Free memory is -13404kB above reserved lowmemorykiller: Killing 'syz-executor480' (2125) (tgid 2125), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3729) because cache 38488kB is below limit 65536kB for oom_score_adj 12 Free memory is -13304kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 3729, name: syz-executor480 3 locks held by syz-executor480/3729: #0: (&mm->mmap_sem){++++++}, at: [<000000001114b352>] __mm_populate+0x20c/0x300 mm/gup.c:1134 #1: (shrinker_rwsem){++++..}, at: [<0000000081ff3815>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 #2: (rcu_read_lock){......}, at: [<00000000255bef69>] lowmem_scan+0x242/0xb50 drivers/staging/android/lowmemorykiller.c:272 Preemption disabled at: [<0000000081a94915>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000081a94915>] task_lock include/linux/sched.h:3208 [inline] [<0000000081a94915>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 1 PID: 3729 Comm: syz-executor480 Not tainted 4.9.174+ #3 ffff88010100f018 ffffffff81b4f9e1 0000000000000000 0000000000000001 ffff8801cada17c0 ffffffff810ce3d0 ffff8801cada17c0 ffff88010100f050 ffffffff813fc74c ffff8801cada17c0 ffffffff82a38bc0 0000000000000387 Call Trace: [<00000000553f0fd9>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000553f0fd9>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a99f736b>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:7985 [<00000000bfb4c74e>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7942 [<000000005fbea0cd>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000aec74dda>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000b23fad8>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000b4a06976>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000b4a06976>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000bdefe8a4>] shrink_slab mm/vmscan.c:466 [inline] [<00000000bdefe8a4>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000e322c55f>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000e322c55f>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000e322c55f>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000dfe33164>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000dfe33164>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000dfe33164>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000dfe33164>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000006db2df9e>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000006db2df9e>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000006db2df9e>] alloc_pages_node include/linux/gfp.h:460 [inline] [<000000006db2df9e>] shmem_alloc_page mm/shmem.c:1437 [inline] [<000000006db2df9e>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<000000006db2df9e>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<000000002a4920e7>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002927baba>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<00000000003455f8>] do_read_fault mm/memory.c:3202 [inline] [<00000000003455f8>] do_fault mm/memory.c:3338 [inline] [<00000000003455f8>] handle_pte_fault mm/memory.c:3547 [inline] [<00000000003455f8>] __handle_mm_fault mm/memory.c:3634 [inline] [<00000000003455f8>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000993a39ca>] faultin_page mm/gup.c:386 [inline] [<00000000993a39ca>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000318d97db>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000021fac2b1>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000001c78859c>] mm_populate include/linux/mm.h:2043 [inline] [<000000001c78859c>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001cfbd454>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001cfbd454>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000e905427d>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000e905427d>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000b3e11328>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [<00000000e558849e>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb ================================= [ INFO: inconsistent lock state ] 4.9.174+ #3 Tainted: G W --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-R} usage. syz-executor480/3729 [HC0[0]:SC0[0]:HE1:SE1] takes: (&mm->mmap_sem){+++++?}, at: [<00000000cebed0a6>] get_cmdline+0xa3/0x2d0 mm/util.c:641 mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897 __alloc_pages_nodemask+0x143/0x1a80 mm/page_alloc.c:3803 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_pages_node include/linux/gfp.h:460 [inline] pmd_alloc_one arch/x86/include/asm/pgalloc.h:88 [inline] __pmd_alloc+0x4a/0x330 mm/memory.c:3742 pmd_alloc include/linux/mm.h:1588 [inline] alloc_new_pmd mm/mremap.c:64 [inline] move_page_tables+0xadb/0xd60 mm/mremap.c:212 shift_arg_pages+0x1ae/0x470 fs/exec.c:642 setup_arg_pages+0x60d/0x7c0 fs/exec.c:754 load_elf_binary+0xa84/0x4a90 fs/binfmt_elf.c:860 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 irq event stamp: 9775 hardirqs last enabled at (9775): [<00000000567a4d62>] dump_stack+0x100/0x120 lib/dump_stack.c:56 hardirqs last disabled at (9774): [<00000000397f9c62>] dump_stack+0x2c/0x120 lib/dump_stack.c:38 softirqs last enabled at (8702): [<000000005e71f69f>] __do_softirq+0x474/0x964 kernel/softirq.c:314 softirqs last disabled at (8689): [<00000000bbfe2609>] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (8689): [<00000000bbfe2609>] irq_exit+0x119/0x160 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&mm->mmap_sem); lock(&mm->mmap_sem); *** DEADLOCK *** 4 locks held by syz-executor480/3729: #0: (&mm->mmap_sem){+++++?}, at: [<000000001114b352>] __mm_populate+0x20c/0x300 mm/gup.c:1134 #1: (shrinker_rwsem){++++..}, at: [<0000000081ff3815>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 #2: (rcu_read_lock){......}, at: [<00000000255bef69>] lowmem_scan+0x242/0xb50 drivers/staging/android/lowmemorykiller.c:272 #3: (lmk_event_lock){+.+.-.}, at: [<00000000660a361e>] spin_lock include/linux/spinlock.h:302 [inline] #3: (lmk_event_lock){+.+.-.}, at: [<00000000660a361e>] handle_lmk_event+0xfb/0x8a0 drivers/staging/android/lowmemorykiller.c:114 stack backtrace: CPU: 1 PID: 3729 Comm: syz-executor480 Tainted: G W 4.9.174+ #3 ffff88010100ed60 ffffffff81b4f9e1 00000000000000f0 ffff8801cada17c0 ffffffff83cab5a0 ffff8801cada2130 ffffffff8424cd00 ffff88010100edd8 ffffffff81403189 0000000000000000 ffffffff00000001 0000000000000001 Call Trace: [<00000000553f0fd9>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000553f0fd9>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<000000000729f865>] print_usage_bug kernel/locking/lockdep.c:2387 [inline] [<000000000729f865>] print_usage_bug.cold+0x452/0x5a2 kernel/locking/lockdep.c:2354 [<00000000caf273ab>] valid_state kernel/locking/lockdep.c:2400 [inline] [<00000000caf273ab>] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [<00000000caf273ab>] mark_lock+0x6c7/0x12e0 kernel/locking/lockdep.c:3065 [<00000000c6969b95>] mark_irqflags kernel/locking/lockdep.c:2958 [inline] [<00000000c6969b95>] __lock_acquire+0x5c3/0x4350 kernel/locking/lockdep.c:3302 [<00000000c6593f94>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<00000000eb82ff57>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<00000000cebed0a6>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<000000007f57f541>] handle_lmk_event+0x13c/0x8a0 drivers/staging/android/lowmemorykiller.c:128 [<000000000b23fad8>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000b4a06976>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000b4a06976>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000bdefe8a4>] shrink_slab mm/vmscan.c:466 [inline] [<00000000bdefe8a4>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000e322c55f>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000e322c55f>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000e322c55f>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000dfe33164>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000dfe33164>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000dfe33164>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000dfe33164>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000006db2df9e>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000006db2df9e>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000006db2df9e>] alloc_pages_node include/linux/gfp.h:460 [inline] [<000000006db2df9e>] shmem_alloc_page mm/shmem.c:1437 [inline] [<000000006db2df9e>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<000000006db2df9e>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<000000002a4920e7>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002927baba>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<00000000003455f8>] do_read_fault mm/memory.c:3202 [inline] [<00000000003455f8>] do_fault mm/memory.c:3338 [inline] [<00000000003455f8>] handle_pte_fault mm/memory.c:3547 [inline] [<00000000003455f8>] __handle_mm_fault mm/memory.c:3634 [inline] [<00000000003455f8>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000993a39ca>] faultin_page mm/gup.c:386 [inline] [<00000000993a39ca>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000318d97db>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000021fac2b1>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000001c78859c>] mm_populate include/linux/mm.h:2043 [inline] [<000000001c78859c>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001cfbd454>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001cfbd454>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000e905427d>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000e905427d>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000b3e11328>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [<00000000e558849e>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor480' (2128) (tgid 2128), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3729) because cache 38388kB is below limit 65536kB for oom_score_adj 12 Free memory is -13392kB above reserved lowmemorykiller: Killing 'syz-executor480' (2134) (tgid 2134), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3729) because cache 38188kB is below limit 65536kB for oom_score_adj 12 Free memory is -13340kB above reserved lowmemorykiller: Killing 'syz-executor480' (2143) (tgid 2143), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3729) because cache 37988kB is below limit 65536kB for oom_score_adj 12 Free memory is -13288kB above reserved lowmemorykiller: Killing 'syz-executor480' (2152) (tgid 2152), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3729) because cache 37888kB is below limit 65536kB for oom_score_adj 12 Free memory is -9588kB above reserved lowmemorykiller: Killing 'syz-executor480' (2158) (tgid 2158), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3729) because cache 37988kB is below limit 65536kB for oom_score_adj 12 Free memory is 3012kB above reserved lowmemorykiller: Killing 'syz-executor480' (3730) (tgid 3730), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3754) because cache 37852kB is below limit 65536kB for oom_score_adj 12 Free memory is -13304kB above reserved lowmemorykiller: Killing 'syz-executor480' (2170) (tgid 2170), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3754) because cache 37752kB is below limit 65536kB for oom_score_adj 12 Free memory is -13284kB above reserved lowmemorykiller: Killing 'syz-executor480' (2176) (tgid 2176), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3754) because cache 37652kB is below limit 65536kB for oom_score_adj 12 Free memory is -13284kB above reserved lowmemorykiller: Killing 'syz-executor480' (2185) (tgid 2185), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3754) because cache 37452kB is below limit 65536kB for oom_score_adj 12 Free memory is 1016kB above reserved lowmemorykiller: Killing 'syz-executor480' (2188) (tgid 2188), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3754) because cache 37452kB is below limit 65536kB for oom_score_adj 12 Free memory is 1816kB above reserved lowmemorykiller: Killing 'syz-executor480' (3755) (tgid 3755), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3770) because cache 37536kB is below limit 65536kB for oom_score_adj 12 Free memory is -13280kB above reserved lowmemorykiller: Killing 'syz-executor480' (2194) (tgid 2194), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3770) because cache 37336kB is below limit 65536kB for oom_score_adj 12 Free memory is -13440kB above reserved lowmemorykiller: Killing 'syz-executor480' (2197) (tgid 2197), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3770) because cache 37236kB is below limit 65536kB for oom_score_adj 12 Free memory is -13440kB above reserved lowmemorykiller: Killing 'syz-executor480' (3771) (tgid 3771), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3780) because cache 37200kB is below limit 65536kB for oom_score_adj 12 Free memory is -13336kB above reserved lowmemorykiller: Killing 'syz-executor480' (2209) (tgid 2209), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3780) because cache 37000kB is below limit 65536kB for oom_score_adj 12 Free memory is -13312kB above reserved lowmemorykiller: Killing 'syz-executor480' (2215) (tgid 2215), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3780) because cache 36900kB is below limit 65536kB for oom_score_adj 12 Free memory is 3064kB above reserved lowmemorykiller: Killing 'syz-executor480' (2218) (tgid 2218), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3780) because cache 36900kB is below limit 65536kB for oom_score_adj 12 Free memory is 13464kB above reserved lowmemorykiller: Killing 'syz-executor480' (3781) (tgid 3781), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3793) because cache 36800kB is below limit 65536kB for oom_score_adj 12 Free memory is -13332kB above reserved lowmemorykiller: Killing 'syz-executor480' (2224) (tgid 2224), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3793) because cache 36700kB is below limit 65536kB for oom_score_adj 12 Free memory is -5332kB above reserved lowmemorykiller: Killing 'syz-executor480' (2230) (tgid 2230), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3793) because cache 36700kB is below limit 65536kB for oom_score_adj 12 Free memory is -5332kB above reserved lowmemorykiller: Killing 'syz-executor480' (3794) (tgid 3794), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3804) because cache 36664kB is below limit 65536kB for oom_score_adj 12 Free memory is -13316kB above reserved lowmemorykiller: Killing 'syz-executor480' (2233) (tgid 2233), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3804) because cache 36464kB is below limit 65536kB for oom_score_adj 12 Free memory is -13308kB above reserved lowmemorykiller: Killing 'syz-executor480' (2236) (tgid 2236), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3804) because cache 36464kB is below limit 65536kB for oom_score_adj 12 Free memory is -13308kB above reserved lowmemorykiller: Killing 'syz-executor480' (2242) (tgid 2242), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3813) because cache 35552kB is below limit 65536kB for oom_score_adj 12 Free memory is -13320kB above reserved lowmemorykiller: Killing 'syz-executor480' (2245) (tgid 2245), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3813) because cache 35552kB is below limit 65536kB for oom_score_adj 12 Free memory is -10620kB above reserved lowmemorykiller: Killing 'syz-executor480' (2251) (tgid 2251), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3813) because cache 35552kB is below limit 65536kB for oom_score_adj 12 Free memory is -5820kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 3813, name: syz-executor480 INFO: lockdep is turned off. Preemption disabled at: [<0000000081a94915>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000081a94915>] task_lock include/linux/sched.h:3208 [inline] [<0000000081a94915>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 3813 Comm: syz-executor480 Tainted: G W 4.9.174+ #3 ffff8801cbbdf018 ffffffff81b4f9e1 0000000000000000 0000000000000001 ffff8801d024af80 ffffffff810ce3d0 ffff8801d024af80 ffff8801cbbdf050 ffffffff813fc74c ffff8801d024af80 ffffffff82a38bc0 0000000000000387 Call Trace: [<00000000553f0fd9>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000553f0fd9>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a99f736b>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:7985 [<00000000bfb4c74e>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7942 [<000000005fbea0cd>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000aec74dda>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000b23fad8>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000b4a06976>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000b4a06976>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000bdefe8a4>] shrink_slab mm/vmscan.c:466 [inline] [<00000000bdefe8a4>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000e322c55f>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000e322c55f>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000e322c55f>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000dfe33164>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000dfe33164>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000dfe33164>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000dfe33164>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000006db2df9e>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000006db2df9e>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000006db2df9e>] alloc_pages_node include/linux/gfp.h:460 [inline] [<000000006db2df9e>] shmem_alloc_page mm/shmem.c:1437 [inline] [<000000006db2df9e>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<000000006db2df9e>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<000000002a4920e7>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002927baba>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<00000000003455f8>] do_read_fault mm/memory.c:3202 [inline] [<00000000003455f8>] do_fault mm/memory.c:3338 [inline] [<00000000003455f8>] handle_pte_fault mm/memory.c:3547 [inline] [<00000000003455f8>] __handle_mm_fault mm/memory.c:3634 [inline] [<00000000003455f8>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000993a39ca>] faultin_page mm/gup.c:386 [inline] [<00000000993a39ca>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000318d97db>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000021fac2b1>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000001c78859c>] mm_populate include/linux/mm.h:2043 [inline] [<000000001c78859c>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001cfbd454>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001cfbd454>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000e905427d>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000e905427d>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000b3e11328>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [<00000000e558849e>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor480' (3814) (tgid 3814), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3823) because cache 35384kB is below limit 65536kB for oom_score_adj 12 Free memory is -13304kB above reserved lowmemorykiller: Killing 'syz-executor480' (2254) (tgid 2254), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3823) because cache 35184kB is below limit 65536kB for oom_score_adj 12 Free memory is -13344kB above reserved lowmemorykiller: Killing 'syz-executor480' (2260) (tgid 2260), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3823) because cache 35184kB is below limit 65536kB for oom_score_adj 12 Free memory is -9344kB above reserved lowmemorykiller: Killing 'syz-executor480' (3824) (tgid 3824), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3833) because cache 35200kB is below limit 65536kB for oom_score_adj 12 Free memory is -13336kB above reserved lowmemorykiller: Killing 'syz-executor480' (2269) (tgid 2269), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3833) because cache 35200kB is below limit 65536kB for oom_score_adj 12 Free memory is -4736kB above reserved lowmemorykiller: Killing 'syz-executor480' (2272) (tgid 2272), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3839) because cache 34960kB is below limit 65536kB for oom_score_adj 12 Free memory is -13328kB above reserved lowmemorykiller: Killing 'syz-executor480' (2291) (tgid 2291), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3839) because cache 34860kB is below limit 65536kB for oom_score_adj 12 Free memory is -10928kB above reserved lowmemorykiller: Killing 'syz-executor480' (2297) (tgid 2297), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3845) because cache 34820kB is below limit 65536kB for oom_score_adj 12 Free memory is -13320kB above reserved lowmemorykiller: Killing 'syz-executor480' (2300) (tgid 2300), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3845) because cache 34720kB is below limit 65536kB for oom_score_adj 12 Free memory is -13320kB above reserved lowmemorykiller: Killing 'syz-executor480' (2303) (tgid 2303), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3845) because cache 34520kB is below limit 65536kB for oom_score_adj 12 Free memory is -13364kB above reserved lowmemorykiller: Killing 'syz-executor480' (2306) (tgid 2306), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3845) because cache 34420kB is below limit 65536kB for oom_score_adj 12 Free memory is -13356kB above reserved lowmemorykiller: Killing 'syz-executor480' (2309) (tgid 2309), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3845) because cache 34320kB is below limit 65536kB for oom_score_adj 12 Free memory is 1644kB above reserved lowmemorykiller: Killing 'syz-executor480' (2312) (tgid 2312), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3845) because cache 34420kB is below limit 65536kB for oom_score_adj 12 Free memory is 9044kB above reserved lowmemorykiller: Killing 'syz-executor480' (2318) (tgid 2318), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3845) because cache 34360kB is below limit 65536kB for oom_score_adj 12 Free memory is 16912kB above reserved lowmemorykiller: Killing 'syz-executor480' (3846) (tgid 3846), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3867) because cache 34324kB is below limit 65536kB for oom_score_adj 12 Free memory is -13328kB above reserved lowmemorykiller: Killing 'syz-executor480' (2321) (tgid 2321), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3867) because cache 34224kB is below limit 65536kB for oom_score_adj 12 Free memory is -13300kB above reserved lowmemorykiller: Killing 'syz-executor480' (2324) (tgid 2324), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3867) because cache 34124kB is below limit 65536kB for oom_score_adj 12 Free memory is 2376kB above reserved lowmemorykiller: Killing 'syz-executor480' (3868) (tgid 3868), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3877) because cache 34048kB is below limit 65536kB for oom_score_adj 12 Free memory is -13276kB above reserved lowmemorykiller: Killing 'syz-executor480' (2327) (tgid 2327), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3877) because cache 33848kB is below limit 65536kB for oom_score_adj 12 Free memory is -5476kB above reserved lowmemorykiller: Killing 'syz-executor480' (2333) (tgid 2333), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3883) because cache 33912kB is below limit 65536kB for oom_score_adj 12 Free memory is -13320kB above reserved lowmemorykiller: Killing 'syz-executor480' (2336) (tgid 2336), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3883) because cache 33812kB is below limit 65536kB for oom_score_adj 12 Free memory is -13392kB above reserved lowmemorykiller: Killing 'syz-executor480' (2339) (tgid 2339), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3883) because cache 33812kB is below limit 65536kB for oom_score_adj 12 Free memory is -12292kB above reserved lowmemorykiller: Killing 'syz-executor480' (2342) (tgid 2342), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3883) because cache 33612kB is below limit 65536kB for oom_score_adj 12 Free memory is -13284kB above reserved lowmemorykiller: Killing 'syz-executor480' (3884) (tgid 3884), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3896) because cache 33012kB is below limit 65536kB for oom_score_adj 12 Free memory is -13316kB above reserved lowmemorykiller: Killing 'syz-executor480' (2345) (tgid 2345), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3896) because cache 32912kB is below limit 65536kB for oom_score_adj 12 Free memory is -11416kB above reserved lowmemorykiller: Killing 'syz-executor480' (2348) (tgid 2348), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3896) because cache 32912kB is below limit 65536kB for oom_score_adj 12 Free memory is -2216kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 3896, name: syz-executor480 INFO: lockdep is turned off. Preemption disabled at: [<0000000081a94915>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000081a94915>] task_lock include/linux/sched.h:3208 [inline] [<0000000081a94915>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 3896 Comm: syz-executor480 Tainted: G W 4.9.174+ #3 ffff8801cae9f018 ffffffff81b4f9e1 0000000000000000 0000000000000001 ffff8801d0260000 ffffffff810ce3d0 ffff8801d0260000 ffff8801cae9f050 ffffffff813fc74c ffff8801d0260000 ffffffff82a38bc0 0000000000000387 Call Trace: [<00000000553f0fd9>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000553f0fd9>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a99f736b>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:7985 [<00000000bfb4c74e>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7942 [<000000005fbea0cd>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000aec74dda>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000b23fad8>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000b4a06976>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000b4a06976>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000bdefe8a4>] shrink_slab mm/vmscan.c:466 [inline] [<00000000bdefe8a4>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000e322c55f>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000e322c55f>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000e322c55f>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000dfe33164>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000dfe33164>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000dfe33164>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000dfe33164>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000006db2df9e>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000006db2df9e>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000006db2df9e>] alloc_pages_node include/linux/gfp.h:460 [inline] [<000000006db2df9e>] shmem_alloc_page mm/shmem.c:1437 [inline] [<000000006db2df9e>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<000000006db2df9e>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<000000002a4920e7>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002927baba>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<00000000003455f8>] do_read_fault mm/memory.c:3202 [inline] [<00000000003455f8>] do_fault mm/memory.c:3338 [inline] [<00000000003455f8>] handle_pte_fault mm/memory.c:3547 [inline] [<00000000003455f8>] __handle_mm_fault mm/memory.c:3634 [inline] [<00000000003455f8>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000993a39ca>] faultin_page mm/gup.c:386 [inline] [<00000000993a39ca>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000318d97db>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000021fac2b1>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000001c78859c>] mm_populate include/linux/mm.h:2043 [inline] [<000000001c78859c>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001cfbd454>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001cfbd454>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000e905427d>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000e905427d>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000b3e11328>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [<00000000e558849e>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor480' (3897) (tgid 3897), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3906) because cache 32884kB is below limit 65536kB for oom_score_adj 12 Free memory is -13360kB above reserved lowmemorykiller: Killing 'syz-executor480' (2351) (tgid 2351), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3906) because cache 32784kB is below limit 65536kB for oom_score_adj 12 Free memory is -13312kB above reserved lowmemorykiller: Killing 'syz-executor480' (2354) (tgid 2354), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3906) because cache 32684kB is below limit 65536kB for oom_score_adj 12 Free memory is -13312kB above reserved lowmemorykiller: Killing 'syz-executor480' (2357) (tgid 2357), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3915) because cache 32116kB is below limit 65536kB for oom_score_adj 12 Free memory is -13320kB above reserved lowmemorykiller: Killing 'syz-executor480' (2360) (tgid 2360), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3915) because cache 31816kB is below limit 65536kB for oom_score_adj 12 Free memory is -13356kB above reserved lowmemorykiller: Killing 'syz-executor480' (2363) (tgid 2363), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3915) because cache 31816kB is below limit 65536kB for oom_score_adj 12 Free memory is -13356kB above reserved lowmemorykiller: Killing 'syz-executor480' (2366) (tgid 2366), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3915) because cache 31816kB is below limit 65536kB for oom_score_adj 12 Free memory is -10456kB above reserved lowmemorykiller: Killing 'syz-executor480' (2369) (tgid 2369), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3915) because cache 31716kB is below limit 65536kB for oom_score_adj 12 Free memory is 7732kB above reserved lowmemorykiller: Killing 'syz-executor480' (2372) (tgid 2372), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3915) because cache 31816kB is below limit 65536kB for oom_score_adj 12 Free memory is 21028kB above reserved lowmemorykiller: Killing 'syz-executor480' (2375) (tgid 2375), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3915) because cache 31616kB is below limit 65536kB for oom_score_adj 12 Free memory is 21128kB above reserved lowmemorykiller: Killing 'syz-executor480' (3916) (tgid 3916), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3937) because cache 31612kB is below limit 65536kB for oom_score_adj 12 Free memory is -13416kB above reserved lowmemorykiller: Killing 'syz-executor480' (2378) (tgid 2378), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3937) because cache 31612kB is below limit 65536kB for oom_score_adj 12 Free memory is -13416kB above reserved lowmemorykiller: Killing 'syz-executor480' (2384) (tgid 2384), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3937) because cache 31512kB is below limit 65536kB for oom_score_adj 12 Free memory is -7740kB above reserved lowmemorykiller: Killing 'syz-executor480' (2387) (tgid 2387), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3946) because cache 31360kB is below limit 65536kB for oom_score_adj 12 Free memory is -13412kB above reserved lowmemorykiller: Killing 'syz-executor480' (2393) (tgid 2393), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3946) because cache 31160kB is below limit 65536kB for oom_score_adj 12 Free memory is -13324kB above reserved lowmemorykiller: Killing 'syz-executor480' (2396) (tgid 2396), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3946) because cache 31160kB is below limit 65536kB for oom_score_adj 12 Free memory is -13324kB above reserved lowmemorykiller: Killing 'syz-executor480' (2402) (tgid 2402), adj 1000, to free 12180kB on behalf of 'syz-executor480' (2080) because cache 30460kB is below limit 65536kB for oom_score_adj 12 Free memory is -10704kB above reserved lowmemorykiller: Killing 'syz-executor480' (2405) (tgid 2405), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3958) because cache 29096kB is below limit 65536kB for oom_score_adj 12 Free memory is -13348kB above reserved lowmemorykiller: Killing 'syz-executor480' (2408) (tgid 2408), adj 1000, to free 12180kB on behalf of 'syz-executor480' (2080) because cache 28884kB is below limit 65536kB for oom_score_adj 12 Free memory is -13016kB above reserved lowmemorykiller: Killing 'syz-executor480' (2411) (tgid 2411), adj 1000, to free 12180kB on behalf of 'syz-executor480' (2080) because cache 28884kB is below limit 65536kB for oom_score_adj 12 Free memory is -12316kB above reserved lowmemorykiller: Killing 'syz-executor480' (2414) (tgid 2414), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3967) because cache 28504kB is below limit 65536kB for oom_score_adj 12 Free memory is -13324kB above reserved lowmemorykiller: Killing 'syz-executor480' (2417) (tgid 2417), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3967) because cache 28504kB is below limit 65536kB for oom_score_adj 12 Free memory is -5324kB above reserved lowmemorykiller: Killing 'syz-executor480' (2423) (tgid 2423), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3967) because cache 28504kB is below limit 65536kB for oom_score_adj 12 Free memory is -524kB above reserved lowmemorykiller: Killing 'syz-executor480' (2432) (tgid 2432), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3967) because cache 28504kB is below limit 65536kB for oom_score_adj 12 Free memory is 10076kB above reserved lowmemorykiller: Killing 'syz-executor480' (2435) (tgid 2435), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3967) because cache 28504kB is below limit 65536kB for oom_score_adj 12 Free memory is 19252kB above reserved lowmemorykiller: Killing 'syz-executor480' (2438) (tgid 2438), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3967) because cache 28504kB is below limit 65536kB for oom_score_adj 12 Free memory is 25552kB above reserved lowmemorykiller: Killing 'syz-executor480' (2441) (tgid 2441), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3967) because cache 28504kB is below limit 65536kB for oom_score_adj 12 Free memory is 37452kB above reserved lowmemorykiller: Killing 'syz-executor480' (3968) (tgid 3968), adj 1000, to free 12188kB on behalf of 'syz-executor480' (3989) because cache 28304kB is below limit 65536kB for oom_score_adj 12 Free memory is -13412kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 3989, name: syz-executor480 INFO: lockdep is turned off. Preemption disabled at: [<0000000081a94915>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000081a94915>] task_lock include/linux/sched.h:3208 [inline] [<0000000081a94915>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 1 PID: 3989 Comm: syz-executor480 Tainted: G W 4.9.174+ #3 ffff8801cb8e7018 ffffffff81b4f9e1 0000000000000000 0000000000000001 ffff8801cf915f00 ffffffff810ce3d0 ffff8801cf915f00 ffff8801cb8e7050 ffffffff813fc74c ffff8801cf915f00 ffffffff82a38bc0 0000000000000387 Call Trace: [<00000000553f0fd9>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000553f0fd9>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a99f736b>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:7985 [<00000000bfb4c74e>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7942 [<000000005fbea0cd>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000aec74dda>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000b23fad8>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000b4a06976>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000b4a06976>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000bdefe8a4>] shrink_slab mm/vmscan.c:466 [inline] [<00000000bdefe8a4>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000e322c55f>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000e322c55f>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000e322c55f>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000dfe33164>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000dfe33164>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000dfe33164>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000dfe33164>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000006db2df9e>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000006db2df9e>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000006db2df9e>] alloc_pages_node include/linux/gfp.h:460 [inline] [<000000006db2df9e>] shmem_alloc_page mm/shmem.c:1437 [inline] [<000000006db2df9e>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<000000006db2df9e>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<000000002a4920e7>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002927baba>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<00000000003455f8>] do_read_fault mm/memory.c:3202 [inline] [<00000000003455f8>] do_fault mm/memory.c:3338 [inline] [<00000000003455f8>] handle_pte_fault mm/memory.c:3547 [inline] [<00000000003455f8>] __handle_mm_fault mm/memory.c:3634 [inline] [<00000000003455f8>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000993a39ca>] faultin_page mm/gup.c:386 [inline] [<00000000993a39ca>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000318d97db>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000021fac2b1>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000001c78859c>] mm_populate include/linux/mm.h:2043 [inline] [<000000001c78859c>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001cfbd454>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001cfbd454>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000e905427d>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000e905427d>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000b3e11328>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [<00000000e558849e>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor480' (2447) (tgid 2447), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3989) because cache 28104kB is below limit 65536kB for oom_score_adj 12 Free memory is -13240kB above reserved lowmemorykiller: Killing 'syz-executor480' (2450) (tgid 2450), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3989) because cache 28104kB is below limit 65536kB for oom_score_adj 12 Free memory is 4236kB above reserved lowmemorykiller: Killing 'syz-executor480' (2453) (tgid 2453), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3989) because cache 28104kB is below limit 65536kB for oom_score_adj 12 Free memory is 10436kB above reserved lowmemorykiller: Killing 'syz-executor480' (2456) (tgid 2456), adj 1000, to free 12180kB on behalf of 'syz-executor480' (3989) because cache 28104kB is below limit 65536kB for oom_score_adj 12 Free memory is 18128kB above reserved lowmemorykiller: Killing 'syz-executor480' (3990) (tgid 3990), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4005) because cache 27904kB is below limit 65536kB for oom_score_adj 12 Free memory is -13384kB above reserved lowmemorykiller: Killing 'syz-executor480' (2459) (tgid 2459), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4005) because cache 27904kB is below limit 65536kB for oom_score_adj 12 Free memory is -10484kB above reserved lowmemorykiller: Killing 'syz-executor480' (2462) (tgid 2462), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4005) because cache 27904kB is below limit 65536kB for oom_score_adj 12 Free memory is -2784kB above reserved lowmemorykiller: Killing 'syz-executor480' (2465) (tgid 2465), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4005) because cache 27704kB is below limit 65536kB for oom_score_adj 12 Free memory is -1108kB above reserved lowmemorykiller: Killing 'syz-executor480' (4006) (tgid 4006), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4018) because cache 27704kB is below limit 65536kB for oom_score_adj 12 Free memory is -13420kB above reserved lowmemorykiller: Killing 'syz-executor480' (2468) (tgid 2468), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4018) because cache 27704kB is below limit 65536kB for oom_score_adj 12 Free memory is -2444kB above reserved lowmemorykiller: Killing 'syz-executor480' (2471) (tgid 2471), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4024) because cache 27504kB is below limit 65536kB for oom_score_adj 12 Free memory is -13332kB above reserved lowmemorykiller: Killing 'syz-executor480' (2474) (tgid 2474), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4024) because cache 27504kB is below limit 65536kB for oom_score_adj 12 Free memory is -10032kB above reserved lowmemorykiller: Killing 'syz-executor480' (2480) (tgid 2480), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4024) because cache 27504kB is below limit 65536kB for oom_score_adj 12 Free memory is -2356kB above reserved lowmemorykiller: Killing 'syz-executor480' (2486) (tgid 2486), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4024) because cache 27504kB is below limit 65536kB for oom_score_adj 12 Free memory is 11144kB above reserved lowmemorykiller: Killing 'syz-executor480' (2492) (tgid 2492), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4024) because cache 27504kB is below limit 65536kB for oom_score_adj 12 Free memory is 12244kB above reserved lowmemorykiller: Killing 'syz-executor480' (4025) (tgid 4025), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4040) because cache 27308kB is below limit 65536kB for oom_score_adj 12 Free memory is -13376kB above reserved lowmemorykiller: Killing 'syz-executor480' (2498) (tgid 2498), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4040) because cache 27308kB is below limit 65536kB for oom_score_adj 12 Free memory is -11476kB above reserved lowmemorykiller: Killing 'syz-executor480' (2501) (tgid 2501), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4046) because cache 27112kB is below limit 65536kB for oom_score_adj 12 Free memory is -13348kB above reserved lowmemorykiller: Killing 'syz-executor480' (2504) (tgid 2504), adj 1000, to free 12180kB on behalf of 'syz-executor480' (2080) because cache 26912kB is below limit 65536kB for oom_score_adj 12 Free memory is -12752kB above reserved lowmemorykiller: Killing 'syz-executor480' (2507) (tgid 2507), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4055) because cache 22668kB is below limit 65536kB for oom_score_adj 12 Free memory is -13276kB above reserved lowmemorykiller: Killing 'syz-executor480' (2510) (tgid 2510), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4055) because cache 22468kB is below limit 65536kB for oom_score_adj 12 Free memory is -13324kB above reserved lowmemorykiller: Killing 'syz-executor480' (2513) (tgid 2513), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4061) because cache 22184kB is below limit 65536kB for oom_score_adj 12 Free memory is -13248kB above reserved lowmemorykiller: Killing 'syz-executor480' (2516) (tgid 2516), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4061) because cache 22084kB is below limit 65536kB for oom_score_adj 12 Free memory is -13264kB above reserved lowmemorykiller: Killing 'syz-executor480' (2522) (tgid 2522), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4061) because cache 21984kB is below limit 65536kB for oom_score_adj 12 Free memory is 4512kB above reserved lowmemorykiller: Killing 'syz-executor480' (2528) (tgid 2528), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4061) because cache 22084kB is below limit 65536kB for oom_score_adj 12 Free memory is 12012kB above reserved lowmemorykiller: Killing 'syz-executor480' (4062) (tgid 4062), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4074) because cache 21888kB is below limit 65536kB for oom_score_adj 12 Free memory is -13364kB above reserved lowmemorykiller: Killing 'syz-executor480' (2531) (tgid 2531), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4074) because cache 21888kB is below limit 65536kB for oom_score_adj 12 Free memory is -8936kB above reserved lowmemorykiller: Killing 'syz-executor480' (2534) (tgid 2534), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4074) because cache 21888kB is below limit 65536kB for oom_score_adj 12 Free memory is -4636kB above reserved lowmemorykiller: Killing 'syz-executor480' (2537) (tgid 2537), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4074) because cache 21888kB is below limit 65536kB for oom_score_adj 12 Free memory is 1964kB above reserved lowmemorykiller: Killing 'syz-executor480' (2543) (tgid 2543), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4074) because cache 21876kB is below limit 65536kB for oom_score_adj 12 Free memory is 11480kB above reserved lowmemorykiller: Killing 'syz-executor480' (2549) (tgid 2549), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4074) because cache 21876kB is below limit 65536kB for oom_score_adj 12 Free memory is 17880kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4074, name: syz-executor480 INFO: lockdep is turned off. Preemption disabled at: [<0000000081a94915>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000081a94915>] task_lock include/linux/sched.h:3208 [inline] [<0000000081a94915>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4074 Comm: syz-executor480 Tainted: G W 4.9.174+ #3 ffff8801ca807018 ffffffff81b4f9e1 0000000000000000 0000000000000001 ffff8801ccdfc740 ffffffff810ce3d0 ffff8801ccdfc740 ffff8801ca807050 ffffffff813fc74c ffff8801ccdfc740 ffffffff82a38bc0 0000000000000387 Call Trace: [<00000000553f0fd9>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000553f0fd9>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a99f736b>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:7985 [<00000000bfb4c74e>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7942 [<000000005fbea0cd>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000aec74dda>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000b23fad8>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000b4a06976>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000b4a06976>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000bdefe8a4>] shrink_slab mm/vmscan.c:466 [inline] [<00000000bdefe8a4>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000e322c55f>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000e322c55f>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000e322c55f>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000dfe33164>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000dfe33164>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000dfe33164>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000dfe33164>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000006db2df9e>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000006db2df9e>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000006db2df9e>] alloc_pages_node include/linux/gfp.h:460 [inline] [<000000006db2df9e>] shmem_alloc_page mm/shmem.c:1437 [inline] [<000000006db2df9e>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<000000006db2df9e>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<000000002a4920e7>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002927baba>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<00000000003455f8>] do_read_fault mm/memory.c:3202 [inline] [<00000000003455f8>] do_fault mm/memory.c:3338 [inline] [<00000000003455f8>] handle_pte_fault mm/memory.c:3547 [inline] [<00000000003455f8>] __handle_mm_fault mm/memory.c:3634 [inline] [<00000000003455f8>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000993a39ca>] faultin_page mm/gup.c:386 [inline] [<00000000993a39ca>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000318d97db>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000021fac2b1>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000001c78859c>] mm_populate include/linux/mm.h:2043 [inline] [<000000001c78859c>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001cfbd454>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001cfbd454>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000e905427d>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000e905427d>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000b3e11328>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [<00000000e558849e>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor480' (4075) (tgid 4075), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4099) because cache 21724kB is below limit 65536kB for oom_score_adj 12 Free memory is -13312kB above reserved lowmemorykiller: Killing 'syz-executor480' (2552) (tgid 2552), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4099) because cache 21724kB is below limit 65536kB for oom_score_adj 12 Free memory is -6312kB above reserved lowmemorykiller: Killing 'syz-executor480' (2555) (tgid 2555), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4099) because cache 21724kB is below limit 65536kB for oom_score_adj 12 Free memory is 1588kB above reserved lowmemorykiller: Killing 'syz-executor480' (2558) (tgid 2558), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4099) because cache 21724kB is below limit 65536kB for oom_score_adj 12 Free memory is 9688kB above reserved lowmemorykiller: Killing 'syz-executor480' (2561) (tgid 2561), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4099) because cache 21724kB is below limit 65536kB for oom_score_adj 12 Free memory is 14488kB above reserved lowmemorykiller: Killing 'syz-executor480' (4100) (tgid 4100), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4115) because cache 21568kB is below limit 65536kB for oom_score_adj 12 Free memory is -13388kB above reserved lowmemorykiller: Killing 'syz-executor480' (2564) (tgid 2564), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4115) because cache 21568kB is below limit 65536kB for oom_score_adj 12 Free memory is -6488kB above reserved lowmemorykiller: Killing 'syz-executor480' (2570) (tgid 2570), adj 1000, to free 12180kB on behalf of 'syz-executor480' (2080) because cache 21412kB is below limit 65536kB for oom_score_adj 12 Free memory is -9172kB above reserved lowmemorykiller: Killing 'syz-executor480' (2573) (tgid 2573), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4120) because cache 20612kB is below limit 65536kB for oom_score_adj 12 Free memory is -9104kB above reserved lowmemorykiller: Killing 'syz-executor480' (2576) (tgid 2576), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4127) because cache 20396kB is below limit 65536kB for oom_score_adj 12 Free memory is -13296kB above reserved lowmemorykiller: Killing 'syz-executor480' (2579) (tgid 2579), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4130) because cache 20256kB is below limit 65536kB for oom_score_adj 12 Free memory is -13356kB above reserved lowmemorykiller: Killing 'syz-executor480' (2582) (tgid 2582), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4130) because cache 20256kB is below limit 65536kB for oom_score_adj 12 Free memory is -4456kB above reserved lowmemorykiller: Killing 'syz-executor480' (2585) (tgid 2585), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4130) because cache 20256kB is below limit 65536kB for oom_score_adj 12 Free memory is 3220kB above reserved lowmemorykiller: Killing 'syz-executor480' (2588) (tgid 2588), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4130) because cache 20256kB is below limit 65536kB for oom_score_adj 12 Free memory is 10620kB above reserved lowmemorykiller: Killing 'syz-executor480' (2591) (tgid 2591), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4130) because cache 20256kB is below limit 65536kB for oom_score_adj 12 Free memory is 18920kB above reserved lowmemorykiller: Killing 'syz-executor480' (2600) (tgid 2600), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4130) because cache 20256kB is below limit 65536kB for oom_score_adj 12 Free memory is 27120kB above reserved lowmemorykiller: Killing 'syz-executor480' (2606) (tgid 2606), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4130) because cache 20256kB is below limit 65536kB for oom_score_adj 12 Free memory is 34620kB above reserved lowmemorykiller: Killing 'syz-executor480' (2609) (tgid 2609), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4130) because cache 20256kB is below limit 65536kB for oom_score_adj 12 Free memory is 42808kB above reserved lowmemorykiller: Killing 'syz-executor480' (2615) (tgid 2615), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4130) because cache 20256kB is below limit 65536kB for oom_score_adj 12 Free memory is 50792kB above reserved lowmemorykiller: Killing 'syz-executor480' (2621) (tgid 2621), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4130) because cache 20156kB is below limit 65536kB for oom_score_adj 12 Free memory is 58972kB above reserved lowmemorykiller: Killing 'syz-executor480' (4131) (tgid 4131), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4161) because cache 20116kB is below limit 65536kB for oom_score_adj 12 Free memory is -13348kB above reserved lowmemorykiller: Killing 'syz-executor480' (2627) (tgid 2627), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4161) because cache 20116kB is below limit 65536kB for oom_score_adj 12 Free memory is -10548kB above reserved lowmemorykiller: Killing 'syz-executor480' (2636) (tgid 2636), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4161) because cache 20116kB is below limit 65536kB for oom_score_adj 12 Free memory is -5348kB above reserved lowmemorykiller: Killing 'syz-executor480' (2639) (tgid 2639), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4161) because cache 20116kB is below limit 65536kB for oom_score_adj 12 Free memory is 2852kB above reserved lowmemorykiller: Killing 'syz-executor480' (2642) (tgid 2642), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4161) because cache 20116kB is below limit 65536kB for oom_score_adj 12 Free memory is 8336kB above reserved lowmemorykiller: Killing 'syz-executor480' (2645) (tgid 2645), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4161) because cache 20116kB is below limit 65536kB for oom_score_adj 12 Free memory is 18148kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4161, name: syz-executor480 INFO: lockdep is turned off. Preemption disabled at: [<0000000081a94915>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000081a94915>] task_lock include/linux/sched.h:3208 [inline] [<0000000081a94915>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4161 Comm: syz-executor480 Tainted: G W 4.9.174+ #3 ffff8801ca917018 ffffffff81b4f9e1 0000000000000000 0000000000000001 ffff8801ca89df00 ffffffff810ce3d0 ffff8801ca89df00 ffff8801ca917050 ffffffff813fc74c ffff8801ca89df00 ffffffff82a38bc0 0000000000000387 Call Trace: [<00000000553f0fd9>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000553f0fd9>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a99f736b>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:7985 [<00000000bfb4c74e>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7942 [<000000005fbea0cd>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000aec74dda>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000b23fad8>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000b4a06976>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000b4a06976>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000bdefe8a4>] shrink_slab mm/vmscan.c:466 [inline] [<00000000bdefe8a4>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000e322c55f>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000e322c55f>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000e322c55f>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000dfe33164>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000dfe33164>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000dfe33164>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000dfe33164>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000006db2df9e>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000006db2df9e>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000006db2df9e>] alloc_pages_node include/linux/gfp.h:460 [inline] [<000000006db2df9e>] shmem_alloc_page mm/shmem.c:1437 [inline] [<000000006db2df9e>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<000000006db2df9e>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<000000002a4920e7>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002927baba>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<00000000003455f8>] do_read_fault mm/memory.c:3202 [inline] [<00000000003455f8>] do_fault mm/memory.c:3338 [inline] [<00000000003455f8>] handle_pte_fault mm/memory.c:3547 [inline] [<00000000003455f8>] __handle_mm_fault mm/memory.c:3634 [inline] [<00000000003455f8>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000993a39ca>] faultin_page mm/gup.c:386 [inline] [<00000000993a39ca>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000318d97db>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000021fac2b1>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000001c78859c>] mm_populate include/linux/mm.h:2043 [inline] [<000000001c78859c>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001cfbd454>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001cfbd454>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000e905427d>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000e905427d>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000b3e11328>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [<00000000e558849e>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor480' (4162) (tgid 4162), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4180) because cache 19976kB is below limit 65536kB for oom_score_adj 12 Free memory is -13284kB above reserved lowmemorykiller: Killing 'syz-executor480' (2648) (tgid 2648), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4180) because cache 19876kB is below limit 65536kB for oom_score_adj 12 Free memory is -13352kB above reserved lowmemorykiller: Killing 'syz-executor480' (2654) (tgid 2654), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4180) because cache 19876kB is below limit 65536kB for oom_score_adj 12 Free memory is -52kB above reserved lowmemorykiller: Killing 'syz-executor480' (2660) (tgid 2660), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4180) because cache 19876kB is below limit 65536kB for oom_score_adj 12 Free memory is 10156kB above reserved lowmemorykiller: Killing 'syz-executor480' (2669) (tgid 2669), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4180) because cache 19776kB is below limit 65536kB for oom_score_adj 12 Free memory is 13956kB above reserved lowmemorykiller: Killing 'syz-executor480' (2672) (tgid 2672), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4180) because cache 19776kB is below limit 65536kB for oom_score_adj 12 Free memory is 18056kB above reserved lowmemorykiller: Killing 'syz-executor480' (2681) (tgid 2681), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4180) because cache 19876kB is below limit 65536kB for oom_score_adj 12 Free memory is 23656kB above reserved lowmemorykiller: Killing 'syz-executor480' (2684) (tgid 2684), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4180) because cache 19876kB is below limit 65536kB for oom_score_adj 12 Free memory is 34156kB above reserved lowmemorykiller: Killing 'syz-executor480' (2693) (tgid 2693), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4180) because cache 19876kB is below limit 65536kB for oom_score_adj 12 Free memory is 51432kB above reserved lowmemorykiller: Killing 'syz-executor480' (2696) (tgid 2696), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4180) because cache 19776kB is below limit 65536kB for oom_score_adj 12 Free memory is 55032kB above reserved lowmemorykiller: Killing 'syz-executor480' (2699) (tgid 2699), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4180) because cache 19876kB is below limit 65536kB for oom_score_adj 12 Free memory is 62932kB above reserved lowmemorykiller: Killing 'syz-executor480' (4181) (tgid 4181), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4214) because cache 19696kB is below limit 65536kB for oom_score_adj 12 Free memory is -13372kB above reserved lowmemorykiller: Killing 'syz-executor480' (2702) (tgid 2702), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4214) because cache 19596kB is below limit 65536kB for oom_score_adj 12 Free memory is -13304kB above reserved lowmemorykiller: Killing 'syz-executor480' (2705) (tgid 2705), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4214) because cache 19596kB is below limit 65536kB for oom_score_adj 12 Free memory is -5728kB above reserved lowmemorykiller: Killing 'syz-executor480' (2720) (tgid 2720), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4214) because cache 19596kB is below limit 65536kB for oom_score_adj 12 Free memory is -4328kB above reserved lowmemorykiller: Killing 'syz-executor480' (2723) (tgid 2723), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4214) because cache 19596kB is below limit 65536kB for oom_score_adj 12 Free memory is 9656kB above reserved lowmemorykiller: Killing 'syz-executor480' (2726) (tgid 2726), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4214) because cache 19596kB is below limit 65536kB for oom_score_adj 12 Free memory is 24856kB above reserved lowmemorykiller: Killing 'syz-executor480' (2729) (tgid 2729), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4214) because cache 19496kB is below limit 65536kB for oom_score_adj 12 Free memory is 29356kB above reserved lowmemorykiller: Killing 'syz-executor480' (4215) (tgid 4215), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4236) because cache 19420kB is below limit 65536kB for oom_score_adj 12 Free memory is -13376kB above reserved lowmemorykiller: Killing 'syz-executor480' (2732) (tgid 2732), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4236) because cache 19420kB is below limit 65536kB for oom_score_adj 12 Free memory is -8176kB above reserved lowmemorykiller: Killing 'syz-executor480' (4237) (tgid 4237), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4243) because cache 19280kB is below limit 65536kB for oom_score_adj 12 Free memory is -13424kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4243, name: syz-executor480 INFO: lockdep is turned off. Preemption disabled at: [<0000000081a94915>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000081a94915>] task_lock include/linux/sched.h:3208 [inline] [<0000000081a94915>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4243 Comm: syz-executor480 Tainted: G W 4.9.174+ #3 ffff88015e717018 ffffffff81b4f9e1 0000000000000000 0000000000000001 ffff88015e6b17c0 ffffffff810ce3d0 ffff88015e6b17c0 ffff88015e717050 ffffffff813fc74c ffff88015e6b17c0 ffffffff82a38bc0 0000000000000387 Call Trace: [<00000000553f0fd9>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000553f0fd9>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a99f736b>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:7985 [<00000000bfb4c74e>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7942 [<000000005fbea0cd>] mmput+0x28/0x370 kernel/fork.c:903 [<00000000aec74dda>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<000000000b23fad8>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000b4a06976>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000b4a06976>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000bdefe8a4>] shrink_slab mm/vmscan.c:466 [inline] [<00000000bdefe8a4>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000e322c55f>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000e322c55f>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000e322c55f>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000dfe33164>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000dfe33164>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000dfe33164>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000dfe33164>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000006db2df9e>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000006db2df9e>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000006db2df9e>] alloc_pages_node include/linux/gfp.h:460 [inline] [<000000006db2df9e>] shmem_alloc_page mm/shmem.c:1437 [inline] [<000000006db2df9e>] shmem_alloc_and_acct_page mm/shmem.c:1462 [inline] [<000000006db2df9e>] shmem_getpage_gfp+0x3f3/0x1b00 mm/shmem.c:1734 [<000000002a4920e7>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966 [<000000002927baba>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855 [<00000000003455f8>] do_read_fault mm/memory.c:3202 [inline] [<00000000003455f8>] do_fault mm/memory.c:3338 [inline] [<00000000003455f8>] handle_pte_fault mm/memory.c:3547 [inline] [<00000000003455f8>] __handle_mm_fault mm/memory.c:3634 [inline] [<00000000003455f8>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671 [<00000000993a39ca>] faultin_page mm/gup.c:386 [inline] [<00000000993a39ca>] __get_user_pages+0x3c7/0x1060 mm/gup.c:588 [<00000000318d97db>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [<0000000021fac2b1>] __mm_populate+0x1b9/0x300 mm/gup.c:1154 [<000000001c78859c>] mm_populate include/linux/mm.h:2043 [inline] [<000000001c78859c>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333 [<000000001cfbd454>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [<000000001cfbd454>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513 [<00000000e905427d>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [<00000000e905427d>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [<00000000b3e11328>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [<00000000e558849e>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor480' (2735) (tgid 2735), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4243) because cache 19280kB is below limit 65536kB for oom_score_adj 12 Free memory is -13424kB above reserved lowmemorykiller: Killing 'syz-executor480' (2738) (tgid 2738), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4243) because cache 19280kB is below limit 65536kB for oom_score_adj 12 Free memory is -11060kB above reserved lowmemorykiller: Killing 'syz-executor480' (2741) (tgid 2741), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4243) because cache 19180kB is below limit 65536kB for oom_score_adj 12 Free memory is 7116kB above reserved lowmemorykiller: Killing 'syz-executor480' (2750) (tgid 2750), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4243) because cache 19180kB is below limit 65536kB for oom_score_adj 12 Free memory is 14904kB above reserved lowmemorykiller: Killing 'syz-executor480' (2753) (tgid 2753), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4243) because cache 19180kB is below limit 65536kB for oom_score_adj 12 Free memory is 22804kB above reserved lowmemorykiller: Killing 'syz-executor480' (2756) (tgid 2756), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4243) because cache 19080kB is below limit 65536kB for oom_score_adj 12 Free memory is 32104kB above reserved lowmemorykiller: Killing 'syz-executor480' (2759) (tgid 2759), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4243) because cache 19180kB is below limit 65536kB for oom_score_adj 12 Free memory is 38304kB above reserved lowmemorykiller: Killing 'syz-executor480' (4244) (tgid 4244), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4267) because cache 19144kB is below limit 65536kB for oom_score_adj 12 Free memory is -9396kB above reserved lowmemorykiller: Killing 'syz-executor480' (2762) (tgid 2762), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4268) because cache 18344kB is below limit 65536kB for oom_score_adj 12 Free memory is -13320kB above reserved lowmemorykiller: Killing 'syz-executor480' (2765) (tgid 2765), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4274) because cache 18140kB is below limit 65536kB for oom_score_adj 12 Free memory is -13324kB above reserved lowmemorykiller: Killing 'syz-executor480' (2768) (tgid 2768), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4274) because cache 17940kB is below limit 65536kB for oom_score_adj 12 Free memory is -13316kB above reserved lowmemorykiller: Killing 'syz-executor480' (2771) (tgid 2771), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4274) because cache 18040kB is below limit 65536kB for oom_score_adj 12 Free memory is -2148kB above reserved lowmemorykiller: Killing 'syz-executor480' (2774) (tgid 2774), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4274) because cache 18040kB is below limit 65536kB for oom_score_adj 12 Free memory is 9148kB above reserved lowmemorykiller: Killing 'syz-executor480' (2777) (tgid 2777), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4274) because cache 17940kB is below limit 65536kB for oom_score_adj 12 Free memory is 16948kB above reserved lowmemorykiller: Killing 'syz-executor480' (4275) (tgid 4275), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4290) because cache 17884kB is below limit 65536kB for oom_score_adj 12 Free memory is -13280kB above reserved lowmemorykiller: Killing 'syz-executor480' (2783) (tgid 2783), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4290) because cache 17884kB is below limit 65536kB for oom_score_adj 12 Free memory is -12080kB above reserved lowmemorykiller: Killing 'syz-executor480' (2786) (tgid 2786), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4296) because cache 17756kB is below limit 65536kB for oom_score_adj 12 Free memory is -13328kB above reserved lowmemorykiller: Killing 'syz-executor480' (2789) (tgid 2789), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4296) because cache 17656kB is below limit 65536kB for oom_score_adj 12 Free memory is -13376kB above reserved lowmemorykiller: Killing 'syz-executor480' (2792) (tgid 2792), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4296) because cache 17656kB is below limit 65536kB for oom_score_adj 12 Free memory is -13376kB above reserved lowmemorykiller: Killing 'syz-executor480' (2795) (tgid 2795), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4296) because cache 17656kB is below limit 65536kB for oom_score_adj 12 Free memory is -5376kB above reserved lowmemorykiller: Killing 'syz-executor480' (2798) (tgid 2798), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4296) because cache 17556kB is below limit 65536kB for oom_score_adj 12 Free memory is 5020kB above reserved lowmemorykiller: Killing 'syz-executor480' (2804) (tgid 2804), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4296) because cache 17656kB is below limit 65536kB for oom_score_adj 12 Free memory is 21220kB above reserved lowmemorykiller: Killing 'syz-executor480' (2807) (tgid 2807), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4296) because cache 17656kB is below limit 65536kB for oom_score_adj 12 Free memory is 21320kB above reserved lowmemorykiller: Killing 'syz-executor480' (2810) (tgid 2810), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4296) because cache 17656kB is below limit 65536kB for oom_score_adj 12 Free memory is 37420kB above reserved lowmemorykiller: Killing 'syz-executor480' (2813) (tgid 2813), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4296) because cache 17656kB is below limit 65536kB for oom_score_adj 12 Free memory is 37920kB above reserved lowmemorykiller: Killing 'syz-executor480' (2825) (tgid 2825), adj 1000, to free 12180kB on behalf of 'syz-executor480' (4296) because cache 17556kB is below limit 65536kB for oom_score_adj 12 Free memory is 51872kB above reserved lowmemorykiller: Killing 'syz-executor480' (4297) (tgid 4297), adj 1000, to free 12188kB on behalf of 'syz-executor480' (4327) because cache 17500kB is below limit 65536kB for oom_score_adj 12 Free memory is -13384kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:903 in_atomic(): 0, irqs_disabled(): 0, pid: 4327, name: syz-executor480 INFO: lockdep is turned off. Preemption disabled at: [<0000000081a94915>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000081a94915>] task_lock include/linux/sched.h:3208 [inline] [<0000000081a94915>] get_task_mm+0x20/0xc0 kernel/fork.c:1010 CPU: 0 PID: 4327 Comm: syz-executor480 Tainted: G W 4.9.174+ #3 ffff88011e427018 ffffffff81b4f9e1 0000000000000000 0000000000000001 ffff88011e460000 ffffffff810ce3d0 ffff88011e460000 ffff88011e427050 ffffffff813fc74c ffff88011e460000 ffffffff82a38bc0 0000000000000387 Call Trace: [<00000000553f0fd9>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000553f0fd9>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a99f736b>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:7985 [<00000000bfb4c74e>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7942