lowmemorykiller: Killing 'syz-executor.4' (10964) (tgid 10964), adj 1000, to free 36064kB on behalf of 'kworker/u4:3' (2096) because cache 54896kB is below limit 65536kB for oom_score_adj 12 Free memory is -11004kB above reserved ====================================================== [ INFO: possible circular locking dependency detected ] 4.9.194+ #0 Not tainted ------------------------------------------------------- kworker/u4:3/2096 is trying to acquire lock: (&mm->mmap_sem){++++++}, at: [<0000000066d33c27>] get_cmdline+0xa3/0x2d0 mm/util.c:641 but task is already holding lock: (&sbi->s_journal_flag_rwsem){.+.+.+}, at: [<000000001d064f01>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&sbi->s_journal_flag_rwsem){.+.+.+}: lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 filemap_write_and_wait_range mm/filemap.c:580 [inline] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573 ext4_insert_range+0x606/0x1260 fs/ext4/extents.c:5699 ext4_fallocate+0x660/0x2060 fs/ext4/extents.c:4974 vfs_fallocate+0x407/0x6a0 fs/open.c:329 SYSC_fallocate fs/open.c:352 [inline] SyS_fallocate+0x52/0x90 fs/open.c:346 do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 entry_SYSCALL_64_after_swapgs+0x5d/0xdb -> #1 (&ei->i_mmap_sem){++++.+}: lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_filemap_fault+0x67/0xa0 fs/ext4/inode.c:5853 __do_fault+0x2a8/0x6c0 mm/memory.c:2855 do_cow_fault mm/memory.c:3236 [inline] do_fault mm/memory.c:3340 [inline] handle_pte_fault mm/memory.c:3547 [inline] __handle_mm_fault mm/memory.c:3634 [inline] handle_mm_fault+0x723/0x2420 mm/memory.c:3671 __do_page_fault+0x3f0/0xa60 arch/x86/mm/fault.c:1401 do_page_fault+0x28/0x30 arch/x86/mm/fault.c:1464 page_fault+0x25/0x30 arch/x86/entry/entry_64.S:956 clear_user+0x79/0xd0 arch/x86/lib/usercopy_64.c:52 padzero fs/binfmt_elf.c:119 [inline] load_elf_binary+0x2f63/0x4a90 fs/binfmt_elf.c:1042 search_binary_handler fs/exec.c:1621 [inline] search_binary_handler+0x14f/0x700 fs/exec.c:1599 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.0+0xf81/0x1db0 fs/exec.c:1785 do_execve+0x3a/0x50 fs/exec.c:1829 run_init_process+0x33/0x37 init/main.c:904 try_to_run_init_process+0x18/0x48 init/main.c:913 kernel_init+0xf2/0x163 init/main.c:984 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 -> #0 (&mm->mmap_sem){++++++}: check_prev_add kernel/locking/lockdep.c:1828 [inline] check_prevs_add kernel/locking/lockdep.c:1938 [inline] validate_chain kernel/locking/lockdep.c:2265 [inline] __lock_acquire+0x2d22/0x4390 kernel/locking/lockdep.c:3345 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 get_cmdline+0xa3/0x2d0 mm/util.c:641 handle_lmk_event+0x169/0x920 drivers/staging/android/lowmemorykiller.c:116 lowmem_scan+0x6f3/0xb70 drivers/staging/android/lowmemorykiller.c:354 do_shrink_slab mm/vmscan.c:399 [inline] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 shrink_slab mm/vmscan.c:466 [inline] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 shrink_zones mm/vmscan.c:2751 [inline] do_try_to_free_pages mm/vmscan.c:2793 [inline] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 __perform_reclaim mm/page_alloc.c:3332 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_slab_page mm/slub.c:1408 [inline] allocate_slab mm/slub.c:1557 [inline] new_slab+0x33b/0x3e0 mm/slub.c:1635 new_slab_objects mm/slub.c:2419 [inline] ___slab_alloc.constprop.0+0x361/0x470 mm/slub.c:2576 __slab_alloc.isra.0.constprop.0+0x50/0xa0 mm/slub.c:2618 slab_alloc_node mm/slub.c:2681 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0x212/0x2b0 mm/slub.c:2728 mempool_alloc_slab+0x47/0x60 mm/mempool.c:449 mempool_alloc+0x149/0x360 mm/mempool.c:329 bvec_alloc+0xce/0x2e0 block/bio.c:215 bio_alloc_bioset+0x4f5/0x7d0 block/bio.c:494 bio_alloc include/linux/bio.h:393 [inline] io_submit_init_bio fs/ext4/page-io.c:362 [inline] io_submit_add_bh fs/ext4/page-io.c:387 [inline] ext4_bio_write_page+0x5a6/0xb60 fs/ext4/page-io.c:492 mpage_submit_page+0x138/0x240 fs/ext4/inode.c:2144 mpage_process_page_bufs+0x3b7/0x4a0 fs/ext4/inode.c:2249 mpage_prepare_extent_to_map+0x449/0x9a0 fs/ext4/inode.c:2618 ext4_writepages+0xf2e/0x2de0 fs/ext4/inode.c:2780 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __writeback_single_inode+0xd9/0x1040 fs/fs-writeback.c:1364 writeback_sb_inodes+0x50f/0xea0 fs/fs-writeback.c:1628 __writeback_inodes_wb+0xc3/0x210 fs/fs-writeback.c:1697 wb_writeback+0x637/0xbd0 fs/fs-writeback.c:1806 wb_do_writeback fs/fs-writeback.c:1938 [inline] wb_workfn+0x1c4/0xe70 fs/fs-writeback.c:1974 process_one_work+0x88b/0x1600 kernel/workqueue.c:2114 worker_thread+0x5df/0x11d0 kernel/workqueue.c:2251 kthread+0x278/0x310 kernel/kthread.c:211 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 other info that might help us debug this: Chain exists of: &mm->mmap_sem --> &ei->i_mmap_sem --> &sbi->s_journal_flag_rwsem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sbi->s_journal_flag_rwsem); lock(&ei->i_mmap_sem); lock(&sbi->s_journal_flag_rwsem); lock(&mm->mmap_sem); *** DEADLOCK *** 5 locks held by kworker/u4:3/2096: #0: ("writeback"){++++.+}, at: [<00000000cc6254db>] process_one_work+0x790/0x1600 kernel/workqueue.c:2107 #1: ((&(&wb->dwork)->work)){+.+.+.}, at: [<00000000b94cd30c>] process_one_work+0x7ce/0x1600 kernel/workqueue.c:2111 #2: (&type->s_umount_key#32){++++++}, at: [<00000000ffee7f54>] trylock_super+0x20/0xf0 fs/super.c:403 #3: (&sbi->s_journal_flag_rwsem){.+.+.+}, at: [<000000001d064f01>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 #4: (shrinker_rwsem){++++..}, at: [<0000000028f6f675>] shrink_slab.part.0+0xb2/0xa20 mm/vmscan.c:472 stack backtrace: CPU: 0 PID: 2096 Comm: kworker/u4:3 Not tainted 4.9.194+ #0 Workqueue: writeback wb_workfn (flush-8:0) ffff8801a7d0e308 ffffffff81b67001 ffffffff83cb07e0 ffffffff83cb8ee0 ffffffff83cb1560 ffffffff84252000 ffff8801d8402f80 ffff8801a7d0e360 ffffffff81406d83 ffffffff81078ba6 ffffffff84002300 ffff8801d84038f8 Call Trace: [<00000000f376991a>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000f376991a>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<000000003aeeaed1>] print_circular_bug.cold+0x2f6/0x454 kernel/locking/lockdep.c:1202 [<000000004d7062a0>] check_prev_add kernel/locking/lockdep.c:1828 [inline] [<000000004d7062a0>] check_prevs_add kernel/locking/lockdep.c:1938 [inline] [<000000004d7062a0>] validate_chain kernel/locking/lockdep.c:2265 [inline] [<000000004d7062a0>] __lock_acquire+0x2d22/0x4390 kernel/locking/lockdep.c:3345 [<00000000d68b8f8c>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<000000001cbe05e5>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<0000000066d33c27>] get_cmdline+0xa3/0x2d0 mm/util.c:641 [<0000000074f5b64e>] handle_lmk_event+0x169/0x920 drivers/staging/android/lowmemorykiller.c:116 [<00000000eb93f34e>] lowmem_scan+0x6f3/0xb70 drivers/staging/android/lowmemorykiller.c:354 [<00000000b976bf58>] do_shrink_slab mm/vmscan.c:399 [inline] [<00000000b976bf58>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:502 [<00000000edfaca47>] shrink_slab mm/vmscan.c:466 [inline] [<00000000edfaca47>] shrink_node+0x1ed/0x750 mm/vmscan.c:2604 [<00000000840ccb9a>] shrink_zones mm/vmscan.c:2751 [inline] [<00000000840ccb9a>] do_try_to_free_pages mm/vmscan.c:2793 [inline] [<00000000840ccb9a>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3004 [<0000000084e2334f>] __perform_reclaim mm/page_alloc.c:3332 [inline] [<0000000084e2334f>] __alloc_pages_direct_reclaim mm/page_alloc.c:3354 [inline] [<0000000084e2334f>] __alloc_pages_slowpath mm/page_alloc.c:3704 [inline] [<0000000084e2334f>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3861 [<0000000002bfcdd4>] __alloc_pages include/linux/gfp.h:433 [inline] [<0000000002bfcdd4>] __alloc_pages_node include/linux/gfp.h:446 [inline] [<0000000002bfcdd4>] alloc_slab_page mm/slub.c:1408 [inline] [<0000000002bfcdd4>] allocate_slab mm/slub.c:1557 [inline] [<0000000002bfcdd4>] new_slab+0x33b/0x3e0 mm/slub.c:1635 [<000000007e2e911d>] new_slab_objects mm/slub.c:2419 [inline] [<000000007e2e911d>] ___slab_alloc.constprop.0+0x361/0x470 mm/slub.c:2576 [<0000000077e0f620>] __slab_alloc.isra.0.constprop.0+0x50/0xa0 mm/slub.c:2618 [<00000000d81bcf43>] slab_alloc_node mm/slub.c:2681 [inline] [<00000000d81bcf43>] slab_alloc mm/slub.c:2723 [inline] [<00000000d81bcf43>] kmem_cache_alloc+0x212/0x2b0 mm/slub.c:2728 [<000000004418e72d>] mempool_alloc_slab+0x47/0x60 mm/mempool.c:449 [<0000000094d225f6>] mempool_alloc+0x149/0x360 mm/mempool.c:329 [<000000001cb1183d>] bvec_alloc+0xce/0x2e0 block/bio.c:215 [<000000009cce2cfe>] bio_alloc_bioset+0x4f5/0x7d0 block/bio.c:494 [<00000000b98b760c>] bio_alloc include/linux/bio.h:393 [inline] [<00000000b98b760c>] io_submit_init_bio fs/ext4/page-io.c:362 [inline] [<00000000b98b760c>] io_submit_add_bh fs/ext4/page-io.c:387 [inline] [<00000000b98b760c>] ext4_bio_write_page+0x5a6/0xb60 fs/ext4/page-io.c:492 [<000000009711d3db>] mpage_submit_page+0x138/0x240 fs/ext4/inode.c:2144 [<0000000021647762>] mpage_process_page_bufs+0x3b7/0x4a0 fs/ext4/inode.c:2249 [<0000000079b53999>] mpage_prepare_extent_to_map+0x449/0x9a0 fs/ext4/inode.c:2618 [<000000000207ab0d>] ext4_writepages+0xf2e/0x2de0 fs/ext4/inode.c:2780 [<000000001d064f01>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 [<00000000bfe5aa2e>] __writeback_single_inode+0xd9/0x1040 fs/fs-writeback.c:1364 [<000000002e52d1ef>] writeback_sb_inodes+0x50f/0xea0 fs/fs-writeback.c:1628 [<000000001c07a58f>] __writeback_inodes_wb+0xc3/0x210 fs/fs-writeback.c:1697 [<000000003230d488>] wb_writeback+0x637/0xbd0 fs/fs-writeback.c:1806 [<0000000044ccf335>] wb_do_writeback fs/fs-writeback.c:1938 [inline] [<0000000044ccf335>] wb_workfn+0x1c4/0xe70 fs/fs-writeback.c:1974 [<00000000495a3b55>] process_one_work+0x88b/0x1600 kernel/workqueue.c:2114 [<00000000e489f3bc>] worker_thread+0x5df/0x11d0 kernel/workqueue.c:2251 [<00000000aecef5d3>] kthread+0x278/0x310 kernel/kthread.c:211 [<0000000050e7966c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 lowmemorykiller: Killing 'syz-executor.4' (10995) (tgid 10995), adj 1000, to free 36152kB on behalf of 'syz-executor.2' (10966) because cache 53196kB is below limit 65536kB for oom_score_adj 12 Free memory is -12856kB above reserved lowmemorykiller: Killing 'syz-executor.4' (4287) (tgid 4287), adj 1000, to free 36060kB on behalf of 'kworker/u4:3' (2096) because cache 50696kB is below limit 65536kB for oom_score_adj 12 Free memory is -12516kB above reserved lowmemorykiller: Killing 'syz-executor.0' (7781) (tgid 7781), adj 1000, to free 36052kB on behalf of 'kworker/u4:3' (2096) because cache 48596kB is below limit 65536kB for oom_score_adj 12 Free memory is -10360kB above reserved lowmemorykiller: Killing 'syz-executor.5' (7558) (tgid 7558), adj 1000, to free 36044kB on behalf of 'syz-executor.2' (10966) because cache 42596kB is below limit 65536kB for oom_score_adj 12 Free memory is -12372kB above reserved lowmemorykiller: Killing 'syz-executor.0' (4715) (tgid 4715), adj 1000, to free 36008kB on behalf of 'syz-executor.2' (10966) because cache 40396kB is below limit 65536kB for oom_score_adj 12 Free memory is -11472kB above reserved lowmemorykiller: Killing 'syz-executor.2' (10957) (tgid 10935), adj 1000, to free 35996kB on behalf of 'kswapd0' (33) because cache 40296kB is below limit 65536kB for oom_score_adj 12 Free memory is -11272kB above reserved oom_reaper: reaped process 10966 (syz-executor.2), now anon-rss:0kB, file-rss:16kB, shmem-rss:0kB syz-executor.2: vmalloc: allocation failure, allocated 1904832512 of 4294975488 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 10966 Comm: syz-executor.2 Not tainted 4.9.194+ #0 ffff8801b13f7988 ffffffff81b67001 1ffff1003627ef33 dffffc0000000000 ffffffff82aab480 0000000000000000 0000000000400000 ffff8801b13f7ab0 ffffffff815080fc 0000000041b58ab3 ffffffff82e3bc80 ffffffff81431d00 Call Trace: [<00000000f376991a>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000f376991a>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000ab89fca7>] warn_alloc.cold+0x76/0x93 mm/page_alloc.c:3069 [<0000000082e02f2a>] __vmalloc_area_node mm/vmalloc.c:1665 [inline] [<0000000082e02f2a>] __vmalloc_node_range+0x404/0x610 mm/vmalloc.c:1706 [<00000000a54eefdf>] __vmalloc_node mm/vmalloc.c:1755 [inline] [<00000000a54eefdf>] __vmalloc_node_flags mm/vmalloc.c:1769 [inline] [<00000000a54eefdf>] vmalloc+0x5c/0x70 mm/vmalloc.c:1784 [<000000005ef1b8d4>] xt_alloc_table_info+0xc8/0x100 net/netfilter/x_tables.c:997 [<00000000b16190fb>] do_replace.isra.0+0x111/0x480 net/ipv4/netfilter/arp_tables.c:979 [<000000003bd5a046>] do_arpt_set_ctl+0x108/0x150 net/ipv4/netfilter/arp_tables.c:1469 [<00000000983734d5>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [<00000000983734d5>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [<00000000eaa13df8>] ip_setsockopt net/ipv4/ip_sockglue.c:1247 [inline] [<00000000eaa13df8>] ip_setsockopt+0x8a/0xa0 net/ipv4/ip_sockglue.c:1232 [<0000000016e47bf1>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2114 [<0000000022193c07>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2710 [<00000000a8c5b62e>] SYSC_setsockopt net/socket.c:1786 [inline] [<00000000a8c5b62e>] SyS_setsockopt+0x159/0x240 net/socket.c:1765 [<00000000497698f6>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<0000000046dde942>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Mem-Info: active_anon:77172 inactive_anon:43 isolated_anon:0 active_file:3 inactive_file:43 isolated_file:0 unevictable:0 dirty:8 writeback:15 unstable:0 slab_reclaimable:5842 slab_unreclaimable:59857 mapped:52260 shmem:50 pagetables:1648 bounce:0 free:0 free_pcp:21 free_cma:0 Node 0 active_anon:308688kB inactive_anon:172kB active_file:12kB inactive_file:172kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209040kB dirty:32kB writeback:60kB shmem:200kB writeback_tmp:0kB unstable:0kB pages_scanned:11 all_unreclaimable? no DMA32 free:0kB min:4696kB low:7712kB high:10728kB active_anon:32kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3020092kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:416kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB Normal free:0kB min:5580kB low:9168kB high:12756kB active_anon:308656kB inactive_anon:164kB active_file:12kB inactive_file:172kB unevictable:0kB writepending:92kB present:4718592kB managed:3589316kB mlocked:0kB slab_reclaimable:23368kB slab_unreclaimable:239012kB kernel_stack:5536kB pagetables:6592kB bounce:0kB free_pcp:84kB local_pcp:84kB free_cma:0kB DMA32: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313627 pages reserved lowmemorykiller: Killing 'syz-executor.0' (4066) (tgid 4066), adj 1000, to free 35036kB on behalf of 'kswapd0' (33) because cache 196kB is below limit 6144kB for oom_score_adj 0 Free memory is -37276kB above reserved BUG: Bad rss-counter state mm:000000005083bfae idx:0 val:4 IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready ip6_tunnel: ¤ xmit: Local address not yet configured! ip6_tunnel: ¤ xmit: Local address not yet configured! ip6_tunnel: ¤ xmit: Local address not yet configured! ip6_tunnel: ¤ xmit: Local address not yet configured! IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready ip6_tunnel: ¤ xmit: Local address not yet configured! nla_parse: 10 callbacks suppressed netlink: 188 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 188 bytes leftover after parsing attributes in process `syz-executor.1'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31262 sclass=netlink_route_socket pig=11162 comm=syz-executor.4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31262 sclass=netlink_route_socket pig=11164 comm=syz-executor.4