binder: 1534:1580 got transaction to invalid handle
binder: 1534:1580 transaction failed 29201/-22, size 0-0 line 3014
=================================
[ INFO: inconsistent lock state ]
4.4.174+ #17 Not tainted
---------------------------------
inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage.
kswapd0/28 [HC0[0]:SC0[0]:HE1:SE1] takes:
 (&sb->s_type->i_mutex_key#10){+.+.?.}, at: [<ffffffff8140493b>] shmem_fallocate+0x13b/0x9c0 mm/shmem.c:2078
{RECLAIM_FS-ON-W} state was registered at:
  [<ffffffff811fefb1>] mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2536
  [<ffffffff8120778c>] __lockdep_trace_alloc kernel/locking/lockdep.c:2758 [inline]
  [<ffffffff8120778c>] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2773
  [<ffffffff813d023a>] __alloc_pages_nodemask+0x13a/0x14b0 mm/page_alloc.c:3266
  [<ffffffff81402013>] __alloc_pages include/linux/gfp.h:415 [inline]
  [<ffffffff81402013>] __alloc_pages_node include/linux/gfp.h:428 [inline]
  [<ffffffff81402013>] alloc_pages_node include/linux/gfp.h:442 [inline]
  [<ffffffff81402013>] shmem_alloc_page mm/shmem.c:953 [inline]
  [<ffffffff81402013>] shmem_getpage_gfp+0x6a3/0x1120 mm/shmem.c:1191
  [<ffffffff81402b7b>] shmem_getpage mm/shmem.c:130 [inline]
  [<ffffffff81402b7b>] shmem_write_begin+0xeb/0x190 mm/shmem.c:1509
  [<ffffffff813b9491>] generic_perform_write+0x281/0x540 mm/filemap.c:2591
  [<ffffffff813bd0b0>] __generic_file_write_iter+0x350/0x540 mm/filemap.c:2716
  [<ffffffff813bd64a>] generic_file_write_iter+0x3aa/0x740 mm/filemap.c:2744
  [<ffffffff81496ae8>] new_sync_write fs/read_write.c:480 [inline]
  [<ffffffff81496ae8>] __vfs_write+0x2e8/0x3d0 fs/read_write.c:493
  [<ffffffff81498612>] vfs_write+0x182/0x4e0 fs/read_write.c:540
  [<ffffffff8149ac4c>] SYSC_write fs/read_write.c:587 [inline]
  [<ffffffff8149ac4c>] SyS_write+0xdc/0x1c0 fs/read_write.c:579
  [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
irq event stamp: 373549
hardirqs last  enabled at (373549): [<ffffffff8270be5d>] __mutex_trylock_slowpath kernel/locking/mutex.c:885 [inline]
hardirqs last  enabled at (373549): [<ffffffff8270be5d>] mutex_trylock+0x28d/0x500 kernel/locking/mutex.c:908
hardirqs last disabled at (373548): [<ffffffff8270bc7f>] __mutex_trylock_slowpath kernel/locking/mutex.c:873 [inline]
hardirqs last disabled at (373548): [<ffffffff8270bc7f>] mutex_trylock+0xaf/0x500 kernel/locking/mutex.c:908
softirqs last  enabled at (373522): [<ffffffff8271bdca>] __do_softirq+0x4da/0xa3f kernel/softirq.c:299
softirqs last disabled at (373517): [<ffffffff810e1a8a>] invoke_softirq kernel/softirq.c:350 [inline]
softirqs last disabled at (373517): [<ffffffff810e1a8a>] irq_exit+0x10a/0x150 kernel/softirq.c:391

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&sb->s_type->i_mutex_key#10);
  <Interrupt>
    lock(&sb->s_type->i_mutex_key#10);

 *** DEADLOCK ***

2 locks held by kswapd0/28:
 #0:  (shrinker_rwsem){++++..}, at: [<ffffffff813ee592>] shrink_slab.part.0+0xb2/0xb30 mm/vmscan.c:431
 #1:  (ashmem_mutex){+.+.+.}, at: [<ffffffff8211b346>] ashmem_shrink_scan+0x56/0x4c0 drivers/staging/android/ashmem.c:442

stack backtrace:
CPU: 0 PID: 28 Comm: kswapd0 Not tainted 4.4.174+ #17
 0000000000000000 bb982ad556fcd638 ffff8800bba4f290 ffffffff81aad1a1
 00000000000000f0 ffff8800001f5f00 ffffffff83abfb30 ffffffff84057a80
 ffff8800001f6838 ffff8800bba4f308 ffffffff813ad456 0000000000000000
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813ad456>] print_usage_bug.cold+0x454/0x592 kernel/locking/lockdep.c:2267
 [<ffffffff811fe1bd>] valid_state kernel/locking/lockdep.c:2280 [inline]
 [<ffffffff811fe1bd>] mark_lock_irq kernel/locking/lockdep.c:2478 [inline]
 [<ffffffff811fe1bd>] mark_lock+0x6fd/0x1440 kernel/locking/lockdep.c:2933
 [<ffffffff811fffd7>] mark_irqflags kernel/locking/lockdep.c:2834 [inline]
 [<ffffffff811fffd7>] __lock_acquire+0xa27/0x4f50 kernel/locking/lockdep.c:3169
 [<ffffffff81205f6e>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
 [<ffffffff8270c191>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
 [<ffffffff8270c191>] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621
 [<ffffffff8140493b>] shmem_fallocate+0x13b/0x9c0 mm/shmem.c:2078
 [<ffffffff8211b4b3>] ashmem_shrink_scan drivers/staging/android/ashmem.c:449 [inline]
 [<ffffffff8211b4b3>] ashmem_shrink_scan+0x1c3/0x4c0 drivers/staging/android/ashmem.c:433
 [<ffffffff813ee8e2>] do_shrink_slab mm/vmscan.c:357 [inline]
 [<ffffffff813ee8e2>] shrink_slab.part.0+0x402/0xb30 mm/vmscan.c:455
 [<ffffffff813f742c>] shrink_slab mm/vmscan.c:425 [inline]
 [<ffffffff813f742c>] shrink_zone+0x4bc/0x610 mm/vmscan.c:2448
 [<ffffffff813f928f>] kswapd_shrink_zone mm/vmscan.c:3123 [inline]
 [<ffffffff813f928f>] balance_pgdat mm/vmscan.c:3298 [inline]
 [<ffffffff813f928f>] kswapd+0xaaf/0x1c60 mm/vmscan.c:3506
 [<ffffffff811342c3>] kthread+0x273/0x310 kernel/kthread.c:211
 [<ffffffff82718fc5>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:537
audit_printk_skb: 48 callbacks suppressed
audit: type=1400 audit(1568081215.700:6710): avc:  denied  { create } for  pid=1611 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1568081215.820:6711): avc:  denied  { write } for  pid=1611 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1568081215.820:6712): avc:  denied  { create } for  pid=1654 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1568081215.820:6713): avc:  denied  { create } for  pid=1654 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1568081215.830:6714): avc:  denied  { setopt } for  pid=1654 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1568081215.830:6715): avc:  denied  { write } for  pid=1654 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1568081215.840:6716): avc:  denied  { read } for  pid=1654 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1568081215.840:6717): avc:  denied  { write } for  pid=1654 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1568081216.000:6718): avc:  denied  { read } for  pid=1611 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1568081216.030:6719): avc:  denied  { create } for  pid=1654 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
lowmemorykiller: Killing 'syz-executor.1' (1651) (tgid 1651), adj 1000,
   to free 52164kB on behalf of 'kswapd0' (28) because
   cache 63308kB is below limit 65536kB for oom_score_adj 12
   Free memory is 6536kB above reserved
lowmemorykiller: Killing 'syz-executor.0' (1690) (tgid 1690), adj 1000,
   to free 52156kB on behalf of 'kswapd0' (28) because
   cache 63308kB is below limit 65536kB for oom_score_adj 12
   Free memory is 22156kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (1695) (tgid 1695), adj 1000,
   to free 52148kB on behalf of 'kswapd0' (28) because
   cache 63308kB is below limit 65536kB for oom_score_adj 12
   Free memory is 38632kB above reserved
lowmemorykiller: Killing 'syz-executor.5' (25624) (tgid 25624), adj 1000,
   to free 52144kB on behalf of 'kswapd0' (28) because
   cache 63308kB is below limit 65536kB for oom_score_adj 12
   Free memory is 54916kB above reserved
lowmemorykiller: Killing 'syz-executor.1' (1726) (tgid 1726), adj 1000,
   to free 52160kB on behalf of 'kswapd0' (28) because
   cache 63368kB is below limit 65536kB for oom_score_adj 12
   Free memory is 1164kB above reserved
lowmemorykiller: Killing 'syz-executor.5' (25650) (tgid 25650), adj 1000,
   to free 52144kB on behalf of 'kswapd0' (28) because
   cache 63368kB is below limit 65536kB for oom_score_adj 12
   Free memory is 10776kB above reserved
lowmemorykiller: Killing 'syz-executor.0' (1776) (tgid 1776), adj 1000,
   to free 52160kB on behalf of 'kswapd0' (28) because
   cache 63252kB is below limit 65536kB for oom_score_adj 12
   Free memory is 1256kB above reserved
lowmemorykiller: Killing 'syz-executor.5' (25704) (tgid 25704), adj 1000,
   to free 52144kB on behalf of 'kswapd0' (28) because
   cache 63192kB is below limit 65536kB for oom_score_adj 12
   Free memory is 1384kB above reserved
lowmemorykiller: Killing 'syz-executor.5' (25721) (tgid 25721), adj 1000,
   to free 52144kB on behalf of 'kswapd0' (28) because
   cache 63068kB is below limit 65536kB for oom_score_adj 12
   Free memory is 1356kB above reserved
lowmemorykiller: Killing 'syz-executor.5' (25747) (tgid 25747), adj 1000,
   to free 52144kB on behalf of 'kswapd0' (28) because
   cache 63068kB is below limit 65536kB for oom_score_adj 12
   Free memory is 11756kB above reserved
lowmemorykiller: Killing 'syz-executor.5' (25969) (tgid 25969), adj 1000,
   to free 52144kB on behalf of 'kswapd0' (28) because
   cache 62952kB is below limit 65536kB for oom_score_adj 12
   Free memory is 1444kB above reserved