lowmemorykiller: Killing 'syz-executor.1' (8889) (tgid 8886), adj 1000, to free 35972kB on behalf of 'syz-executor.1' (8944) because cache 63352kB is below limit 65536kB for oom_score_adj 12 Free memory is -13284kB above reserved ================================= [ INFO: inconsistent lock state ] 4.9.194+ #0 Not tainted --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-R} usage. syz-executor.1/8944 [HC0[0]:SC0[0]:HE1:SE1] takes: (&mm->mmap_sem){+++++?}, at: [<00000000436f3acb>] get_cmdline+0xa3/0x2d0 mm/util.c:641 mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897 __alloc_pages_nodemask+0x143/0x1a80 mm/page_alloc.c:3803 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_pages_node include/linux/gfp.h:460 [inline] pmd_alloc_one arch/x86/include/asm/pgalloc.h:88 [inline] __pmd_alloc+0x4a/0x330 mm/memory.c:3742 pmd_alloc include/linux/mm.h:1625 [inline] alloc_new_pmd mm/mremap.c:64 [inline] move_page_tables+0xadb/0xd60 mm/mremap.c:212 shift_arg_pages+0x1ae/0x470 fs/exec.c:642 setup_arg_pages+0x60d/0x7c0 fs/exec.c:754 load_elf_binary+0xa84/0x4a90 fs/binfmt_elf.c:860 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 irq event stamp: 953881 hardirqs last enabled at (953881): [<0000000080393959>] vprintk_emit+0x25c/0x6f0 kernel/printk/printk.c:1897 hardirqs last disabled at (953880): [<000000001ca26e5c>] vprintk_emit+0x6d/0x6f0 kernel/printk/printk.c:1801 softirqs last enabled at (949264): [<0000000023a1fddf>] __do_softirq+0x474/0x964 kernel/softirq.c:314 softirqs last disabled at (949257): [<00000000977a8b21>] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (949257): [<00000000977a8b21>] irq_exit+0x119/0x160 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&mm->mmap_sem); lock(&mm->mmap_sem); *** DEADLOCK *** 1 lock held by syz-executor.1/8944: #0: (shrinker_rwsem){++++..}, at: [<00000000a9e9c72f>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 stack backtrace: CPU: 1 PID: 8944 Comm: syz-executor.1 Not tainted 4.9.194+ #0 ffff880161d66fe0 ffffffff81b67001 00000000000000f0 ffff8801a5860000 ffffffff83cb1200 ffff8801a58608f8 ffffffff84252000 ffff880161d67058 ffffffff81408710 0000000000000000 ffffffff00000001 0000000000000001 Call Trace: [<000000005c758ec8>] __dump_stack lib/dump_stack.c:15 [inline] [<000000005c758ec8>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<0000000099d5f912>] print_usage_bug kernel/locking/lockdep.c:2387 [inline] [<0000000099d5f912>] print_usage_bug.cold+0x452/0x5a2 kernel/locking/lockdep.c:2354 [<00000000e0454371>] valid_state kernel/locking/lockdep.c:2400 [inline] [<00000000e0454371>] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [<00000000e0454371>] mark_lock+0x6c7/0x12e0 kernel/locking/lockdep.c:3065 [<0000000032209153>] mark_irqflags kernel/locking/lockdep.c:2958 [inline] [<0000000032209153>] __lock_acquire+0x5be/0x4390 kernel/locking/lockdep.c:3302 [<00000000a7116b6c>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<000000009b81fbe2>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<00000000436f3acb>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<00000000fcd913d3>] handle_lmk_event+0x169/0x920 drivers/staging/android/lowmemorykiller.c:116 [<0000000082c2ece9>] lowmem_scan+0x6f3/0xb70 drivers/staging/android/lowmemorykiller.c:354 [<0000000024bca2be>] do_shrink_slab mm/vmscan.c:399 [inline] [<0000000024bca2be>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000b91980c5>] shrink_slab mm/vmscan.c:466 [inline] [<00000000b91980c5>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000c4d7a714>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000c4d7a714>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000c4d7a714>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000d0b7cf94>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000d0b7cf94>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000d0b7cf94>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000d0b7cf94>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000001de6351b>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000001de6351b>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000001de6351b>] alloc_pages_node include/linux/gfp.h:460 [inline] [<000000001de6351b>] __vmalloc_area_node mm/vmalloc.c:1648 [inline] [<000000001de6351b>] __vmalloc_node_range+0x25b/0x610 mm/vmalloc.c:1706 [<0000000037d1e1e8>] __vmalloc_node mm/vmalloc.c:1755 [inline] [<0000000037d1e1e8>] __vmalloc_node_flags mm/vmalloc.c:1769 [inline] [<0000000037d1e1e8>] vmalloc+0x5c/0x70 mm/vmalloc.c:1784 [<0000000053e7c14f>] xt_alloc_table_info+0xc8/0x100 net/netfilter/x_tables.c:997 [<00000000270c715a>] do_replace.isra.0+0x111/0x480 net/ipv4/netfilter/arp_tables.c:979 [<000000008f81029a>] do_arpt_set_ctl+0x108/0x150 net/ipv4/netfilter/arp_tables.c:1469 [<00000000d8d05fd0>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [<00000000d8d05fd0>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [<000000003f38fb53>] ip_setsockopt net/ipv4/ip_sockglue.c:1247 [inline] [<000000003f38fb53>] ip_setsockopt+0x8a/0xa0 net/ipv4/ip_sockglue.c:1232 [<00000000f9eefaac>] tcp_setsockopt net/ipv4/tcp.c:2759 [inline] [<00000000f9eefaac>] tcp_setsockopt+0x8a/0xe0 net/ipv4/tcp.c:2753 [<00000000f3b66982>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2710 [<000000006bc98c32>] SYSC_setsockopt net/socket.c:1786 [inline] [<000000006bc98c32>] SyS_setsockopt+0x159/0x240 net/socket.c:1765 [<0000000055eda566>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<0000000037ddd196>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb oom_reaper: reaped process 8944 (syz-executor.1), now anon-rss:0kB, file-rss:16kB, shmem-rss:0kB syz-executor.1: vmalloc: allocation failure, allocated 1988526080 of 4265549824 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 1 PID: 8944 Comm: syz-executor.1 Not tainted 4.9.194+ #0 ffff880161d67980 ffffffff81b67001 1ffff1002c3acf32 dffffc0000000000 ffffffff82aab480 0000000000000000 0000000000400000 ffff880161d67aa8 ffffffff815080fc 0000000041b58ab3 ffffffff82e3bc80 ffffffff81431d00 Call Trace: [<000000005c758ec8>] __dump_stack lib/dump_stack.c:15 [inline] [<000000005c758ec8>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<0000000036e7ca45>] warn_alloc.cold+0x76/0x93 mm/page_alloc.c:3069 [<00000000e94a0f47>] __vmalloc_area_node mm/vmalloc.c:1665 [inline] [<00000000e94a0f47>] __vmalloc_node_range+0x404/0x610 mm/vmalloc.c:1706 [<0000000037d1e1e8>] __vmalloc_node mm/vmalloc.c:1755 [inline] [<0000000037d1e1e8>] __vmalloc_node_flags mm/vmalloc.c:1769 [inline] [<0000000037d1e1e8>] vmalloc+0x5c/0x70 mm/vmalloc.c:1784 [<0000000053e7c14f>] xt_alloc_table_info+0xc8/0x100 net/netfilter/x_tables.c:997 [<00000000270c715a>] do_replace.isra.0+0x111/0x480 net/ipv4/netfilter/arp_tables.c:979 [<000000008f81029a>] do_arpt_set_ctl+0x108/0x150 net/ipv4/netfilter/arp_tables.c:1469 [<00000000d8d05fd0>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [<00000000d8d05fd0>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [<000000003f38fb53>] ip_setsockopt net/ipv4/ip_sockglue.c:1247 [inline] [<000000003f38fb53>] ip_setsockopt+0x8a/0xa0 net/ipv4/ip_sockglue.c:1232 [<00000000f9eefaac>] tcp_setsockopt net/ipv4/tcp.c:2759 [inline] [<00000000f9eefaac>] tcp_setsockopt+0x8a/0xe0 net/ipv4/tcp.c:2753 [<00000000f3b66982>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2710 [<000000006bc98c32>] SYSC_setsockopt net/socket.c:1786 [inline] [<000000006bc98c32>] SyS_setsockopt+0x159/0x240 net/socket.c:1765 [<0000000055eda566>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<0000000037ddd196>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Mem-Info: active_anon:61357 inactive_anon:40 isolated_anon:0 active_file:0 inactive_file:26 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:6079 slab_unreclaimable:57182 mapped:52228 shmem:47 pagetables:762 bounce:0 free:17 free_pcp:85 free_cma:0 Node 0 active_anon:245428kB inactive_anon:160kB active_file:0kB inactive_file:104kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208912kB dirty:0kB writeback:0kB shmem:188kB writeback_tmp:0kB unstable:0kB pages_scanned:10 all_unreclaimable? no DMA32 free:4kB min:4696kB low:7712kB high:10728kB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3020092kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB Normal free:64kB min:5580kB low:9168kB high:12756kB active_anon:245424kB inactive_anon:160kB active_file:0kB inactive_file:104kB unevictable:0kB writepending:0kB present:4718592kB managed:3589312kB mlocked:0kB slab_reclaimable:24316kB slab_unreclaimable:228728kB kernel_stack:3872kB pagetables:3048kB bounce:0kB free_pcp:220kB local_pcp:100kB free_cma:0kB DMA32: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313628 pages reserved ODEBUG: Out of memory. ODEBUG disabled BUG: Bad rss-counter state mm:000000007d2fb278 idx:0 val:4 selinux_nlmsg_perm: 48 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=8973 comm=syz-executor.2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26159 sclass=netlink_route_socket pig=8977 comm=syz-executor.2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=8985 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=8985 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=8994 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8994 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8994 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8994 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8994 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3558 sclass=netlink_route_socket pig=8973 comm=syz-executor.2 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode selinux_nlmsg_perm: 74 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=9377 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=9382 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=9382 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=9386 comm=syz-executor.5 device lo entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=9386 comm=syz-executor.5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=9386 comm=syz-executor.5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9424 comm=syz-executor.5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=9424 comm=syz-executor.5