 65536kB for oom_score_adj 12 Free memory is 50680kB above reserved lowmemorykiller: Killing 'syz-executor349' (3897) (tgid 3897), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4527) because cache 23520kB is below limit 65536kB for oom_score_adj 12 Free memory is -13304kB above reserved lowmemorykiller: Killing 'syz-executor349' (3900) (tgid 3900), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4527) because cache 23320kB is below limit 65536kB for oom_score_adj 12 Free memory is -13308kB above reserved lowmemorykiller: Killing 'syz-executor349' (3903) (tgid 3903), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4527) because cache 23420kB is below limit 65536kB for oom_score_adj 12 Free memory is 4676kB above reserved lowmemorykiller: Killing 'syz-executor349' (3906) (tgid 3906), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4527) because cache 23420kB is below limit 65536kB for oom_score_adj 12 Free memory is 14176kB above reserved lowmemorykiller: Killing 'syz-executor349' (3909) (tgid 3909), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4527) because cache 23320kB is below limit 65536kB for oom_score_adj 12 Free memory is 24768kB above reserved lowmemorykiller: Killing 'syz-executor349' (3912) (tgid 3912), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4527) because cache 23320kB is below limit 65536kB for oom_score_adj 12 Free memory is 26468kB above reserved lowmemorykiller: Killing 'syz-executor349' (3915) (tgid 3915), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4545) because cache 23188kB is below limit 65536kB for oom_score_adj 12 Free memory is -13340kB above reserved lowmemorykiller: Killing 'syz-executor349' (3918) (tgid 3918), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4545) because cache 22988kB is below limit 65536kB for oom_score_adj 12 Free memory is -13364kB above reserved lowmemorykiller: Killing 'syz-executor349' (3921) (tgid 3921), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4545) because cache 23088kB is below limit 65536kB for oom_score_adj 12 Free memory is 4924kB above reserved lowmemorykiller: Killing 'syz-executor349' (3924) (tgid 3924), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4554) because cache 22860kB is below limit 65536kB for oom_score_adj 12 Free memory is -13276kB above reserved lowmemorykiller: Killing 'syz-executor349' (3927) (tgid 3927), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4554) because cache 22760kB is below limit 65536kB for oom_score_adj 12 Free memory is -13276kB above reserved lowmemorykiller: Killing 'syz-executor349' (3933) (tgid 3933), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4554) because cache 22660kB is below limit 65536kB for oom_score_adj 12 Free memory is -13276kB above reserved lowmemorykiller: Killing 'syz-executor349' (3936) (tgid 3936), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4554) because cache 22660kB is below limit 65536kB for oom_score_adj 12 Free memory is -13276kB above reserved lowmemorykiller: Killing 'syz-executor349' (3939) (tgid 3939), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4566) because cache 22372kB is below limit 65536kB for oom_score_adj 12 Free memory is -13288kB above reserved lowmemorykiller: Killing 'syz-executor349' (3942) (tgid 3942), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4566) because cache 22372kB is below limit 65536kB for oom_score_adj 12 Free memory is -7888kB above reserved lowmemorykiller: Killing 'syz-executor349' (3945) (tgid 3945), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4566) because cache 22272kB is below limit 65536kB for oom_score_adj 12 Free memory is -6288kB above reserved lowmemorykiller: Killing 'syz-executor349' (3963) (tgid 3963), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4575) because cache 22216kB is below limit 65536kB for oom_score_adj 12 Free memory is -13388kB above reserved lowmemorykiller: Killing 'syz-executor349' (3969) (tgid 3969), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4575) because cache 22216kB is below limit 65536kB for oom_score_adj 12 Free memory is -9336kB above reserved lowmemorykiller: Killing 'syz-executor349' (3973) (tgid 3973), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4575) because cache 22216kB is below limit 65536kB for oom_score_adj 12 Free memory is -660kB above reserved lowmemorykiller: Killing 'syz-executor349' (3976) (tgid 3976), adj 1000, to free 12172kB on behalf of 'syz-executor349' (4575) because cache 22216kB is below limit 65536kB for oom_score_adj 12 Free memory is 8540kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4575, name: syz-executor349 INFO: lockdep is turned off. Preemption disabled at: [<000000000c8d0a39>] spin_lock include/linux/spinlock.h:302 [inline] [<000000000c8d0a39>] task_lock include/linux/sched.h:3217 [inline] [<000000000c8d0a39>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4575 Comm: syz-executor349 Tainted: G W 4.9.180+ #3 ffff8801cab6f018 ffffffff81b577f1 0000000000000000 0000000000000001 ffff8801cf5397c0 ffffffff810d0c30 ffff8801cf5397c0 ffff8801cab6f050 ffffffff8140008c ffff8801cf5397c0 ffffffff82a39900 0000000000000387 Call Trace: [<000000009008e4eb>] __dump_stack lib/dump_stack.c:15 [inline] [<000000009008e4eb>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a0d2e3b9>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<000000000119c2f0>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<0000000047b65586>] mmput+0x28/0x370 kernel/fork.c:903 [<0000000022e259e3>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000f888656>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000bcd5c8e9>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000bcd5c8e9>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<0000000022967d18>] shrink_slab mm/vmscan.c:466 [inline] [<0000000022967d18>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000058245e5c>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000058245e5c>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000058245e5c>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000073e9d0c7>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000073e9d0c7>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000073e9d0c7>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000073e9d0c7>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<0000000025172c26>] __alloc_pages include/linux/gfp.h:433 [inline] [<0000000025172c26>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<0000000025172c26>] alloc_pages_node include/linux/gfp.h:460 [inline] [<0000000025172c26>] shmem_alloc_page mm/shmem.c:1437 [inline] [<0000000025172c26>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<0000000025172c26>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<00000000a0e6cf02>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<00000000bfa644d8>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<000000009f14b650>] do_read_fault mm/memory.c:3202 [inline] [<000000009f14b650>] do_fault mm/memory.c:3338 [inline] [<000000009f14b650>] handle_pte_fault mm/memory.c:3547 [inline] [<000000009f14b650>] __handle_mm_fault mm/memory.c:3634 [inline] [<000000009f14b650>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<000000002a2b8531>] faultin_page mm/gup.c:386 [inline] [<000000002a2b8531>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588