| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| android-49 | inconsistent lock state in shmem_fallocate | 4 | C | 28 | 2177d | 2409d | 0/3 | public: reported C repro on 2019/04/14 00:00 |
syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| android-49 | inconsistent lock state in shmem_fallocate | 4 | C | 28 | 2177d | 2409d | 0/3 | public: reported C repro on 2019/04/14 00:00 |
=================================
[ INFO: inconsistent lock state ]
4.4.169+ #2 Not tainted
---------------------------------
inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage.
kswapd0/28 [HC0[0]:SC0[0]:HE1:SE1] takes:
(&sb->s_type->i_mutex_key#10){+.+.?.}, at: [<ffffffff8140445b>] shmem_fallocate+0x13b/0x9c0 mm/shmem.c:2078
{RECLAIM_FS-ON-W} state was registered at:
[<ffffffff811fedc1>] mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2536
[<ffffffff8120759c>] __lockdep_trace_alloc kernel/locking/lockdep.c:2758 [inline]
[<ffffffff8120759c>] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2773
[<ffffffff813d004a>] __alloc_pages_nodemask+0x13a/0x14b0 mm/page_alloc.c:3266
[<ffffffff81401b33>] __alloc_pages include/linux/gfp.h:415 [inline]
[<ffffffff81401b33>] __alloc_pages_node include/linux/gfp.h:428 [inline]
[<ffffffff81401b33>] alloc_pages_node include/linux/gfp.h:442 [inline]
[<ffffffff81401b33>] shmem_alloc_page mm/shmem.c:953 [inline]
[<ffffffff81401b33>] shmem_getpage_gfp+0x6a3/0x1120 mm/shmem.c:1191
[<ffffffff8140269b>] shmem_getpage mm/shmem.c:130 [inline]
[<ffffffff8140269b>] shmem_write_begin+0xeb/0x190 mm/shmem.c:1509
[<ffffffff813b92a1>] generic_perform_write+0x281/0x540 mm/filemap.c:2591
[<ffffffff813bcec0>] __generic_file_write_iter+0x350/0x540 mm/filemap.c:2716
[<ffffffff813bd45a>] generic_file_write_iter+0x3aa/0x740 mm/filemap.c:2744
[<ffffffff814964b8>] new_sync_write fs/read_write.c:478 [inline]
[<ffffffff814964b8>] __vfs_write+0x2e8/0x3d0 fs/read_write.c:491
[<ffffffff81497fe2>] vfs_write+0x182/0x4e0 fs/read_write.c:538
[<ffffffff8149a61c>] SYSC_write fs/read_write.c:585 [inline]
[<ffffffff8149a61c>] SyS_write+0xdc/0x1c0 fs/read_write.c:577
[<ffffffff827153a1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
irq event stamp: 41
hardirqs last enabled at (41): [<ffffffff827088cd>] __mutex_trylock_slowpath kernel/locking/mutex.c:885 [inline]
hardirqs last enabled at (41): [<ffffffff827088cd>] mutex_trylock+0x28d/0x500 kernel/locking/mutex.c:908
hardirqs last disabled at (40): [<ffffffff827086ef>] __mutex_trylock_slowpath kernel/locking/mutex.c:873 [inline]
hardirqs last disabled at (40): [<ffffffff827086ef>] mutex_trylock+0xaf/0x500 kernel/locking/mutex.c:908
softirqs last enabled at (0): [<ffffffff810cbe1b>] copy_process+0x127b/0x68c0 kernel/fork.c:1468
softirqs last disabled at (0): [< (null)>] (null)
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&sb->s_type->i_mutex_key#10);
<Interrupt>
lock(&sb->s_type->i_mutex_key#10);
*** DEADLOCK ***
2 locks held by kswapd0/28:
#0: (shrinker_rwsem){++++..}, at: [<ffffffff813ee0b2>] shrink_slab.part.0+0xb2/0xb30 mm/vmscan.c:431
#1: (ashmem_mutex){+.+.+.}, at: [<ffffffff82118166>] ashmem_shrink_scan+0x56/0x4c0 drivers/staging/android/ashmem.c:442
stack backtrace:
CPU: 1 PID: 28 Comm: kswapd0 Not tainted 4.4.169+ #2
0000000000000000 218b77c28ac0b8db ffff8800bb657290 ffffffff81aab9c1
00000000000000f0 ffff8800001f5f00 ffffffff83abd980 ffffffff84055ac0
ffff8800001f6838 ffff8800bb657308 ffffffff813ad270 0000000000000000
Call Trace:
[<ffffffff81aab9c1>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81aab9c1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff813ad270>] print_usage_bug.cold+0x454/0x592 kernel/locking/lockdep.c:2267
[<ffffffff811fdfcd>] valid_state kernel/locking/lockdep.c:2280 [inline]
[<ffffffff811fdfcd>] mark_lock_irq kernel/locking/lockdep.c:2478 [inline]
[<ffffffff811fdfcd>] mark_lock+0x6fd/0x1440 kernel/locking/lockdep.c:2933
[<ffffffff811ffde7>] mark_irqflags kernel/locking/lockdep.c:2834 [inline]
[<ffffffff811ffde7>] __lock_acquire+0xa27/0x4f50 kernel/locking/lockdep.c:3169
[<ffffffff81205d7e>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff82708c01>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
[<ffffffff82708c01>] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621
[<ffffffff8140445b>] shmem_fallocate+0x13b/0x9c0 mm/shmem.c:2078
[<ffffffff821182d3>] ashmem_shrink_scan drivers/staging/android/ashmem.c:449 [inline]
[<ffffffff821182d3>] ashmem_shrink_scan+0x1c3/0x4c0 drivers/staging/android/ashmem.c:433
[<ffffffff813ee402>] do_shrink_slab mm/vmscan.c:357 [inline]
[<ffffffff813ee402>] shrink_slab.part.0+0x402/0xb30 mm/vmscan.c:455
[<ffffffff813f6f4c>] shrink_slab mm/vmscan.c:425 [inline]
[<ffffffff813f6f4c>] shrink_zone+0x4bc/0x610 mm/vmscan.c:2448
[<ffffffff813f8daf>] kswapd_shrink_zone mm/vmscan.c:3123 [inline]
[<ffffffff813f8daf>] balance_pgdat mm/vmscan.c:3298 [inline]
[<ffffffff813f8daf>] kswapd+0xaaf/0x1c60 mm/vmscan.c:3506
[<ffffffff811340d3>] kthread+0x273/0x310 kernel/kthread.c:211
[<ffffffff827157c5>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:537
lowmemorykiller: Killing 'restorecond' (2001) (tgid 2001), adj 0,
to free 4908kB on behalf of 'kswapd0' (28) because
cache 3912kB is below limit 6144kB for oom_score_adj 0
Free memory is -5312kB above reserved
lowmemorykiller: Killing 'dhclient' (1787) (tgid 1787), adj 0,
to free 2292kB on behalf of 'kswapd0' (28) because
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2019/01/06 05:00 | https://android.googlesource.com/kernel/common android-4.4 | d08574b6f0ae | 53be0a37 | .config | console log | report | syz | C | ci-android-44-kasan-gce | |||
| 2019/01/06 05:46 | https://android.googlesource.com/kernel/common android-4.4 | d08574b6f0ae | 53be0a37 | .config | console log | report | syz | ci-android-44-kasan-gce-386 | ||||
| 2019/11/11 21:36 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 048f2d49 | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/10/30 03:48 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 5ea87a66 | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/09/28 09:23 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | d8074e0b | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/09/06 02:37 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 040fda58 | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/07/26 16:02 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 3e5d1beb | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/11/22 00:15 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 8098ea0f | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2019/11/21 11:30 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 8098ea0f | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2019/11/16 21:25 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | d5696d51 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2019/09/22 01:57 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | d96e88f3 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2019/09/10 02:07 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | a60cb4cd | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2019/03/30 15:57 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | c35ee0ea | .config | console log | report | ci-android-44-kasan-gce-386 |