syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0
syz-executor.5 cpuset=syz5 mems_allowed=0-1
CPU: 1 PID: 25911 Comm: syz-executor.5 Not tainted 4.14.174-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
INFO: trying to register non-static key.
Call Trace:
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248
__alloc_pages_slowpath+0x2114/0x26c0 mm/page_alloc.c:4095
__alloc_pages_nodemask+0x5d3/0x700 mm/page_alloc.c:4198
alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113
alloc_pages include/linux/gfp.h:520 [inline]
ion_page_pool_alloc_pages drivers/staging/android/ion/ion_page_pool.c:30 [inline]
ion_page_pool_alloc+0x118/0x1b0 drivers/staging/android/ion/ion_page_pool.c:89
alloc_buffer_page drivers/staging/android/ion/ion_system_heap.c:75 [inline]
alloc_largest_available drivers/staging/android/ion/ion_system_heap.c:115 [inline]
ion_system_heap_allocate+0x134/0x8d0 drivers/staging/android/ion/ion_system_heap.c:146
ion_buffer_create drivers/staging/android/ion/ion.c:94 [inline]
ion_alloc+0x1e9/0x7d0 drivers/staging/android/ion/ion.c:425
ion_ioctl+0xef/0x1f8 drivers/staging/android/ion/ion-ioctl.c:87
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c849
RSP: 002b:00007faa4c9a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007faa4c9a46d4 RCX: 000000000045c849
RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000008
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000364 R14: 00000000004c5d48 R15: 000000000076bf0c
CPU: 0 PID: 25933 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0
Mem-Info:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
active_anon:275657 inactive_anon:15939 isolated_anon:12
active_file:3743 inactive_file:7079 isolated_file:0
unevictable:2807 dirty:128 writeback:0 unstable:0
slab_reclaimable:12315 slab_unreclaimable:124414
mapped:58089 shmem:252 pagetables:5883 bounce:0
free:992801 free_pcp:91 free_cma:0
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
register_lock_class+0x2fe/0x1600 kernel/locking/lockdep.c:768
Node 0 active_anon:1085952kB inactive_anon:63752kB active_file:8880kB inactive_file:8800kB unevictable:10428kB isolated(anon):48kB isolated(file):0kB mapped:211504kB dirty:204kB writeback:0kB shmem:1004kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 706560kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
__lock_acquire+0x147/0x4620 kernel/locking/lockdep.c:3374
Node 0
DMA free:10448kB min:220kB low:272kB high:324kB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3994
lowmem_reserve[]:
flush_work+0xae/0x780 kernel/workqueue.c:2889
0
2557
2557
2557
__cancel_work_timer+0x2d0/0x460 kernel/workqueue.c:2964
2557
smc_close_active+0x684/0xb90 net/smc/smc_close.c:206
Node 0
smc_release+0x40c/0x610 net/smc/af_smc.c:131
DMA32 free:232068kB min:36272kB low:45340kB high:54408kB active_anon:1086024kB inactive_anon:63752kB active_file:8880kB inactive_file:8900kB unevictable:10428kB writepending:204kB present:3129332kB managed:2621272kB mlocked:10344kB kernel_stack:12704kB pagetables:21864kB bounce:0kB free_pcp:364kB local_pcp:0kB free_cma:0kB
__sock_release+0xcd/0x2b0 net/socket.c:602
lowmem_reserve[]:
0
sock_close+0x15/0x20 net/socket.c:1139
0
__fput+0x25f/0x790 fs/file_table.c:210
task_work_run+0x113/0x190 kernel/task_work.c:113
0
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x1d6/0x220 arch/x86/entry/common.c:164
prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c849
RSP: 002b:00007f4b8caf6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
0
RAX: 0000000000000000 RBX: 00007f4b8caf76d4 RCX: 000000000045c849
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000076 R14: 00000000005042f2 R15: 000000000076bf0c
0
Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:348kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 8*4kB (UMEH) 16*8kB (UMEH) 15*16kB (UMEH) 16*32kB (UEH) 11*64kB (UMEH) 9*128kB (UMEH) 6*256kB (UMEH) 4*512kB (UMEH) 2*1024kB (ME) 1*2048kB (M) 0*4096kB = 10448kB
Node 0 DMA32: 7056*4kB (UME) 5883*8kB (UME) 5273*16kB (UME) 2116*32kB (UME) 1*64kB (U) 0*128kB 3*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 228712kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
11295 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
339049 pages reserved
0 pages cma reserved
audit: type=1400 audit(1585563915.404:281): avc: denied { block_suspend } for pid=26025 comm="syz-executor.5" capability=36 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1
audit: type=1400 audit(1585563915.594:282): avc: denied { wake_alarm } for pid=26036 comm="syz-executor.2" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1
overlayfs: filesystem on './file0' not supported as upperdir
audit: type=1400 audit(1585563917.214:283): avc: denied { map } for pid=26132 comm="syz-executor.4" path="/root/syzkaller-testdir814505356/syzkaller.O0d5fE/671/cgroup.controllers" dev="sda1" ino=16690 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
audit: type=1400 audit(1585563917.304:284): avc: denied { map } for pid=26132 comm="syz-executor.4" path="socket:[101478]" dev="sockfs" ino=101478 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tcp_socket permissive=1
x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
audit: type=1800 audit(1585563917.854:285): pid=26191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=16557 res=0
x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
ip6_tables: ip6tables: counters copy to user failed while replacing table
x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
audit: type=1800 audit(1585563918.574:286): pid=26190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=16557 res=0
audit: type=1800 audit(1585563918.934:287): pid=26257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=16881 res=0
audit: type=1800 audit(1585563919.204:288): pid=26268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=16897 res=0
NOHZ: local_softirq_pending 08
audit: type=1800 audit(1585563919.824:289): pid=26308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=16881 res=0
audit: type=1800 audit(1585563919.974:290): pid=26316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=16897 res=0
device gretap0 entered promiscuous mode
kauditd_printk_skb: 1 callbacks suppressed
device macvlan2 entered promiscuous mode
audit: type=1800 audit(1585563920.774:292): pid=26361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=16866 res=0
audit: type=1800 audit(1585563920.934:293): pid=26360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=16881 res=0
device lo entered promiscuous mode
audit: type=1800 audit(1585563921.294:294): pid=26389 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=16553 res=0
device macvlan2 entered promiscuous mode
device lo entered promiscuous mode
audit: type=1800 audit(1585563921.714:295): pid=26400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="file0" dev="loop3" ino=52 res=0
device macvlan2 entered promiscuous mode
EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
audit: type=1400 audit(1585563921.954:296): avc: denied { map } for pid=26425 comm="syz-executor.3" path="/dev/ashmem" dev="devtmpfs" ino=862 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
audit: type=1800 audit(1585563922.284:297): pid=26463 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=16977 res=0
EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
device macvlan2 entered promiscuous mode
EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue