WARNING: stack going in the wrong direction? ip=do

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-414	WARNING: stack going in the wrong direction? ip=do_nanosleep (2)	syz			22	1818d	1975d	0/1	public: reported syz repro on 2019/06/26 14:40
upstream	WARNING: stack going in the wrong direction? ip=do_nanosleep				1	1685d	1681d	0/28	auto-closed as invalid on 2020/06/10 06:58
binder: 13783:13850 BC_CLEAR_DEATH_NOTIFICATION death notification not active
WARNING: stack going in the wrong direction? ip=do_nanosleep+0x201/0x630
binder: BINDER_SET_CONTEXT_MGR already set
binder: 13934:13935 ioctl 40046207 0 returned -16
binder: 13934:13952 ERROR: BC_REGISTER_LOOPER called without request
binder: 13934:13952 transaction failed 29189/-22, size 0-0 line 3012
binder: BINDER_SET_CONTEXT_MGR already set
binder: 13934:13986 ioctl 40046207 0 returned -16
binder_alloc: 13247: binder_alloc_buf, no vma
binder: 13934:13935 ERROR: BC_REGISTER_LOOPER called without request
binder: 13934:13986 transaction failed 29189/-3, size 0-0 line 3135
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
audit: type=1400 audit(1541859073.392:72): avc:  denied  { read } for  pid=14025 comm="syz-executor2" path="socket:[37059]" dev="sockfs" ino=37059 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Dropping request.  Check SNMP counters.
binder: BINDER_SET_CONTEXT_MGR already set
binder: 14094:14095 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 14094:14095 ioctl 40046207 0 returned -16
binder: 14231 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
binder: 14231:14233 ioctl c018620c 20000340 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 14261:14265 ioctl 40046207 0 returned -16
binder: 14261:14265 unknown command 1627677445
binder: 14261:14265 ioctl c0306201 20012000 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 14261:14265 ioctl 40046207 0 returned -16
binder: 14261:14269 unknown command 1627677445
binder: 14261:14269 ioctl c0306201 20012000 returned -22
binder: 14261:14271 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
CPU: 1 PID: 14351 Comm: syz-executor2 Not tainted 4.14.79+ #3
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x11b lib/dump_stack.c:53
 warn_alloc.cold.35+0x9d/0x1b7 mm/page_alloc.c:3260
 __vmalloc_node_range+0x390/0x680 mm/vmalloc.c:1776
 __vmalloc_node mm/vmalloc.c:1805 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1819 [inline]
 vmalloc+0x63/0x80 mm/vmalloc.c:1841
 sel_write_load+0x1b5/0x1000 security/selinux/selinuxfs.c:495
 __vfs_write+0xf4/0x5c0 fs/read_write.c:482
 vfs_write+0x17f/0x4d0 fs/read_write.c:546
 SYSC_write fs/read_write.c:593 [inline]
 SyS_write+0xc2/0x1a0 fs/read_write.c:585
 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457569
RSP: 002b:00007f56b3edcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004
RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56b3edd6d4
R13: 00000000004c58b6 R14: 00000000004d94d8 R15: 00000000ffffffff
warn_alloc_show_mem: 1 callbacks suppressed
Mem-Info:
active_anon:106245 inactive_anon:138 isolated_anon:0
 active_file:13893 inactive_file:10859 isolated_file:0
 unevictable:0 dirty:284 writeback:0 unstable:0
 slab_reclaimable:6517 slab_unreclaimable:60129
 mapped:55273 shmem:103 pagetables:5353 bounce:0
 free:1377488 free_pcp:487 free_cma:0
Node 0 active_anon:424980kB inactive_anon:552kB active_file:55572kB inactive_file:43444kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221092kB dirty:1136kB writeback:0kB shmem:412kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
DMA32 free:3011412kB min:4684kB low:7692kB high:10700kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3012140kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:728kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 3505 3505
Normal free:2498680kB min:5588kB low:9176kB high:12764kB active_anon:424888kB inactive_anon:552kB active_file:55572kB inactive_file:43448kB unevictable:0kB writepending:1136kB present:4718592kB managed:3589240kB mlocked:0kB kernel_stack:9344kB pagetables:21256kB bounce:0kB free_pcp:1300kB local_pcp:568kB free_cma:0kB
lowmem_reserve[]: 0 0 0
DMA32: 5*4kB (UM) 2*8kB (M) 3*16kB (M) 2*32kB (UM) 5*64kB (UM) 3*128kB (UM) 4*256kB (UM) 2*512kB (M) 2*1024kB (UM) 4*2048kB (UM) 732*4096kB (M) = 3011412kB
Normal: 546*4kB (UME) 330*8kB (UME) 1092*16kB (UME) 325*32kB (UME) 223*64kB (UME) 104*128kB (UME) 27*256kB (UM) 7*512kB (U) 3*1024kB (UME) 0*2048kB 592*4096kB (M) = 2498680kB
24855 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
315634 pages reserved
syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
CPU: 0 PID: 14352 Comm: syz-executor2 Not tainted 4.14.79+ #3
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x11b lib/dump_stack.c:53
 warn_alloc.cold.35+0x9d/0x1b7 mm/page_alloc.c:3260
 __vmalloc_node_range+0x390/0x680 mm/vmalloc.c:1776