================================= [ INFO: inconsistent lock state ] 4.9.194+ #0 Not tainted --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-R} usage. syz-executor.4/6355 [HC0[0]:SC0[0]:HE1:SE1] takes: (&mm->mmap_sem){+++++?}, at: [<00000000c95f0bfc>] get_cmdline+0xa3/0x2d0 mm/util.c:641 mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897 __alloc_pages_nodemask+0x143/0x1a80 mm/page_alloc.c:3803 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_pages_node include/linux/gfp.h:460 [inline] pmd_alloc_one arch/x86/include/asm/pgalloc.h:88 [inline] __pmd_alloc+0x4a/0x330 mm/memory.c:3742 pmd_alloc include/linux/mm.h:1625 [inline] alloc_new_pmd mm/mremap.c:64 [inline] move_page_tables+0xadb/0xd60 mm/mremap.c:212 shift_arg_pages+0x1ae/0x470 fs/exec.c:642 setup_arg_pages+0x60d/0x7c0 fs/exec.c:754 load_elf_binary+0xa84/0x4a90 fs/binfmt_elf.c:860 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 irq event stamp: 6793 hardirqs last enabled at (6793): [<000000001afc4a83>] vprintk_emit+0x25c/0x6f0 kernel/printk/printk.c:1897 hardirqs last disabled at (6792): [<00000000e9079809>] vprintk_emit+0x6d/0x6f0 kernel/printk/printk.c:1801 softirqs last enabled at (5486): [<00000000ca1490f9>] __do_softirq+0x474/0x964 kernel/softirq.c:314 softirqs last disabled at (5339): [<00000000abf635d7>] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (5339): [<00000000abf635d7>] irq_exit+0x119/0x160 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&mm->mmap_sem); lock(&mm->mmap_sem); *** DEADLOCK *** 2 locks held by syz-executor.4/6355: #0: (&mm->mmap_sem){+++++?}, at: [<00000000c730bb63>] __do_page_fault+0x25e/0xa60 arch/x86/mm/fault.c:1330 #1: (shrinker_rwsem){++++..}, at: [<00000000209d7186>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 stack backtrace: CPU: 1 PID: 6355 Comm: syz-executor.4 Not tainted 4.9.194+ #0 ffff8800ba3d6a30 ffffffff81b67001 00000000000000f0 ffff8801cc650000 ffffffff83cb0990 ffff8801cc650920 ffffffff84252000 ffff8800ba3d6aa8 ffffffff81408710 0000000000000000 ffffffff00000001 0000000000000001 Call Trace: [<0000000008bc130f>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000008bc130f>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<000000000efcd663>] print_usage_bug kernel/locking/lockdep.c:2387 [inline] [<000000000efcd663>] print_usage_bug.cold+0x452/0x5a2 kernel/locking/lockdep.c:2354 [<000000005b3297d6>] valid_state kernel/locking/lockdep.c:2400 [inline] [<000000005b3297d6>] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [<000000005b3297d6>] mark_lock+0x6c7/0x12e0 kernel/locking/lockdep.c:3065 [<0000000038bf9508>] mark_irqflags kernel/locking/lockdep.c:2958 [inline] [<0000000038bf9508>] __lock_acquire+0x5be/0x4390 kernel/locking/lockdep.c:3302 [<000000008c847575>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<00000000426fe19f>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<00000000c95f0bfc>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<000000007727c5fe>] handle_lmk_event+0x169/0x920 drivers/staging/android/lowmemorykiller.c:116 [<00000000ada7360e>] lowmem_scan+0x6f3/0xb70 drivers/staging/android/lowmemorykiller.c:354 [<0000000077fdcaf5>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000077fdcaf5>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000a6e47929>] shrink_slab mm/vmscan.c:466 [inline] [<00000000a6e47929>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000130b26fa>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000130b26fa>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000130b26fa>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000d346af70>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000d346af70>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000d346af70>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000d346af70>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<0000000064da3e79>] __alloc_pages include/linux/gfp.h:433 [inline] [<0000000064da3e79>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<0000000064da3e79>] alloc_pages_node include/linux/gfp.h:460 [inline] [<0000000064da3e79>] wp_page_copy+0x15a/0x1470 mm/memory.c:2169 [<000000006696298a>] do_wp_page+0x2a6/0x20a0 mm/memory.c:2439 [<00000000e31a48ed>] handle_pte_fault mm/memory.c:3562 [inline] [<00000000e31a48ed>] __handle_mm_fault mm/memory.c:3634 [inline] [<00000000e31a48ed>] handle_mm_fault+0xeff/0x2420 mm/memory.c:3671 [<00000000927b68a8>] __do_page_fault+0x3f0/0xa60 arch/x86/mm/fault.c:1401 [<00000000ef0527dc>] do_page_fault+0x28/0x30 arch/x86/mm/fault.c:1464 [<000000007ee4ea79>] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:956 [<000000004a8f3de7>] exit_mm kernel/exit.c:469 [inline] [<000000004a8f3de7>] do_exit+0x395/0x2aa0 kernel/exit.c:829 [<000000009aae5b04>] do_group_exit+0x111/0x300 kernel/exit.c:946 [<00000000790ab89c>] get_signal+0x377/0x1cb0 kernel/signal.c:2395 [<00000000c4f880f9>] do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:812 [<000000001f244d19>] exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:159 [<00000000179cfb77>] prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] [<00000000179cfb77>] syscall_return_slowpath arch/x86/entry/common.c:266 [inline] [<00000000179cfb77>] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293 [<000000009d4866ec>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor.1' (6132) (tgid 6132), adj 1000, to free 53568kB on behalf of 'syz-executor.2' (6358) because cache 64952kB is below limit 65536kB for oom_score_adj 12 Free memory is -13100kB above reserved lowmemorykiller: Killing 'syz-executor.1' (1274) (tgid 1274), adj 1000, to free 53304kB on behalf of 'syz-executor.2' (6358) because cache 64952kB is below limit 65536kB for oom_score_adj 12 Free memory is 4700kB above reserved lowmemorykiller: Killing 'syz-executor.1' (1352) (tgid 1352), adj 1000, to free 53304kB on behalf of 'syz-executor.2' (6358) because cache 64952kB is below limit 65536kB for oom_score_adj 12 Free memory is 15700kB above reserved lowmemorykiller: Killing 'syz-executor.1' (2132) (tgid 2132), adj 1000, to free 53304kB on behalf of 'syz-executor.2' (6358) because cache 64252kB is below limit 65536kB for oom_score_adj 12 Free memory is 41000kB above reserved lowmemorykiller: Killing 'syz-executor.1' (1474) (tgid 1474), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 64252kB is below limit 65536kB for oom_score_adj 12 Free memory is 25200kB above reserved lowmemorykiller: Killing 'syz-executor.1' (2132) (tgid 2132), adj 1000, to free 53304kB on behalf of 'syz-executor.1' (6354) because cache 64352kB is below limit 65536kB for oom_score_adj 12 Free memory is 17800kB above reserved audit_printk_skb: 222 callbacks suppressed audit: type=1400 audit(2000000095.438:757): avc: denied { wake_alarm } for pid=6404 comm="syz-executor.2" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 audit: type=1400 audit(2000000095.468:758): avc: denied { wake_alarm } for pid=6404 comm="syz-executor.2" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 audit: type=1400 audit(2000000095.488:759): avc: denied { wake_alarm } for pid=6404 comm="syz-executor.2" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 audit: type=1400 audit(2000000095.548:760): avc: denied { create } for pid=6410 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000095.558:761): avc: denied { bind } for pid=6410 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000095.558:762): avc: denied { bind } for pid=6410 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000095.618:763): avc: denied { create } for pid=6410 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000095.618:764): avc: denied { bind } for pid=6410 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000095.628:765): avc: denied { bind } for pid=6410 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000095.748:766): avc: denied { wake_alarm } for pid=6419 comm="syz-executor.0" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 lowmemorykiller: Killing 'syz-executor.4' (6428) (tgid 6428), adj 1000, to free 72648kB on behalf of 'kswapd0' (33) because cache 64112kB is below limit 65536kB for oom_score_adj 12 Free memory is -8096kB above reserved lowmemorykiller: Killing 'syz-executor.4' (6432) (tgid 6428), adj 1000, to free 72704kB on behalf of 'kswapd0' (33) because cache 63812kB is below limit 65536kB for oom_score_adj 12 Free memory is -8468kB above reserved lowmemorykiller: Killing 'syz-executor.4' (6441) (tgid 6428), adj 1000, to free 72704kB on behalf of 'kswapd0' (33) because cache 63812kB is below limit 65536kB for oom_score_adj 12 Free memory is -8364kB above reserved lowmemorykiller: Killing 'syz-executor.1' (2206) (tgid 2206), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 62512kB is below limit 65536kB for oom_score_adj 12 Free memory is -9076kB above reserved lowmemorykiller: Killing 'syz-executor.1' (6457) (tgid 6457), adj 1000, to free 54860kB on behalf of 'kswapd0' (33) because cache 56712kB is below limit 65536kB for oom_score_adj 12 Free memory is -10512kB above reserved lowmemorykiller: Killing 'syz-executor.1' (2267) (tgid 2267), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 56712kB is below limit 65536kB for oom_score_adj 12 Free memory is -10512kB above reserved lowmemorykiller: Killing 'syz-executor.1' (3007) (tgid 3007), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 56712kB is below limit 65536kB for oom_score_adj 12 Free memory is -10512kB above reserved lowmemorykiller: Killing 'syz-executor.1' (3373) (tgid 3373), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 56712kB is below limit 65536kB for oom_score_adj 12 Free memory is 20388kB above reserved lowmemorykiller: Killing 'syz-executor.1' (3473) (tgid 3473), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 56712kB is below limit 65536kB for oom_score_adj 12 Free memory is 51672kB above reserved lowmemorykiller: Killing 'syz-executor.1' (6527) (tgid 6527), adj 1000, to free 72644kB on behalf of 'kswapd0' (33) because cache 64504kB is below limit 65536kB for oom_score_adj 12 Free memory is -6776kB above reserved lowmemorykiller: Killing 'syz-executor.1' (6533) (tgid 6527), adj 1000, to free 72704kB on behalf of 'kswapd0' (33) because cache 64504kB is below limit 65536kB for oom_score_adj 12 Free memory is -6916kB above reserved lowmemorykiller: Killing 'syz-executor.1' (3525) (tgid 3525), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 63904kB is below limit 65536kB for oom_score_adj 12 Free memory is -6316kB above reserved lowmemorykiller: Killing 'syz-executor.4' (6564) (tgid 6564), adj 1000, to free 72648kB on behalf of 'kswapd0' (33) because cache 51132kB is below limit 65536kB for oom_score_adj 12 Free memory is -6636kB above reserved lowmemorykiller: Killing 'syz-executor.1' (6575) (tgid 6575), adj 1000, to free 72616kB on behalf of 'kswapd0' (33) because cache 47832kB is below limit 65536kB for oom_score_adj 12 Free memory is -3536kB above reserved lowmemorykiller: Killing 'syz-executor.1' (3607) (tgid 3607), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 47832kB is below limit 65536kB for oom_score_adj 12 Free memory is -3692kB above reserved lowmemorykiller: Killing 'syz-executor.1' (3680) (tgid 3680), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 47932kB is below limit 65536kB for oom_score_adj 12 Free memory is 9892kB above reserved lowmemorykiller: Killing 'syz-executor.1' (3752) (tgid 3752), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 47932kB is below limit 65536kB for oom_score_adj 12 Free memory is 9892kB above reserved lowmemorykiller: Killing 'syz-executor.1' (3952) (tgid 3952), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 47932kB is below limit 65536kB for oom_score_adj 12 Free memory is 40592kB above reserved lowmemorykiller: Killing 'syz-executor.1' (4072) (tgid 4072), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 47932kB is below limit 65536kB for oom_score_adj 12 Free memory is 61692kB above reserved lowmemorykiller: Killing 'syz-executor.1' (4114) (tgid 4114), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 47932kB is below limit 65536kB for oom_score_adj 12 Free memory is 61692kB above reserved audit_printk_skb: 321 callbacks suppressed audit: type=1400 audit(2000000101.728:874): avc: denied { wake_alarm } for pid=6562 comm="syz-executor.0" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 audit: type=1400 audit(2000000101.758:875): avc: denied { wake_alarm } for pid=6562 comm="syz-executor.0" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 audit: type=1400 audit(2000000101.788:876): avc: denied { create } for pid=6562 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000000101.818:877): avc: denied { write } for pid=6562 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000000101.958:878): avc: denied { create } for pid=6621 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000000101.958:879): avc: denied { create } for pid=6622 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000101.968:880): avc: denied { bind } for pid=6622 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000101.968:881): avc: denied { bind } for pid=6622 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000102.018:882): avc: denied { wake_alarm } for pid=6621 comm="syz-executor.2" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 audit: type=1400 audit(2000000102.028:883): avc: denied { create } for pid=6622 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 lowmemorykiller: Killing 'syz-executor.1' (6624) (tgid 6624), adj 1000, to free 72800kB on behalf of 'kswapd0' (33) because cache 47660kB is below limit 65536kB for oom_score_adj 12 Free memory is -6720kB above reserved lowmemorykiller: Killing 'syz-executor.1' (6627) (tgid 6624), adj 1000, to free 72836kB on behalf of 'kswapd0' (33) because cache 47660kB is below limit 65536kB for oom_score_adj 12 Free memory is -6720kB above reserved lowmemorykiller: Killing 'syz-executor.4' (6625) (tgid 6625), adj 1000, to free 72648kB on behalf of 'kswapd0' (33) because cache 46260kB is below limit 65536kB for oom_score_adj 12 Free memory is -5292kB above reserved lowmemorykiller: Killing 'syz-executor.4' (6630) (tgid 6625), adj 1000, to free 72704kB on behalf of 'kswapd0' (33) because cache 46260kB is below limit 65536kB for oom_score_adj 12 Free memory is -5292kB above reserved lowmemorykiller: Killing 'syz-executor.1' (4250) (tgid 4250), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 44660kB is below limit 65536kB for oom_score_adj 12 Free memory is -3792kB above reserved lowmemorykiller: Killing 'syz-executor.1' (4321) (tgid 4321), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 44660kB is below limit 65536kB for oom_score_adj 12 Free memory is 14104kB above reserved lowmemorykiller: Killing 'syz-executor.1' (4425) (tgid 4425), adj 1000, to free 53304kB on behalf of 'kswapd0' (33) because cache 44660kB is below limit 65536kB for oom_score_adj 12 Free memory is 14104kB above reserved netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.