lowmemorykiller: Killing 'syz-executor.5' (8948) (tgid 8947), adj 1000, to free 35944kB on behalf of 'kworker/u4:2' (2103) because cache 61532kB is below limit 65536kB for oom_score_adj 12 Free memory is -13332kB above reserved ====================================================== [ INFO: possible circular locking dependency detected ] 4.9.193+ #0 Not tainted ------------------------------------------------------- kworker/u4:2/2103 is trying to acquire lock: (&mm->mmap_sem){++++++}, at: [<0000000069a1a565>] get_cmdline+0xa3/0x2d0 mm/util.c:641 but task is already holding lock: (&sbi->s_journal_flag_rwsem){.+.+.+}, at: [<000000001c74a786>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&sbi->s_journal_flag_rwsem){.+.+.+}: lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 filemap_write_and_wait_range mm/filemap.c:580 [inline] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573 ext4_insert_range+0x606/0x1260 fs/ext4/extents.c:5699 ext4_fallocate+0x660/0x2060 fs/ext4/extents.c:4974 vfs_fallocate+0x407/0x6a0 fs/open.c:329 SYSC_fallocate fs/open.c:352 [inline] SyS_fallocate+0x52/0x90 fs/open.c:346 do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 entry_SYSCALL_64_after_swapgs+0x5d/0xdb -> #1 (&ei->i_mmap_sem){++++.+}: lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_filemap_fault+0x67/0xa0 fs/ext4/inode.c:5853 __do_fault+0x2a8/0x6c0 mm/memory.c:2855 do_cow_fault mm/memory.c:3236 [inline] do_fault mm/memory.c:3340 [inline] handle_pte_fault mm/memory.c:3547 [inline] __handle_mm_fault mm/memory.c:3634 [inline] handle_mm_fault+0x723/0x2420 mm/memory.c:3671 __do_page_fault+0x3f0/0xa60 arch/x86/mm/fault.c:1401 do_page_fault+0x28/0x30 arch/x86/mm/fault.c:1464 page_fault+0x25/0x30 arch/x86/entry/entry_64.S:956 clear_user+0x79/0xd0 arch/x86/lib/usercopy_64.c:52 padzero fs/binfmt_elf.c:119 [inline] load_elf_binary+0x2f63/0x4a90 fs/binfmt_elf.c:1042 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 -> #0 (&mm->mmap_sem){++++++}: check_prev_add kernel/locking/lockdep.c:1828 [inline] check_prevs_add kernel/locking/lockdep.c:1938 [inline] validate_chain kernel/locking/lockdep.c:2265 [inline] __lock_acquire+0x2d22/0x4390 kernel/locking/lockdep.c:3345 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 get_cmdline+0xa3/0x2d0 mm/util.c:641 handle_lmk_event+0x169/0x920 drivers/staging/android/lowmemorykiller.c:116 lowmem_scan+0x6f3/0xb70 drivers/staging/android/lowmemorykiller.c:354 do_shrink_slab mm/vmscan.c:399 [inline] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 shrink_slab mm/vmscan.c:466 [inline] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 shrink_zones mm/vmscan.c:2751 [inline] do_try_to_free_pages mm/vmscan.c:2793 [inline] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 __perform_reclaim mm/page_alloc.c:3332 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_slab_page mm/slub.c:1408 [inline] allocate_slab mm/slub.c:1557 [inline] new_slab+0x33b/0x3e0 mm/slub.c:1635 new_slab_objects mm/slub.c:2419 [inline] ___slab_alloc.constprop.0+0x361/0x470 mm/slub.c:2576 __slab_alloc.isra.0.constprop.0+0x50/0xa0 mm/slub.c:2618 slab_alloc_node mm/slub.c:2681 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0x212/0x2b0 mm/slub.c:2728 mempool_alloc_slab+0x47/0x60 mm/mempool.c:449 mempool_alloc+0x149/0x360 mm/mempool.c:329 bvec_alloc+0xce/0x2e0 block/bio.c:215 bio_alloc_bioset+0x4f5/0x7d0 block/bio.c:494 bio_alloc include/linux/bio.h:393 [inline] io_submit_init_bio fs/ext4/page-io.c:362 [inline] io_submit_add_bh fs/ext4/page-io.c:387 [inline] ext4_bio_write_page+0x5a6/0xb60 fs/ext4/page-io.c:492 mpage_submit_page+0x138/0x240 fs/ext4/inode.c:2144 mpage_process_page_bufs+0x3b7/0x4a0 fs/ext4/inode.c:2249 mpage_prepare_extent_to_map+0x449/0x9a0 fs/ext4/inode.c:2618 ext4_writepages+0xf2e/0x2de0 fs/ext4/inode.c:2780 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __writeback_single_inode+0xd9/0x1040 fs/fs-writeback.c:1364 writeback_sb_inodes+0x50f/0xea0 fs/fs-writeback.c:1628 __writeback_inodes_wb+0xc3/0x210 fs/fs-writeback.c:1697 wb_writeback+0x637/0xbd0 fs/fs-writeback.c:1806 wb_do_writeback fs/fs-writeback.c:1938 [inline] wb_workfn+0x1c4/0xe70 fs/fs-writeback.c:1974 process_one_work+0x88b/0x1600 kernel/workqueue.c:2114 worker_thread+0x5df/0x11d0 kernel/workqueue.c:2251 kthread+0x278/0x310 kernel/kthread.c:211 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 other info that might help us debug this: Chain exists of: &mm->mmap_sem --> &ei->i_mmap_sem --> &sbi->s_journal_flag_rwsem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sbi->s_journal_flag_rwsem); lock(&ei->i_mmap_sem); lock(&sbi->s_journal_flag_rwsem); lock(&mm->mmap_sem); *** DEADLOCK *** 5 locks held by kworker/u4:2/2103: #0: ("writeback"){.+.+.+}, at: [<00000000bb7fbb52>] process_one_work+0x790/0x1600 kernel/workqueue.c:2107 #1: ((&(&wb->dwork)->work)){+.+.+.}, at: [<00000000b7ceccbe>] process_one_work+0x7ce/0x1600 kernel/workqueue.c:2111 #2: (&type->s_umount_key#32){++++++}, at: [<000000008eeb676e>] trylock_super+0x20/0xf0 fs/super.c:403 #3: (&sbi->s_journal_flag_rwsem){.+.+.+}, at: [<000000001c74a786>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 #4: (shrinker_rwsem){++++..}, at: [<000000004468ed49>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 stack backtrace: CPU: 0 PID: 2103 Comm: kworker/u4:2 Not tainted 4.9.193+ #0 Workqueue: writeback wb_workfn (flush-8:0) ffff8801d6fb6308 ffffffff81b67081 ffffffff83cb0990 ffffffff83cb8d30 ffffffff83cb18c0 ffffffff84252000 ffff8801cf2517c0 ffff8801d6fb6360 ffffffff81406e23 ffffffff81078c46 ffffffff84002180 ffff8801cf252138 Call Trace: [<000000000aee630c>] __dump_stack lib/dump_stack.c:15 [inline] [<000000000aee630c>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000fde5d67e>] print_circular_bug.cold+0x2f6/0x454 kernel/locking/lockdep.c:1202 [<00000000328b3da0>] check_prev_add kernel/locking/lockdep.c:1828 [inline] [<00000000328b3da0>] check_prevs_add kernel/locking/lockdep.c:1938 [inline] [<00000000328b3da0>] validate_chain kernel/locking/lockdep.c:2265 [inline] [<00000000328b3da0>] __lock_acquire+0x2d22/0x4390 kernel/locking/lockdep.c:3345 [<000000000e400569>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<00000000a09cac19>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<0000000069a1a565>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<0000000057a3e87b>] handle_lmk_event+0x169/0x920 drivers/staging/android/lowmemorykiller.c:116 [<0000000039514a00>] lowmem_scan+0x6f3/0xb70 drivers/staging/android/lowmemorykiller.c:354 [<00000000a7eb78a7>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000a7eb78a7>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000d9829064>] shrink_slab mm/vmscan.c:466 [inline] [<00000000d9829064>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000e4cbd048>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000e4cbd048>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000e4cbd048>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<00000000dc897583>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<00000000dc897583>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<00000000dc897583>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<00000000dc897583>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<000000007ff5fb08>] __alloc_pages include/linux/gfp.h:433 [inline] [<000000007ff5fb08>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<000000007ff5fb08>] alloc_slab_page mm/slub.c:1408 [inline] [<000000007ff5fb08>] allocate_slab mm/slub.c:1557 [inline] [<000000007ff5fb08>] new_slab+0x33b/0x3e0 mm/slub.c:1635 [<00000000a40e0ae1>] new_slab_objects mm/slub.c:2419 [inline] [<00000000a40e0ae1>] ___slab_alloc.constprop.0+0x361/0x470 mm/slub.c:2576 [<00000000fa1b263b>] __slab_alloc.isra.0.constprop.0+0x50/0xa0 mm/slub.c:2618 [<000000003a8c5b73>] slab_alloc_node mm/slub.c:2681 [inline] [<000000003a8c5b73>] slab_alloc mm/slub.c:2723 [inline] [<000000003a8c5b73>] kmem_cache_alloc+0x212/0x2b0 mm/slub.c:2728 [<00000000855e8563>] mempool_alloc_slab+0x47/0x60 mm/mempool.c:449 [<00000000b61f58df>] mempool_alloc+0x149/0x360 mm/mempool.c:329 [<0000000093ec1b2d>] bvec_alloc+0xce/0x2e0 block/bio.c:215 [<0000000024d89700>] bio_alloc_bioset+0x4f5/0x7d0 block/bio.c:494 [<00000000cb563cf9>] bio_alloc include/linux/bio.h:393 [inline] [<00000000cb563cf9>] io_submit_init_bio fs/ext4/page-io.c:362 [inline] [<00000000cb563cf9>] io_submit_add_bh fs/ext4/page-io.c:387 [inline] [<00000000cb563cf9>] ext4_bio_write_page+0x5a6/0xb60 fs/ext4/page-io.c:492 [<00000000271ba096>] mpage_submit_page+0x138/0x240 fs/ext4/inode.c:2144 [<00000000b56e5b15>] mpage_process_page_bufs+0x3b7/0x4a0 fs/ext4/inode.c:2249 [<000000004002270e>] mpage_prepare_extent_to_map+0x449/0x9a0 fs/ext4/inode.c:2618 [<00000000cc9654e9>] ext4_writepages+0xf2e/0x2de0 fs/ext4/inode.c:2780 [<000000001c74a786>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 [<000000009edece03>] __writeback_single_inode+0xd9/0x1040 fs/fs-writeback.c:1364 [<00000000f1876bb1>] writeback_sb_inodes+0x50f/0xea0 fs/fs-writeback.c:1628 [<0000000053cb3972>] __writeback_inodes_wb+0xc3/0x210 fs/fs-writeback.c:1697 [<00000000d1717f85>] wb_writeback+0x637/0xbd0 fs/fs-writeback.c:1806 [<00000000b8796ce3>] wb_do_writeback fs/fs-writeback.c:1938 [inline] [<00000000b8796ce3>] wb_workfn+0x1c4/0xe70 fs/fs-writeback.c:1974 [<00000000b8630808>] process_one_work+0x88b/0x1600 kernel/workqueue.c:2114 [<000000005031ef96>] worker_thread+0x5df/0x11d0 kernel/workqueue.c:2251 [<0000000026d221a5>] kthread+0x278/0x310 kernel/kthread.c:211 [<00000000655a7691>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 oom_reaper: reaped process 8952 (syz-executor.5), now anon-rss:0kB, file-rss:16kB, shmem-rss:0kB syz-executor.5: vmalloc: allocation failure, allocated 1601253376 of 4294975488 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 1 PID: 8952 Comm: syz-executor.5 Not tainted 4.9.193+ #0 ffff8800862d7980 ffffffff81b67081 1ffff10010c5af32 dffffc0000000000 ffffffff82aab400 0000000000000000 0000000000400000 ffff8800862d7aa8 ffffffff8150819c 0000000041b58ab3 ffffffff82e3bbf0 ffffffff81431da0 Call Trace: [<000000000aee630c>] __dump_stack lib/dump_stack.c:15 [inline] [<000000000aee630c>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000c32cf0e9>] warn_alloc.cold+0x76/0x93 mm/page_alloc.c:3069 [<000000008de0e442>] __vmalloc_area_node mm/vmalloc.c:1665 [inline] [<000000008de0e442>] __vmalloc_node_range+0x404/0x610 mm/vmalloc.c:1706 [<00000000f00f3822>] __vmalloc_node mm/vmalloc.c:1755 [inline] [<00000000f00f3822>] __vmalloc_node_flags mm/vmalloc.c:1769 [inline] [<00000000f00f3822>] vmalloc+0x5c/0x70 mm/vmalloc.c:1784 [<000000009a374aba>] xt_alloc_table_info+0xc8/0x100 net/netfilter/x_tables.c:997 [<0000000041ef79b6>] do_replace.isra.0+0x111/0x480 net/ipv4/netfilter/arp_tables.c:979 [<000000006f1d40a2>] do_arpt_set_ctl+0x108/0x150 net/ipv4/netfilter/arp_tables.c:1469 [<00000000ff566772>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [<00000000ff566772>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [<00000000c5b6f978>] ip_setsockopt net/ipv4/ip_sockglue.c:1247 [inline] [<00000000c5b6f978>] ip_setsockopt+0x8a/0xa0 net/ipv4/ip_sockglue.c:1232 [<00000000f5a98768>] tcp_setsockopt net/ipv4/tcp.c:2759 [inline] [<00000000f5a98768>] tcp_setsockopt+0x8a/0xe0 net/ipv4/tcp.c:2753 [<0000000099cab82c>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2710 [<00000000d125083e>] SYSC_setsockopt net/socket.c:1786 [inline] [<00000000d125083e>] SyS_setsockopt+0x159/0x240 net/socket.c:1765 [<00000000b4d73bcf>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<0000000062febacf>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Mem-Info: active_anon:77833 inactive_anon:41 isolated_anon:0 active_file:53 inactive_file:75 isolated_file:0 unevictable:0 dirty:8 writeback:37 unstable:0 slab_reclaimable:6711 slab_unreclaimable:57389 mapped:52315 shmem:48 pagetables:1516 bounce:0 free:388 free_pcp:29 free_cma:0 Node 0 active_anon:311332kB inactive_anon:164kB active_file:212kB inactive_file:300kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209260kB dirty:32kB writeback:148kB shmem:192kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA32 free:44kB min:4696kB low:7712kB high:10728kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3020092kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:32kB pagetables:28kB bounce:0kB free_pcp:20kB local_pcp:0kB free_cma:0kB Normal free:1508kB min:5580kB low:9168kB high:12756kB active_anon:311332kB inactive_anon:164kB active_file:212kB inactive_file:300kB unevictable:0kB writepending:32kB present:4718592kB managed:3589316kB mlocked:0kB slab_reclaimable:26844kB slab_unreclaimable:229556kB kernel_stack:4704kB pagetables:6036kB bounce:0kB free_pcp:96kB local_pcp:0kB free_cma:0kB DMA32: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313627 pages reserved ODEBUG: Out of memory. ODEBUG disabled BUG: Bad rss-counter state mm:00000000b51797fc idx:0 val:3