lowmemorykiller: Killing 'syz-executor.1' (12808) (tgid 12808), adj 1000, to free 53168kB on behalf of 'syz-executor.0' (13181) because cache 61964kB is below limit 65536kB for oom_score_adj 12 Free memory is -224kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:905 in_atomic(): 0, irqs_disabled(): 0, pid: 13181, name: syz-executor.0 3 locks held by syz-executor.0/13181: #0: (&mm->mmap_sem){++++++}, at: [<000000009d5a56bb>] __mm_populate+0x20c/0x300 mm/gup.c:1143 #1: (shrinker_rwsem){++++..}, at: [<00000000462d3b81>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 #2: (rcu_read_lock){......}, at: [<000000009ea7e4ad>] lowmem_scan+0x242/0xb50 drivers/staging/android/lowmemorykiller.c:272 Preemption disabled at: [<0000000068385732>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000068385732>] task_lock include/linux/sched.h:3217 [inline] [<0000000068385732>] get_task_mm+0x20/0xc0 kernel/fork.c:1012 CPU: 0 PID: 13181 Comm: syz-executor.0 Not tainted 4.9.189+ #22 ffff88000f217440 ffffffff81b65c01 0000000000000000 0000000000000001 ffff8801a3678000 ffffffff810d1010 ffff8801a3678000 ffff88000f217478 ffffffff814018f3 ffff8801a3678000 ffffffff82a39fc0 0000000000000389 Call Trace: [<00000000d41af653>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000d41af653>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<0000000042d676e3>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<00000000622af0d6>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<00000000b1ccf434>] mmput+0x28/0x370 kernel/fork.c:905 [<0000000022b23480>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000d2226f91>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000404c469a>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000404c469a>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000a5e4265a>] shrink_slab mm/vmscan.c:466 [inline] [<00000000a5e4265a>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000037ed5551>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000037ed5551>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000037ed5551>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000e6fba721>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000e6fba721>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000e6fba721>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000e6fba721>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000e28eea88>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000e28eea88>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000e28eea88>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000e28eea88>] alloc_zeroed_user_highpage_movable include/linux/highmem.h:183 [inline] [<00000000e28eea88>] do_anonymous_page mm/memory.c:2761 [inline] [<00000000e28eea88>] handle_pte_fault mm/memory.c:3545 [inline] [<00000000e28eea88>] __handle_mm_fault mm/memory.c:3634 [inline] [<00000000e28eea88>] handle_mm_fault+0x12e1/0x2420 mm/memory.c:3671 [<00000000126e2afa>] faultin_page mm/gup.c:395 [inline] [<00000000126e2afa>] __get_user_pages+0x3c7/0x10b0 mm/gup.c:597 [<000000001dfb66b4>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1115 [<00000000a37eb6ff>] __mm_populate+0x1b9/0x300 mm/gup.c:1163 [<000000003aab9e94>] mm_populate include/linux/mm.h:2080 [inline] [<000000003aab9e94>] SYSC_mlockall mm/mlock.c:817 [inline] [<000000003aab9e94>] SyS_mlockall+0x405/0x530 mm/mlock.c:791 [<00000000afec45e1>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000f022195b>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb ================================= [ INFO: inconsistent lock state ] 4.9.189+ #22 Tainted: G W --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-R} usage. syz-executor.0/13181 [HC0[0]:SC0[0]:HE1:SE1] takes: (&mm->mmap_sem){+++++?}, at: [<000000004cbc3da8>] get_cmdline+0xa3/0x2d0 mm/util.c:641 mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897 __alloc_pages_nodemask+0x143/0x1a80 mm/page_alloc.c:3803 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_pages_node include/linux/gfp.h:460 [inline] pmd_alloc_one arch/x86/include/asm/pgalloc.h:88 [inline] __pmd_alloc+0x4a/0x330 mm/memory.c:3742 pmd_alloc include/linux/mm.h:1625 [inline] alloc_new_pmd mm/mremap.c:64 [inline] move_page_tables+0xadb/0xd60 mm/mremap.c:212 shift_arg_pages+0x1ae/0x470 fs/exec.c:642 setup_arg_pages+0x60d/0x7c0 fs/exec.c:754 load_elf_binary+0xa84/0x4a90 fs/binfmt_elf.c:860 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 irq event stamp: 28353 hardirqs last enabled at (28353): [<00000000c6c9677d>] restore_regs_and_iret+0x0/0x1d hardirqs last disabled at (28352): [<0000000011fed964>] apic_timer_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:653 softirqs last enabled at (24992): [<0000000008882117>] __do_softirq+0x474/0x964 kernel/softirq.c:314 softirqs last disabled at (24969): [<00000000da8c0fda>] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (24969): [<00000000da8c0fda>] irq_exit+0x119/0x160 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&mm->mmap_sem); lock(&mm->mmap_sem); *** DEADLOCK *** 4 locks held by syz-executor.0/13181: #0: (&mm->mmap_sem){+++++?}, at: [<000000009d5a56bb>] __mm_populate+0x20c/0x300 mm/gup.c:1143 #1: (shrinker_rwsem){++++..}, at: [<00000000462d3b81>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 #2: (rcu_read_lock){......}, at: [<000000009ea7e4ad>] lowmem_scan+0x242/0xb50 drivers/staging/android/lowmemorykiller.c:272 #3: (lmk_event_lock){+.+.-.}, at: [<00000000df06bfe6>] spin_lock include/linux/spinlock.h:302 [inline] #3: (lmk_event_lock){+.+.-.}, at: [<00000000df06bfe6>] handle_lmk_event+0xfb/0x8a0 drivers/staging/android/lowmemorykiller.c:114 stack backtrace: CPU: 0 PID: 13181 Comm: syz-executor.0 Tainted: G W 4.9.189+ #22 ffff88000f217180 ffffffff81b65c01 00000000000000f0 ffff8801a3678000 ffffffff83cafb00 ffff8801a3678970 ffffffff84250fc0 ffff88000f2171f8 ffffffff81408330 0000000000000000 ffffffff00000001 0000000000000001 Call Trace: [<00000000d41af653>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000d41af653>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000a5113a15>] print_usage_bug kernel/locking/lockdep.c:2387 [inline] [<00000000a5113a15>] print_usage_bug.cold+0x452/0x5a2 kernel/locking/lockdep.c:2354 [<000000002852ce07>] valid_state kernel/locking/lockdep.c:2400 [inline] [<000000002852ce07>] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [<000000002852ce07>] mark_lock+0x6c7/0x12e0 kernel/locking/lockdep.c:3065 [<00000000c750db5a>] mark_irqflags kernel/locking/lockdep.c:2958 [inline] [<00000000c750db5a>] __lock_acquire+0x5be/0x4390 kernel/locking/lockdep.c:3302 [<000000006558b67f>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<000000007b261741>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<000000004cbc3da8>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<0000000087ef9759>] handle_lmk_event+0x13c/0x8a0 drivers/staging/android/lowmemorykiller.c:128 [<00000000d2226f91>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000404c469a>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000404c469a>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000a5e4265a>] shrink_slab mm/vmscan.c:466 [inline] [<00000000a5e4265a>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000037ed5551>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000037ed5551>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000037ed5551>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000e6fba721>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000e6fba721>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000e6fba721>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000e6fba721>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000e28eea88>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000e28eea88>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000e28eea88>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000e28eea88>] alloc_zeroed_user_highpage_movable include/linux/highmem.h:183 [inline] [<00000000e28eea88>] do_anonymous_page mm/memory.c:2761 [inline] [<00000000e28eea88>] handle_pte_fault mm/memory.c:3545 [inline] [<00000000e28eea88>] __handle_mm_fault mm/memory.c:3634 [inline] [<00000000e28eea88>] handle_mm_fault+0x12e1/0x2420 mm/memory.c:3671 [<00000000126e2afa>] faultin_page mm/gup.c:395 [inline] [<00000000126e2afa>] __get_user_pages+0x3c7/0x10b0 mm/gup.c:597 [<000000001dfb66b4>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1115 [<00000000a37eb6ff>] __mm_populate+0x1b9/0x300 mm/gup.c:1163 [<000000003aab9e94>] mm_populate include/linux/mm.h:2080 [inline] [<000000003aab9e94>] SYSC_mlockall mm/mlock.c:817 [inline] [<000000003aab9e94>] SyS_mlockall+0x405/0x530 mm/mlock.c:791 [<00000000afec45e1>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000f022195b>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor.1' (10331) (tgid 10331), adj 1000, to free 53048kB on behalf of 'syz-executor.0' (13181) because cache 59364kB is below limit 65536kB for oom_score_adj 12 Free memory is 4036kB above reserved lowmemorykiller: Killing 'syz-executor.1' (10401) (tgid 10401), adj 1000, to free 53048kB on behalf of 'syz-executor.0' (13181) because cache 58964kB is below limit 65536kB for oom_score_adj 12 Free memory is 8036kB above reserved audit_printk_skb: 27 callbacks suppressed audit: type=1400 audit(2000001815.566:3398): avc: denied { create } for pid=13179 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001815.566:3399): avc: denied { write } for pid=13179 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001815.616:3400): avc: denied { create } for pid=13204 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001815.616:3401): avc: denied { write } for pid=13204 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001815.646:3402): avc: denied { read } for pid=13179 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001815.716:3403): avc: denied { read } for pid=13204 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001816.316:3404): avc: denied { create } for pid=13218 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001816.316:3405): avc: denied { write } for pid=13218 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001816.436:3406): avc: denied { read } for pid=13218 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001816.596:3407): avc: denied { create } for pid=13203 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 lowmemorykiller: Killing 'syz-executor.4' (10465) (tgid 10465), adj 1000, to free 53048kB on behalf of 'syz-executor.1' (13244) because cache 65056kB is below limit 65536kB for oom_score_adj 12 Free memory is -13296kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:905 in_atomic(): 0, irqs_disabled(): 0, pid: 13244, name: syz-executor.1 INFO: lockdep is turned off. Preemption disabled at: [<0000000068385732>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000068385732>] task_lock include/linux/sched.h:3217 [inline] [<0000000068385732>] get_task_mm+0x20/0xc0 kernel/fork.c:1012 CPU: 1 PID: 13244 Comm: syz-executor.1 Tainted: G W 4.9.189+ #22 ffff88012fee7440 ffffffff81b65c01 0000000000000000 0000000000000001 ffff88012ff72f80 ffffffff810d1010 ffff88012ff72f80 ffff88012fee7478 ffffffff814018f3 ffff88012ff72f80 ffffffff82a39fc0 0000000000000389 Call Trace: [<00000000d41af653>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000d41af653>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<0000000042d676e3>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<00000000622af0d6>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<00000000b1ccf434>] mmput+0x28/0x370 kernel/fork.c:905 [<0000000022b23480>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000d2226f91>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000404c469a>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000404c469a>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000a5e4265a>] shrink_slab mm/vmscan.c:466 [inline] [<00000000a5e4265a>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000037ed5551>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000037ed5551>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000037ed5551>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000e6fba721>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000e6fba721>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000e6fba721>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000e6fba721>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<00000000e28eea88>] __alloc_pages include/linux/gfp.h:433 [inline] [<00000000e28eea88>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<00000000e28eea88>] alloc_pages_node include/linux/gfp.h:460 [inline] [<00000000e28eea88>] alloc_zeroed_user_highpage_movable include/linux/highmem.h:183 [inline] [<00000000e28eea88>] do_anonymous_page mm/memory.c:2761 [inline] [<00000000e28eea88>] handle_pte_fault mm/memory.c:3545 [inline] [<00000000e28eea88>] __handle_mm_fault mm/memory.c:3634 [inline] [<00000000e28eea88>] handle_mm_fault+0x12e1/0x2420 mm/memory.c:3671 [<00000000126e2afa>] faultin_page mm/gup.c:395 [inline] [<00000000126e2afa>] __get_user_pages+0x3c7/0x10b0 mm/gup.c:597 [<000000001dfb66b4>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1115 [<00000000a37eb6ff>] __mm_populate+0x1b9/0x300 mm/gup.c:1163 [<000000003aab9e94>] mm_populate include/linux/mm.h:2080 [inline] [<000000003aab9e94>] SYSC_mlockall mm/mlock.c:817 [inline] [<000000003aab9e94>] SyS_mlockall+0x405/0x530 mm/mlock.c:791 [<00000000afec45e1>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000f022195b>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor.1' (10481) (tgid 10481), adj 1000, to free 53048kB on behalf of 'syz-executor.4' (10465) because cache 64856kB is below limit 65536kB for oom_score_adj 12 Free memory is -13296kB above reserved lowmemorykiller: Killing 'syz-executor.4' (10532) (tgid 10532), adj 1000, to free 53048kB on behalf of 'syz-executor.1' (10481) because cache 64556kB is below limit 65536kB for oom_score_adj 12 Free memory is -13296kB above reserved lowmemorykiller: Killing 'syz-executor.4' (10465) (tgid 10465), adj 1000, to free 53048kB on behalf of 'syz-executor.5' (13246) because cache 65056kB is below limit 65536kB for oom_score_adj 12 Free memory is -13296kB above reserved lowmemorykiller: Killing 'syz-executor.4' (10600) (tgid 10600), adj 1000, to free 53048kB on behalf of 'syz-executor.5' (13246) because cache 64556kB is below limit 65536kB for oom_score_adj 12 Free memory is 30880kB above reserved lowmemorykiller: Killing 'syz-executor.1' (10552) (tgid 10552), adj 1000, to free 53048kB on behalf of 'syz-executor.2' (13247) because cache 65356kB is below limit 65536kB for oom_score_adj 12 Free memory is -13296kB above reserved lowmemorykiller: Killing 'syz-executor.4' (10600) (tgid 10600), adj 1000, to free 53048kB on behalf of 'syz-executor.4' (13245) because cache 64856kB is below limit 65536kB for oom_score_adj 12 Free memory is -13296kB above reserved lowmemorykiller: Killing 'syz-executor.1' (10601) (tgid 10601), adj 1000, to free 53048kB on behalf of 'syz-executor.5' (13246) because cache 64556kB is below limit 65536kB for oom_score_adj 12 Free memory is 30880kB above reserved lowmemorykiller: Killing 'syz-executor.1' (10601) (tgid 10601), adj 1000, to free 53048kB on behalf of 'syz-executor.2' (13247) because cache 64356kB is below limit 65536kB for oom_score_adj 12 Free memory is 30980kB above reserved lowmemorykiller: Killing 'syz-executor.1' (13252) (tgid 13252), adj 1000, to free 53168kB on behalf of 'syz-executor.0' (13312) because cache 65176kB is below limit 65536kB for oom_score_adj 12 Free memory is -13324kB above reserved lowmemorykiller: Killing 'syz-executor.4' (10671) (tgid 10671), adj 1000, to free 53048kB on behalf of 'kworker/u4:8' (28451) because cache 65176kB is below limit 65536kB for oom_score_adj 12 Free memory is -13324kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:905 in_atomic(): 0, irqs_disabled(): 0, pid: 28451, name: kworker/u4:8 INFO: lockdep is turned off. Preemption disabled at: [<0000000068385732>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000068385732>] task_lock include/linux/sched.h:3217 [inline] [<0000000068385732>] get_task_mm+0x20/0xc0 kernel/fork.c:1012 CPU: 1 PID: 28451 Comm: kworker/u4:8 Tainted: G W 4.9.189+ #22 Workqueue: writeback wb_workfn (flush-8:0) ffff8801a1b16630 ffffffff81b65c01 0000000000000000 0000000000000001 ffff8801a21d0000 ffffffff810d1010 ffff8801a21d0000 ffff8801a1b16668 ffffffff814018f3 ffff8801a21d0000 ffffffff82a39fc0 0000000000000389 Call Trace: [<00000000d41af653>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000d41af653>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<0000000042d676e3>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<00000000622af0d6>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<00000000b1ccf434>] mmput+0x28/0x370 kernel/fork.c:905 [<0000000022b23480>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000d2226f91>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000404c469a>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000404c469a>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000a5e4265a>] shrink_slab mm/vmscan.c:466 [inline] [<00000000a5e4265a>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000037ed5551>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000037ed5551>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000037ed5551>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000e6fba721>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000e6fba721>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000e6fba721>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000e6fba721>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000005a9817a9>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000005a9817a9>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000005a9817a9>] alloc_slab_page mm/slub.c:1408 [inline] [<000000005a9817a9>] allocate_slab mm/slub.c:1557 [inline] [<000000005a9817a9>] new_slab+0x33b/0x3e0 mm/slub.c:1635 [<000000006aa846d0>] new_slab_objects mm/slub.c:2419 [inline] [<000000006aa846d0>] ___slab_alloc.constprop.0+0x361/0x470 mm/slub.c:2576 [<000000006321e8b1>] __slab_alloc.isra.0.constprop.0+0x50/0xa0 mm/slub.c:2618 [<00000000f0e929cd>] slab_alloc_node mm/slub.c:2681 [inline] [<00000000f0e929cd>] slab_alloc mm/slub.c:2723 [inline] [<00000000f0e929cd>] kmem_cache_alloc+0x212/0x2b0 mm/slub.c:2728 [<00000000583dd81c>] mempool_alloc_slab+0x47/0x60 mm/mempool.c:449 [<00000000d4345521>] mempool_alloc+0x149/0x360 mm/mempool.c:329 [<000000000462ebe9>] bvec_alloc+0xce/0x2e0 block/bio.c:215 [<00000000ef8b0eaf>] bio_alloc_bioset+0x4f5/0x7d0 block/bio.c:494 [<00000000a928f91f>] bio_alloc include/linux/bio.h:393 [inline] [<00000000a928f91f>] io_submit_init_bio fs/ext4/page-io.c:362 [inline] [<00000000a928f91f>] io_submit_add_bh fs/ext4/page-io.c:387 [inline] [<00000000a928f91f>] ext4_bio_write_page+0x5a6/0xb60 fs/ext4/page-io.c:492 [<00000000d298e8b5>] mpage_submit_page+0x138/0x240 fs/ext4/inode.c:2144 [<00000000fcbb20e6>] mpage_process_page_bufs+0x3b7/0x4a0 fs/ext4/inode.c:2249 [<00000000cd85ae31>] mpage_prepare_extent_to_map+0x449/0x9a0 fs/ext4/inode.c:2618 [<000000004290eccd>] ext4_writepages+0xf2e/0x2de0 fs/ext4/inode.c:2780 [<000000006a40e807>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 [<00000000b47db3ef>] __writeback_single_inode+0xd9/0x1040 fs/fs-writeback.c:1364 [<000000000ebbfcc7>] writeback_sb_inodes+0x50f/0xea0 fs/fs-writeback.c:1628 [<00000000716d6524>] __writeback_inodes_wb+0xc3/0x210 fs/fs-writeback.c:1697 [<000000007d4db18c>] wb_writeback+0x637/0xbd0 fs/fs-writeback.c:1806 [<000000001b713ce4>] wb_do_writeback fs/fs-writeback.c:1938 [inline] [<000000001b713ce4>] wb_workfn+0x1c4/0xe70 fs/fs-writeback.c:1974 [<00000000865c6d32>] process_one_work+0x88b/0x1600 kernel/workqueue.c:2114 [<00000000e0efe27c>] worker_thread+0x5df/0x11d0 kernel/workqueue.c:2251 [<00000000f4b2ceae>] kthread+0x278/0x310 kernel/kthread.c:211 [<000000006a23f915>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 lowmemorykiller: Killing 'syz-executor.1' (13252) (tgid 13252), adj 1000, to free 53168kB on behalf of 'syz-executor.1' (13311) because cache 65076kB is below limit 65536kB for oom_score_adj 12 Free memory is -13324kB above reserved lowmemorykiller: Killing 'syz-executor.1' (10673) (tgid 10673), adj 1000, to free 53048kB on behalf of 'syz-executor.2' (13315) because cache 58076kB is below limit 65536kB for oom_score_adj 12 Free memory is 9480kB above reserved lowmemorykiller: Killing 'syz-executor.4' (10704) (tgid 10704), adj 1000, to free 53048kB on behalf of 'syz-executor.2' (13315) because cache 55576kB is below limit 65536kB for oom_score_adj 12 Free memory is 17488kB above reserved lowmemorykiller: Killing 'syz-executor.1' (13306) (tgid 13306), adj 1000, to free 53268kB on behalf of 'syz-executor.2' (13315) because cache 44556kB is below limit 65536kB for oom_score_adj 12 Free memory is 43892kB above reserved lowmemorykiller: Killing 'syz-executor.1' (13311) (tgid 13306), adj 1000, to free 54280kB on behalf of 'syz-executor.2' (13315) because cache 44456kB is below limit 65536kB for oom_score_adj 12 Free memory is 43892kB above reserved lowmemorykiller: Killing 'syz-executor.4' (10734) (tgid 10734), adj 1000, to free 53048kB on behalf of 'kswapd0' (33) because cache 42556kB is below limit 65536kB for oom_score_adj 12 Free memory is 42172kB above reserved lowmemorykiller: Killing 'syz-executor.1' (10737) (tgid 10737), adj 1000, to free 53048kB on behalf of 'kswapd0' (33) because cache 31656kB is below limit 65536kB for oom_score_adj 12 Free memory is 49196kB above reserved lowmemorykiller: Killing 'syz-executor.1' (10774) (tgid 10774), adj 1000, to free 53048kB on behalf of 'kswapd0' (33) because cache 31156kB is below limit 65536kB for oom_score_adj 12 Free memory is 49196kB above reserved audit_printk_skb: 102 callbacks suppressed audit: type=1400 audit(2000001820.836:3442): avc: denied { create } for pid=13324 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001820.836:3443): avc: denied { write } for pid=13324 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001820.906:3444): avc: denied { create } for pid=13329 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001820.916:3445): avc: denied { write } for pid=13329 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001820.926:3446): avc: denied { read } for pid=13324 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001821.006:3447): avc: denied { read } for pid=13329 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001821.226:3448): avc: denied { create } for pid=13332 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001821.226:3449): avc: denied { write } for pid=13332 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000001821.356:3450): avc: denied { read } for pid=13332 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 lowmemorykiller: Killing 'syz-executor.1' (13345) (tgid 13345), adj 1000, to free 71528kB on behalf of 'kswapd0' (33) because cache -496kB is below limit 6144kB for oom_score_adj 0 Free memory is -6748kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:905 in_atomic(): 0, irqs_disabled(): 0, pid: 33, name: kswapd0 INFO: lockdep is turned off. Preemption disabled at: [<0000000068385732>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000068385732>] task_lock include/linux/sched.h:3217 [inline] [<0000000068385732>] get_task_mm+0x20/0xc0 kernel/fork.c:1012 CPU: 1 PID: 33 Comm: kswapd0 Tainted: G W 4.9.189+ #22 ffff8801d84077c0 ffffffff81b65c01 0000000000000000 0000000000000001 ffff8801d8df8000 ffffffff810d1010 ffff8801d8df8000 ffff8801d84077f8 ffffffff814018f3 ffff8801d8df8000 ffffffff82a39fc0 0000000000000389 Call Trace: [<00000000d41af653>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000d41af653>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<0000000042d676e3>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<00000000622af0d6>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<00000000b1ccf434>] mmput+0x28/0x370 kernel/fork.c:905 [<0000000022b23480>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000d2226f91>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000404c469a>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000404c469a>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000a5e4265a>] shrink_slab mm/vmscan.c:466 [inline] [<00000000a5e4265a>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000020c2fd69>] kswapd_shrink_node mm/vmscan.c:3209 [inline] [<0000000020c2fd69>] balance_pgdat mm/vmscan.c:3329 [inline] [<0000000020c2fd69>] kswapd+0x7f8/0x13b0 mm/vmscan.c:3523 [<00000000f4b2ceae>] kthread+0x278/0x310 kernel/kthread.c:211 [<000000006a23f915>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 lowmemorykiller: Killing 'syz-executor.1' (13346) (tgid 13345), adj 1000, to free 72548kB on behalf of 'kswapd0' (33) because cache -2096kB is below limit 6144kB for oom_score_adj 0 Free memory is -6748kB above reserved lowmemorykiller: Killing 'syz-executor.1' (10808) (tgid 10808), adj 1000, to free 53048kB on behalf of 'kswapd0' (33) because cache -8396kB is below limit 6144kB for oom_score_adj 0 Free memory is -6448kB above reserved lowmemorykiller: Killing 'syz-executor.4' (10813) (tgid 10813), adj 1000, to free 53048kB on behalf of 'kswapd0' (33) because cache 27504kB is below limit 65536kB for oom_score_adj 12 Free memory is -3764kB above reserved lowmemorykiller: Killing 'syz-executor.1' (10837) (tgid 10837), adj 1000, to free 53048kB on behalf of 'kswapd0' (33) because cache 27504kB is below limit 65536kB for oom_score_adj 12 Free memory is 31936kB above reserved lowmemorykiller: Killing 'syz-executor.4' (10877) (tgid 10877), adj 1000, to free 53048kB on behalf of 'kswapd0' (33) because cache 27504kB is below limit 65536kB for oom_score_adj 12 Free memory is 47824kB above reserved audit: type=1400 audit(2000001821.736:3451): avc: denied { create } for pid=13347 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 lowmemorykiller: Killing 'syz-executor.4' (13366) (tgid 13366), adj 1000, to free 70612kB on behalf of 'kswapd0' (33) because cache -45244kB is below limit 6144kB for oom_score_adj 0 Free memory is -3604kB above reserved lowmemorykiller: Killing 'syz-executor.1' (13365) (tgid 13365), adj 1000, to free 70604kB on behalf of 'syz-executor.5' (13379) because cache -17144kB is below limit 6144kB for oom_score_adj 0 Free memory is -13356kB above reserved BUG: sleeping function called from invalid context at kernel/fork.c:905 in_atomic(): 0, irqs_disabled(): 0, pid: 13379, name: syz-executor.5 INFO: lockdep is turned off. Preemption disabled at: [<0000000068385732>] spin_lock include/linux/spinlock.h:302 [inline] [<0000000068385732>] task_lock include/linux/sched.h:3217 [inline] [<0000000068385732>] get_task_mm+0x20/0xc0 kernel/fork.c:1012 CPU: 0 PID: 13379 Comm: syz-executor.5 Tainted: G W 4.9.189+ #22 ffff8801ae8a75b8 ffffffff81b65c01 0000000000000000 0000000000000001 ffff8801af77c740 ffffffff810d1010 ffff8801af77c740 ffff8801ae8a75f0 ffffffff814018f3 ffff8801af77c740 ffffffff82a39fc0 0000000000000389 Call Trace: [<00000000d41af653>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000d41af653>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<0000000042d676e3>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<00000000622af0d6>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<00000000b1ccf434>] mmput+0x28/0x370 kernel/fork.c:905 [<0000000022b23480>] handle_lmk_event+0xea/0x8a0 drivers/staging/android/lowmemorykiller.c:111 [<00000000d2226f91>] lowmem_scan+0x695/0xb50 drivers/staging/android/lowmemorykiller.c:345 [<00000000404c469a>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000404c469a>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000a5e4265a>] shrink_slab mm/vmscan.c:466 [inline] [<00000000a5e4265a>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<0000000037ed5551>] shrink_zones mm/vmscan.c:2751 [inline] [<0000000037ed5551>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<0000000037ed5551>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000e6fba721>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000e6fba721>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000e6fba721>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000e6fba721>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000003bb7a6f9>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000003bb7a6f9>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000003bb7a6f9>] alloc_pages_node include/linux/gfp.h:460 [inline] [<000000003bb7a6f9>] pte_alloc_one+0x23/0x110 arch/x86/mm/pgtable.c:29